Determine which label prefix to use based on if the connection is dtls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416)

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 80ac467da4bded0459a0b33d3bfaa595459427ae..ae76ddb3f45ef5d1a2345235c99837cbfa402eb1 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -107,7 +107,9 @@ int tls13_hkdf_expand_ex(OSSL_LIB_CTX *libctx, const char *propq,
                          const unsigned char *data, size_t datalen,
                          unsigned char *out, size_t outlen, int raise_error)
 {
-    return hkdf_expand(libctx, propq, md, secret, label_prefix_tls13, sizeof(label_prefix_tls13) - 1,
+    /* This function only supports TLSv1.3 and not DTLSv1.3 */
+    return hkdf_expand(libctx, propq, md, secret, label_prefix_tls13,
+                       sizeof(label_prefix_tls13) - 1,
                        label, labellen, data, datalen, out, outlen,
                        raise_error);
 }
@@ -120,13 +122,11 @@ int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md,
 {
     int ret;
     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
-
-    const char *label_prefix = SSL_CONNECTION_IS_TLS13(s) ? label_prefix_tls13
-                                : label_prefix_dtls13;
-
-    size_t label_prefix_len = SSL_CONNECTION_IS_TLS13(s)
-                                ? sizeof(label_prefix_tls13) - 1
-                                : sizeof(label_prefix_dtls13) - 1;
+    const int isdtls = SSL_CONNECTION_IS_DTLS(s);
+    const unsigned char *label_prefix = isdtls ? label_prefix_dtls13
+                                               : label_prefix_tls13;
+    const size_t label_prefix_len = isdtls ? sizeof(label_prefix_dtls13) - 1
+                                           : sizeof(label_prefix_tls13) - 1;
 
     ret = hkdf_expand(sctx->libctx, sctx->propq, md, secret, label_prefix,
                       label_prefix_len, label, labellen, data,
@@ -200,6 +200,7 @@ int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md,
     /* ASCII: "derived", in hex for EBCDIC compatibility */
     static const char derived_secret_label[] = "\x64\x65\x72\x69\x76\x65\x64";
     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
+    int isdtls = SSL_CONNECTION_IS_DTLS(s);
 
     kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, sctx->propq);
     kctx = EVP_KDF_CTX_new(kdf);
@@ -228,14 +229,14 @@ int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md,
     if (prevsecret != NULL)
         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
                                                  (unsigned char *)prevsecret, mdlen);
-    if (SSL_CONNECTION_IS_TLS13(s))
-        *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX,
-                                                 (unsigned char *)label_prefix_tls13,
-                                                 sizeof(label_prefix_tls13) - 1);
-    else
+    if (isdtls)
         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX,
                                                  (unsigned char *)label_prefix_dtls13,
                                                  sizeof(label_prefix_dtls13) - 1);
+    else
+        *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX,
+                                                 (unsigned char *)label_prefix_tls13,
+                                                 sizeof(label_prefix_tls13) - 1);
 
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL,
                                              (unsigned char *)derived_secret_label,