EAP-TEAP peer: Add Intermediate-Result TLV with Crypto-Binding TLV

Previously, only the Result TLV was added when writing Crypto-Binding
TLV response. This is not sufficient, since RFC 7170 require
Intermediate-Result TLV response to be included from the peer if the
server included Intermediate-Result TLV.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/eap_peer/eap_teap.c

@@ -1193,6 +1193,7 @@ static int eap_teap_process_decrypted(struct eap_sm *sm,
 	struct eap_teap_tlv_parse tlv;
 	int failed = 0;
 	enum teap_error_codes error = 0;
+	int iresult_added = 0;
 
 	if (eap_teap_parse_decrypted(decrypted, &tlv, &resp) < 0) {
 		/* Parsing failed - no response available */
@@ -1262,6 +1263,7 @@ static int eap_teap_process_decrypted(struct eap_sm *sm,
 			resp = wpabuf_concat(resp, tmp);
 			if (tlv.iresult == TEAP_STATUS_FAILURE)
 				failed = 1;
+			iresult_added = 1;
 		}
 	}
 
@@ -1348,6 +1350,13 @@ done:
 		tmp = eap_teap_tlv_result(TEAP_STATUS_SUCCESS, 0);
 		resp = wpabuf_concat(tmp, resp);
 	}
+	if ((tlv.iresult == TEAP_STATUS_SUCCESS ||
+	     tlv.iresult == TEAP_STATUS_FAILURE) && !iresult_added) {
+		tmp = eap_teap_tlv_result((!failed && data->phase2_success) ?
+					  TEAP_STATUS_SUCCESS :
+					  TEAP_STATUS_FAILURE, 1);
+		resp = wpabuf_concat(tmp, resp);
+	}
 
 	if (resp && tlv.result == TEAP_STATUS_SUCCESS && !failed &&
 	    tlv.crypto_binding && data->phase2_success) {