Fix TLS/SSL PRF usages.
authorPauli <paul.dale@oracle.com>
Tue, 20 Aug 2019 22:01:08 +0000 (08:01 +1000)
committerPauli <paul.dale@oracle.com>
Fri, 6 Sep 2019 09:27:57 +0000 (19:27 +1000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)

ssl/t1_enc.c
ssl/tls13_enc.c

index 31290a409a453a1f7d2fd4f98b9c35ae0e215816..4419d3f10b8300290d2e3f8516f5f021074e05b3 100644 (file)
@@ -18,6 +18,7 @@
 #include <openssl/kdf.h>
 #include <openssl/rand.h>
 #include <openssl/obj_mac.h>
+#include <openssl/core_names.h>
 #include <openssl/trace.h>
 
 /* seed1 through seed5 are concatenated */
@@ -31,8 +32,10 @@ static int tls1_PRF(SSL *s,
                     unsigned char *out, size_t olen, int fatal)
 {
     const EVP_MD *md = ssl_prf_md(s);
+    EVP_KDF *kdf;
     EVP_KDF_CTX *kctx = NULL;
-    int ret = 0;
+    OSSL_PARAM params[8], *p = params;
+    const char *mdname = EVP_MD_name(md);
 
     if (md == NULL) {
         /* Should never happen */
@@ -43,35 +46,43 @@ static int tls1_PRF(SSL *s,
             SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-    kctx = EVP_KDF_CTX_new_id(EVP_PKEY_TLS1_PRF);
-    if (kctx == NULL
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
-                        sec, (size_t)slen) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED,
-                        seed1, (size_t)seed1_len) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED,
-                        seed2, (size_t)seed2_len) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED,
-                        seed3, (size_t)seed3_len) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED,
-                        seed4, (size_t)seed4_len) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED,
-                        seed5, (size_t)seed5_len) <= 0
-        || EVP_KDF_derive(kctx, out, olen) <= 0) {
-        if (fatal)
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
-                     ERR_R_INTERNAL_ERROR);
-        else
-            SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+    kdf = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL);
+    if (kdf == NULL)
+        goto err;
+    kctx = EVP_KDF_CTX_new(kdf);
+    EVP_KDF_free(kdf);
+    if (kctx == NULL)
         goto err;
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                            (char *)mdname, strlen(mdname) + 1);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+                                             (unsigned char *)sec,
+                                             (size_t)slen);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                             (void *)seed1, (size_t)seed1_len);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                             (void *)seed2, (size_t)seed2_len);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                             (void *)seed3, (size_t)seed3_len);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                             (void *)seed4, (size_t)seed4_len);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                             (void *)seed5, (size_t)seed5_len);
+    *p = OSSL_PARAM_construct_end();
+    if (EVP_KDF_CTX_set_params(kctx, params)
+            && EVP_KDF_derive(kctx, out, olen)) {
+        EVP_KDF_CTX_free(kctx);
+        return 1;
     }
 
-    ret = 1;
-
  err:
+    if (fatal)
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
+                 ERR_R_INTERNAL_ERROR);
+    else
+        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
     EVP_KDF_CTX_free(kctx);
-    return ret;
+    return 0;
 }
 
 static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
index a238d6e1c65946b9cc6ba07d56247c9e0a85429c..f7c472d1fb3dabdd2589b03fa3f06a9dbb80471e 100644 (file)
@@ -12,6 +12,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
+#include <openssl/core_names.h>
 
 #define TLS13_MAX_LABEL_LEN     249
 
@@ -35,7 +36,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
 #else
     static const unsigned char label_prefix[] = "tls13 ";
 #endif
-    EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_PKEY_HKDF);
+    EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL);
+    EVP_KDF_CTX *kctx;
+    OSSL_PARAM params[5], *p = params;
+    int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
+    const char *mdname = EVP_MD_name(md);
     int ret;
     size_t hkdflabellen;
     size_t hashlen;
@@ -49,6 +54,8 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
                             + 1 + EVP_MAX_MD_SIZE];
     WPACKET pkt;
 
+    kctx = EVP_KDF_CTX_new(kdf);
+    EVP_KDF_free(kdf);
     if (kctx == NULL)
         return 0;
 
@@ -88,12 +95,16 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
         return 0;
     }
 
-    ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_HKDF_MODE,
-                       EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, secret, hashlen) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO,
-                        hkdflabel, hkdflabellen) <= 0
+    *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                            (char *)mdname, strlen(mdname) + 1);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                             (unsigned char *)secret, hashlen);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                             hkdflabel, hkdflabellen);
+    *p++ = OSSL_PARAM_construct_end();
+
+    ret = EVP_KDF_CTX_set_params(kctx, params) <= 0
         || EVP_KDF_derive(kctx, out, outlen) <= 0;
 
     EVP_KDF_CTX_free(kctx);
@@ -171,7 +182,11 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
     size_t mdlen, prevsecretlen;
     int mdleni;
     int ret;
-    EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_PKEY_HKDF);
+    EVP_KDF *kdf;
+    EVP_KDF_CTX *kctx;
+    OSSL_PARAM params[5], *p = params;
+    int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
+    const char *mdname = EVP_MD_name(md);
 #ifdef CHARSET_EBCDIC
     static const char derived_secret_label[] = { 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00 };
 #else
@@ -179,6 +194,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
 #endif
     unsigned char preextractsec[EVP_MAX_MD_SIZE];
 
+    kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL);
+    kctx = EVP_KDF_CTX_new(kdf);
+    EVP_KDF_free(kdf);
     if (kctx == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
                  ERR_R_INTERNAL_ERROR);
@@ -232,12 +250,18 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
         prevsecretlen = mdlen;
     }
 
-    ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_HKDF_MODE,
-                       EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, insecret, insecretlen) <= 0
-        || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
-                        prevsecret, prevsecretlen) <= 0
+    *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                            (char *)mdname, strlen(mdname) + 1);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                             (unsigned char *)insecret,
+                                             insecretlen);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                             (unsigned char *)prevsecret,
+                                             prevsecretlen);
+    *p++ = OSSL_PARAM_construct_end();
+
+    ret = EVP_KDF_CTX_set_params(kctx, params) <= 0
         || EVP_KDF_derive(kctx, outsecret, mdlen) <= 0;
 
     if (ret != 0)