diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_local.h | 2 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 8 |
2 files changed, 10 insertions, 0 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 5471e900b8..5fb1feb801 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2752,7 +2752,9 @@ __owur int ssl_log_secret(SSL *ssl, const char *label, #define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET" #define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET" #define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0" +#define CLIENT_APPLICATION_N_LABEL "CLIENT_TRAFFIC_SECRET_N" #define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0" +#define SERVER_APPLICATION_N_LABEL "SERVER_TRAFFIC_SECRET_N" #define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET" #define EXPORTER_SECRET_LABEL "EXPORTER_SECRET" diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index b186cb3897..ddcff5eb89 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -755,6 +755,7 @@ int tls13_update_key(SSL *s, int sending) unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char *insecret, *iv; unsigned char secret[EVP_MAX_MD_SIZE]; + char *log_label; EVP_CIPHER_CTX *ciph_ctx; int ret = 0, l; @@ -791,6 +792,13 @@ int tls13_update_key(SSL *s, int sending) memcpy(insecret, secret, hashlen); + /* Call Key log on successful traffic secret update */ + log_label = s->server == sending ? SERVER_APPLICATION_N_LABEL : CLIENT_APPLICATION_N_LABEL; + if (!ssl_log_secret(s, log_label, secret, hashlen)) { + /* SSLfatal() already called */ + goto err; + } + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; ret = 1; err: |