[PATCH] EAP-TEAP peer: keep inner EAP method when processing Identity method
Alexander Clouter
alex+hostapd at coremem.com
Sun Nov 27 06:13:33 PST 2022
We need the inner EAP method's MSK/EMSK material to verify/calculate
the Cryptobinding CMACs so do not dispose of them when seeing an
Identity request; this occurs duing EAP sequences (machine+user auth)
Signed-off-by: Alexander Clouter <aclouter at networkradius.com>
---
src/eap_peer/eap_teap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/eap_peer/eap_teap.c b/src/eap_peer/eap_teap.c
index 42769eb64..86529f41c 100644
--- a/src/eap_peer/eap_teap.c
+++ b/src/eap_peer/eap_teap.c
@@ -429,7 +429,7 @@ static int eap_teap_phase2_request(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-TEAP: Phase 2 Request: type=%u:%u",
vendor, method);
if (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_IDENTITY) {
- eap_teap_deinit_inner_eap(sm, data);
+ /* do not deinit the inner EAP method as we need it for the Cryptobinding CMACs */
*resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
return 0;
}
--
2.35.1
More information about the Hostap
mailing list