From 94e0f39d9799f6138676a081be716df70a75a130 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Mon, 18 Apr 2022 16:27:47 +0300
Subject: [PATCH] wolfSSL: Use wolfSSL_export_keying_material() when available

This is needed to work with TLS 1.3 key derivation. It looks the needed
functionality was added in wolfSSL 4.7.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/tls_wolfssl.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 820c49e11..fd12f71d2 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1977,11 +1977,21 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
 			      const char *label, const u8 *context,
 			      size_t context_len, u8 *out, size_t out_len)
 {
-	if (context)
+	if (!conn)
 		return -1;
-	if (!conn || wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
+#if LIBWOLFSSL_VERSION_HEX >= 0x04007000
+	if (wolfSSL_export_keying_material(conn->ssl, out, out_len,
+					   label, os_strlen(label),
+					   context, context_len,
+					   context != NULL) != WOLFSSL_SUCCESS)
 		return -1;
 	return 0;
+#else
+	if (context ||
+	    wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
+		return -1;
+#endif
+	return 0;
 }