void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
const char *prf_label)
{
- unsigned char out[4*EAPTLS_MPPE_KEY_LEN], buf[4*EAPTLS_MPPE_KEY_LEN];
- unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
- unsigned char *p = seed;
+ unsigned char out[4*EAPTLS_MPPE_KEY_LEN];
+ unsigned char *p;
size_t prf_size;
if (!s->s3) {
prf_size = strlen(prf_label);
- memcpy(p, prf_label, prf_size);
- p += prf_size;
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ if (SSL_export_keying_material(s, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1) {
+ ERROR("Failed generating keying material");
+ return;
+ }
+#else
+ {
+ unsigned char buf[4*EAPTLS_MPPE_KEY_LEN];
+ unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
- memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
- p += SSL3_RANDOM_SIZE;
- prf_size += SSL3_RANDOM_SIZE;
+ p = seed;
+ memcpy(p, prf_label, prf_size);
+ p += prf_size;
- memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
- prf_size += SSL3_RANDOM_SIZE;
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ prf_size += SSL3_RANDOM_SIZE;
- PRF(s->session->master_key, s->session->master_key_length,
- seed, prf_size, out, buf, sizeof(out));
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ prf_size += SSL3_RANDOM_SIZE;
+
+ PRF(s->session->master_key, s->session->master_key_length,
+ seed, prf_size, out, buf, sizeof(out));
+ }
+#endif
p = out;
add_reply(reply_vps, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN);