[gnutls-devel] GnuTLS | gnutls_session_set_secret_hook_function: new function (!1112)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Jan 6 17:06:25 CET 2020

Daiki Ueno commented on a discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/merge_requests/1112#note_267665474

>  		ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.ap_ckey, iv_size, iv_block);
>  		if (ret < 0)
>  			return gnutls_assert_val(ret);
> +

I guess there will be a trade-off if we go that route, between:
- how much we can make the API generic
- how much we can make the QUIC implementation simpler, based on the API

The current approach is aligned to the latter, so the QUIC implementation wouldn't need to track the encryption level changes, but rely on the states managed by GnuTLS (which can also be used by #849). On the other hand, if we align to the former, all we need is to just generalize the existing keylog stuff with a callback like OpenSSL (I started thinking that it might be actually a better approach).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1112#note_267665474
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200106/b5dd031d/attachment.html>

More information about the Gnutls-devel mailing list