Extend the new_record_layer function

Add the ability to pass the main secret and length, as well as the
digest used for the KDF.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

diff --git a/include/internal/recordmethod.h b/include/internal/recordmethod.h
index d6d432413a75ed6041be6a7571e73d2fda239843..fda3549590c6752b205e89e7adda5e6679988f57 100644 (file)
--- a/include/internal/recordmethod.h
+++ b/include/internal/recordmethod.h
@@ -124,6 +124,8 @@ struct ossl_record_method_st {
                             int role, int direction,
                             int level,
                             uint16_t epoch,
+                            unsigned char *secret,
+                            size_t secretlen,
                             unsigned char *key,
                             size_t keylen,
                             unsigned char *iv,
@@ -135,6 +137,7 @@ struct ossl_record_method_st {
                             int mactype,
                             const EVP_MD *md,
                             COMP_METHOD *comp,
+                            const EVP_MD *kdfdigest,
                             BIO *prev,
                             BIO *transport,
                             BIO *next,

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 83ef67275ebc81c4a734c63ac622488a0238df0e..3e644b3098d3babc54bff8d7ff930378c5abce16 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -820,9 +820,9 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
     if (!ssl_set_new_record_layer(s,
                                   DTLS_ANY_VERSION,
                                   OSSL_RECORD_DIRECTION_READ,
-                                  OSSL_RECORD_PROTECTION_LEVEL_NONE,
+                                  OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
                                   NULL, 0, NULL, 0, NULL,  0, NULL, 0,
-                                  NID_undef, NULL, NULL)) {
+                                  NID_undef, NULL, NULL, NULL)) {
         /* SSLfatal already called */
         ret = -1;
         goto end;

diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c
index 55e49188cd1e1dd94fe3a08007f3913d26a58149..2dae86b44ccce58db154d906762a21eac654d59d 100644 (file)
--- a/ssl/record/methods/dtls_meth.c
+++ b/ssl/record/methods/dtls_meth.c
@@ -624,12 +624,14 @@ static int dtls_free(OSSL_RECORD_LAYER *rl)
 static int
 dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                       int role, int direction, int level, uint16_t epoch,
+                      unsigned char *secret, size_t secretlen,
                       unsigned char *key, size_t keylen, unsigned char *iv,
                       size_t ivlen, unsigned char *mackey, size_t mackeylen,
                       const EVP_CIPHER *ciph, size_t taglen,
                       int mactype,
-                      const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
-                      BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+                      const EVP_MD *md, COMP_METHOD *comp,
+                      const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+                      BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
                       const OSSL_PARAM *settings, const OSSL_PARAM *options,
                       const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
                       OSSL_RECORD_LAYER **retrl)

diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c
index 21f7c41b4483ad630725e1597b257b3885ed110e..5cd833d070dbbb346a55910d15a9b14f96d0778e 100644 (file)
--- a/ssl/record/methods/ktls_meth.c
+++ b/ssl/record/methods/ktls_meth.c
@@ -402,12 +402,14 @@ static int ktls_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
 static int
 ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                       int role, int direction, int level, uint16_t epoch,
+                      unsigned char *secret, size_t secretlen,
                       unsigned char *key, size_t keylen, unsigned char *iv,
                       size_t ivlen, unsigned char *mackey, size_t mackeylen,
                       const EVP_CIPHER *ciph, size_t taglen,
                       int mactype,
-                      const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
-                      BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+                      const EVP_MD *md, COMP_METHOD *comp,
+                      const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+                      BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
                       const OSSL_PARAM *settings, const OSSL_PARAM *options,
                       const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
                       OSSL_RECORD_LAYER **retrl)

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 9fca10c50e7872ca9331f82ce7514e461dae5ef2..91d1545085664bb3e718d1854246d0eab4d0b291 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1324,12 +1324,14 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
 static int
 tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                      int role, int direction, int level, uint16_t epoch,
+                     unsigned char *secret, size_t secretlen,
                      unsigned char *key, size_t keylen, unsigned char *iv,
                      size_t ivlen, unsigned char *mackey, size_t mackeylen,
                      const EVP_CIPHER *ciph, size_t taglen,
                      int mactype,
-                     const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
-                     BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+                     const EVP_MD *md, COMP_METHOD *comp,
+                     const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+                     BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
                      const OSSL_PARAM *settings, const OSSL_PARAM *options,
                      const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
                      OSSL_RECORD_LAYER **retrl)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 7fa22bb02b31ed63825bb937f7dafd9fb1265bda..fadac90e527eb57d5123a665aff1dbb6c9aa8c97 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1155,12 +1155,13 @@ static int ssl_post_record_layer_select(SSL_CONNECTION *s, int direction)
 
