From 1f5878b8e25a785dde330bf485e6ed5a6ae09a1a Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 21 Jan 2018 11:30:36 +0900
Subject: Make sure that exporting keying material is allowed

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4944)
---
 ssl/tls13_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ssl/tls13_enc.c')

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index f555df54fc..05355fb714 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -666,7 +666,7 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     unsigned int hashsize, datalen;
     int ret = 0;
 
-    if (ctx == NULL)
+    if (ctx == NULL || !ossl_statem_export_allowed(s))
         goto err;
 
     if (!use_context)
-- 
cgit v1.2.3