From bac1bdba3e29bc4b3ceee053322ceba9224e26eb Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 1 May 2018 17:45:37 +0300 Subject: [PATCH] EAP-TLS peer: Determine whether TLS v1.3 or newer is used This is needed to be able to handle different key derivation and message handshakes in EAP implementation. Signed-off-by: Jouni Malinen --- src/eap_peer/eap_tls_common.c | 8 ++++++++ src/eap_peer/eap_tls_common.h | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c index b3d4aba04..a72cc08bd 100644 --- a/src/eap_peer/eap_tls_common.c +++ b/src/eap_peer/eap_tls_common.c @@ -669,6 +669,8 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, * the AS. */ int res = eap_tls_process_input(sm, data, in_data, out_data); + char buf[20]; + if (res) { /* * Input processing failed (res = -1) or more data is @@ -681,6 +683,12 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, * The incoming message has been reassembled and processed. The * response was allocated into data->tls_out buffer. */ + + if (tls_get_version(data->ssl_ctx, data->conn, + buf, sizeof(buf)) == 0) { + wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf); + data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0; + } } if (data->tls_out == NULL) { diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h index acd2b7836..306e6a98b 100644 --- a/src/eap_peer/eap_tls_common.h +++ b/src/eap_peer/eap_tls_common.h @@ -73,6 +73,11 @@ struct eap_ssl_data { * eap_type - EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST) */ u8 eap_type; + + /** + * tls_v13 - Whether TLS v1.3 or newer is used + */ + int tls_v13; };