[eap] Allow MD5-Challenge authentication method to be disabled

RFC 3748 states that implementations must support the MD5-Challenge method. However, some network environments may wish to disable it as a matter of policy. Allow support for MD5-Challenge to be controllable via the build configuration option EAP_METHOD_MD5 in config/general.h. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-18 02:20:19 +03:00 · 2024-02-23 12:33:57 +00:00
parent 834f319f87
commit 25ffcd79bf
6 changed files with 172 additions and 82 deletions
--- a/src/include/ipxe/eap.h
+++ b/src/include/ipxe/eap.h
@@ -166,6 +166,8 @@ struct eap_method {
 /** Declare an EAP method */
 #define __eap_method __table_entry ( EAP_METHODS, 01 )

+extern int eap_tx_response ( struct eap_supplicant *supplicant,
+			     const void *rsp, size_t rsp_len );
 extern int eap_rx ( struct eap_supplicant *supplicant,
 		    const void *data, size_t len );

--- a/src/include/ipxe/errfile.h
+++ b/src/include/ipxe/errfile.h
@@ -297,6 +297,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define ERRFILE_httpntlm		( ERRFILE_NET | 0x004a0000 )
 #define ERRFILE_eap			( ERRFILE_NET | 0x004b0000 )
 #define ERRFILE_lldp			( ERRFILE_NET | 0x004c0000 )
+#define ERRFILE_eap_md5			( ERRFILE_NET | 0x004d0000 )

 #define ERRFILE_image		      ( ERRFILE_IMAGE | 0x00000000 )
 #define ERRFILE_elf		      ( ERRFILE_IMAGE | 0x00010000 )