ssl_tls: remove usage of DHE-PSK Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

commit: 48659a1f9ce9f64440ac6f3cb84d23e4ee8ed9b5 [log] [tgz]
author: Valerio Setti <valerio.setti@nordicsemi.no> Wed Jan 15 14:22:28 2025 +0100
committer: Valerio Setti <valerio.setti@nordicsemi.no> Fri Jan 24 11:49:59 2025 +0100
tree: 95a61b8c5f0d88c5be496982621f852f9c6f2756
parent: 64d264d2e6e66ee7c7c5897921e08f25dcb68153 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5031c77..0d07a85 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7025,7 +7025,6 @@
              * length of the other key.
              */
             case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
                 other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0);
                 other_secret = handshake->premaster + 2;
                 break;
@@ -7326,14 +7325,9 @@
         /*
          * This should never happen because the existence of a PSK is always
          * checked before calling this function.
-         *
-         * The exception is opaque DHE-PSK. For DHE-PSK fill premaster with
-         * the shared secret without PSK.
          */
-        if (key_ex != MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
-            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
-            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        }
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /*
@@ -7360,24 +7354,6 @@
         p += psk_len;
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        size_t len;
-
-        /* Write length only when we know the actual value */
-        if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
-                                           p + 2, (size_t) (end - (p + 2)), &len,
-                                           ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
-            return ret;
-        }
-        MBEDTLS_PUT_UINT16_BE(len, p, 0);
-        p += 2 + len;
-
-        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
-    } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
     if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -9686,7 +9662,6 @@
             /* Don't use default: we want warnings when adding new values */
             case MBEDTLS_KEY_EXCHANGE_NONE:
             case MBEDTLS_KEY_EXCHANGE_PSK:
-            case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
             case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
             case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
                 usage = 0;
commit	48659a1f9ce9f64440ac6f3cb84d23e4ee8ed9b5	[log] [tgz]
author	Valerio Setti <valerio.setti@nordicsemi.no>	Wed Jan 15 14:22:28 2025 +0100
committer	Valerio Setti <valerio.setti@nordicsemi.no>	Fri Jan 24 11:49:59 2025 +0100
tree	95a61b8c5f0d88c5be496982621f852f9c6f2756
parent	64d264d2e6e66ee7c7c5897921e08f25dcb68153 [diff] [blame]