diff --git a/src/nvme/linux.c b/src/nvme/linux.c
index 66be9eb8..e578dc3e 100644
--- a/src/nvme/linux.c
+++ b/src/nvme/linux.c
@@ -556,6 +556,7 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
 			       size_t key_len)
 {
 	EVP_PKEY_CTX *ctx;
+	uint16_t length = key_len & 0xFFFF;
 	int ret;
 
 	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
@@ -573,6 +574,9 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
 		goto out_free_ctx;
 	if (EVP_PKEY_CTX_set1_hkdf_key(ctx, generated, key_len) <= 0)
 		goto out_free_ctx;
+	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+			(const unsigned char *)&length, 2) <= 0)
+		goto out_free_ctx;
 	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
 			(const unsigned char *)"tls13 ", 6) <= 0)
 		goto out_free_ctx;
@@ -600,6 +604,7 @@ static int derive_tls_key(const EVP_MD *md, const char *identity,
 			  unsigned char *psk, size_t key_len)
 {
 	EVP_PKEY_CTX *ctx;
+	uint16_t length = key_len & 0xFFFF;
 	int ret;
 
 	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
@@ -617,6 +622,9 @@ static int derive_tls_key(const EVP_MD *md, const char *identity,
 		goto out_free_ctx;
 	if (EVP_PKEY_CTX_set1_hkdf_key(ctx, retained, key_len) <= 0)
 		goto out_free_ctx;
+	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+			(const unsigned char *)&length, 2) <= 0)
+		goto out_free_ctx;
 	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
 			(const unsigned char *)"tls13 ", 6) <= 0)
 		goto out_free_ctx;