mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-02-19 18:43:03 -05:00
ef626b4d50
Even though we try to disable TLS compression, it is possible that this cannot be done with all TLS libraries. For example, OpenSSL 0.9.8 does not seem to have a configuration item for disabling all compression (0.9.9 has such an option). If compression is used, Phase 2 decryption may end up producing more data than the input buffer due to compressed data. This shows up especially with EAP-TNC that uses very compressible data format. As a workaround, increase the decryption buffer length to (orig_len+500)*3. This is a hack, but at least it handles most cases. TLS compression should really be disabled for EAP use of TLS, but since this can show up with common setups, it is better to handle this case.
wpa_supplicant and hostapd v0.6.x --------------------------------- Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. These program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option. This package may include either wpa_supplicant, hostapd, or both. See README file respective subdirectories (wpa_supplicant/README or hostapd/README) for more details. Source code files have been moved around in v0.6.x releases and compared to earlier releases, the programs are now build by first going to a subdirectory (wpa_supplicant or hostapd) and creating build configuration (.config) and running 'make' there (for Linux/BSD/cygwin builds).