TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a9a028ebd0fb74d2fd893089966575bdcd52a018^! / .
commita9a028ebd0fb74d2fd893089966575bdcd52a018[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Thu Nov 21 17:31:06 2013 +0100
committerPaul Bakker <p.j.bakker@polarssl.org>Thu Nov 21 17:31:06 2013 +0100
tree784b1b19a38f0f211245d5957eea9d5f9ccf7922
parentf2b4d86452c29e327a2c9cfa041b84c65e3d7a3b [diff]
SSL now gracefully handles missing RNG

diff --git a/ChangeLog b/ChangeLog
index eca541c..1d28f6e 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,7 @@
 = PolarSSL 1.3 branch
 Bugfix
    * Fixed X.509 hostname comparison (with non-regular characters)
+   * SSL now gracefully handles missing RNG
 
 = PolarSSL 1.3.2 released on 2013-11-04
 Features

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 1608df3..fdb27f6 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -101,7 +101,7 @@
 #define POLARSSL_ERR_SSL_CONN_EOF                          -0x7280  /**< The connection indicated an EOF. */
 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  /**< An unknown cipher was received. */
 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
-#define POLARSSL_ERR_SSL_NO_SESSION_FOUND                  -0x7400  /**< No session to recover was found. */
+#define POLARSSL_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message.*/
 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */

diff --git a/library/error.c b/library/error.c
index 9d76f19..6ef104d 100644
--- a/library/error.c
+++ b/library/error.c

@@ -358,8 +358,8 @@
             snprintf( buf, buflen, "SSL - An unknown cipher was received" );
         if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
             snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
-        if( use_ret == -(POLARSSL_ERR_SSL_NO_SESSION_FOUND) )
-            snprintf( buf, buflen, "SSL - No session to recover was found" );
+        if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) )
+            snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
         if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
             snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
         if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0eaa531..3cde375 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -390,6 +390,12 @@
 
     SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
+    if( ssl->f_rng == NULL )
+    {
+        SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+        return( POLARSSL_ERR_SSL_NO_RNG );
+    }
+
     if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
     {
         ssl->major_ver = ssl->min_major_ver;

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e44bf72..12ccb12 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -1594,6 +1594,12 @@
 
     SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
 
+    if( ssl->f_rng == NULL )
+    {
+        SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+        return( POLARSSL_ERR_SSL_NO_RNG );
+    }
+
     /*
      *     0  .   0   handshake type
      *     1  .   3   handshake length