Use tls_connection_prf() for all EAP TLS-based key derivation

tls_openssl.c is the only remaining TLS/crypto wrapper that needs the internal PRF implementation for EAP-FAST (since SSL_export_keying_material() is not available in older versions and does not support server-random-before-client case). As such, it is cleaner to assume that TLS libraries support tls_connection_prf() and move the additional support code for the otherwise unsupported cases into tls_openssl.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-31 15:47:32 +03:00 · 2015-03-31 15:47:32 +03:00 · fa0e715100
commit fa0e715100
parent df8191d0b8
4 changed files with 75 additions and 101 deletions
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@ -100,43 +100,18 @@ void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
 u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
 			       char *label, size_t len)
 {
-	struct tls_keys keys;
-	u8 *rnd = NULL, *out;
+	u8 *out;

 	out = os_malloc(len);
 	if (out == NULL)
 		return NULL;

-	if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len) ==
-	    0)
-		return out;
+	if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len)) {
+		os_free(out);
+		return NULL;
+	}

-	if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
-		goto fail;
-
-	if (keys.client_random == NULL || keys.server_random == NULL ||
-	    keys.master_key == NULL)
-		goto fail;
-
-	rnd = os_malloc(keys.client_random_len + keys.server_random_len);
-	if (rnd == NULL)
-		goto fail;
-	os_memcpy(rnd, keys.client_random, keys.client_random_len);
-	os_memcpy(rnd + keys.client_random_len, keys.server_random,
-		  keys.server_random_len);
-
-	if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
-			     label, rnd, keys.client_random_len +
-			     keys.server_random_len, out, len))
-		goto fail;
-
-	os_free(rnd);
 	return out;
-
-fail:
-	os_free(out);
-	os_free(rnd);
-	return NULL;
 }