aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-12-14 22:15:54 (GMT)
committerJouni Malinen <j@w1.fi>2008-12-14 22:15:54 (GMT)
commitf4f2774a96d91753811e921380856bc859888153 (patch)
treef4513be9150e8ee13b2777a7690f2073f91e65cb /src/eap_peer
parent000a1de72b20a461710667477b98618ad545e941 (diff)
downloadhostap-06-f4f2774a96d91753811e921380856bc859888153.zip
hostap-06-f4f2774a96d91753811e921380856bc859888153.tar.gz
hostap-06-f4f2774a96d91753811e921380856bc859888153.tar.bz2
Fixed interoperability issue with PEAPv0 cryptobinding and NPS
Windows Server 2008 NPS gets very confused if the TLS Message Length is not included in the Phase 1 messages even if fragmentation is not used. If the TLS Message Length field is not included in ClientHello message, NPS seems to decide to use the ClientHello data (excluding first six octets, i.e., EAP header, type, Flags) as the OuterTLVs data in Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP).. Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0 is now using optional Cryptobinding by default (again) since there are no known interop issues with it anymore.
Diffstat (limited to 'src/eap_peer')
-rw-r--r--src/eap_peer/eap_peap.c2
-rw-r--r--src/eap_peer/eap_tls_common.c11
2 files changed, 12 insertions, 1 deletions
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 11c93de..894fc63 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -147,7 +147,7 @@ static void * eap_peap_init(struct eap_sm *sm)
data->peap_version = EAP_PEAP_VERSION;
data->force_peap_version = -1;
data->peap_outer_success = 2;
- data->crypto_binding = NO_BINDING;
+ data->crypto_binding = OPTIONAL_BINDING;
if (config && config->phase1 &&
eap_peap_parse_phase1(data, config->phase1) < 0) {
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 9ff4eed..5db8bf6 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -501,6 +501,17 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
length_included = data->tls_out_pos == 0 &&
(data->tls_out_len > data->tls_out_limit ||
data->include_tls_length);
+ if (!length_included &&
+ eap_type == EAP_TYPE_PEAP && peap_version == 0 &&
+ !tls_connection_established(data->eap->ssl_ctx, data->conn)) {
+ /*
+ * Windows Server 2008 NPS really wants to have the TLS Message
+ * length included in phase 0 even for unfragmented frames or
+ * it will get very confused with Compound MAC calculation and
+ * Outer TLVs.
+ */
+ length_included = 1;
+ }
*out_data = eap_msg_alloc(EAP_VENDOR_IETF, eap_type,
1 + length_included * 4 + len,