lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Remove TLS 1.2 Exporter if we don't have randbytes

Browse Source 
The TLS-Exporter in TLS 1.2 requires client_random and server_random.
Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored
after the handshake is completed.

Therefore, mbedtls_ssl_export_keying_material() exists only if either
MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2
is *not* defined.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
This commit is contained in:
Max Fillinger
2024-10-23 18:35:09 +02:00
parent c9f2c9adba
commit 281fb79116
4 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/ssl.h
View File

@ -5407,11 +5407,13 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
*
* \return 0 on success. An SSL specific error on failure.
*/
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
uint8_t *out, const size_t key_len,
const char *label, const size_t label_len,
const unsigned char *context, const size_t context_len,
const int use_context);
#endif
#ifdef __cplusplus
}
#endif