Remove `MBEDTLS_KEY_EXCHANGE_RSA_ENABLED` config option Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

commit: e1e27300a2c9fe452207bbab2a11a102cec76f25 [log] [tgz]
author: Gabor Mezei <gabor.mezei@arm.com> Wed Feb 26 18:06:05 2025 +0100
committer: Gabor Mezei <gabor.mezei@arm.com> Thu Mar 20 17:53:01 2025 +0100
tree: acd0684211d8894120c8d1d6718fbc8a7db9555e
parent: 4515d10163c4f531a67548d396dcc511b1b74aea [diff]
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index c2b5200..4328f71 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -87,12 +87,6 @@
 #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&    \
     ( !defined(PSA_WANT_ALG_JPAKE) ||                   \
       !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
@@ -155,8 +149,7 @@
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) &&                                    \
-    !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                          \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
+    !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
       defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                  \
       defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                     \
       defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ||                   \

diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
index 7070283..2221e5b 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h

@@ -61,7 +61,6 @@
 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
 #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 #undef MBEDTLS_SSL_RENEGOTIATION
-#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index dd9ccac..2dc475b 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -361,31 +361,6 @@
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 
 /**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-/**
  * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
  *
  * Enable sending of alert messages in case of encountered errors as per RFC.

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 681584b..2ea09bb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -650,9 +650,6 @@
 /* Dummy type used only for its size */
 union mbedtls_ssl_premaster_secret {
     unsigned char dummy; /* Make the union non-empty even with SSL disabled */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
-#endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 5d5b4b9..7db620e 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h

@@ -201,8 +201,7 @@
 } mbedtls_key_exchange_type_t;
 
 /* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@@ -260,8 +259,7 @@
 #endif
 
 /* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
     defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
 #endif
commit	e1e27300a2c9fe452207bbab2a11a102cec76f25	[log] [tgz]
author	Gabor Mezei <gabor.mezei@arm.com>	Wed Feb 26 18:06:05 2025 +0100
committer	Gabor Mezei <gabor.mezei@arm.com>	Thu Mar 20 17:53:01 2025 +0100
tree	acd0684211d8894120c8d1d6718fbc8a7db9555e
parent	4515d10163c4f531a67548d396dcc511b1b74aea [diff]