Extend the new_record_layer function

Add the ability to pass the main secret and length, as well as the
digest used for the KDF.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

1 files changed, 5 insertions, 4 deletions

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 6d2f46441a..30ef3a8410 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -678,8 +678,9 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
 
     if (!ssl_set_new_record_layer(s, s->version,
                                   direction,
-                                  level, key, keylen, iv, ivlen, NULL, 0,
-                                  cipher, taglen, NID_undef, NULL, NULL)) {
+                                  level, insecret, hashlen, key, keylen, iv,
+                                  ivlen, NULL, 0, cipher, taglen, NID_undef,
+                                  NULL, NULL, md)) {
         /* SSLfatal already called */
         goto err;
     }
@@ -736,9 +737,9 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
     if (!ssl_set_new_record_layer(s, s->version,
                             direction,
                             OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
-                            key, keylen, iv, ivlen, NULL, 0,
+                            insecret, hashlen, key, keylen, iv, ivlen, NULL, 0,
                             s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL,
-                            NULL)) {
+                            NULL, md)) {
         /* SSLfatal already called */
         goto err;
     }