path: root/src
diff options
authorJouni Malinen <j@w1.fi>2009-02-09 20:37:55 (GMT)
committerJouni Malinen <j@w1.fi>2009-02-15 13:07:53 (GMT)
commita6f5ec3d7fe41551746cdecfc57bf69ec6964e5d (patch)
treead24c3c1a1edf9c1e6b2d14c69974916d3fcb8e9 /src
parenta448e0b7ebe3b802307df5af92a16b6c0965115f (diff)
Use larger buffer for TLS encryption to avoid issues with GnuTLS
It looks like GnuTLS (at least newer versions) is using random padding on the application data and the previously used 100 byte extra buffer for tls_connection_encrypt() calls was not enough to handle all cases. This resulted in semi-random authentication failures with EAP-PEAP and EAP-TTLS during Phase 2. Increase the extra space for encryption from 100 to 300 bytes and add an error message into tls_gnutls.c to make it easier to notice this issue should it ever show up again even with the larger buffer. (cherry picked from commit edd757e8a3d165cbfc4d1721f30a8aa276f9329b)
Diffstat (limited to 'src')
2 files changed, 9 insertions, 1 deletions
diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index 150873c..db66ae1 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -1060,6 +1060,14 @@ int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
return -1;
if (conn->push_buf_len < out_len)
out_len = conn->push_buf_len;
+ else if (conn->push_buf_len > out_len) {
+ wpa_printf(MSG_INFO, "GnuTLS: Not enough buffer space for "
+ "encrypted message (in_len=%lu push_buf_len=%lu "
+ "out_len=%lu",
+ (unsigned long) in_len,
+ (unsigned long) conn->push_buf_len,
+ (unsigned long) out_len);
+ }
os_memcpy(out_data, conn->push_buf, out_len);
conn->push_buf = NULL;
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 839ceb6..19afb90 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -904,7 +904,7 @@ int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
if (in_data) {
- len = wpabuf_len(in_data) + 100;
+ len = wpabuf_len(in_data) + 300;
data->tls_out = os_malloc(len);
if (data->tls_out == NULL)
return -1;