Add support for logging TLS 1.3 exporter secret

NSS 3.34 and boringssl have support for "EXPORTER_SECRET"
(https://bugzilla.mozilla.org/show_bug.cgi?id=1287711) which is needed
for QUIC 1-RTT decryption support in Wireshark.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5702)

2 files changed, 7 insertions, 0 deletions

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index b1d6e40ed1..3ba9b000f2 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2554,6 +2554,7 @@ __owur int ssl_log_secret(SSL *ssl, const char *label,
 #define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET"
 #define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0"
 #define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0"
+#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
 
 /* s3_cbc.c */
 __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index a793e0c8af..e7cc8afe87 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -594,6 +594,12 @@ int tls13_change_cipher_state(SSL *s, int which)
             /* SSLfatal() already called */
             goto err;
         }
+
+        if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret,
+                            hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
     } else if (label == client_application_traffic)
         memcpy(s->client_app_traffic_secret, secret, hashlen);