diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d88e67cec5..9ded4e6d22 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5407,11 +5407,13 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \return 0 on success. An SSL specific error on failure. */ + #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, const unsigned char *context, const size_t context_len, const int use_context); +#endif #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f1b7994440..e4450b681d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8930,6 +8930,9 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, @@ -8982,7 +8985,7 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s mbedtls_free(prf_input); return ret; } -#endif +#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, @@ -9010,7 +9013,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, (const unsigned char *) label, label_len, context, context_len, out, key_len); } -#endif +#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, @@ -9049,4 +9052,6 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, } } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ffb2afaac6..9e38f690af 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -336,7 +336,11 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " option: a file path\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" #else #define USAGE_SERIALIZATION "" #endif @@ -391,10 +395,6 @@ int main(void) " read_timeout=%%d default: 0 ms (no timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ " skip_close_notify=%%d default: 0 (send close_notify)\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_CID \ @@ -2499,6 +2499,7 @@ usage: } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -2521,6 +2522,7 @@ usage: mbedtls_printf("\n\n"); fflush(stdout); } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) */ /* * 6. Write the GET request diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 881c9fa77e..9eab6cddb1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -471,7 +471,11 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " option: a file path\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" #else #define USAGE_SERIALIZATION "" #endif @@ -519,10 +523,6 @@ int main(void) " event=%%d default: 0 (loop)\n" \ " options: 1 (level-triggered, implies nbio=1),\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_SRTP \ @@ -3619,6 +3619,7 @@ handshake: mbedtls_printf("\n"); } +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -3641,6 +3642,7 @@ handshake: mbedtls_printf("\n\n"); fflush(stdout); } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALZIATION) */ #if defined(MBEDTLS_SSL_DTLS_SRTP) else if (opt.use_srtp != 0) {