KDF_TLS1_PRF for TLS v1.0 and v1.1

[Kory Hamzeh]

Hi,

I am using the TLS1_PRF KDF method to derive the master secret for TLS 1.0, 1.1, and 1.2. My code works with TLS 1.2, but for 1.0 and 1.1, the master secret is not correct. I have a snippet of the code below. From what I understand by reading RFC 2246 and  RFC 5246, the input to the PRF function is the same for all three versions of TLS.

In my input test vectors, the digest is SHA-1 for TLS 1.0/1.1 and SHA-256 for TLS 1.2. However looking at:

openssl-3.0.0-src/providers/implementations/kdfs/tls1_prf.c

it looks like the method used to determine TLS version type is if the digest is SN_md5_sha1. I tried passing “MD5-SHA1” as the digest, and EVP_KDF_dereive() returned an error.

What am I missing?

Here os the code snippet:

	    label = "master secret";

	    kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
	    kctx = EVP_KDF_CTX_new(kdf);
	    
	    p = params;
	    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
						    (char *)digest,
						    strlen(digest));
	    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
						     preMasterSecret,
						     preMasterSecretLen);
	    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
						     label, strlen(label));
	    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
						     clientHelloRand,
						     clientHelloRandLen);
	    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
						     serverHelloRand,
						     serverHelloRandLen);
						     
	    *p = OSSL_PARAM_construct_end();
	    if (EVP_KDF_derive(kctx, masterSecret,
			       masterSecretLen, params) <= 0) {
		fips_fatal("ERROR: EVP_KDF_derive failed\n");
	    }


Thanks,
Kory