Remove generation of exporter master secret on client application traffic

author Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>

Thu, 18 Jan 2018 06:39:45 +0000 (15:39 +0900)

committer Matt Caswell <matt@openssl.org>

Fri, 2 Feb 2018 23:52:59 +0000 (23:52 +0000)
author Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Thu, 18 Jan 2018 06:39:45 +0000 (15:39 +0900)
committer Matt Caswell <matt@openssl.org>
Fri, 2 Feb 2018 23:52:59 +0000 (23:52 +0000)
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c

index 7975be54a87e8454269c6e5367196ee6c29a9526..f555df54fc44fb0b10d07cee966c09606c0120cc 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -562,16 +562,6 @@ int tls13_change_cipher_state(SSL *s, int which)
              goto err;
          }
          s->session->master_key_length = hashlen;
-
-        /* Now we create the exporter master secret */
-        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
-                               exporter_master_secret,
-                               sizeof(exporter_master_secret) - 1,
-                               hash, hashlen, s->exporter_master_secret,
-                               hashlen)) {
-            /* SSLfatal() already called */
-            goto err;
-        }
      }
  
      if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
author	Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
	Thu, 18 Jan 2018 06:39:45 +0000 (15:39 +0900)
committer	Matt Caswell <matt@openssl.org>
	Fri, 2 Feb 2018 23:52:59 +0000 (23:52 +0000)