Implement exporter for TLSv1.3.

This implements the key material exporter for TLSv1.3, as defined in
RFC8446 section 7.5.

Issue reported by nmathewson on github.

ok inoguchi@ tb@

1 files changed, 12 insertions, 3 deletions

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d92ccd8029..58b9dae910 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.237 2020/10/14 16:57:33 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.238 2020/11/16 18:55:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1716,8 +1716,17 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     const char *label, size_t llen, const unsigned char *p, size_t plen,
     int use_context)
 {
-        return (tls1_export_keying_material(s, out, olen,
-            label, llen, p, plen, use_context));
+        if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) {
+                if (!use_context) {
+                        p = NULL;
+                        plen = 0;
+                }
+                return tls13_exporter(s->internal->tls13, label, llen, p, plen,
+                    out, olen);
+        }
+
+        return (tls1_export_keying_material(s, out, olen, label, llen, p, plen,
+            use_context));
 }
 
 static unsigned long