diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-03-20 21:16:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-04-18 08:15:00 +0100 |
commit | 6329ce8fd8af653fb8fdde6d3fc09bdb0ec94031 (patch) | |
tree | 1279065068d8193ada62c47e83ac7d03a16c0390 /ssl/tls13_enc.c | |
parent | 55442b8a5b719f54578083fae0fcc814b599cd84 (diff) | |
download | openssl-new-6329ce8fd8af653fb8fdde6d3fc09bdb0ec94031.tar.gz |
Add support for logging TLS 1.3 exporter secret
NSS 3.34 and boringssl have support for "EXPORTER_SECRET"
(https://bugzilla.mozilla.org/show_bug.cgi?id=1287711) which is needed
for QUIC 1-RTT decryption support in Wireshark.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5702)
Diffstat (limited to 'ssl/tls13_enc.c')
-rw-r--r-- | ssl/tls13_enc.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index a793e0c8af..e7cc8afe87 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -594,6 +594,12 @@ int tls13_change_cipher_state(SSL *s, int which) /* SSLfatal() already called */ goto err; } + + if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } } else if (label == client_application_traffic) memcpy(s->client_app_traffic_secret, secret, hashlen); |