Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option
Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.
This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.
Signed-off-by: Max Fillinger <max@max-fillinger.net>
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 9eab6cd..5186006 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -471,13 +471,19 @@
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
- " option: a file path\n" \
+ " option: a file path\n"
+#else
+#define USAGE_SERIALIZATION ""
+#endif
+
+#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
+#define USAGE_EXPORT \
" exp_label=%%s Label to input into TLS-Exporter\n" \
" default: None (don't try to export a key)\n" \
" exp_len=%%d Length of key to extract from TLS-Exporter \n" \
" default: 20\n"
#else
-#define USAGE_SERIALIZATION ""
+#define USAGE_EXPORT ""
#endif
#define USAGE_KEY_OPAQUE_ALGS \
@@ -587,6 +593,7 @@
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
+ USAGE_EXPORT \
"\n"
#define PUT_UINT64_BE(out_be, in_le, i) \
@@ -3619,7 +3626,7 @@
mbedtls_printf("\n");
}
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
if (opt.exp_label != NULL && opt.exp_len > 0) {
unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int));
if (exported_key == NULL) {
@@ -3642,7 +3649,7 @@
mbedtls_printf("\n\n");
fflush(stdout);
}
-#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALZIATION) */
+#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
else if (opt.use_srtp != 0) {