Generate exporter_master_secret after server Finished (2221ec10) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/tls13_enc.c

+12 −3

Original line number	Diff line number	Diff line
		@@ -581,9 +581,18 @@ int tls13_change_cipher_state(SSL *s, int which)
		goto err;
		}

		if (label == server_application_traffic)
		if (label == server_application_traffic) {
		memcpy(s->server_app_traffic_secret, secret, hashlen);
		else if (label == client_application_traffic)
		/* Now we create the exporter master secret */
		if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
		exporter_master_secret,
		sizeof(exporter_master_secret) - 1,
		hash, hashlen, s->exporter_master_secret,
		hashlen)) {
		/* SSLfatal() already called */
		goto err;
		}
		} else if (label == client_application_traffic)
		memcpy(s->client_app_traffic_secret, secret, hashlen);

		if (!ssl_log_secret(s, log_label, secret, hashlen)) {
		@@ -667,7 +676,7 @@ int tls13_export_keying_material(SSL s, unsigned char out, size_t olen,
		unsigned int hashsize, datalen;
		int ret = 0;

		if (ctx == NULL \|\| !SSL_is_init_finished(s))
		if (ctx == NULL)
		goto err;

		if (!use_context)