From: Martin Willi <martin@revosec.ch>
Date: Tue, 7 Feb 2012 09:50:02 +0000 (+0100)
Subject: Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion
X-Git-Tag: 4.6.2~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06c150365d6fdbb7fd7522e48b95bbf2ac9e94e5;p=thirdparty%2Fstrongswan.git

Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 2eb0a9b767..d8930acbdb 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1572,6 +1572,7 @@ static void expand_keys(private_tls_crypto_t *this,
 	/* EAP-MSK */
 	if (this->msk_label)
 	{
+		seed = chunk_cata("cc", client_random, server_random);
 		this->msk = chunk_alloc(64);
 		this->prf->get_bytes(this->prf, this->msk_label, seed,
 							 this->msk.len, this->msk.ptr);