From 6a83540ae09b2fa56bd5d439938e77e8a685d00c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 1 May 2018 17:49:19 +0300 Subject: [PATCH] EAP-TLS peer: Support fragmentation of last message With TLS v1.3, the Finished message from the client can require fragmentation. Postpone key derivation and marking of the EAP session fully completed until all the fragments of that last message are sent to avoid losing all the subsequent fragments. Signed-off-by: Jouni Malinen --- components/wpa_supplicant/src/eap_peer/eap_tls.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/wpa_supplicant/src/eap_peer/eap_tls.c b/components/wpa_supplicant/src/eap_peer/eap_tls.c index 3f7e89e260..b1fb8b6c54 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_tls.c +++ b/components/wpa_supplicant/src/eap_peer/eap_tls.c @@ -114,6 +114,11 @@ static void eap_tls_success(struct eap_sm *sm, struct eap_tls_data *data, { wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); + if (data->ssl.tls_out) { + wpa_printf(MSG_DEBUG, "EAP-TLS: Fragment(s) remaining"); + return; + } + ret->methodState = METHOD_DONE; ret->decision = DECISION_UNCOND_SUCC;