The usage of the new keying material methods was not properly guarded.
To avoid a number of ifdefs this commit uses a dummy struct and function.
When we eventually drop support for non-EKM mbed TLS version we can remove
these.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20200825041647.26235-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20812.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
return NULL;
}
}
+#else
+unsigned char*
+key_state_export_keying_material(struct tls_session *session,
+ const char* label, size_t label_size,
+ size_t ekm_size,
+ struct gc_arena *gc)
+{
+ /* Dummy function to avoid ifdefs in the common code */
+ return NULL;
+}
#endif /* HAVE_EXPORT_KEYING_MATERIAL */
bool
void *sign_ctx;
};
+#ifdef HAVE_EXPORT_KEYING_MATERIAL
/** struct to cache TLS secrets for keying material exporter (RFC 5705).
* The constants (64 and 48) are inherent to TLS version and
* the whole keying material export will likely change when they change */
mbedtls_tls_prf_types tls_prf_type;
unsigned char master_secret[48];
};
+#else
+struct tls_key_cache { };
+#endif
/**
* Structure that wraps the TLS context. Contents differ depending on the
bio_ctx *bio_ctx;
struct tls_key_cache tls_key_cache;
-
};
/**
projects / thirdparty / openvpn.git / commitdiff
