OpenSSL: Use internal keying material exporter when possible

Use SSL_export_keying_material() if possible, i.e., if OpenSSL is
version 1.0.1 or newer and if client random value is used first. This
allows MSK derivation with TLS-based EAP methods (apart from EAP-FAST)
without exporting the master key from OpenSSL.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index baf206ee929f6a47510c0139622f5a747e615b33..50ce23a61b624d2c15bc127be70dbb728deaa625 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2323,6 +2323,19 @@ int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
                       const char *label, int server_random_first,
                       u8 *out, size_t out_len)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+       SSL *ssl;
+       if (conn == NULL)
+               return -1;
+       if (server_random_first)
+               return -1;
+       ssl = conn->ssl;
+       if (SSL_export_keying_material(ssl, out, out_len, label,
+                                      os_strlen(label), NULL, 0, 0) == 1) {
+               wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
+               return 0;
+       }
+#endif
        return -1;
 }