Remove TLS 1.2 Exporter if we don't have randbytes
The TLS-Exporter in TLS 1.2 requires client_random and server_random.
Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored
after the handshake is completed.
Therefore, mbedtls_ssl_export_keying_material() exists only if either
MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2
is *not* defined.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f1b7994..e4450b6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8930,6 +8930,9 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl,
const mbedtls_md_type_t hash_alg,
@@ -8982,7 +8985,7 @@
mbedtls_free(prf_input);
return ret;
}
-#endif
+#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl,
@@ -9010,7 +9013,7 @@
(const unsigned char *) label, label_len,
context, context_len, out, key_len);
}
-#endif
+#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) */
int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
uint8_t *out, const size_t key_len,
@@ -9049,4 +9052,6 @@
}
}
+#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) */
+
#endif /* MBEDTLS_SSL_TLS_C */