From c8b93876f116e761e6427594c183ee4e82c6bda5 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Sun, 16 Jul 2017 12:40:48 +0900 Subject: [PATCH] Fix TLSv1.3 exporter secret Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3941) --- ssl/tls13_enc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 44d8ba9eb1..ac5d06cf58 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -607,10 +607,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, { unsigned char exportsecret[EVP_MAX_MD_SIZE]; static const unsigned char exporterlabel[] = "exporter"; - unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE]; const EVP_MD *md = ssl_handshake_md(s); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned int hashsize; + unsigned int hashsize, datalen; int ret = 0; if (ctx == NULL || !SSL_is_init_finished(s)) @@ -622,9 +622,11 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, if (EVP_DigestInit_ex(ctx, md, NULL) <= 0 || EVP_DigestUpdate(ctx, context, contextlen) <= 0 || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 || !tls13_hkdf_expand(s, md, s->exporter_master_secret, - (const unsigned char *)label, llen, NULL, 0, - exportsecret, hashsize) + (const unsigned char *)label, llen, + data, datalen, exportsecret, hashsize) || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, sizeof(exporterlabel) - 1, hash, hashsize, out, olen)) -- GitLab