Segmentation fault in SSL_export_keying material #12588
Description
Hi,
There is a segmentation fault when SSL_export_keying_material is called before any messages of the handshake were received.
Here is a short program that causes the segmentation fault with openssl 1.1.1:
#include <openssl/evp.h>
#include <openssl/ssl.h>
int main(int argc, char ** argv) {
const size_t len = 128;
const char label[] = "EXPERIMENTAL";
unsigned char key1[len];
int r;
SSL * ssl = SSL_new(ctx);
// Non blocking BIOs to interrupt the handshake
BIO * in = BIO_new(BIO_s_mem());
BIO * out = BIO_new(BIO_s_mem());
SSL_set_bio(ssl, in, out);
SSL_set_accept_state(ssl);
r = SSL_do_handshake(ssl);
// r <= 0 because the handshake is interrupted
// SSL_get_error returns SSL_ERROR_WANT_READ
// Segfault below.
r = SSL_export_keying_material(ssl, key1, len, label, sizeof(label), NULL, 0, 0);
return 0;
}
When SSL_set_connect_state is called instead of SSL_set_accept_state it works fine except if SSL_do_handshake is not called, in which case it causes a segfault anyway.