commit 78ba2af7c2e24626bb01fece73513a06c4a4fa74
author Hanno Becker <hanno.becker@arm.com> Mon May 24 10:27:05 2021 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Fri Jun 18 18:40:19 2021 +0100
tree eef54ca30d0d7e08c26559c2a959fbef0fc14842
parent 9a32d458195e3c9a4980d5565198161646cfc652

Remove old key export API

Seems to be an oversight that this wasn't marked deprecated.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 603615b..6c24aab 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1033,9 +1033,6 @@
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    /** Callback to export key block and master secret                      */
-    int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
-            const unsigned char *, size_t, size_t, size_t );
     /** Callback to export key block, master secret,
      *  tls_prf and random bytes. Should replace f_export_keys    */
     int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
@@ -1920,33 +1917,6 @@
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
 /**
- * \brief           Callback type: Export key block and master secret
- *
- * \note            This is required for certain uses of TLS, e.g. EAP-TLS
- *                  (RFC 5216) and Thread. The key pointers are ephemeral and
- *                  therefore must not be stored. The master secret and keys
- *                  should not be used directly except as an input to a key
- *                  derivation function.
- *
- * \param p_expkey  Context for the callback
- * \param ms        Pointer to master secret (fixed length: 48 bytes)
- * \param kb        Pointer to key block, see RFC 5246 section 6.3
- *                  (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
- * \param maclen    MAC length
- * \param keylen    Key length
- * \param ivlen     IV length
- *
- * \return          0 if successful, or
- *                  a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
-                                const unsigned char *ms,
-                                const unsigned char *kb,
-                                size_t maclen,
-                                size_t keylen,
-                                size_t ivlen );
-
-/**
  * \brief           Callback type: Export key block, master secret,
  *                                 handshake randbytes and the tls_prf function
  *                                 used to derive keys.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2961637..e6bc790 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -986,14 +986,6 @@
     ((void) mac_enc);
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    if( ssl->conf->f_export_keys != NULL )
-    {
-        ssl->conf->f_export_keys( ssl->conf->p_export_keys,
-                                  master, keyblk,
-                                  mac_key_len, keylen,
-                                  iv_copy_len );
-    }
-
     if( ssl->conf->f_export_keys_ext != NULL )
     {
         ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys,
@@ -4193,14 +4185,6 @@
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_export_keys_t *f_export_keys,
-        void *p_export_keys )
-{
-    conf->f_export_keys = f_export_keys;
-    conf->p_export_keys = p_export_keys;
-}
-
 void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
         mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
         void *p_export_keys )