EAP-TEAP peer: Add Intermediate-Result TLV with Crypto-Binding TLV

Previously, only the Result TLV was added when writing Crypto-Binding
TLV response. This is not sufficient, since RFC 7170 require
Intermediate-Result TLV response to be included from the peer if the
server included Intermediate-Result TLV.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap_teap.c b/src/eap_peer/eap_teap.c
index 7ab919b165734b0a75770faf7be9bd10ed32fd65..dd2c9d6a617412756ad3ad8a99aea01f4ef0d06c 100644 (file)
--- a/src/eap_peer/eap_teap.c
+++ b/src/eap_peer/eap_teap.c
@@ -1193,6 +1193,7 @@ static int eap_teap_process_decrypted(struct eap_sm *sm,
        struct eap_teap_tlv_parse tlv;
        int failed = 0;
        enum teap_error_codes error = 0;
+       int iresult_added = 0;
 
        if (eap_teap_parse_decrypted(decrypted, &tlv, &resp) < 0) {
                /* Parsing failed - no response available */
@@ -1262,6 +1263,7 @@ static int eap_teap_process_decrypted(struct eap_sm *sm,
                        resp = wpabuf_concat(resp, tmp);
                        if (tlv.iresult == TEAP_STATUS_FAILURE)
                                failed = 1;
+                       iresult_added = 1;
                }
        }
 
@@ -1348,6 +1350,13 @@ done:
                tmp = eap_teap_tlv_result(TEAP_STATUS_SUCCESS, 0);
                resp = wpabuf_concat(tmp, resp);
        }
+       if ((tlv.iresult == TEAP_STATUS_SUCCESS ||
+            tlv.iresult == TEAP_STATUS_FAILURE) && !iresult_added) {
+               tmp = eap_teap_tlv_result((!failed && data->phase2_success) ?
+                                         TEAP_STATUS_SUCCESS :
+                                         TEAP_STATUS_FAILURE, 1);
+               resp = wpabuf_concat(tmp, resp);
+       }
 
        if (resp && tlv.result == TEAP_STATUS_SUCCESS && !failed &&
            tlv.crypto_binding && data->phase2_success) {