From 78ba2af7c2e24626bb01fece73513a06c4a4fa74 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 24 May 2021 10:27:05 +0100 Subject: [PATCH] Remove old key export API Seems to be an oversight that this wasn't marked deprecated. Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 30 ------------------------------ library/ssl_tls.c | 16 ---------------- 2 files changed, 46 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 603615b3c..6c24aab77 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1033,9 +1033,6 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) - /** Callback to export key block and master secret */ - int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *, - const unsigned char *, size_t, size_t, size_t ); /** Callback to export key block, master secret, * tls_prf and random bytes. Should replace f_export_keys */ int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *, @@ -1919,33 +1916,6 @@ typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, uint32_t *lifetime ); #if defined(MBEDTLS_SSL_EXPORT_KEYS) -/** - * \brief Callback type: Export key block and master secret - * - * \note This is required for certain uses of TLS, e.g. EAP-TLS - * (RFC 5216) and Thread. The key pointers are ephemeral and - * therefore must not be stored. The master secret and keys - * should not be used directly except as an input to a key - * derivation function. - * - * \param p_expkey Context for the callback - * \param ms Pointer to master secret (fixed length: 48 bytes) - * \param kb Pointer to key block, see RFC 5246 section 6.3 - * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen). - * \param maclen MAC length - * \param keylen Key length - * \param ivlen IV length - * - * \return 0 if successful, or - * a specific MBEDTLS_ERR_XXX code. - */ -typedef int mbedtls_ssl_export_keys_t( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen ); - /** * \brief Callback type: Export key block, master secret, * handshake randbytes and the tls_prf function diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2961637a8..e6bc790fe 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -986,14 +986,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, ((void) mac_enc); #if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( ssl->conf->f_export_keys != NULL ) - { - ssl->conf->f_export_keys( ssl->conf->p_export_keys, - master, keyblk, - mac_key_len, keylen, - iv_copy_len ); - } - if( ssl->conf->f_export_keys_ext != NULL ) { ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys, @@ -4193,14 +4185,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) -void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ) -{ - conf->f_export_keys = f_export_keys; - conf->p_export_keys = p_export_keys; -} - void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, void *p_export_keys )