tls: adjust for extra argument to KDF derive call

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
2 years ago · 5cceedb583
parent 05cdec396b
commit 5cceedb583
2 changed files with 3 additions and 6 deletions
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@ -69,8 +69,7 @@ static int tls1_PRF(SSL *s,
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
                                             (void *)seed5, (size_t)seed5_len);
    *p = OSSL_PARAM_construct_end();
-    if (EVP_KDF_CTX_set_params(kctx, params)
-            && EVP_KDF_derive(kctx, out, olen)) {
+    if (EVP_KDF_derive(kctx, out, olen, params)) {
        EVP_KDF_CTX_free(kctx);
        return 1;
    }
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@ -105,8 +105,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
                                             hkdflabel, hkdflabellen);
    *p++ = OSSL_PARAM_construct_end();

-    ret = EVP_KDF_CTX_set_params(kctx, params) <= 0
-        || EVP_KDF_derive(kctx, out, outlen) <= 0;
+    ret = EVP_KDF_derive(kctx, out, outlen, params) <= 0;

    EVP_KDF_CTX_free(kctx);

@ -258,8 +257,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
                                             prevsecretlen);
    *p++ = OSSL_PARAM_construct_end();

-    ret = EVP_KDF_CTX_set_params(kctx, params) <= 0
-        || EVP_KDF_derive(kctx, outsecret, mdlen) <= 0;
+    ret = EVP_KDF_derive(kctx, outsecret, mdlen, params) <= 0;

    if (ret != 0)
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);