For EAP-FAST key derivation, I need to know the key block size. With
OpenSSL 1.0.0 I used effectively following function to figure this out
after having completed TLS handshake:
int get_block_size(SSL *ssl)
{
const EVP_CIPHER *c = ssl->enc_read_ctx->cipher;
const EVP_MD *h = EVP_MD_CTX_md(ssl->read_hash);
return 2 * (EVP_CIPHER_key_length(c) +
EVP_MD_size(h) +
EVP_CIPHER_iv_length(c));
}
This seemed to work fine with OpenSSL 1.0.0, but EVP_MD_CTX_md() returns
NULL in OpenSSL 1.0.1.
Based on tls1_setup_key_block(), the best I came up for 1.0.1 was this:
int get_block_size(SSL *ssl)
{
const EVP_CIPHER *c = ssl->enc_read_ctx->cipher;
return 2 * (EVP_CIPHER_key_length(c) +
ssl->s3->tmp.new_mac_secret_size +
EVP_CIPHER_iv_length(c));
}
This seems to work, but using ssl->s3->tmp to figure out this outside
the library code does not look exactly clean.. Is there a better way to
figure out the MAC secret size (or even better, full key block size)
with OpenSSL?
--
Jouni Malinen PGP id EFC895FA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
