projects
/
freeradius.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d541351
)
Use SSL_export_keying_material for TLSv1.2 PRF derivation
author
Alan T. DeKok
<aland@freeradius.org>
Tue, 31 Mar 2015 15:33:12 +0000
(11:33 -0400)
committer
Alan T. DeKok
<aland@freeradius.org>
Tue, 31 Mar 2015 15:33:12 +0000
(11:33 -0400)
src/modules/rlm_eap/libeap/mppe_keys.c
patch
|
blob
|
history
diff --git
a/src/modules/rlm_eap/libeap/mppe_keys.c
b/src/modules/rlm_eap/libeap/mppe_keys.c
index
c724937
..
c783784
100644
(file)
--- a/
src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/
src/modules/rlm_eap/libeap/mppe_keys.c
@@
-127,9
+127,8
@@
static void PRF(const unsigned char *secret, unsigned int secret_len,
void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
const char *prf_label)
{
void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
const char *prf_label)
{
- unsigned char out[4*EAPTLS_MPPE_KEY_LEN], buf[4*EAPTLS_MPPE_KEY_LEN];
- unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
- unsigned char *p = seed;
+ unsigned char out[4*EAPTLS_MPPE_KEY_LEN];
+ unsigned char *p;
size_t prf_size;
if (!s->s3) {
size_t prf_size;
if (!s->s3) {
@@
-139,18
+138,31
@@
void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
prf_size = strlen(prf_label);
prf_size = strlen(prf_label);
- memcpy(p, prf_label, prf_size);
- p += prf_size;
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ if (SSL_export_keying_material(s, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1) {
+ ERROR("Failed generating keying material");
+ return;
+ }
+#else
+ {
+ unsigned char buf[4*EAPTLS_MPPE_KEY_LEN];
+ unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
-
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE)
;
-
p += SSL3_RANDOM_SIZE
;
-
prf_size += SSL3_RANDOM_SIZE
;
+
p = seed
;
+
memcpy(p, prf_label, prf_size)
;
+
p += prf_size
;
- memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
- prf_size += SSL3_RANDOM_SIZE;
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ prf_size += SSL3_RANDOM_SIZE;
- PRF(s->session->master_key, s->session->master_key_length,
- seed, prf_size, out, buf, sizeof(out));
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ prf_size += SSL3_RANDOM_SIZE;
+
+ PRF(s->session->master_key, s->session->master_key_length,
+ seed, prf_size, out, buf, sizeof(out));
+ }
+#endif
p = out;
add_reply(reply_vps, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN);
p = out;
add_reply(reply_vps, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN);