diff options
author | Matt Caswell <matt@openssl.org> | 2022-11-14 14:19:53 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-01-24 17:16:29 +0000 |
commit | 3f9175c7a46b13a3528d9b5776030a78eb1f9454 (patch) | |
tree | d114752dce6626fe749c8bec4b8721424c701461 /ssl/record | |
parent | bea8d70498c9ad0e2cca3652c748d327be7b841e (diff) |
Extend the new_record_layer function
Add the ability to pass the main secret and length, as well as the
digest used for the KDF.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)
Diffstat (limited to 'ssl/record')
-rw-r--r-- | ssl/record/methods/dtls_meth.c | 6 | ||||
-rw-r--r-- | ssl/record/methods/ktls_meth.c | 6 | ||||
-rw-r--r-- | ssl/record/methods/tls_common.c | 6 | ||||
-rw-r--r-- | ssl/record/rec_layer_s3.c | 14 | ||||
-rw-r--r-- | ssl/record/record.h | 8 |
5 files changed, 25 insertions, 15 deletions
diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c index 55e49188cd..2dae86b44c 100644 --- a/ssl/record/methods/dtls_meth.c +++ b/ssl/record/methods/dtls_meth.c @@ -624,12 +624,14 @@ static int dtls_free(OSSL_RECORD_LAYER *rl) static int dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, int role, int direction, int level, uint16_t epoch, + unsigned char *secret, size_t secretlen, unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen, unsigned char *mackey, size_t mackeylen, const EVP_CIPHER *ciph, size_t taglen, int mactype, - const EVP_MD *md, COMP_METHOD *comp, BIO *prev, - BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer, + const EVP_MD *md, COMP_METHOD *comp, + const EVP_MD *kdfdigest, BIO *prev, BIO *transport, + BIO *next, BIO_ADDR *local, BIO_ADDR *peer, const OSSL_PARAM *settings, const OSSL_PARAM *options, const OSSL_DISPATCH *fns, void *cbarg, void *rlarg, OSSL_RECORD_LAYER **retrl) diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c index 21f7c41b44..5cd833d070 100644 --- a/ssl/record/methods/ktls_meth.c +++ b/ssl/record/methods/ktls_meth.c @@ -402,12 +402,14 @@ static int ktls_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec) static int ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, int role, int direction, int level, uint16_t epoch, + unsigned char *secret, size_t secretlen, unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen, unsigned char *mackey, size_t mackeylen, const EVP_CIPHER *ciph, size_t taglen, int mactype, - const EVP_MD *md, COMP_METHOD *comp, BIO *prev, - BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer, + const EVP_MD *md, COMP_METHOD *comp, + const EVP_MD *kdfdigest, BIO *prev, BIO *transport, + BIO *next, BIO_ADDR *local, BIO_ADDR *peer, const OSSL_PARAM *settings, const OSSL_PARAM *options, const OSSL_DISPATCH *fns, void *cbarg, void *rlarg, OSSL_RECORD_LAYER **retrl) diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 9fca10c50e..91d1545085 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1324,12 +1324,14 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, static int tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, int role, int direction, int level, uint16_t epoch, + unsigned char *secret, size_t secretlen, unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen, unsigned char *mackey, size_t mackeylen, const EVP_CIPHER *ciph, size_t taglen, int mactype, - const EVP_MD *md, COMP_METHOD *comp, BIO *prev, - BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer, + const EVP_MD *md, COMP_METHOD *comp, + const EVP_MD *kdfdigest, BIO *prev, BIO *transport, + BIO *next, BIO_ADDR *local, BIO_ADDR *peer, const OSSL_PARAM *settings, const OSSL_PARAM *options, const OSSL_DISPATCH *fns, void *cbarg, void *rlarg, OSSL_RECORD_LAYER **retrl) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 7fa22bb02b..fadac90e52 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1155,12 +1155,13 @@ static int ssl_post_record_layer_select(SSL_CONNECTION *s, int direction) int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction, int level, + unsigned char *secret, size_t secretlen, unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen, unsigned char *mackey, size_t mackeylen, const EVP_CIPHER *ciph, size_t taglen, int mactype, const EVP_MD *md, - const SSL_COMP *comp) + const SSL_COMP *comp, const EVP_MD *kdfdigest) { OSSL_PARAM options[5], *opts = options; OSSL_PARAM settings[6], *set = settings; @@ -1330,11 +1331,12 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, rlret = meth->new_record_layer(sctx->libctx, sctx->propq, version, s->server, direction, level, epoch, - key, keylen, iv, ivlen, mackey, - mackeylen, ciph, taglen, mactype, md, - compm, prev, thisbio, next, NULL, NULL, - settings, options, rlayer_dispatch_tmp, - s, s->rlayer.rlarg, &newrl); + secret, secretlen, key, keylen, iv, + ivlen, mackey, mackeylen, ciph, taglen, + mactype, md, compm, kdfdigest, prev, + thisbio, next, NULL, NULL, settings, + options, rlayer_dispatch_tmp, s, + s->rlayer.rlarg, &newrl); BIO_free(prev); switch (rlret) { case OSSL_RECORD_RETURN_FATAL: diff --git a/ssl/record/record.h b/ssl/record/record.h index e2fdd05f0c..cd2b78698d 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -173,13 +173,15 @@ void ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr); int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int writing, int ret, char *file, int line); -int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction, - int level, unsigned char *key, size_t keylen, +int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, + int direction, int level, + unsigned char *secret, size_t secretlen, + unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen, unsigned char *mackey, size_t mackeylen, const EVP_CIPHER *ciph, size_t taglen, int mactype, const EVP_MD *md, - const SSL_COMP *comp); + const SSL_COMP *comp, const EVP_MD *kdfdigest); int ssl_set_record_protocol_version(SSL_CONNECTION *s, int vers); # define OSSL_FUNC_RLAYER_SKIP_EARLY_DATA 1 |