Remove TLS 1.2 Exporter if we don't have randbytes

The TLS-Exporter in TLS 1.2 requires client_random and server_random. Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored after the handshake is completed. Therefore, mbedtls_ssl_export_keying_material() exists only if either MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2 is *not* defined. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
2025-12-24 17:41:01 +03:00 · 2024-10-23 18:35:09 +02:00
parent c9f2c9adba
commit 281fb79116
4 changed files with 23 additions and 12 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -471,7 +471,11 @@ int main(void)
    "                        in the form of base64 code (serialize option\n"   \
    "                        must be set)\n"                                   \
    "                         default: \"\" (do nothing)\n"                    \
-    "                         option: a file path\n"
+    "                         option: a file path\n" \
+    "    exp_label=%%s       Label to input into TLS-Exporter\n" \
+    "                         default: None (don't try to export a key)\n" \
+    "    exp_len=%%d         Length of key to extract from TLS-Exporter \n" \
+    "                         default: 20\n"
 #else
 #define USAGE_SERIALIZATION ""
 #endif
@@ -519,10 +523,6 @@ int main(void)
    "    event=%%d            default: 0 (loop)\n"                            \
    "                        options: 1 (level-triggered, implies nbio=1),\n" \
    "    read_timeout=%%d     default: 0 ms (no timeout)\n"    \
-    "    exp_label=%%s       Label to input into TLS-Exporter\n" \
-    "                         default: None (don't try to export a key)\n" \
-    "    exp_len=%%d         Length of key to extract from TLS-Exporter \n" \
-    "                         default: 20\n" \
    "\n"                                                    \
    USAGE_DTLS                                              \
    USAGE_SRTP                                              \
@@ -3619,6 +3619,7 @@ handshake:
        mbedtls_printf("\n");
    }

+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
    if (opt.exp_label != NULL && opt.exp_len > 0) {
        unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int));
        if (exported_key == NULL) {
@@ -3641,6 +3642,7 @@ handshake:
        mbedtls_printf("\n\n");
        fflush(stdout);
    }
+#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALZIATION) */

 #if defined(MBEDTLS_SSL_DTLS_SRTP)
    else if (opt.use_srtp != 0) {