Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 2eb0a9b767d4583cfea8ed4b70acc5508c179a62..d8930acbdbf55498e9d2afc0e76e3bca6a4ccbed 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1572,6 +1572,7 @@ static void expand_keys(private_tls_crypto_t *this,
        /* EAP-MSK */
        if (this->msk_label)
        {
+               seed = chunk_cata("cc", client_random, server_random);
                this->msk = chunk_alloc(64);
                this->prf->get_bytes(this->prf, this->msk_label, seed,
                                                         this->msk.len, this->msk.ptr);