Check rng return value when generating TLS session identifiers

2012-07-06 13:55:42 +02:00 · 2012-07-06 13:55:42 +02:00 · bb5eb15ccc
parent 6a3e4ed916
commit bb5eb15ccc
1 changed files with 3 additions and 3 deletions
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@ -313,11 +313,11 @@ static status_t process_client_hello(private_tls_server_t *this,
 			return NEED_MORE;
 		}
 		rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
-		if (rng)
+		if (!rng || !rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session))
 		{
-			rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session);
-			rng->destroy(rng);
+			DBG1(DBG_TLS, "generating TLS session identifier failed, skipped");
 		}
+		DESTROY_IF(rng);
 		DBG1(DBG_TLS, "negotiated %N using suite %N",
 			 tls_version_names, this->tls->get_version(this->tls),
 			 tls_cipher_suite_names, this->suite);