ssl_log_secret call in tls13_key_update

Newly computed traffic secrets are now logged upon key update Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19241)
author: visbjn <Jochen.Kreissl@vector.com> 2022-09-19 10:27:34 +0200
committer: Matt Caswell <matt@openssl.org> 2022-09-27 15:56:02 +0100
commit: 2f7e61b8b21ed472a3667b8922843851f94a3d93 (patch)
tree: e2e2da78c717c321d71e30b52829879b9404bf8b /ssl/tls13_enc.c
parent: d12b824ddaee502400c19bf8c32e1ada3111fc50 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 431a7fff70..a100728949 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -792,6 +792,7 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
     unsigned char key[EVP_MAX_KEY_LENGTH];
     unsigned char *insecret, *iv;
     unsigned char secret[EVP_MAX_MD_SIZE];
+    char *log_label;
     EVP_CIPHER_CTX *ciph_ctx;
     size_t keylen, ivlen, taglen;
     int ret = 0, l;
@@ -840,6 +841,13 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
         goto err;
     }
 
+    /* Call Key log on successful traffic secret update */
+    log_label = s->server == sending ? SERVER_APPLICATION_N_LABEL : CLIENT_APPLICATION_N_LABEL;
+    if (!ssl_log_secret(s, log_label, secret, hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
     s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
     ret = 1;
  err:
author	visbjn <Jochen.Kreissl@vector.com>	2022-09-19 10:27:34 +0200
committer	Matt Caswell <matt@openssl.org>	2022-09-27 15:56:02 +0100
commit	2f7e61b8b21ed472a3667b8922843851f94a3d93 (patch)
tree	e2e2da78c717c321d71e30b52829879b9404bf8b /ssl/tls13_enc.c
parent	d12b824ddaee502400c19bf8c32e1ada3111fc50 (diff)