tls: check RNG in ssl_conf_check when calling mbedtls_ssl_setup

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2025-02-22 09:40:09 +00:00 · 2023-12-01 16:18:10 +08:00 · 2023-12-01 16:18:10 +08:00 · b422cab052
commit b422cab052
parent 10dfe76425
1 changed files with 5 additions and 0 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1355,6 +1355,11 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl)
    }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

+    if (ssl->conf->f_rng == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
+        return MBEDTLS_ERR_SSL_NO_RNG;
+    }
+
    /* Space for further checks */

    return 0;