tls: updates for the new additional MAC_init arguments

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ace890d915d8779dcc869990eae5a5b147d54243..4d66db9f9d48a175398f6323a217a0e6394bdfc0 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3393,13 +3393,12 @@ EVP_MAC_CTX *ssl_hmac_get0_EVP_MAC_CTX(SSL_HMAC *ctx)
 
 int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
 {
-    OSSL_PARAM params[3], *p = params;
+    OSSL_PARAM params[2], *p = params;
 
     if (ctx->ctx != NULL) {
         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0);
-        *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len);
         *p = OSSL_PARAM_construct_end();
-        if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx))
+        if (EVP_MAC_init(ctx->ctx, key, len, params))
             return 1;
     }
 #ifndef OPENSSL_NO_DEPRECATED_3_0

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index c5b4dcc8d11bf6c077b1250e933ceafa6e11102c..b9757fd5f3c7ef8126146a3bc6661ddace3b87ab 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -311,9 +311,10 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
     EVP_MAC *hmac = EVP_MAC_fetch(s->ctx->libctx, "HMAC", s->ctx->propq);
     unsigned char hash[EVP_MAX_MD_SIZE];
     unsigned char finsecret[EVP_MAX_MD_SIZE];
+    unsigned char *key = NULL;
     size_t hashlen, ret = 0;
     EVP_MAC_CTX *ctx = NULL;
-    OSSL_PARAM params[4], *p = params;
+    OSSL_PARAM params[3], *p = params;
 
     if (hmac == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -327,6 +328,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES,
                                                 (char *)s->ctx->propq,
                                                 0);
+    *p = OSSL_PARAM_construct_end();
 
     if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
         /* SSLfatal() already called */
@@ -334,28 +336,20 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
     }
 
     if (str == s->method->ssl3_enc->server_finished_label) {
-        *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
-                                                 s->server_finished_secret,
-                                                 hashlen);
+        key = s->server_finished_secret;
     } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
-        *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
-                                                 s->client_finished_secret,
-                                                 hashlen);
+        key = s->client_finished_secret;
     } else {
         if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
                                       s->client_app_traffic_secret,
                                       finsecret, hashlen))
             goto err;
-
-        *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, finsecret,
-                                                 hashlen);
+        key = finsecret;
     }
-    *p++ = OSSL_PARAM_construct_end();
 
     ctx = EVP_MAC_CTX_new(hmac);
     if (ctx == NULL
-            || !EVP_MAC_CTX_set_params(ctx, params)
-            || !EVP_MAC_init(ctx)
+            || !EVP_MAC_init(ctx, key, hashlen, params)
             || !EVP_MAC_update(ctx, hash, hashlen)
                /* outsize as per sizeof(peer_finish_md) */
             || !EVP_MAC_final(ctx, out, &hashlen, EVP_MAX_MD_SIZE * 2)) {