EAP-TLS server: Send final TLS message for resumed session with TLS 1.3

The final message with NewSessionTicket and ApplicationData(0x00) was
already generated, but that was not sent out due the session considered
to be already completed. Fix this by actually sending out that message
to allow the peer to receive the new session ticket and protected
success indication when using resuming a session with TLS 1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 6681c1afac22655d5c16a13c4f87f844600eb52c..443c293ce6586bd5eba771286577399bf0b929a8 100644 (file)
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -306,6 +306,14 @@ static void eap_tls_process(struct eap_sm *sm, void *priv,
 
        wpa_printf(MSG_DEBUG,
                   "EAP-TLS: Resuming previous session");
+
+       if (data->ssl.tls_v13 && data->ssl.tls_out) {
+               wpa_hexdump_buf(MSG_DEBUG,
+                               "EAP-TLS: Additional data to be sent for TLS 1.3",
+                               data->ssl.tls_out);
+               return;
+       }
+
        eap_tls_state(data, SUCCESS);
        tls_connection_set_success_data_resumed(data->ssl.conn);
        /* TODO: Cache serial number with session and update EAP user