diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-03-21 14:03:15 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-04-18 08:15:00 +0100 |
| commit | 01a2a65488e18b8b566bd4aa1b4a8b9adb9ecdf8 (patch) | |
| tree | 423d15fbe2d655432cb807ae5a1664a05cfdaebd /ssl/tls13_enc.c | |
| parent | cffe973c45491b14d980e3b578da28e4a79a8705 (diff) | |
Add support for logging early exporter secret
This will be necessary to enable Wireshark to decrypt QUIC 0-RTT data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5702)
Diffstat (limited to 'ssl/tls13_enc.c')
| -rw-r--r-- | ssl/tls13_enc.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index e7cc8afe87..1613004f78 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -493,6 +493,12 @@ int tls13_change_cipher_state(SSL *s, int which) SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err; } + + if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL, + s->early_exporter_master_secret, hashlen)) { + /* SSLfatal() already called */ + goto err; + } } else if (which & SSL3_CC_HANDSHAKE) { insecret = s->handshake_secret; finsecret = s->client_finished_secret; |