summaryrefslogtreecommitdiff
path: root/src/libtls
diff options
context:
space:
mode:
Diffstat (limited to 'src/libtls')
-rw-r--r--src/libtls/Makefile.in4
-rw-r--r--src/libtls/tls.h2
-rw-r--r--src/libtls/tls_crypto.c10
-rw-r--r--src/libtls/tls_eap.c12
-rw-r--r--src/libtls/tls_reader.c18
-rw-r--r--src/libtls/tls_writer.c2
6 files changed, 28 insertions, 20 deletions
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 9f0a817f5..93e8b4a9b 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -195,9 +195,7 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -236,6 +234,8 @@ sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index 1908f5dd4..e2c377ad3 100644
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -202,7 +202,7 @@ struct tls_t {
/**
* Check if TLS negotiation completed successfully.
*
- * @return TRUE if TLS negotation and authentication complete
+ * @return TRUE if TLS negotiation and authentication complete
*/
bool (*is_complete)(tls_t *this);
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 78f2a796d..b4eaf4d79 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -626,15 +626,18 @@ static void filter_suite(private_tls_crypto_t *this,
suite_algs_t suites[], int *count, int offset,
enumerator_t*(*create_enumerator)(crypto_factory_t*))
{
+ const char *plugin_name;
suite_algs_t current;
- int i, remaining = 0;
+ int *current_alg, i, remaining = 0;
enumerator_t *enumerator;
memset(&current, 0, sizeof(current));
+ current_alg = (int*)((char*)&current + offset);
+
for (i = 0; i < *count; i++)
{
enumerator = create_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, ((char*)&current) + offset))
+ while (enumerator->enumerate(enumerator, current_alg, &plugin_name))
{
if ((suites[i].encr == ENCR_NULL ||
!current.encr || current.encr == suites[i].encr) &&
@@ -1060,10 +1063,11 @@ METHOD(tls_crypto_t, get_signature_algorithms, void,
enumerator_t *enumerator;
hash_algorithm_t alg;
tls_hash_algorithm_t hash;
+ const char *plugin_name;
supported = tls_writer_create(32);
enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &alg))
+ while (enumerator->enumerate(enumerator, &alg, &plugin_name))
{
switch (alg)
{
diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c
index a8c3a5053..8204a3441 100644
--- a/src/libtls/tls_eap.c
+++ b/src/libtls/tls_eap.c
@@ -303,17 +303,21 @@ METHOD(tls_eap_t, process, status_t,
DBG2(DBG_TLS, "received %N acknowledgement packet",
eap_type_names, this->type);
status = build_pkt(this, pkt->identifier, out);
- if (status == INVALID_STATE &&
- this->tls->is_complete(this->tls))
+ if (status == INVALID_STATE && this->tls->is_complete(this->tls))
{
return SUCCESS;
}
return status;
}
status = process_pkt(this, pkt);
- if (status != NEED_MORE)
+ switch (status)
{
- return status;
+ case NEED_MORE:
+ break;
+ case SUCCESS:
+ return this->tls->is_complete(this->tls) ? SUCCESS : FAILED;
+ default:
+ return status;
}
}
status = build_pkt(this, pkt->identifier, out);
diff --git a/src/libtls/tls_reader.c b/src/libtls/tls_reader.c
index 17ec68fd5..2b3cd8cac 100644
--- a/src/libtls/tls_reader.c
+++ b/src/libtls/tls_reader.c
@@ -52,8 +52,8 @@ METHOD(tls_reader_t, read_uint8, bool,
{
if (this->buf.len < 1)
{
- DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
- this->buf.len, 8);
+ DBG1(DBG_TLS, "%d bytes insufficient to parse u_int8 data",
+ this->buf.len);
return FALSE;
}
*res = this->buf.ptr[0];
@@ -66,8 +66,8 @@ METHOD(tls_reader_t, read_uint16, bool,
{
if (this->buf.len < 2)
{
- DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
- this->buf.len, 16);
+ DBG1(DBG_TLS, "%d bytes insufficient to parse u_int16 data",
+ this->buf.len);
return FALSE;
}
*res = untoh16(this->buf.ptr);
@@ -80,8 +80,8 @@ METHOD(tls_reader_t, read_uint24, bool,
{
if (this->buf.len < 3)
{
- DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
- this->buf.len, 24);
+ DBG1(DBG_TLS, "%d bytes insufficient to parse u_int24 data",
+ this->buf.len);
return FALSE;
}
*res = untoh32(this->buf.ptr) >> 8;
@@ -94,8 +94,8 @@ METHOD(tls_reader_t, read_uint32, bool,
{
if (this->buf.len < 4)
{
- DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
- this->buf.len, 32);
+ DBG1(DBG_TLS, "%d bytes insufficient to parse u_int32 data",
+ this->buf.len);
return FALSE;
}
*res = untoh32(this->buf.ptr);
@@ -108,7 +108,7 @@ METHOD(tls_reader_t, read_data, bool,
{
if (this->buf.len < len)
{
- DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes TLS data",
+ DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes of data",
this->buf.len, len);
return FALSE;
}
diff --git a/src/libtls/tls_writer.c b/src/libtls/tls_writer.c
index 235dc2cdf..e87c2efea 100644
--- a/src/libtls/tls_writer.c
+++ b/src/libtls/tls_writer.c
@@ -226,7 +226,7 @@ tls_writer_t *tls_writer_create(u_int32_t bufsize)
.get_buf = _get_buf,
.destroy = _destroy,
},
- .increase = bufsize ?: 32,
+ .increase = bufsize ? max(bufsize, 4) : 32,
);
if (bufsize)
{