[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Jul 17 12:48:30 UTC 2017
The branch master has been updated
via c8b93876f116e761e6427594c183ee4e82c6bda5 (commit)
from 54e5ba058b4f2c6042c14d44868077e9ffcff818 (commit)
- Log -----------------------------------------------------------------
commit c8b93876f116e761e6427594c183ee4e82c6bda5
Author: Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com>
Date: Sun Jul 16 12:40:48 2017 +0900
Fix TLSv1.3 exporter secret
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3941)
-----------------------------------------------------------------------
Summary of changes:
ssl/tls13_enc.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 44d8ba9..ac5d06c 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -607,10 +607,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
{
unsigned char exportsecret[EVP_MAX_MD_SIZE];
static const unsigned char exporterlabel[] = "exporter";
- unsigned char hash[EVP_MAX_MD_SIZE];
+ unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
const EVP_MD *md = ssl_handshake_md(s);
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- unsigned int hashsize;
+ unsigned int hashsize, datalen;
int ret = 0;
if (ctx == NULL || !SSL_is_init_finished(s))
@@ -622,9 +622,11 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
|| EVP_DigestUpdate(ctx, context, contextlen) <= 0
|| EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+ || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+ || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
|| !tls13_hkdf_expand(s, md, s->exporter_master_secret,
- (const unsigned char *)label, llen, NULL, 0,
- exportsecret, hashsize)
+ (const unsigned char *)label, llen,
+ data, datalen, exportsecret, hashsize)
|| !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
sizeof(exporterlabel) - 1, hash, hashsize,
out, olen))
More information about the openssl-commits
mailing list