 int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
                              int direction, int level,
+                             unsigned char *secret, size_t secretlen,
                              unsigned char *key, size_t keylen,
                              unsigned char *iv,  size_t ivlen,
                              unsigned char *mackey, size_t mackeylen,
                              const EVP_CIPHER *ciph, size_t taglen,
                              int mactype, const EVP_MD *md,
-                             const SSL_COMP *comp)
+                             const SSL_COMP *comp, const EVP_MD *kdfdigest)
 {
     OSSL_PARAM options[5], *opts = options;
     OSSL_PARAM settings[6], *set =  settings;
@@ -1330,11 +1331,12 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
 
         rlret = meth->new_record_layer(sctx->libctx, sctx->propq, version,
                                        s->server, direction, level, epoch,
-                                       key, keylen, iv, ivlen, mackey,
-                                       mackeylen, ciph, taglen, mactype, md,
-                                       compm, prev, thisbio, next, NULL, NULL,
-                                       settings, options, rlayer_dispatch_tmp,
-                                       s, s->rlayer.rlarg, &newrl);
+                                       secret, secretlen, key, keylen, iv,
+                                       ivlen, mackey, mackeylen, ciph, taglen,
+                                       mactype, md, compm, kdfdigest, prev,
+                                       thisbio, next, NULL, NULL, settings,
+                                       options, rlayer_dispatch_tmp, s,
+                                       s->rlayer.rlarg, &newrl);
         BIO_free(prev);
         switch (rlret) {
         case OSSL_RECORD_RETURN_FATAL:

diff --git a/ssl/record/record.h b/ssl/record/record.h
index e2fdd05f0c95e829279647323e4adbf4ce52b51d..cd2b78698db9dfced1eb1e3f4f30c967f38ef679 100644 (file)
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -173,13 +173,15 @@ void ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr);
 int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int writing, int ret,
                                   char *file, int line);
 
-int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
-                             int level, unsigned char *key, size_t keylen,
+int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
+                             int direction, int level,
+                             unsigned char *secret, size_t secretlen,
+                             unsigned char *key, size_t keylen,
                              unsigned char *iv,  size_t ivlen,
                              unsigned char *mackey, size_t mackeylen,
                              const EVP_CIPHER *ciph, size_t taglen,
                              int mactype, const EVP_MD *md,
-                             const SSL_COMP *comp);
+                             const SSL_COMP *comp, const EVP_MD *kdfdigest);
 int ssl_set_record_protocol_version(SSL_CONNECTION *s, int vers);
 
 # define OSSL_FUNC_RLAYER_SKIP_EARLY_DATA        1

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 67123c7372194ae4ae1a7010a65bdb24d65b1b96..d13a28697e60f7a513655dce16a6a1946f0cff5b 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -146,8 +146,8 @@ int ssl3_change_cipher_state(SSL_CONNECTION *s, int which)
     if (!ssl_set_new_record_layer(s, SSL3_VERSION,
                                   direction,
                                   OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
-                                  key, key_len, iv, iv_len, mac_secret,
-                                  md_len, ciph, 0, NID_undef, md, comp)) {
+                                  NULL, 0, key, key_len, iv, iv_len, mac_secret,
+                                  md_len, ciph, 0, NID_undef, md, comp, NULL)) {
         /* SSLfatal already called */
         goto err;
     }

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 1a5bc6d3e40b285f84771abe43b1cd21ef16d461..ffae69bc38b67714c9383028514337be08e80dcc 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -553,17 +553,18 @@ static int clear_record_layer(SSL_CONNECTION *s)
                                    SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
                                                              : TLS_ANY_VERSION,
                                    OSSL_RECORD_DIRECTION_READ,
-                                   OSSL_RECORD_PROTECTION_LEVEL_NONE,
+                                   OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
                                    NULL, 0, NULL, 0, NULL,  0, NULL, 0,
-                                   NID_undef, NULL, NULL);
+                                   NID_undef, NULL, NULL, NULL);
 
     ret &= ssl_set_new_record_layer(s,
                                     SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
                                                               : TLS_ANY_VERSION,
                                     OSSL_RECORD_DIRECTION_WRITE,
-                                    OSSL_RECORD_PROTECTION_LEVEL_NONE,
+                                    OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
                                     NULL, 0, NULL, 0, NULL,  0, NULL, 0,
-                                    NID_undef, NULL, NULL);
+                                    NID_undef, NULL, NULL, NULL);
+
     /* SSLfatal already called in the event of failure */
     return ret;
 }

