aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/tls_openssl.c18
-rw-r--r--src/crypto/tls_wolfssl.c14
2 files changed, 21 insertions, 11 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index ef872c5..345a35e 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1045,6 +1045,8 @@ void * tls_init(const struct tls_config *conf)
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+ SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
#ifdef SSL_MODE_NO_AUTO_CHAIN
/* Number of deployed use cases assume the default OpenSSL behavior of
* auto chaining the local certificate is in use. BoringSSL removed this
@@ -4543,10 +4545,18 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx,
return NULL;
res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
if (res < 0) {
- tls_show_errors(MSG_INFO, __func__,
- "Decryption failed - SSL_read");
- wpabuf_free(buf);
- return NULL;
+ int err = SSL_get_error(conn->ssl, res);
+
+ if (err == SSL_ERROR_WANT_READ) {
+ wpa_printf(MSG_DEBUG,
+ "SSL: SSL_connect - want more data");
+ res = 0;
+ } else {
+ tls_show_errors(MSG_INFO, __func__,
+ "Decryption failed - SSL_read");
+ wpabuf_free(buf);
+ return NULL;
+ }
}
wpabuf_put(buf, res);
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index b8a7665..cf482bf 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -469,7 +469,7 @@ static int tls_connection_client_cert(struct tls_connection *conn,
if (client_cert_blob) {
if (wolfSSL_use_certificate_chain_buffer_format(
conn->ssl, client_cert_blob, blob_len,
- SSL_FILETYPE_ASN1) < 0) {
+ SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
wpa_printf(MSG_INFO,
"SSL: use client cert DER blob failed");
return -1;
@@ -479,13 +479,13 @@ static int tls_connection_client_cert(struct tls_connection *conn,
}
if (client_cert) {
- if (wolfSSL_use_certificate_chain_file(conn->ssl,
- client_cert) < 0) {
+ if (wolfSSL_use_certificate_chain_file(
+ conn->ssl, client_cert) != SSL_SUCCESS) {
wpa_printf(MSG_INFO,
"SSL: use client cert PEM file failed");
if (wolfSSL_use_certificate_chain_file_format(
conn->ssl, client_cert,
- SSL_FILETYPE_ASN1) < 0) {
+ SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
wpa_printf(MSG_INFO,
"SSL: use client cert DER file failed");
return -1;
@@ -534,7 +534,7 @@ static int tls_connection_private_key(void *tls_ctx,
if (private_key_blob) {
if (wolfSSL_use_PrivateKey_buffer(conn->ssl,
private_key_blob, blob_len,
- SSL_FILETYPE_ASN1) < 0) {
+ SSL_FILETYPE_ASN1) <= 0) {
wpa_printf(MSG_INFO,
"SSL: use private DER blob failed");
} else {
@@ -545,11 +545,11 @@ static int tls_connection_private_key(void *tls_ctx,
if (!ok && private_key) {
if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
- SSL_FILETYPE_PEM) < 0) {
+ SSL_FILETYPE_PEM) <= 0) {
wpa_printf(MSG_INFO,
"SSL: use private key PEM file failed");
if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
- SSL_FILETYPE_ASN1) < 0)
+ SSL_FILETYPE_ASN1) <= 0)
{
wpa_printf(MSG_INFO,
"SSL: use private key DER file failed");