From 2f7e61b8b21ed472a3667b8922843851f94a3d93 Mon Sep 17 00:00:00 2001 From: visbjn Date: Mon, 19 Sep 2022 10:27:34 +0200 Subject: ssl_log_secret call in tls13_key_update Newly computed traffic secrets are now logged upon key update Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19241) --- ssl/tls13_enc.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'ssl/tls13_enc.c') diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 431a7fff70..a100728949 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -792,6 +792,7 @@ int tls13_update_key(SSL_CONNECTION *s, int sending) unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char *insecret, *iv; unsigned char secret[EVP_MAX_MD_SIZE]; + char *log_label; EVP_CIPHER_CTX *ciph_ctx; size_t keylen, ivlen, taglen; int ret = 0, l; @@ -840,6 +841,13 @@ int tls13_update_key(SSL_CONNECTION *s, int sending) goto err; } + /* Call Key log on successful traffic secret update */ + log_label = s->server == sending ? SERVER_APPLICATION_N_LABEL : CLIENT_APPLICATION_N_LABEL; + if (!ssl_log_secret(s, log_label, secret, hashlen)) { + /* SSLfatal() already called */ + goto err; + } + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; ret = 1; err: -- cgit v1.2.3