Remove TLS 1.2 Exporter if we don't have randbytes The TLS-Exporter in TLS 1.2 requires client_random and server_random. Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored after the handshake is completed. Therefore, mbedtls_ssl_export_keying_material() exists only if either MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2 is *not* defined. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

commit: 281fb791166465ad50db97e4b0e47f51e9b2d867 [log] [tgz]
author: Max Fillinger <maximilian.fillinger@foxcrypto.com> Wed Oct 23 18:35:09 2024 +0200
committer: Max Fillinger <maximilian.fillinger@foxcrypto.com> Fri Mar 28 16:53:58 2025 +0100
tree: 2f52f18615b811ee3d4f2cda7535ae139bb5dfd5
parent: c9f2c9adbac2cf5d88ef35861163690d204ae79d [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d88e67c..9ded4e6 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -5407,11 +5407,13 @@
  *
  * \return            0 on success. An SSL specific error on failure.
  */
+ #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2)
 int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
                                        uint8_t *out, const size_t key_len,
                                        const char *label, const size_t label_len,
                                        const unsigned char *context, const size_t context_len,
                                        const int use_context);
+#endif
 #ifdef __cplusplus
 }
 #endif
commit	281fb791166465ad50db97e4b0e47f51e9b2d867	[log] [tgz]
author	Max Fillinger <maximilian.fillinger@foxcrypto.com>	Wed Oct 23 18:35:09 2024 +0200
committer	Max Fillinger <maximilian.fillinger@foxcrypto.com>	Fri Mar 28 16:53:58 2025 +0100
tree	2f52f18615b811ee3d4f2cda7535ae139bb5dfd5
parent	c9f2c9adbac2cf5d88ef35861163690d204ae79d [diff] [blame]