#include "includes.h"
#include "common.h"
-#include "eap_i.h"
-#include "eap_config.h"
-#include "tls.h"
-#include "crypto.h"
#include "pcsc_funcs.h"
-#include "wpa_ctrl.h"
#include "state_machine.h"
+#include "crypto/crypto.h"
+#include "crypto/tls.h"
+#include "common/wpa_ctrl.h"
#include "eap_common/eap_wsc_common.h"
+#include "eap_i.h"
+#include "eap_config.h"
#define STATE_MACHINE_DATA struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX "EAP"
* @method: EAP type
* Returns: 1 = allowed EAP method, 0 = not allowed
*/
-static int eap_allowed_method(struct eap_sm *sm, int vendor, u32 method)
+int eap_allowed_method(struct eap_sm *sm, int vendor, u32 method)
{
struct eap_peer_config *config = eap_get_config(sm);
int i;
{
SM_ENTRY(EAP, INITIALIZE);
if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
- sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
+ sm->m->has_reauth_data(sm, sm->eap_method_priv) &&
+ !sm->prev_failure) {
wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
"fast reauthentication");
sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
eapol_set_bool(sm, EAPOL_eapResp, FALSE);
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
sm->num_rounds = 0;
+ sm->prev_failure = 0;
}
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
"EAP authentication failed");
+
+ sm->prev_failure = 1;
}
sm->eapol_cb = eapol_cb;
sm->msg_ctx = msg_ctx;
sm->ClientTimeout = 60;
- if (conf->mac_addr)
- os_memcpy(sm->mac_addr, conf->mac_addr, ETH_ALEN);
- if (conf->uuid)
- os_memcpy(sm->uuid, conf->uuid, 16);
sm->wps = conf->wps;
os_memset(&tlsconf, 0, sizeof(tlsconf));
tlsconf.opensc_engine_path = conf->opensc_engine_path;
tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path;
tlsconf.pkcs11_module_path = conf->pkcs11_module_path;
+#ifdef CONFIG_FIPS
+ tlsconf.fips_mode = 1;
+#endif /* CONFIG_FIPS */
sm->ssl_ctx = tls_init(&tlsconf);
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "