From 6dd98483ebf387ef07a3ec1c01dd9941cd7f281b Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 1 May 2018 17:49:19 +0300 Subject: [PATCH] EAP-TLS peer: Support fragmentation of last message With TLS v1.3, the Finished message from the client can require fragmentation. Postpone key derivation and marking of the EAP session fully completed until all the fragments of that last message are sent to avoid losing all the subsequent fragments. Signed-off-by: Jouni Malinen --- src/eap_peer/eap_tls.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c index c1820a4ca..cda73f963 100644 --- a/src/eap_peer/eap_tls.c +++ b/src/eap_peer/eap_tls.c @@ -175,6 +175,11 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data, { wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); + if (data->ssl.tls_out) { + wpa_printf(MSG_DEBUG, "EAP-TLS: Fragment(s) remaining"); + return; + } + ret->methodState = METHOD_DONE; ret->decision = DECISION_UNCOND_SUCC;