Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on

This option only gated an ability to set a callback, but was deemed unnecessary as it was yet another define to remember when writing tests, or test configurations. Fixes #4653. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-07-29 11:41:15 +03:00 · 2021-09-28 10:00:32 -04:00
parent b19be6b5f3
commit 5902cd64e2
10 changed files with 10 additions and 62 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -587,7 +587,6 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
 #endif /* MBEDTLS_USE_PSA_CRYPTO &&
          MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */

-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
 {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -608,7 +607,6 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
    return( MBEDTLS_SSL_TLS_PRF_NONE );
 }
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */

 int  mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
                          const unsigned char *secret, size_t slen,
@ -660,8 +658,9 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
 * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
 * - [in] minor_ver: SSL/TLS minor version
 * - [in] endpoint: client or server
- * - [in] ssl: optionally used for:
- *        - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
+ * - [in] ssl: used for:
+ *        - ssl->conf->{f,p}_export_keys
+ *      [in] optionally used for:
 *        - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
 */
 static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
@ -694,9 +693,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
    const mbedtls_cipher_info_t *cipher_info;
    const mbedtls_md_info_t *md_info;

-#if !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
-    !defined(MBEDTLS_DEBUG_C)
-    ssl = NULL; /* make sure we don't use it except for those cases */
+#if !defined(MBEDTLS_DEBUG_C)
+    ssl = NULL; /* make sure we don't use it except for this case */
    (void) ssl;
 #endif

@ -960,7 +958,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
    ((void) mac_dec);
    ((void) mac_enc);

-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
    if( ssl->f_export_keys != NULL )
    {
        ssl->f_export_keys( ssl->p_export_keys,
@ -970,7 +967,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
                            randbytes,
                            tls_prf_get_type( tls_prf ) );
    }
-#endif

 #if defined(MBEDTLS_USE_PSA_CRYPTO)

@ -4229,7 +4225,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
 #endif
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */

-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
 void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
                                     mbedtls_ssl_export_keys_t *f_export_keys,
                                     void *p_export_keys )
@ -4237,7 +4232,6 @@ void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
    ssl->f_export_keys = f_export_keys;
    ssl->p_export_keys = p_export_keys;
 }
-#endif

 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
 void mbedtls_ssl_conf_async_private_cb(