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a1b7954a669253232cef07fa53d6758cdcb83efd..f1ed43abd38adc733ee70de563f93f0a57767554 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -720,8 +720,9 @@ WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst)
                                           TLS_ANY_VERSION,
                                           OSSL_RECORD_DIRECTION_WRITE,
                                           OSSL_RECORD_PROTECTION_LEVEL_NONE,
-                                          NULL, 0, NULL, 0, NULL,  0, NULL, 0,
-                                          NID_undef, NULL, NULL)) {
+                                          NULL, 0, NULL, 0, NULL, 0, NULL,  0,
+                                          NULL, 0, NID_undef, NULL, NULL,
+                                          NULL)) {
                 /* SSLfatal already called */
                 return WORK_ERROR;
             }
@@ -1793,8 +1794,8 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s,
                                          TLS_ANY_VERSION,
                                          OSSL_RECORD_DIRECTION_WRITE,
                                          OSSL_RECORD_PROTECTION_LEVEL_NONE,
-                                         NULL, 0, NULL, 0, NULL,  0, NULL, 0,
-                                         NID_undef, NULL, NULL)) {
+                                         NULL, 0, NULL, 0, NULL, 0, NULL,  0,
+                                         NULL, 0, NID_undef, NULL, NULL, NULL)) {
         /* SSLfatal already called */
         goto err;
     }

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 026521052495fba66573ad2b6ec41807d0d68036..712a784a0d73943ec68a00f565d540018437e672 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -268,9 +268,9 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
 
     if (!ssl_set_new_record_layer(s, s->version, direction,
                                     OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
-                                    key, cl, iv, (size_t)k, mac_secret,
+                                    NULL, 0, key, cl, iv, (size_t)k, mac_secret,
                                     mac_secret_size, c, taglen, mac_type,
-                                    m, comp)) {
+                                    m, comp, NULL)) {
         /* SSLfatal already called */
         goto err;
     }

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 6d2f46441af6c64cc0841a7b851596da7b677e01..30ef3a8410ce5cbead416803f8358b136da2e957 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -678,8 +678,9 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
 
     if (!ssl_set_new_record_layer(s, s->version,
                                   direction,
-                                  level, key, keylen, iv, ivlen, NULL, 0,
-                                  cipher, taglen, NID_undef, NULL, NULL)) {
+                                  level, insecret, hashlen, key, keylen, iv,
+                                  ivlen, NULL, 0, cipher, taglen, NID_undef,
+                                  NULL, NULL, md)) {
         /* SSLfatal already called */
         goto err;
     }
@@ -736,9 +737,9 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
     if (!ssl_set_new_record_layer(s, s->version,
                             direction,
                             OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
-                            key, keylen, iv, ivlen, NULL, 0,
+                            insecret, hashlen, key, keylen, iv, ivlen, NULL, 0,
                             s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL,
-                            NULL)) {
+                            NULL, md)) {
         /* SSLfatal already called */
         goto err;
     }

diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c
index 1529e1b1ba4c542adf322d3832e5bc1322c3910f..cecbb4296be5771d6a24ebd441f6ce9b409c3a6b 100644 (file)
--- a/test/tls13encryptiontest.c
+++ b/test/tls13encryptiontest.c
@@ -335,10 +335,11 @@ static int test_tls13_encryption(void)
         if (!TEST_true(ossl_tls_record_method.new_record_layer(
                           NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
                           OSSL_RECORD_DIRECTION_WRITE,
-                          OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
-                          iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
+                          OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, NULL, 0,
+                          key, 16, iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
                           EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
-                          NULL, NULL, NULL, NULL, NULL, NULL, NULL, &wrl)))
+                          NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+                          &wrl)))
             goto err;
         memcpy(wrl->sequence, seqbuf, sizeof(seqbuf));
 
@@ -357,10 +358,11 @@ static int test_tls13_encryption(void)
         if (!TEST_true(ossl_tls_record_method.new_record_layer(
                           NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
                           OSSL_RECORD_DIRECTION_READ,
-                          OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
-                          iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
+                          OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, NULL, 0,
+                          key, 16, iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
                           EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
-                          NULL, NULL, NULL, NULL, NULL, NULL, NULL, &rrl)))
+                          NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+                          &rrl)))
             goto err;
         memcpy(rrl->sequence, seqbuf, sizeof(seqbuf));
 

diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c
index 923e713c0081d2126bbcc2001fcb3f856976c893..f51dd9e9db88b92ab95e9152d9be12e702a07209 100644 (file)
--- a/test/tls13secretstest.c
+++ b/test/tls13secretstest.c
@@ -218,12 +218,13 @@ void ssl_evp_md_free(const EVP_MD *md)
 }
 
 int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
-                             int level, unsigned char *key, size_t keylen,
+                             int level, unsigned char *secret, size_t secretlen,
+                             unsigned char *key, size_t keylen,
                              unsigned char *iv,  size_t ivlen,
                              unsigned char *mackey, size_t mackeylen,
                              const EVP_CIPHER *ciph, size_t taglen,
                              int mactype, const EVP_MD *md,
-                             const SSL_COMP *comp)
+                             const SSL_COMP *comp, const EVP_MD *kdfdigest)
 {
     return 0;
 }