From 7edbb85fb63bc248e3633a6d70bd4e49c811e451 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 16 Nov 2020 18:55:15 +0000
Subject: Implement exporter for TLSv1.3.

This implements the key material exporter for TLSv1.3, as defined in
RFC8446 section 7.5.

Issue reported by nmathewson on github.

ok inoguchi@ tb@
---
 src/lib/libssl/tls13_key_schedule.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'src/lib/libssl/tls13_key_schedule.c')

diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c
index 91f59e46f9..35180cfe5c 100644
--- a/src/lib/libssl/tls13_key_schedule.c
+++ b/src/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */
+/* $OpenBSD: tls13_key_schedule.c,v 1.9 2020/11/16 18:55:15 jsing Exp $ */
 /* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -173,6 +173,15 @@ int
 tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
     const struct tls13_secret *secret, const char *label,
     const struct tls13_secret *context)
+{
+	return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
+	    strlen(label), context);
+}
+
+int
+tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
+    const EVP_MD *digest, const struct tls13_secret *secret,
+    const uint8_t *label, size_t label_len, const struct tls13_secret *context)
 {
 	const char tls13_plabel[] = "tls13 ";
 	uint8_t *hkdf_label;
@@ -188,7 +197,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
 		goto err;
 	if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel)))
 		goto err;
-	if (!CBB_add_bytes(&child, label, strlen(label)))
+	if (!CBB_add_bytes(&child, label, label_len))
 		goto err;
 	if (!CBB_add_u8_length_prefixed(&cbb, &child))
 		goto err;
@@ -207,7 +216,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
 	return(0);
 }
 
-static int
+int
 tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
     const struct tls13_secret *secret, const char *label,
     const struct tls13_secret *context)
@@ -215,6 +224,15 @@ tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
 	return tls13_hkdf_expand_label(out, digest, secret, label, context);
 }
 
+int
+tls13_derive_secret_with_label_length(struct tls13_secret *out,
+    const EVP_MD *digest, const struct tls13_secret *secret, const uint8_t *label,
+    size_t label_len, const struct tls13_secret *context)
+{
+	return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
+	    label_len, context);
+}
+
 int
 tls13_derive_early_secrets(struct tls13_secrets *secrets,
     uint8_t *psk, size_t psk_len, const struct tls13_secret *context)
-- 
cgit v1.2.3-55-g6feb