Use the upstream codepath that uses SSL_SESSION_get_master_key() and SSL_get_client_random() instead of reaching into the SSL_SESSION and SSL3_STATE structs.