Fix some SSL_export_keying_material() issues

Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7755) (cherry picked from commit 0fb2815b873304d145ed00283454fc9f3bd35e6b)
author: Matt Caswell <matt@openssl.org> 2018-12-04 08:37:04 +0000
committer: Matt Caswell <matt@openssl.org> 2018-12-05 10:59:08 +0000
commit: db860ea3dcf56a1993c66da22bd44460d7ac4914 (patch)
tree: 1b8f457e57de929695cb8e4d10894ebf917ae941 /doc
parent: 56e0f123dc17cb99f50efbae4bbbab77f360818f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod
index abebf911fc..4c81a60ffb 100644
--- a/doc/man3/SSL_export_keying_material.pod
+++ b/doc/man3/SSL_export_keying_material.pod
@@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from
 the IANA Exporter Label Registry
 (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>).
 Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard
-to be used without registration.
+to be used without registration. TLSv1.3 imposes a maximum label length of
+249 bytes.
 
 Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
 above. Attempting to use it in SSLv3 will result in an error.
author	Matt Caswell <matt@openssl.org>	2018-12-04 08:37:04 +0000
committer	Matt Caswell <matt@openssl.org>	2018-12-05 10:59:08 +0000
commit	db860ea3dcf56a1993c66da22bd44460d7ac4914 (patch)
tree	1b8f457e57de929695cb8e4d10894ebf917ae941 /doc
parent	56e0f123dc17cb99f50efbae4bbbab77f360818f (diff)