diff options
Diffstat (limited to 'lib/constate.c')
| -rw-r--r-- | lib/constate.c | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/lib/constate.c b/lib/constate.c index a11577d7ba..eb05fdd04c 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -197,7 +197,6 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, char buf[65]; record_state_st *upd_state; record_parameters_st *prev = NULL; - gnutls_handshake_secret_type_t secret_type; int ret; /* generate new keys for direction needed and copy old from previous epoch */ @@ -275,7 +274,6 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_ckey, iv_size, iv_block); if (ret < 0) return gnutls_assert_val(ret); - secret_type = GNUTLS_SECRET_CLIENT_TRAFFIC_SECRET; } else { ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE, sizeof(APPLICATION_TRAFFIC_UPDATE)-1, @@ -293,14 +291,8 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_skey, iv_size, iv_block); if (ret < 0) return gnutls_assert_val(ret); - secret_type = GNUTLS_SECRET_SERVER_TRAFFIC_SECRET; } - ret = _gnutls_call_secret_func(session, secret_type, - key_block, key_size); - if (ret < 0) - return gnutls_assert_val(ret); - upd_state->mac_key_size = 0; assert(key_size <= sizeof(upd_state->key)); @@ -396,7 +388,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, record_state_st *client_write, *server_write; const char *label; unsigned label_size, hsk_len; - gnutls_handshake_secret_type_t secret_type; + const char *keylog_label; void *ckey, *skey; int ret; @@ -412,13 +404,13 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, label = HANDSHAKE_CLIENT_TRAFFIC_LABEL; label_size = sizeof(HANDSHAKE_CLIENT_TRAFFIC_LABEL)-1; hsk_len = session->internals.handshake_hash_buffer.length; - secret_type = GNUTLS_SECRET_CLIENT_HANDSHAKE_TRAFFIC_SECRET; + keylog_label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; ckey = session->key.proto.tls13.hs_ckey; } else { label = APPLICATION_CLIENT_TRAFFIC_LABEL; label_size = sizeof(APPLICATION_CLIENT_TRAFFIC_LABEL)-1; hsk_len = session->internals.handshake_hash_buffer_server_finished_len; - secret_type = GNUTLS_SECRET_CLIENT_TRAFFIC_SECRET; + keylog_label = "CLIENT_TRAFFIC_SECRET_0"; ckey = session->key.proto.tls13.ap_ckey; } @@ -430,7 +422,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_call_secret_func(session, secret_type, + ret = _gnutls_call_keylog_func(session, keylog_label, ckey, session->security_parameters.prf->output_size); if (ret < 0) @@ -449,12 +441,12 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, if (stage == STAGE_HS) { label = HANDSHAKE_SERVER_TRAFFIC_LABEL; label_size = sizeof(HANDSHAKE_SERVER_TRAFFIC_LABEL)-1; - secret_type = GNUTLS_SECRET_SERVER_HANDSHAKE_TRAFFIC_SECRET; + keylog_label = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; skey = session->key.proto.tls13.hs_skey; } else { label = APPLICATION_SERVER_TRAFFIC_LABEL; label_size = sizeof(APPLICATION_SERVER_TRAFFIC_LABEL)-1; - secret_type = GNUTLS_SECRET_SERVER_TRAFFIC_SECRET; + keylog_label = "SERVER_TRAFFIC_SECRET_0"; skey = session->key.proto.tls13.ap_skey; } @@ -467,7 +459,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_call_secret_func(session, secret_type, + ret = _gnutls_call_keylog_func(session, keylog_label, skey, session->security_parameters.prf->output_size); if (ret < 0) |