projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add support for logging TLS 1.3 exporter secret
[openssl.git]
/
ssl
/
tls13_enc.c
diff --git
a/ssl/tls13_enc.c
b/ssl/tls13_enc.c
index 08fbee59fa9eb1c124fe02e9ae5f781d2328d7c2..e7cc8afe87907e2c77a3af43a3a27ebb87b8d724 100644
(file)
--- a/
ssl/tls13_enc.c
+++ b/
ssl/tls13_enc.c
@@
-397,6
+397,7
@@
int tls13_change_cipher_state(SSL *s, int which)
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
+ s->statem.invalid_enc_write_ctx = 1;
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else {
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else {
@@
-406,7
+407,6
@@
int tls13_change_cipher_state(SSL *s, int which)
SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
- EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
}
ciph_ctx = s->enc_write_ctx;
iv = s->write_iv;
}
ciph_ctx = s->enc_write_ctx;
iv = s->write_iv;
@@
-594,6
+594,12
@@
int tls13_change_cipher_state(SSL *s, int which)
/* SSLfatal() already called */
goto err;
}
/* SSLfatal() already called */
goto err;
}
+
+ if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret,
+ hashlen)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
} else if (label == client_application_traffic)
memcpy(s->client_app_traffic_secret, secret, hashlen);
} else if (label == client_application_traffic)
memcpy(s->client_app_traffic_secret, secret, hashlen);
@@
-609,6
+615,7
@@
int tls13_change_cipher_state(SSL *s, int which)
goto err;
}
goto err;
}
+ s->statem.invalid_enc_write_ctx = 0;
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
@@
-631,6
+638,7
@@
int tls13_update_key(SSL *s, int sending)
insecret = s->client_app_traffic_secret;
if (sending) {
insecret = s->client_app_traffic_secret;
if (sending) {
+ s->statem.invalid_enc_write_ctx = 1;
iv = s->write_iv;
ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer);
iv = s->write_iv;
ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer);
@@
-651,6
+659,7
@@
int tls13_update_key(SSL *s, int sending)
memcpy(insecret, secret, hashlen);
memcpy(insecret, secret, hashlen);
+ s->statem.invalid_enc_write_ctx = 0;
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));