From 06c150365d6fdbb7fd7522e48b95bbf2ac9e94e5 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 7 Feb 2012 10:50:02 +0100
Subject: Fix TLS EAP-MSK derivation, uses different order of randoms than key
 expansion

---
 src/libtls/tls_crypto.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src')

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 2eb0a9b76..d8930acbd 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1572,6 +1572,7 @@ static void expand_keys(private_tls_crypto_t *this,
 	/* EAP-MSK */
 	if (this->msk_label)
 	{
+		seed = chunk_cata("cc", client_random, server_random);
 		this->msk = chunk_alloc(64);
 		this->prf->get_bytes(this->prf, this->msk_label, seed,
 							 this->msk.len, this->msk.ptr);
-- 
cgit v1.2.3