From fe7b06c5e115da7865f0b8f20efb8bf6cef5a703 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 1 May 2018 17:44:22 +0300 Subject: [PATCH] EAP-TLS server: Determine whether TLS v1.3 or newer is used This is needed to be able to handle different key derivation and message handshakes in EAP implementation. Signed-off-by: Jouni Malinen --- src/eap_server/eap_server_tls_common.c | 7 +++++++ src/eap_server/eap_tls_common.h | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c index 0dd15a9be..c2e0cf0c8 100644 --- a/src/eap_server/eap_server_tls_common.c +++ b/src/eap_server/eap_server_tls_common.c @@ -305,6 +305,8 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data, int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data) { + char buf[20]; + if (data->tls_out) { /* This should not happen.. */ wpa_printf(MSG_INFO, "SSL: pending tls_out data when " @@ -327,6 +329,11 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data) return -1; } + if (tls_get_version(sm->ssl_ctx, data->conn, buf, sizeof(buf)) == 0) { + wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf); + data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0; + } + return 0; } diff --git a/src/eap_server/eap_tls_common.h b/src/eap_server/eap_tls_common.h index e68cb2dc9..31f6e72d7 100644 --- a/src/eap_server/eap_tls_common.h +++ b/src/eap_server/eap_tls_common.h @@ -50,6 +50,11 @@ struct eap_ssl_data { enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state; struct wpabuf tmpbuf; + + /** + * tls_v13 - Whether TLS v1.3 or newer is used + */ + int tls_v13; };