From 0fb2815b873304d145ed00283454fc9f3bd35e6b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 4 Dec 2018 08:37:04 +0000 Subject: Fix some SSL_export_keying_material() issues Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7755) --- ssl/statem/extensions.c | 2 +- ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_srvr.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'ssl/statem') diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 63e61c6184..716d6d23e0 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, /* Generate the binder key */ if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, - hashsize, binderkey, hashsize)) { + hashsize, binderkey, hashsize, 1)) { /* SSLfatal() already called */ goto err; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 5a8f1163df..a0e495d8e8 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) PACKET_data(&nonce), PACKET_remaining(&nonce), s->session->master_key, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e7c11c4bea..a8e862ced5 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) tick_nonce, TICKET_NONCE_SIZE, s->session->master_key, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } -- cgit v1.2.3