EAP-TLS: Do not allow TLSv1.3 success without protected result indication

RFC 9190 requires protected result indication to be used with TLSv1.3,
so do not allow EAP-TLS to complete successfully if the server does not
send that indication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index f103e7e7275afa807d266fdd7802d74ea530a28c..2d50dd90e463d64fbb27c33ee70698ee75f81bd3 100644 (file)
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -26,6 +26,7 @@ struct eap_tls_data {
        void *ssl_ctx;
        u8 eap_type;
        struct wpabuf *pending_resp;
+       bool prot_success_received;
 };
 
 
@@ -309,9 +310,13 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
                           "EAP-TLS: ACKing protected success indication (appl data 0x00)");
                eap_peer_tls_reset_output(&data->ssl);
                res = 1;
+               ret->methodState = METHOD_DONE;
+               ret->decision = DECISION_UNCOND_SUCC;
+               data->prot_success_received = true;
        }
 
-       if (tls_connection_established(data->ssl_ctx, data->ssl.conn))
+       if (tls_connection_established(data->ssl_ctx, data->ssl.conn) &&
+           (!data->ssl.tls_v13 || data->prot_success_received))
                eap_tls_success(sm, data, ret);
 
        if (res == 1) {