[PATCH] increase internal tls client key exchange buffer

Jouni Malinen j
Mon Feb 21 08:34:15 PST 2011

On Thu, Feb 17, 2011 at 04:15:21PM +0100, Christian Lamparter wrote:
> This patch fixes a problem I had when I tried to connect
> an embedded system [wpa_supplicant, CONFIG_TLS=internal]
> to my TLS secured network.

Thanks! Applied.

> TLSv1: CertificateVerify hash - hexdump(len=36): ha .. ha 
> PKCS #1: pkcs1_generate_encryption_block - Invalid buffer lengths \
> 			(modlen=512 outlen=454 inlen=36)
> It turned out that a fixed 1000 byte message buffer was just
> a little bit too small for the 4096 bit RSA certificates
> I'm using.

> BTW, I tried several different msglen. The "smallest" value
> with which works is "1117". For now, I opted for 2000, simply
> because "we can" and it doesn't cost that much more anyway.

That sounds fine since the difference of allocating a 1000 or 2000 byte
buffer for a short period of time does not really make much of a
difference in this context.

> Or, is there a easy way to "predict" the buffer size beforehand?

Yes, the main variable length component that is not currently accounted
for accurately is the certificate verify and it has a signature
calculated with your RSA key. That signature is about the same size as
the modulus, i.e., about 512 bytes in this particular case.

If someone really cares, this could be optimized to calculate the needed
size more accurately, but 2000 byte buffer is large enough to handle
8192-bit keys and I think the current modexp implementation in the
internal TLS build is going to be slow enough to not really enable
realistic use of longer keys anyway.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list