use sslkeylogfile to get MS if possible

ssl/ssldecode.c

@@ -549,6 +549,14 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
     int i;
     EVP_PKEY *pk;
 
+    /* Remove the master secret if it was there
+       to force keying material regeneration in
+       case we're renegotiating */
+    r_data_destroy(&d->MS);
+
+    if(!d->ctx->ssl_key_log_file ||
+       ssl_read_key_log_file(d) ||
+       !d->MS){
       if(ssl->cs->kex!=KEX_RSA)
 	return(-1);
 
@@ -574,11 +582,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
       d->PMS->len=48;
       
       CRDUMPD("PMS",d->PMS);
-
+    }
-    /* Remove the master secret if it was there
-       to force keying material regeneration in
-       case we're renegotiating */
-    r_data_destroy(&d->MS);
     
     switch(ssl->version){
       case SSLV3_VERSION:
@@ -883,7 +887,8 @@ static int ssl_generate_keying_material(ssl,d)
 
     /* Compute the key block. First figure out how much data
          we need*/
-    needed=ssl->cs->dig_len*2;
+    /* Ideally find a cleaner way to check for AEAD cipher */
+    needed=(ssl->cs->enc!=0x3b && ssl->cs->enc!=0x3c)?ssl->cs->dig_len*2:0;
     needed+=ssl->cs->bits / 4;
     if(ssl->cs->block>1) needed+=ssl->cs->block*2;
 
@@ -895,8 +900,11 @@ static int ssl_generate_keying_material(ssl,d)
       ABORT(r);
     
     ptr=key_block->data;
+    /* Ideally find a cleaner way to check for AEAD cipher */
+    if(ssl->cs->enc!=0x3b && ssl->cs->enc!=0x3c){
       c_mk=ptr; ptr+=ssl->cs->dig_len;
       s_mk=ptr; ptr+=ssl->cs->dig_len;
+    }
 
     c_wk=ptr; ptr+=ssl->cs->eff_bits/8;
     s_wk=ptr; ptr+=ssl->cs->eff_bits/8;