keylogfile: generalize with a callbacktmp-keylog-hook

This refactors the keylogfile mechanism by adding a callback to get notified when a new secret is derived and installed. That way, consumers can implement custom logging feature per session, which is particularly useful in QUIC implementation. Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2020-02-02 08:13:50 +0100
committer: Daiki Ueno <dueno@redhat.com> 2020-02-07 18:03:45 +0100
commit: 9711755641cd9b6de323676abeab6cc80ea13e4b (patch)
tree: 95b303ea614c67994905ee5e18d4c9d2bcd0bcbe /lib/handshake-tls13.c
parent: ee43a212b6bde870bf0800329972f3cab24715ec (diff)
download: gnutls-9711755641cd9b6de323676abeab6cc80ea13e4b.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 60f8030eb3..39d002bd04 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -292,9 +292,11 @@ static int generate_ap_traffic_keys(gnutls_session_t session)
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	_gnutls_nss_keylog_write(session, "EXPORTER_SECRET",
-				 session->key.proto.tls13.ap_expkey,
-				 session->security_parameters.prf->output_size);
+	ret = _gnutls_call_secret_func(session, GNUTLS_SECRET_EXPORTER_SECRET,
+				       session->key.proto.tls13.ap_expkey,
+				       session->security_parameters.prf->output_size);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
 
 	_gnutls_epoch_bump(session);
 	ret = _gnutls_epoch_dup(session, EPOCH_READ_CURRENT);
author	Daiki Ueno <dueno@redhat.com>	2020-02-02 08:13:50 +0100
committer	Daiki Ueno <dueno@redhat.com>	2020-02-07 18:03:45 +0100
commit	9711755641cd9b6de323676abeab6cc80ea13e4b (patch)
tree	95b303ea614c67994905ee5e18d4c9d2bcd0bcbe /lib/handshake-tls13.c
parent	ee43a212b6bde870bf0800329972f3cab24715ec (diff)
download	gnutls-9711755641cd9b6de323676abeab6cc80ea13e4b.tar.gz