While RFC 7170 does not describe this, EAP-TEAP has been deployed with
implementations that use the EAP-FAST-MSCHAPv2, instead of the
EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here to
interoperate with other implementations since that seems to be direction
that IETF EMU WG is likely to go with an RFC 7170 update.
This breaks interoperability with earlier hostapd/wpa_supplicant
versions.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
if (!data->phase2_method)
return -1;
+ /* While RFC 7170 does not describe this, EAP-TEAP has been deployed
+ * with implementations that use the EAP-FAST-MSCHAPv2, instead of the
+ * EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here
+ * to interoperate.
+ */
+ sm->eap_fast_mschapv2 = true;
+
sm->init_phase2 = 1;
data->phase2_priv = data->phase2_method->init(sm);
sm->init_phase2 = 0;
if (!data->phase2_method)
return -1;
+ /* While RFC 7170 does not describe this, EAP-TEAP has been deployed
+ * with implementations that use the EAP-FAST-MSCHAPv2, instead of the
+ * EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here
+ * to interoperate.
+ */
+ sm->eap_fast_mschapv2 = true;
+
sm->init_phase2 = 1;
data->phase2_priv = data->phase2_method->init(sm);
sm->init_phase2 = 0;
projects / thirdparty / hostap.git / commitdiff
