wolfSSL: Use wolfSSL_export_keying_material() when available

This is needed to work with TLS 1.3 key derivation. It looks the needed
functionality was added in wolfSSL 4.7.0.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 820c49e11fb9e3e5f49198e16d3c45b2d90124a4..fd12f71d2fa0174b8069fcb1af40fdd56b4bb693 100644 (file)
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1977,10 +1977,20 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
                              const char *label, const u8 *context,
                              size_t context_len, u8 *out, size_t out_len)
 {
-       if (context)
+       if (!conn)
+               return -1;
+#if LIBWOLFSSL_VERSION_HEX >= 0x04007000
+       if (wolfSSL_export_keying_material(conn->ssl, out, out_len,
+                                          label, os_strlen(label),
+                                          context, context_len,
+                                          context != NULL) != WOLFSSL_SUCCESS)
                return -1;
-       if (!conn || wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
+       return 0;
+#else
+       if (context ||
+           wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
                return -1;
+#endif
        return 0;
 }