#define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
#define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET"
#define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0"
+#define CLIENT_APPLICATION_N_LABEL "CLIENT_TRAFFIC_SECRET_N"
#define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0"
+#define SERVER_APPLICATION_N_LABEL "SERVER_TRAFFIC_SECRET_N"
#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET"
#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char *insecret, *iv;
unsigned char secret[EVP_MAX_MD_SIZE];
+ char *log_label;
EVP_CIPHER_CTX *ciph_ctx;
int ret = 0, l;
memcpy(insecret, secret, hashlen);
+ /* Call Key log on successful traffic secret update */
+ log_label = s->server == sending ? SERVER_APPLICATION_N_LABEL : CLIENT_APPLICATION_N_LABEL;
+ if (!ssl_log_secret(s, log_label, secret, hashlen)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
ret = 1;
err: