Google Git
Sign in
boringssl/boringssl.git/1c58471cc9f4eae87ebf1b07e5f6754c45b40238^!/.
commit
1c58471cc9f4eae87ebf1b07e5f6754c45b40238
[log]
author
David Benjamin <davidben@google.com>
Wed Oct 04 01:41:19 2017 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Wed Oct 04 15:24:58 2017 +0000
tree
a269f9fb8a67a925626bd3ccb29eb6146bc59aa6
parent
e7136a978f6f9d5b3f392b661e573e0793965f97 [diff]
Add TLS 1.3 EXPORTER_SECRET to SSLKEYLOGFILE.

Per discussion in https://bugzilla.mozilla.org/show_bug.cgi?id=1287711.
Otherwise this feature won't work for QUIC.

Change-Id: Ia799bfd1e29c01161c4298fb3124c96f62ada9c5
Reviewed-on: https://boringssl-review.googlesource.com/21104
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc
index 854fae0..0a36aab 100644
--- a/ssl/tls13_enc.cc
+++ b/ssl/tls13_enc.cc

@@ -236,7 +236,9 @@
                         hs->server_traffic_secret_0, hs->hash_len) &&
          derive_secret(hs, ssl->s3->exporter_secret, hs->hash_len,
                        (const uint8_t *)kTLS13LabelExporter,
-                       strlen(kTLS13LabelExporter));
+                       strlen(kTLS13LabelExporter)) &&
+         ssl_log_secret(ssl, "EXPORTER_SECRET", ssl->s3->exporter_secret,
+                        hs->hash_len);
 }
 
 static const char kTLS13LabelApplicationTraffic[] =