diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-03-21 14:03:15 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-04-18 08:15:00 +0100 |
commit | 01a2a65488e18b8b566bd4aa1b4a8b9adb9ecdf8 (patch) | |
tree | 423d15fbe2d655432cb807ae5a1664a05cfdaebd /test | |
parent | cffe973c45491b14d980e3b578da28e4a79a8705 (diff) |
Add support for logging early exporter secret
This will be necessary to enable Wireshark to decrypt QUIC 0-RTT data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5702)
Diffstat (limited to 'test')
-rw-r--r-- | test/sslapitest.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index a71a1a9074..e97b228696 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -59,6 +59,7 @@ struct sslapitest_log_counts { unsigned int server_handshake_secret_count; unsigned int client_application_secret_count; unsigned int server_application_secret_count; + unsigned int early_exporter_secret_count; unsigned int exporter_secret_count; }; @@ -146,6 +147,7 @@ static int test_keylog_output(char *buffer, const SSL *ssl, unsigned int server_handshake_secret_count = 0; unsigned int client_application_secret_count = 0; unsigned int server_application_secret_count = 0; + unsigned int early_exporter_secret_count = 0; unsigned int exporter_secret_count = 0; for (token = strtok(buffer, " \n"); token != NULL; @@ -205,6 +207,7 @@ static int test_keylog_output(char *buffer, const SSL *ssl, || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0 + || strcmp(token, "EARLY_EXPORTER_SECRET") == 0 || strcmp(token, "EXPORTER_SECRET") == 0) { /* * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded @@ -222,6 +225,8 @@ static int test_keylog_output(char *buffer, const SSL *ssl, client_application_secret_count++; else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) server_application_secret_count++; + else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0) + early_exporter_secret_count++; else if (strcmp(token, "EXPORTER_SECRET") == 0) exporter_secret_count++; @@ -267,6 +272,8 @@ static int test_keylog_output(char *buffer, const SSL *ssl, expected->client_application_secret_count) || !TEST_size_t_eq(server_application_secret_count, expected->server_application_secret_count) + || !TEST_size_t_eq(early_exporter_secret_count, + expected->early_exporter_secret_count) || !TEST_size_t_eq(exporter_secret_count, expected->exporter_secret_count)) return 0; @@ -450,6 +457,7 @@ static int test_keylog_no_master_key(void) /* In addition to the previous entries, expect early secrets. */ expected.client_early_secret_count = 1; + expected.early_exporter_secret_count = 1; if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, SSL_get_session(clientssl), &expected)) || !TEST_true(test_keylog_output(server_log_buffer, serverssl, |