Fix TLSv1.3 ticket nonces

All tickets on a connection need to have a unique nonce. When this was originally implemented we only ever sent one ticket on the conneciton so this didn't matter. We were just using the value 0. Now we can get multiple tickets to we need to start doing the ticket nonce properly. Fixes #6387 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6415)
author: Matt Caswell <matt@openssl.org> 2018-06-01 16:52:34 +0100
committer: Matt Caswell <matt@openssl.org> 2018-06-07 10:58:35 +0100
commit: 4ff1a5266685f4a687a9f91b531c2f979b96db22 (patch)
tree: 43fd2babb3b724e2c1eb4786a66f66ee4757cf88 /ssl/tls13_enc.c
parent: 309371d6266877a8f04d0aa7b0f6add6d269d962 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 3fc8e96a89..264381bd00 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -602,12 +602,11 @@ int tls13_change_cipher_state(SSL *s, int which)
         if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
                                resumption_master_secret,
                                sizeof(resumption_master_secret) - 1,
-                               hashval, hashlen, s->session->master_key,
+                               hashval, hashlen, s->resumption_master_secret,
                                hashlen)) {
             /* SSLfatal() already called */
             goto err;
         }
-        s->session->master_key_length = hashlen;
     }
 
     if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
author	Matt Caswell <matt@openssl.org>	2018-06-01 16:52:34 +0100
committer	Matt Caswell <matt@openssl.org>	2018-06-07 10:58:35 +0100
commit	4ff1a5266685f4a687a9f91b531c2f979b96db22 (patch)
tree	43fd2babb3b724e2c1eb4786a66f66ee4757cf88 /ssl/tls13_enc.c
parent	309371d6266877a8f04d0aa7b0f6add6d269d962 (diff)