From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 9 Sep 2015 13:18:50 +0000 (-0400)
Subject: More fixes to use SSL_export_keying_material
X-Git-Tag: release_3_0_10~153
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6bd2ba0ace154b8d6791431db23c81023cdc128b;p=thirdparty%2Ffreeradius-server.git

More fixes to use SSL_export_keying_material
---

diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index e5cc2e24b85..d8e595159de 100644
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -162,15 +162,21 @@ void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label)
  */
 void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
 	uint8_t out[32], buf[32];
 	uint8_t seed[sizeof(FR_TLS_PRF_CHALLENGE)-1 + 2*SSL3_RANDOM_SIZE];
 	uint8_t *p = seed;
+#endif
 
 	if (!s->s3) {
 		ERROR("No SSLv3 information");
 		return;
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+	SSL_export_keying_material(s, buffer, size, EAPTLS_PRF_CHALLENGE,
+				   sizeof(EAPTLS_PRF_CHALLENGE) - 1, NULL, 0, 0);
+#else
 	memcpy(p, FR_TLS_PRF_CHALLENGE, sizeof(FR_TLS_PRF_CHALLENGE)-1);
 	p += sizeof(FR_TLS_PRF_CHALLENGE)-1;
 	memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
@@ -181,6 +187,7 @@ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size)
 	    seed, sizeof(seed), out, buf, sizeof(out));
 
 	memcpy(buffer, out, size);
+#endif
 }
 
 /*