Corrected authenticator EAP-TLS start retries

Mika Leppänen · Mika Leppänen · commit f8f07622334f · 2019-09-04T12:18:39.000+03:00
State machine went to invalid state if supplicant retry of identity
response arrived after EAP-TLS start sending. It caused the retries of
EAP-TLS start to be invalid (i.e. without start bit set).
diff --git a/source/Security/protocols/eap_tls_sec_prot/auth_eap_tls_sec_prot.c b/source/Security/protocols/eap_tls_sec_prot/auth_eap_tls_sec_prot.c
@@ -452,8 +452,6 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
                 return;
             }
 
-            sec_prot_state_set(prot, &data->common, EAP_TLS_STATE_RESPONSE);
-
             // EAP response
             if (data->eap_code == EAP_RESPONSE) {
                 // Handle EAP response, TLS EAP
@@ -467,6 +465,8 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
                     return;
                 }
 
+                sec_prot_state_set(prot, &data->common, EAP_TLS_STATE_RESPONSE);
+
                 // All fragments received for a message
                 if (result == EAP_TLS_MSG_RECEIVE_DONE) {
                     auth_eap_tls_sec_prot_init_tls(prot);
