EAP-TTLS/PEAP/FAST peer: Stop immediately on local TLS processing failure

EAP-TLS was already doing this, but the other TLS-based EAP methods did
not mark methodState DONE and decision FAIL on local TLS processing
errors (instead, they left the connection waiting for a longer timeout).

Signed-off-by: Jouni Malinen <j@w1.fi>

src/eap_peer/eap_fast.c

@@ -1572,6 +1572,13 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
 						  EAP_TYPE_FAST,
 						  data->fast_version, id, &msg,
 						  &resp);
+		if (res < 0) {
+			wpa_printf(MSG_DEBUG,
+				   "EAP-FAST: TLS processing failed");
+			ret->methodState = METHOD_DONE;
+			ret->decision = DECISION_FAIL;
+			return resp;
+		}
 
 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 			char cipher[80];

src/eap_peer/eap_peap.c

@@ -1011,6 +1011,13 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 						  data->peap_version, id, &msg,
 						  &resp);
 
+		if (res < 0) {
+			wpa_printf(MSG_DEBUG,
+				   "EAP-PEAP: TLS processing failed");
+			ret->methodState = METHOD_DONE;
+			ret->decision = DECISION_FAIL;
+			return resp;
+		}
 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 			char *label;
 			wpa_printf(MSG_DEBUG,

src/eap_peer/eap_ttls.c

@@ -1394,6 +1394,12 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
 	res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
 					  data->ttls_version, identifier,
 					  in_data, out_data);
+	if (res < 0) {
+		wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS processing failed");
+		ret->methodState = METHOD_DONE;
+		ret->decision = DECISION_FAIL;
+		return -1;
+	}
 
 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 		wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "