From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Mon, 2 May 2022 13:19:06 +0000 (+0300)
Subject: EAP-TLS server: Send final TLS message for resumed session with TLS 1.3
X-Git-Tag: hostap_2_11~1965
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c66276d9a97acd680d182c1d7b24115168936ee;p=thirdparty%2Fhostap.git

EAP-TLS server: Send final TLS message for resumed session with TLS 1.3

The final message with NewSessionTicket and ApplicationData(0x00) was
already generated, but that was not sent out due the session considered
to be already completed. Fix this by actually sending out that message
to allow the peer to receive the new session ticket and protected
success indication when using resuming a session with TLS 1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 6681c1afa..443c293ce 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -306,6 +306,14 @@ static void eap_tls_process(struct eap_sm *sm, void *priv,
 
 	wpa_printf(MSG_DEBUG,
 		   "EAP-TLS: Resuming previous session");
+
+	if (data->ssl.tls_v13 && data->ssl.tls_out) {
+		wpa_hexdump_buf(MSG_DEBUG,
+				"EAP-TLS: Additional data to be sent for TLS 1.3",
+				data->ssl.tls_out);
+		return;
+	}
+
 	eap_tls_state(data, SUCCESS);
 	tls_connection_set_success_data_resumed(data->ssl.conn);
 	/* TODO: Cache serial number with session and update EAP user