From: James Rouzier <jrouzier@inverse.ca>
Date: Wed, 7 Sep 2016 17:16:02 +0000 (-0400)
Subject: Add eap_fast_tls_gen_challenge
X-Git-Tag: release_3_0_12~74^2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cda455941148ab9b049efdeb2fa32374986a54e;p=thirdparty%2Ffreeradius-server.git

Add eap_fast_tls_gen_challenge
---

diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h
index 091921d885d..9c357e2a75c 100644
--- a/src/modules/rlm_eap/libeap/eap_tls.h
+++ b/src/modules/rlm_eap/libeap/eap_tls.h
@@ -67,6 +67,7 @@ void			T_PRF(unsigned char const *secret, unsigned int secret_len, char const *p
 void	eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label);
 void	eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size);
 void	eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header);
+void			eap_fast_tls_gen_challenge(SSL *ssl, uint8_t *buffer, uint8_t *scratch, size_t size, char const *prf_label) CC_HINT(nonnull);
 
 #define BUFFER_SIZE 1024
 
diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index 16be5d15800..88db26e36bd 100644
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -29,7 +29,6 @@ USES_APPLE_DEPRECATED_API	/* OpenSSL API has been deprecated by Apple */
 #include <openssl/hmac.h>
 
 
-#if OPENSSL_VERSION_NUMBER < 0x10001000L
 /*
  * TLS PRF from RFC 2246
  */
@@ -145,7 +144,6 @@ static void PRF(unsigned char const *secret, unsigned int secret_len,
 		out[i] ^= buf[i];
 	}
 }
-#endif
 
 #define EAPTLS_MPPE_KEY_LEN     32
 
@@ -256,3 +254,28 @@ void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header)
 	vp->vp_octets = p;
 	fr_pair_add(&packet->vps, vp);
 }
+
+/*
+ *	Same as before, but for EAP-FAST the order of {server,client}_random is flipped
+ */
+void eap_fast_tls_gen_challenge(SSL *s, uint8_t *buffer, uint8_t *scratch, size_t size, char const *prf_label)
+{
+	uint8_t seed[128 + 2*SSL3_RANDOM_SIZE];
+	uint8_t *p = seed;
+	size_t len;
+
+	len = strlen(prf_label);
+	if (len > 128) len = 128;
+
+	memcpy(p, prf_label, len);
+	p += len;
+	memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+	p += SSL3_RANDOM_SIZE;
+	memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+	p += SSL3_RANDOM_SIZE;
+
+	PRF(s->session->master_key, s->session->master_key_length,
+	    seed, p - seed, buffer, scratch, size);
+}
+
+