/* MPPE key generation */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
+#endif
+
void T_PRF(unsigned char const *secret, unsigned int secret_len, char const *prf_label, unsigned char const *seed, unsigned int seed_len, unsigned char *out, unsigned int out_len) CC_HINT(nonnull(1,3,6));
void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label);
void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size);
#include <openssl/hmac.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+/*
+ * OpenSSL compatibility, to avoid ifdef's through the rest of the code.
+ */
+size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t outlen)
+{
+ if (!outlen) return sizeof(s->s3->client_random);
+
+ if (outlen > sizeof(s->s3->client_random)) outlen = sizeof(s->s3->client_random);
+
+ memcpy(out, s->s3->client_random, outlen);
+ return outlen;
+}
+
+size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t outlen)
+{
+ if (!outlen) return sizeof(s->s3->server_random);
+
+ if (outlen > sizeof(s->s3->server_random)) outlen = sizeof(s->s3->server_random);
+
+ memcpy(out, s->s3->server_random, outlen);
+ return outlen;
+}
+
+static size_t SSL_SESSION_get_master_key(const SSL_SESSION *s, unsigned char *out, size_t outlen)
+{
+ if (!outlen) return s->master_key_length;
+
+ if (outlen > (size_t)s->master_key_length) outlen = (size_t)s->master_key_length;
+
+ memcpy(out, s->master_key, outlen);
+ return outlen;
+}
+#endif
+
/*
* TLS PRF from RFC 2246
*/
p[0] = header & 0xff;
-#ifdef HAVE_SSL_GET_CLIENT_RANDOM
SSL_get_client_random(s, p + 1, SSL3_RANDOM_SIZE);
SSL_get_server_random(s, p + 1 + SSL3_RANDOM_SIZE, SSL3_RANDOM_SIZE);
-#else
- memcpy(p + 1, s->s3->client_random, SSL3_RANDOM_SIZE);
- memcpy(p + 1 + SSL3_RANDOM_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE);
-#endif
+
vp->vp_octets = p;
fr_pair_add(&packet->vps, vp);
}
*/
void eap_fast_tls_gen_challenge(SSL *s, uint8_t *buffer, uint8_t *scratch, size_t size, char const *prf_label)
{
+ uint8_t *p;
+ size_t len, master_key_len;
uint8_t seed[128 + 2*SSL3_RANDOM_SIZE];
- uint8_t *p = seed;
- size_t len;
+ uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH];
len = strlen(prf_label);
if (len > 128) len = 128;
+ p = seed;
memcpy(p, prf_label, len);
p += len;
memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
p += SSL3_RANDOM_SIZE;
- PRF(s->session->master_key, s->session->master_key_length,
- seed, p - seed, buffer, scratch, size);
+ master_key_len = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, sizeof(master_key));
+ PRF(master_key, master_key_len, seed, p - seed, buffer, scratch, size);
}