[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Mon Jul 17 12:48:30 UTC 2017


The branch master has been updated
       via  c8b93876f116e761e6427594c183ee4e82c6bda5 (commit)
      from  54e5ba058b4f2c6042c14d44868077e9ffcff818 (commit)


- Log -----------------------------------------------------------------
commit c8b93876f116e761e6427594c183ee4e82c6bda5
Author: Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com>
Date:   Sun Jul 16 12:40:48 2017 +0900

    Fix TLSv1.3 exporter secret
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3941)

-----------------------------------------------------------------------

Summary of changes:
 ssl/tls13_enc.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 44d8ba9..ac5d06c 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -607,10 +607,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
 {
     unsigned char exportsecret[EVP_MAX_MD_SIZE];
     static const unsigned char exporterlabel[] = "exporter";
-    unsigned char hash[EVP_MAX_MD_SIZE];
+    unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
     const EVP_MD *md = ssl_handshake_md(s);
     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-    unsigned int hashsize;
+    unsigned int hashsize, datalen;
     int ret = 0;
 
     if (ctx == NULL || !SSL_is_init_finished(s))
@@ -622,9 +622,11 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
             || EVP_DigestUpdate(ctx, context, contextlen) <= 0
             || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+            || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
             || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
-                                  (const unsigned char *)label, llen, NULL, 0,
-                                  exportsecret, hashsize)
+                                  (const unsigned char *)label, llen,
+                                  data, datalen, exportsecret, hashsize)
             || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
                                   sizeof(exporterlabel) - 1, hash, hashsize,
                                   out, olen))


More information about the openssl-commits mailing list