Fix some SSL_export_keying_material() issues

Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7755)
author: Matt Caswell <matt@openssl.org> 2018-12-04 08:37:04 +0000
committer: Matt Caswell <matt@openssl.org> 2018-12-05 10:55:04 +0000
commit: 0fb2815b873304d145ed00283454fc9f3bd35e6b (patch)
tree: 25e40e4f76270869ce4053ad2af0beb5ab7304bd /ssl/statem
parent: ed371b8cbac0d0349667558c061c1ae380cf75eb (diff)
3 files changed, 3 insertions, 3 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 63e61c6184..716d6d23e0 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
 
     /* Generate the binder key */
     if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
-                           hashsize, binderkey, hashsize)) {
+                           hashsize, binderkey, hashsize, 1)) {
         /* SSLfatal() already called */
         goto err;
     }
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5a8f1163df..a0e495d8e8 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
                                PACKET_data(&nonce),
                                PACKET_remaining(&nonce),
                                s->session->master_key,
-                               hashlen)) {
+                               hashlen, 1)) {
             /* SSLfatal() already called */
             goto err;
         }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4bea..a8e862ced5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
                                tick_nonce,
                                TICKET_NONCE_SIZE,
                                s->session->master_key,
-                               hashlen)) {
+                               hashlen, 1)) {
             /* SSLfatal() already called */
             goto err;
         }
author	Matt Caswell <matt@openssl.org>	2018-12-04 08:37:04 +0000
committer	Matt Caswell <matt@openssl.org>	2018-12-05 10:55:04 +0000
commit	0fb2815b873304d145ed00283454fc9f3bd35e6b (patch)
tree	25e40e4f76270869ce4053ad2af0beb5ab7304bd /ssl/statem
parent	ed371b8cbac0d0349667558c061c1ae380cf75eb (diff)