EAP-TEAP peer: Fix fragmentation of final message

Need to update methodState/decision when completing transmission of
fragmented last Phase 2 message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-08-07 01:11:54 +03:00 committed by Jouni Malinen
parent 9b2b99c550
commit d776bf8c66

View File

@ -36,6 +36,7 @@ struct eap_teap_data {
int phase2_success; int phase2_success;
int inner_method_done; int inner_method_done;
int result_success_done; int result_success_done;
int on_tx_completion;
struct eap_method_type phase2_type; struct eap_method_type phase2_type;
struct eap_method_type *phase2_types; struct eap_method_type *phase2_types;
@ -1349,7 +1350,8 @@ done:
/* Successfully completed Phase 2 */ /* Successfully completed Phase 2 */
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"EAP-TEAP: Authentication completed successfully"); "EAP-TEAP: Authentication completed successfully");
ret->methodState = data->provisioning ? ret->methodState = METHOD_MAY_CONT;
data->on_tx_completion = data->provisioning ?
METHOD_MAY_CONT : METHOD_DONE; METHOD_MAY_CONT : METHOD_DONE;
ret->decision = DECISION_UNCOND_SUCC; ret->decision = DECISION_UNCOND_SUCC;
} }
@ -1402,9 +1404,18 @@ static int eap_teap_decrypt(struct eap_sm *sm, struct eap_teap_data *data,
if (wpabuf_len(in_data) == 0) { if (wpabuf_len(in_data) == 0) {
/* Received TLS ACK - requesting more fragments */ /* Received TLS ACK - requesting more fragments */
return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TEAP, res = eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TEAP,
data->teap_version, data->teap_version,
identifier, NULL, out_data); identifier, NULL, out_data);
if (res == 0 && !data->ssl.tls_out &&
data->on_tx_completion) {
wpa_printf(MSG_DEBUG,
"EAP-TEAP: Mark authentication completed at full TX of fragments");
ret->methodState = data->on_tx_completion;
data->on_tx_completion = 0;
ret->decision = DECISION_UNCOND_SUCC;
}
return res;
} }
res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted); res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
@ -1904,6 +1915,7 @@ static void * eap_teap_init_for_reauth(struct eap_sm *sm, void *priv)
data->phase2_success = 0; data->phase2_success = 0;
data->inner_method_done = 0; data->inner_method_done = 0;
data->result_success_done = 0; data->result_success_done = 0;
data->done_on_tx_completion = 0;
data->resuming = 1; data->resuming = 1;
data->provisioning = 0; data->provisioning = 0;
data->anon_provisioning = 0; data->anon_provisioning = 0;