aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-02-09 20:37:55 (GMT)
committerJouni Malinen <j@w1.fi>2009-02-15 13:07:53 (GMT)
commita6f5ec3d7fe41551746cdecfc57bf69ec6964e5d (patch)
treead24c3c1a1edf9c1e6b2d14c69974916d3fcb8e9 /src/eap_peer
parenta448e0b7ebe3b802307df5af92a16b6c0965115f (diff)
downloadhostap-06-a6f5ec3d7fe41551746cdecfc57bf69ec6964e5d.zip
hostap-06-a6f5ec3d7fe41551746cdecfc57bf69ec6964e5d.tar.gz
hostap-06-a6f5ec3d7fe41551746cdecfc57bf69ec6964e5d.tar.bz2
Use larger buffer for TLS encryption to avoid issues with GnuTLS
It looks like GnuTLS (at least newer versions) is using random padding on the application data and the previously used 100 byte extra buffer for tls_connection_encrypt() calls was not enough to handle all cases. This resulted in semi-random authentication failures with EAP-PEAP and EAP-TTLS during Phase 2. Increase the extra space for encryption from 100 to 300 bytes and add an error message into tls_gnutls.c to make it easier to notice this issue should it ever show up again even with the larger buffer. (cherry picked from commit edd757e8a3d165cbfc4d1721f30a8aa276f9329b)
Diffstat (limited to 'src/eap_peer')
-rw-r--r--src/eap_peer/eap_tls_common.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 839ceb6..19afb90 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -904,7 +904,7 @@ int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
if (in_data) {
eap_peer_tls_reset_output(data);
- len = wpabuf_len(in_data) + 100;
+ len = wpabuf_len(in_data) + 300;
data->tls_out = os_malloc(len);
if (data->tls_out == NULL)
return -1;