Remove `MBEDTLS_KEY_EXCHANGE_RSA_ENABLED` config option
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index aa09e30..f49e919 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -116,7 +116,6 @@
| | |
| MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) |
| MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a |
- | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a |
diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md
index 1baab35..6f3b5bd 100644
--- a/docs/proposed/config-split.md
+++ b/docs/proposed/config-split.md
@@ -396,7 +396,6 @@
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
#define MBEDTLS_SSL_ALPN
//#define MBEDTLS_SSL_ASYNC_PRIVATE
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index c2b5200..4328f71 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -87,12 +87,6 @@
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
( !defined(PSA_WANT_ALG_JPAKE) || \
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
@@ -155,8 +149,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
index 7070283..2221e5b 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -61,7 +61,6 @@
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_RENEGOTIATION
-#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index dd9ccac..2dc475b 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -361,31 +361,6 @@
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 681584b..2ea09bb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -650,9 +650,6 @@
/* Dummy type used only for its size */
union mbedtls_ssl_premaster_secret {
unsigned char dummy; /* Make the union non-empty even with SSL disabled */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 5d5b4b9..7db620e 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -201,8 +201,7 @@
} mbedtls_key_exchange_type_t;
/* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@@ -260,8 +259,7 @@
#endif
/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
#endif
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index e4cc226..6e4370b 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -490,116 +490,6 @@
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(PSA_WANT_ALG_SHA_384) && \
- defined(PSA_WANT_ALG_GCM)
- { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
- MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(PSA_WANT_ALG_GCM)
- { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
- MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
- { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
- { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_1 */
-#if defined(PSA_WANT_ALG_CCM)
- { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CCM */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
#if defined(PSA_WANT_KEY_TYPE_AES)
#if defined(PSA_WANT_ALG_SHA_1)
@@ -947,29 +837,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(PSA_WANT_ALG_MD5)
- { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
#if defined(PSA_WANT_ALG_SHA_1)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
@@ -1019,41 +886,6 @@
#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
- MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 36f79cb..c06844d 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1732,83 +1732,6 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-/*
- * Generate a pre-master secret and encrypt it with the server's RSA key
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl,
- size_t offset, size_t *olen,
- size_t pms_offset)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len_bytes = 2;
- unsigned char *p = ssl->handshake->premaster + pms_offset;
- mbedtls_pk_context *peer_pk;
-
- if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms"));
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
- }
-
- /*
- * Generate (part of) the pre-master as
- * struct {
- * ProtocolVersion client_version;
- * opaque random[46];
- * } PreMasterSecret;
- */
- mbedtls_ssl_write_version(p, ssl->conf->transport,
- MBEDTLS_SSL_VERSION_TLS1_2);
-
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
- return ret;
- }
-
- ssl->handshake->pmslen = 48;
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- peer_pk = &ssl->handshake->peer_pubkey;
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if (ssl->session_negotiate->peer_cert == NULL) {
- /* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
- peer_pk = &ssl->session_negotiate->peer_cert->pk;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
- /*
- * Now write it out, encrypted
- */
- if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch"));
- return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
- }
-
- if ((ret = mbedtls_pk_encrypt(peer_pk,
- p, ssl->handshake->pmslen,
- ssl->out_msg + offset + len_bytes, olen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
- return ret;
- }
-
- if (len_bytes == 2) {
- MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset);
- *olen += 2;
- }
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- /* We don't need the peer's public key anymore. Free it. */
- mbedtls_pk_free(peer_pk);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- return 0;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1902,16 +1825,6 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
- ssl->state++;
- return 0;
- }
- ((void) p);
- ((void) end);
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
@@ -2742,15 +2655,6 @@
} else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
- header_len = 4;
- if ((ret = ssl_write_encrypted_pms(ssl, header_len,
- &content_len, 0)) != 0) {
- return ret;
- }
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
header_len = 4;
@@ -2768,7 +2672,7 @@
return ret;
}
} else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
((void) ciphersuite_info);
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index a302af4..5a143fc 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3181,194 +3181,6 @@
return 0;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl,
- unsigned char *peer_pms,
- size_t *peer_pmslen,
- size_t peer_pmssize)
-{
- int ret = ssl->conf->f_async_resume(ssl,
- peer_pms, peer_pmslen, peer_pmssize);
- if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
- ssl->handshake->async_in_progress = 0;
- mbedtls_ssl_set_async_operation_data(ssl, NULL);
- }
- MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret);
- return ret;
-}
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl,
- const unsigned char *p,
- const unsigned char *end,
- unsigned char *peer_pms,
- size_t *peer_pmslen,
- size_t peer_pmssize)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl);
- if (own_cert == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate"));
- return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
- }
- mbedtls_pk_context *public_key = &own_cert->pk;
- mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
- size_t len = mbedtls_pk_get_len(public_key);
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- /* If we have already started decoding the message and there is an ongoing
- * decryption operation, resume signing. */
- if (ssl->handshake->async_in_progress != 0) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation"));
- return ssl_resume_decrypt_pms(ssl,
- peer_pms, peer_pmslen, peer_pmssize);
- }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
- /*
- * Prepare to decrypt the premaster using own private RSA key
- */
- if (p + 2 > end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
- if (*p++ != MBEDTLS_BYTE_1(len) ||
- *p++ != MBEDTLS_BYTE_0(len)) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- if (p + len != end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- /*
- * Decrypt the premaster secret
- */
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if (ssl->conf->f_async_decrypt_start != NULL) {
- ret = ssl->conf->f_async_decrypt_start(ssl,
- mbedtls_ssl_own_cert(ssl),
- p, len);
- switch (ret) {
- case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
- /* act as if f_async_decrypt_start was null */
- break;
- case 0:
- ssl->handshake->async_in_progress = 1;
- return ssl_resume_decrypt_pms(ssl,
- peer_pms,
- peer_pmslen,
- peer_pmssize);
- case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
- ssl->handshake->async_in_progress = 1;
- return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
- default:
- MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret);
- return ret;
- }
- }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
- if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key"));
- return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
- }
-
- ret = mbedtls_pk_decrypt(private_key, p, len,
- peer_pms, peer_pmslen, peer_pmssize,
- ssl->conf->f_rng, ssl->conf->p_rng);
- return ret;
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl,
- const unsigned char *p,
- const unsigned char *end,
- size_t pms_offset)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char *pms = ssl->handshake->premaster + pms_offset;
- unsigned char ver[2];
- unsigned char fake_pms[48], peer_pms[48];
- size_t peer_pmslen;
- mbedtls_ct_condition_t diff;
-
- /* In case of a failure in decryption, the decryption may write less than
- * 2 bytes of output, but we always read the first two bytes. It doesn't
- * matter in the end because diff will be nonzero in that case due to
- * ret being nonzero, and we only care whether diff is 0.
- * But do initialize peer_pms and peer_pmslen for robustness anyway. This
- * also makes memory analyzers happy (don't access uninitialized memory,
- * even if it's an unsigned char). */
- peer_pms[0] = peer_pms[1] = ~0;
- peer_pmslen = 0;
-
- ret = ssl_decrypt_encrypted_pms(ssl, p, end,
- peer_pms,
- &peer_pmslen,
- sizeof(peer_pms));
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
- return ret;
- }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
- mbedtls_ssl_write_version(ver, ssl->conf->transport,
- ssl->session_negotiate->tls_version);
-
- /* Avoid data-dependent branches while checking for invalid
- * padding, to protect against timing-based Bleichenbacher-type
- * attacks. */
- diff = mbedtls_ct_bool(ret);
- diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48));
- diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0]));
- diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1]));
-
- /*
- * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
- * must not cause the connection to end immediately; instead, send a
- * bad_record_mac later in the handshake.
- * To protect against timing-based variants of the attack, we must
- * not have any branch that depends on whether the decryption was
- * successful. In particular, always generate the fake premaster secret,
- * regardless of whether it will ultimately influence the output or not.
- */
- ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms));
- if (ret != 0) {
- /* It's ok to abort on an RNG failure, since this does not reveal
- * anything about the RSA decryption. */
- return ret;
- }
-
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
- if (diff != MBEDTLS_CT_FALSE) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- }
-#endif
-
- if (sizeof(ssl->handshake->premaster) < pms_offset ||
- sizeof(ssl->handshake->premaster) - pms_offset < 48) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
- ssl->handshake->pmslen = 48;
-
- /* Set pms to either the true or the fake PMS, without
- * data-dependent branches. */
- mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen);
-
- return 0;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p,
@@ -3435,16 +3247,6 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange"));
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA &&
- (ssl->handshake->async_in_progress != 0)) {
- /* We've already read a record and there is an asynchronous
- * operation in progress to decrypt it. So skip reading the
- * record. */
- MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record"));
- } else
-#endif
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
return ret;
@@ -3635,14 +3437,6 @@
} else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
- if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret);
- return ret;
- }
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
if ((ret = mbedtls_psa_ecjpake_read_round(
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index ef4927f..3ba314f 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -66,8 +66,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
#endif
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 8ba4161..3d58895 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1165,7 +1165,6 @@
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
# Also disable key exchanges that depend on RSA
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -1525,7 +1524,6 @@
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index a08ede5..816d2de 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -315,7 +315,6 @@
'PSA_WANT_ALG_RSA_OAEP',
'PSA_WANT_ALG_RSA_PSS'],
'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT',
'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'],
'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6a5e760..7692017 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -311,8 +311,7 @@
SKIP_NEXT="YES"
}
-TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
@@ -320,9 +319,8 @@
TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
-TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
+TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
requires_certificate_authentication () {
if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3