SSL now gracefully handles missing RNG
diff --git a/ChangeLog b/ChangeLog
index 92a7e28..7f76b7f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
Bugfix
* Fixed X.509 hostname comparison (with non-regular characters)
+ * SSL now gracefully handles missing RNG
= Version 1.2.10 released 2013-10-07
Changes
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 0900a2c..ad85924 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -64,7 +64,7 @@
#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
-#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
+#define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
diff --git a/library/error.c b/library/error.c
index 036b834..46adb27 100644
--- a/library/error.c
+++ b/library/error.c
@@ -282,8 +282,8 @@
snprintf( buf, buflen, "SSL - An unknown cipher was received" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
- if( use_ret == -(POLARSSL_ERR_SSL_NO_SESSION_FOUND) )
- snprintf( buf, buflen, "SSL - No session to recover was found" );
+ if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) )
+ snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index fc82002..2a15da1 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -50,6 +50,12 @@
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+ if( ssl->f_rng == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+ return( POLARSSL_ERR_SSL_NO_RNG );
+ }
+
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
{
ssl->major_ver = ssl->min_major_ver;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ea1d63e..1b1ba69 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -779,6 +779,12 @@
SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+ if( ssl->f_rng == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+ return( POLARSSL_ERR_SSL_NO_RNG );
+ }
+
/*
* 0 . 0 handshake type
* 1 . 3 handshake length