EAP-TLS peer: Handle Commitment Message for TLS 1.3

Recognize the explicitly defined Commitment Message per
draft-ietf-emu-eap-tls13-13 at the conclusion of the EAP-TLS with TLS
1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>

diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index ad079a7b736cc105cbb56a56fec3090b09ea2cc5..0d479f1c298c4d1a51e4cc54f324ec68f5b86e24 100644 (file)
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -302,15 +302,11 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
                return NULL;
        }
 
-       if (res == 2) {
-               /* Application data included in the handshake message (used by
-                * EAP-TLS 1.3 to indicate conclusion of the exchange). */
-               wpa_hexdump_buf(MSG_DEBUG, "EAP-TLS: Received Application Data",
-                               resp);
-               wpa_hexdump_buf(MSG_DEBUG, "EAP-TLS: Remaining tls_out data",
-                               data->ssl.tls_out);
+       /* draft-ietf-emu-eap-tls13-13 Section 2.5 */
+       if (res == 2 && data->ssl.tls_v13 && wpabuf_len(resp) == 1 &&
+           *wpabuf_head_u8(resp) == 0) {
+               wpa_printf(MSG_DEBUG, "EAP-TLS: ACKing Commitment Message");
                eap_peer_tls_reset_output(&data->ssl);
-               /* Send an ACK to allow the server to complete exchange */
                res = 1;
        }