Increase internal TLSs client key exchange buffer

This patch fixes a problem I had when I tried to connect
an embedded system [wpa_supplicant, CONFIG_TLS=internal]
to my TLS secured network.

TLSv1: Send CertificateVerify
TLSv1: CertificateVerify hash - hexdump(len=36): ha .. ha
PKCS #1: pkcs1_generate_encryption_block - Invalid buffer lengths \
                        (modlen=512 outlen=454 inlen=36)

It turned out that a fixed 1000 byte message buffer was just
a little bit too small for the 4096 bit RSA certificates
I'm using.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
This commit is contained in:
Christian Lamparter 2011-02-21 18:25:34 +02:00 committed by Jouni Malinen
parent f39b07d7ed
commit 6fc34d9fe5

View file

@ -669,7 +669,7 @@ static u8 * tls_send_client_key_exchange(struct tlsv1_client *conn,
*out_len = 0;
msglen = 1000;
msglen = 2000;
if (conn->certificate_requested)
msglen += tls_client_cert_chain_der_len(conn);