Increase internal TLSs client key exchange buffer

This patch fixes a problem I had when I tried to connect
an embedded system [wpa_supplicant, CONFIG_TLS=internal]
to my TLS secured network.

TLSv1: Send CertificateVerify
TLSv1: CertificateVerify hash - hexdump(len=36): ha .. ha
PKCS #1: pkcs1_generate_encryption_block - Invalid buffer lengths \
                        (modlen=512 outlen=454 inlen=36)

It turned out that a fixed 1000 byte message buffer was just
a little bit too small for the 4096 bit RSA certificates
I'm using.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>

diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index 9ecec46..0898df9 100644 (file)
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -669,7 +669,7 @@ static u8 * tls_send_client_key_exchange(struct tlsv1_client *conn,
 
        *out_len = 0;
 
-       msglen = 1000;
+       msglen = 2000;
        if (conn->certificate_requested)
                msglen += tls_client_cert_chain_der_len(conn);