diff options
Diffstat (limited to 'src/libtls')
-rw-r--r-- | src/libtls/Makefile.in | 4 | ||||
-rw-r--r-- | src/libtls/tls.h | 2 | ||||
-rw-r--r-- | src/libtls/tls_crypto.c | 10 | ||||
-rw-r--r-- | src/libtls/tls_eap.c | 12 | ||||
-rw-r--r-- | src/libtls/tls_reader.c | 18 | ||||
-rw-r--r-- | src/libtls/tls_writer.c | 2 |
6 files changed, 28 insertions, 20 deletions
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 9f0a817f5..93e8b4a9b 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -195,9 +195,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -236,6 +234,8 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libtls/tls.h b/src/libtls/tls.h index 1908f5dd4..e2c377ad3 100644 --- a/src/libtls/tls.h +++ b/src/libtls/tls.h @@ -202,7 +202,7 @@ struct tls_t { /** * Check if TLS negotiation completed successfully. * - * @return TRUE if TLS negotation and authentication complete + * @return TRUE if TLS negotiation and authentication complete */ bool (*is_complete)(tls_t *this); diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 78f2a796d..b4eaf4d79 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -626,15 +626,18 @@ static void filter_suite(private_tls_crypto_t *this, suite_algs_t suites[], int *count, int offset, enumerator_t*(*create_enumerator)(crypto_factory_t*)) { + const char *plugin_name; suite_algs_t current; - int i, remaining = 0; + int *current_alg, i, remaining = 0; enumerator_t *enumerator; memset(¤t, 0, sizeof(current)); + current_alg = (int*)((char*)¤t + offset); + for (i = 0; i < *count; i++) { enumerator = create_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, ((char*)¤t) + offset)) + while (enumerator->enumerate(enumerator, current_alg, &plugin_name)) { if ((suites[i].encr == ENCR_NULL || !current.encr || current.encr == suites[i].encr) && @@ -1060,10 +1063,11 @@ METHOD(tls_crypto_t, get_signature_algorithms, void, enumerator_t *enumerator; hash_algorithm_t alg; tls_hash_algorithm_t hash; + const char *plugin_name; supported = tls_writer_create(32); enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &alg)) + while (enumerator->enumerate(enumerator, &alg, &plugin_name)) { switch (alg) { diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c index a8c3a5053..8204a3441 100644 --- a/src/libtls/tls_eap.c +++ b/src/libtls/tls_eap.c @@ -303,17 +303,21 @@ METHOD(tls_eap_t, process, status_t, DBG2(DBG_TLS, "received %N acknowledgement packet", eap_type_names, this->type); status = build_pkt(this, pkt->identifier, out); - if (status == INVALID_STATE && - this->tls->is_complete(this->tls)) + if (status == INVALID_STATE && this->tls->is_complete(this->tls)) { return SUCCESS; } return status; } status = process_pkt(this, pkt); - if (status != NEED_MORE) + switch (status) { - return status; + case NEED_MORE: + break; + case SUCCESS: + return this->tls->is_complete(this->tls) ? SUCCESS : FAILED; + default: + return status; } } status = build_pkt(this, pkt->identifier, out); diff --git a/src/libtls/tls_reader.c b/src/libtls/tls_reader.c index 17ec68fd5..2b3cd8cac 100644 --- a/src/libtls/tls_reader.c +++ b/src/libtls/tls_reader.c @@ -52,8 +52,8 @@ METHOD(tls_reader_t, read_uint8, bool, { if (this->buf.len < 1) { - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 8); + DBG1(DBG_TLS, "%d bytes insufficient to parse u_int8 data", + this->buf.len); return FALSE; } *res = this->buf.ptr[0]; @@ -66,8 +66,8 @@ METHOD(tls_reader_t, read_uint16, bool, { if (this->buf.len < 2) { - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 16); + DBG1(DBG_TLS, "%d bytes insufficient to parse u_int16 data", + this->buf.len); return FALSE; } *res = untoh16(this->buf.ptr); @@ -80,8 +80,8 @@ METHOD(tls_reader_t, read_uint24, bool, { if (this->buf.len < 3) { - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 24); + DBG1(DBG_TLS, "%d bytes insufficient to parse u_int24 data", + this->buf.len); return FALSE; } *res = untoh32(this->buf.ptr) >> 8; @@ -94,8 +94,8 @@ METHOD(tls_reader_t, read_uint32, bool, { if (this->buf.len < 4) { - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 32); + DBG1(DBG_TLS, "%d bytes insufficient to parse u_int32 data", + this->buf.len); return FALSE; } *res = untoh32(this->buf.ptr); @@ -108,7 +108,7 @@ METHOD(tls_reader_t, read_data, bool, { if (this->buf.len < len) { - DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes TLS data", + DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes of data", this->buf.len, len); return FALSE; } diff --git a/src/libtls/tls_writer.c b/src/libtls/tls_writer.c index 235dc2cdf..e87c2efea 100644 --- a/src/libtls/tls_writer.c +++ b/src/libtls/tls_writer.c @@ -226,7 +226,7 @@ tls_writer_t *tls_writer_create(u_int32_t bufsize) .get_buf = _get_buf, .destroy = _destroy, }, - .increase = bufsize ?: 32, + .increase = bufsize ? max(bufsize, 4) : 32, ); if (bufsize) { |