int role, int direction,
int level,
uint16_t epoch,
+ unsigned char *secret,
+ size_t secretlen,
unsigned char *key,
size_t keylen,
unsigned char *iv,
int mactype,
const EVP_MD *md,
COMP_METHOD *comp,
+ const EVP_MD *kdfdigest,
BIO *prev,
BIO *transport,
BIO *next,
if (!ssl_set_new_record_layer(s,
DTLS_ANY_VERSION,
OSSL_RECORD_DIRECTION_READ,
- OSSL_RECORD_PROTECTION_LEVEL_NONE,
+ OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- NID_undef, NULL, NULL)) {
+ NID_undef, NULL, NULL, NULL)) {
/* SSLfatal already called */
ret = -1;
goto end;
static int
dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, uint16_t epoch,
+ unsigned char *secret, size_t secretlen,
unsigned char *key, size_t keylen, unsigned char *iv,
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
- BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+ const EVP_MD *md, COMP_METHOD *comp,
+ const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+ BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
OSSL_RECORD_LAYER **retrl)
static int
ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, uint16_t epoch,
+ unsigned char *secret, size_t secretlen,
unsigned char *key, size_t keylen, unsigned char *iv,
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
- BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+ const EVP_MD *md, COMP_METHOD *comp,
+ const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+ BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
OSSL_RECORD_LAYER **retrl)
static int
tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, uint16_t epoch,
+ unsigned char *secret, size_t secretlen,
unsigned char *key, size_t keylen, unsigned char *iv,
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
- BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+ const EVP_MD *md, COMP_METHOD *comp,
+ const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+ BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
OSSL_RECORD_LAYER **retrl)
int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
int direction, int level,
+ unsigned char *secret, size_t secretlen,
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen,
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype, const EVP_MD *md,
- const SSL_COMP *comp)
+ const SSL_COMP *comp, const EVP_MD *kdfdigest)
{
OSSL_PARAM options[5], *opts = options;
OSSL_PARAM settings[6], *set = settings;
rlret = meth->new_record_layer(sctx->libctx, sctx->propq, version,
s->server, direction, level, epoch,
- key, keylen, iv, ivlen, mackey,
- mackeylen, ciph, taglen, mactype, md,
- compm, prev, thisbio, next, NULL, NULL,
- settings, options, rlayer_dispatch_tmp,
- s, s->rlayer.rlarg, &newrl);
+ secret, secretlen, key, keylen, iv,
+ ivlen, mackey, mackeylen, ciph, taglen,
+ mactype, md, compm, kdfdigest, prev,
+ thisbio, next, NULL, NULL, settings,
+ options, rlayer_dispatch_tmp, s,
+ s->rlayer.rlarg, &newrl);
BIO_free(prev);
switch (rlret) {
case OSSL_RECORD_RETURN_FATAL:
int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int writing, int ret,
char *file, int line);
-int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
- int level, unsigned char *key, size_t keylen,
+int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
+ int direction, int level,
+ unsigned char *secret, size_t secretlen,
+ unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen,
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype, const EVP_MD *md,
- const SSL_COMP *comp);
+ const SSL_COMP *comp, const EVP_MD *kdfdigest);
int ssl_set_record_protocol_version(SSL_CONNECTION *s, int vers);
# define OSSL_FUNC_RLAYER_SKIP_EARLY_DATA 1
if (!ssl_set_new_record_layer(s, SSL3_VERSION,
direction,
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
- key, key_len, iv, iv_len, mac_secret,
- md_len, ciph, 0, NID_undef, md, comp)) {
+ NULL, 0, key, key_len, iv, iv_len, mac_secret,
+ md_len, ciph, 0, NID_undef, md, comp, NULL)) {
/* SSLfatal already called */
goto err;
}
SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
: TLS_ANY_VERSION,
OSSL_RECORD_DIRECTION_READ,
- OSSL_RECORD_PROTECTION_LEVEL_NONE,
+ OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- NID_undef, NULL, NULL);
+ NID_undef, NULL, NULL, NULL);
ret &= ssl_set_new_record_layer(s,
SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
: TLS_ANY_VERSION,
OSSL_RECORD_DIRECTION_WRITE,
- OSSL_RECORD_PROTECTION_LEVEL_NONE,
+ OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- NID_undef, NULL, NULL);
+ NID_undef, NULL, NULL, NULL);
+
/* SSLfatal already called in the event of failure */
return ret;
}
TLS_ANY_VERSION,
OSSL_RECORD_DIRECTION_WRITE,
OSSL_RECORD_PROTECTION_LEVEL_NONE,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- NID_undef, NULL, NULL)) {
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0,
+ NULL, 0, NID_undef, NULL, NULL,
+ NULL)) {
/* SSLfatal already called */
return WORK_ERROR;
}
TLS_ANY_VERSION,
OSSL_RECORD_DIRECTION_WRITE,
OSSL_RECORD_PROTECTION_LEVEL_NONE,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- NID_undef, NULL, NULL)) {
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0,
+ NULL, 0, NID_undef, NULL, NULL, NULL)) {
/* SSLfatal already called */
goto err;
}
if (!ssl_set_new_record_layer(s, s->version, direction,
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
- key, cl, iv, (size_t)k, mac_secret,
+ NULL, 0, key, cl, iv, (size_t)k, mac_secret,
mac_secret_size, c, taglen, mac_type,
- m, comp)) {
+ m, comp, NULL)) {
/* SSLfatal already called */
goto err;
}
if (!ssl_set_new_record_layer(s, s->version,
direction,
- level, key, keylen, iv, ivlen, NULL, 0,
- cipher, taglen, NID_undef, NULL, NULL)) {
+ level, insecret, hashlen, key, keylen, iv,
+ ivlen, NULL, 0, cipher, taglen, NID_undef,
+ NULL, NULL, md)) {
/* SSLfatal already called */
goto err;
}
if (!ssl_set_new_record_layer(s, s->version,
direction,
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
- key, keylen, iv, ivlen, NULL, 0,
+ insecret, hashlen, key, keylen, iv, ivlen, NULL, 0,
s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL,
- NULL)) {
+ NULL, md)) {
/* SSLfatal already called */
goto err;
}
if (!TEST_true(ossl_tls_record_method.new_record_layer(
NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
OSSL_RECORD_DIRECTION_WRITE,
- OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
- iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
+ OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, NULL, 0,
+ key, 16, iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL, &wrl)))
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+ &wrl)))
goto err;
memcpy(wrl->sequence, seqbuf, sizeof(seqbuf));
if (!TEST_true(ossl_tls_record_method.new_record_layer(
NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
OSSL_RECORD_DIRECTION_READ,
- OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
- iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
+ OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, NULL, 0,
+ key, 16, iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL, &rrl)))
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+ &rrl)))
goto err;
memcpy(rrl->sequence, seqbuf, sizeof(seqbuf));
}
int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
- int level, unsigned char *key, size_t keylen,
+ int level, unsigned char *secret, size_t secretlen,
+ unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen,
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype, const EVP_MD *md,
- const SSL_COMP *comp)
+ const SSL_COMP *comp, const EVP_MD *kdfdigest)
{
return 0;
}