From: Jouni Malinen <j@w1.fi>
Date: Tue, 1 May 2018 14:49:19 +0000 (+0300)
Subject: EAP-TLS peer: Support fragmentation of last message
X-Git-Tag: hostap_2_7~381
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6dd98483ebf387ef07a3ec1c01dd9941cd7f281b;p=thirdparty%2Fhostap.git

EAP-TLS peer: Support fragmentation of last message

With TLS v1.3, the Finished message from the client can require
fragmentation. Postpone key derivation and marking of the EAP session
fully completed until all the fragments of that last message are sent to
avoid losing all the subsequent fragments.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index c1820a4ca..cda73f963 100644
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -175,6 +175,11 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data,
 {
 	wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
 
+	if (data->ssl.tls_out) {
+		wpa_printf(MSG_DEBUG, "EAP-TLS: Fragment(s) remaining");
+		return;
+	}
+
 	ret->methodState = METHOD_DONE;
 	ret->decision = DECISION_UNCOND_SUCC;