From: Jouni Malinen <j@w1.fi>
Date: Mon, 18 Apr 2022 13:27:47 +0000 (+0300)
Subject: wolfSSL: Use wolfSSL_export_keying_material() when available
X-Git-Tag: hostap_2_11~2025
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94e0f39d9799f6138676a081be716df70a75a130;p=thirdparty%2Fhostap.git

wolfSSL: Use wolfSSL_export_keying_material() when available

This is needed to work with TLS 1.3 key derivation. It looks the needed
functionality was added in wolfSSL 4.7.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 820c49e11..fd12f71d2 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1977,10 +1977,20 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
 			      const char *label, const u8 *context,
 			      size_t context_len, u8 *out, size_t out_len)
 {
-	if (context)
+	if (!conn)
+		return -1;
+#if LIBWOLFSSL_VERSION_HEX >= 0x04007000
+	if (wolfSSL_export_keying_material(conn->ssl, out, out_len,
+					   label, os_strlen(label),
+					   context, context_len,
+					   context != NULL) != WOLFSSL_SUCCESS)
 		return -1;
-	if (!conn || wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
+	return 0;
+#else
+	if (context ||
+	    wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
 		return -1;
+#endif
 	return 0;
 }