Fix tls_connection_prf() regression with CONFIG_TLS=internal

Commit af851914f810978909dd8598ab88030fe43d0051 ('Make
tls_connection_get_keyblock_size() internal to tls_*.c') broke
tls_connection_prf() with the internal TLS implementation when using
skip_keyblock=1. In practice, this broke EAP-FAST. Fix this by deriving
the correct number of PRF bytes before skipping the keyblock.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index 4cf5c45..dcbb31d 100644 (file)
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -403,14 +403,14 @@ int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
        if (conn->client) {
                ret = tlsv1_client_prf(conn->client, label,
                                       server_random_first,
-                                      _out, out_len);
+                                      _out, skip + out_len);
        }
 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 #ifdef CONFIG_TLS_INTERNAL_SERVER
        if (conn->server) {
                ret = tlsv1_server_prf(conn->server, label,
                                       server_random_first,
-                                      _out, out_len);
+                                      _out, skip + out_len);
        }
 #endif /* CONFIG_TLS_INTERNAL_SERVER */
        if (ret == 0 && skip_keyblock)