htoun32(&this->client_random, time(NULL));
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
+ if (!rng ||
+ !rng->get_bytes(rng, sizeof(this->client_random) - 4,
+ this->client_random + 4))
{
- DBG1(DBG_TLS, "no suitable RNG found to generate client random");
+ DBG1(DBG_TLS, "failed to generate client random");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(this->client_random) - 4, this->client_random + 4);
rng->destroy(rng);
/* TLS version */
chunk_t encrypted;
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
- if (!rng)
+ if (!rng || !rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2))
{
- DBG1(DBG_TLS, "no suitable RNG found for TLS premaster secret");
+ DBG1(DBG_TLS, "failed to generate TLS premaster secret");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2);
rng->destroy(rng);
htoun16(premaster, TLS_1_2);
}
else
{ /* TLSv1.1 uses random IVs, prepended to record */
- if (!this->rng)
+ iv.len = this->crypter_out->get_iv_size(this->crypter_out);
+ if (!this->rng ||
+ !this->rng->allocate_bytes(this->rng, iv.len, &iv))
{
- DBG1(DBG_TLS, "no RNG supported to generate TLS IV");
+ DBG1(DBG_TLS, "failed to generate TLS IV");
free(data->ptr);
return FAILED;
}
- iv.len = this->crypter_out->get_iv_size(this->crypter_out);
- this->rng->allocate_bytes(this->rng, iv.len, &iv);
}
*data = chunk_cat("mmcc", *data, mac, padding,
htoun32(&this->server_random, time(NULL));
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
+ if (!rng ||
+ !rng->get_bytes(rng, sizeof(this->server_random) - 4,
+ this->server_random + 4))
{
- DBG1(DBG_TLS, "no suitable RNG found to generate server random");
+ DBG1(DBG_TLS, "failed to generate server random");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(this->server_random) - 4, this->server_random + 4);
rng->destroy(rng);
if (!this->tls->set_version(this->tls, version))
htoun16(premaster, this->client_version);
/* pre-randomize premaster for failure cases */
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
+ if (!rng || !rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2))
{
- DBG1(DBG_TLS, "creating RNG failed");
+ DBG1(DBG_TLS, "failed to generate premaster secret");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2);
rng->destroy(rng);
if (this->private &&
projects / thirdparty / strongswan.git / commitdiff
