Remove `MBEDTLS_KEY_EXCHANGE_RSA_ENABLED` config option

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index e4cc226..6e4370b 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -490,116 +490,6 @@
 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(PSA_WANT_ALG_SHA_384) && \
-    defined(PSA_WANT_ALG_GCM)
-    { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(PSA_WANT_ALG_GCM)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_1 */
-#if defined(PSA_WANT_ALG_CCM)
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CCM */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
 #if defined(PSA_WANT_KEY_TYPE_AES)
 #if defined(PSA_WANT_ALG_SHA_1)
@@ -947,29 +837,6 @@
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(PSA_WANT_ALG_MD5)
-    { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_CIPHERSUITE_WEAK,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_1)
-    { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_CIPHERSUITE_WEAK,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256)
-    { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_CIPHERSUITE_WEAK,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 #if defined(PSA_WANT_ALG_SHA_1)
     { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
@@ -1019,41 +886,6 @@
 
 #if defined(PSA_WANT_KEY_TYPE_ARIA)
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
-      "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-    defined(PSA_WANT_ALG_SHA_384))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
-      "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
-      "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-    defined(PSA_WANT_ALG_SHA_256))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
-      "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 
 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 36f79cb..c06844d 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1732,83 +1732,6 @@
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-/*
- * Generate a pre-master secret and encrypt it with the server's RSA key
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl,
-                                   size_t offset, size_t *olen,
-                                   size_t pms_offset)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len_bytes = 2;
-    unsigned char *p = ssl->handshake->premaster + pms_offset;
-    mbedtls_pk_context *peer_pk;
-
-    if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms"));
-        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
-    }
-
-    /*
-     * Generate (part of) the pre-master as
-     *  struct {
-     *      ProtocolVersion client_version;
-     *      opaque random[46];
-     *  } PreMasterSecret;
-     */
-    mbedtls_ssl_write_version(p, ssl->conf->transport,
-                              MBEDTLS_SSL_VERSION_TLS1_2);
-
-    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
-        return ret;
-    }
-
-    ssl->handshake->pmslen = 48;
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    peer_pk = &ssl->handshake->peer_pubkey;
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if (ssl->session_negotiate->peer_cert == NULL) {
-        /* Should never happen */
-        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
-        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    }
-    peer_pk = &ssl->session_negotiate->peer_cert->pk;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    /*
-     * Now write it out, encrypted
-     */
-    if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch"));
-        return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
-    }
-
-    if ((ret = mbedtls_pk_encrypt(peer_pk,
-                                  p, ssl->handshake->pmslen,
-                                  ssl->out_msg + offset + len_bytes, olen,
-                                  MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
-                                  ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
-        return ret;
-    }
-
-    if (len_bytes == 2) {
-        MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset);
-        *olen += 2;
-    }
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    /* We don't need the peer's public key anymore. Free it. */
-    mbedtls_pk_free(peer_pk);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    return 0;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1902,16 +1825,6 @@
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
-        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
-        ssl->state++;
-        return 0;
-    }
-    ((void) p);
-    ((void) end);
-#endif
-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
@@ -2742,15 +2655,6 @@
 
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
-        header_len = 4;
-        if ((ret = ssl_write_encrypted_pms(ssl, header_len,
-                                           &content_len, 0)) != 0) {
-            return ret;
-        }
-    } else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
         header_len = 4;
@@ -2768,7 +2672,7 @@
             return ret;
         }
     } else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
     {
         ((void) ciphersuite_info);
         MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index a302af4..5a143fc 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3181,194 +3181,6 @@
     return 0;
 }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl,
-                                  unsigned char *peer_pms,
-                                  size_t *peer_pmslen,
-                                  size_t peer_pmssize)
-{
-    int ret = ssl->conf->f_async_resume(ssl,
-                                        peer_pms, peer_pmslen, peer_pmssize);
-    if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
-        ssl->handshake->async_in_progress = 0;
-        mbedtls_ssl_set_async_operation_data(ssl, NULL);
-    }
-    MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret);
-    return ret;
-}
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl,
-                                     const unsigned char *p,
-                                     const unsigned char *end,
-                                     unsigned char *peer_pms,
-                                     size_t *peer_pmslen,
-                                     size_t peer_pmssize)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl);
-    if (own_cert == NULL) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate"));
-        return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
-    }
-    mbedtls_pk_context *public_key = &own_cert->pk;
-    mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
-    size_t len = mbedtls_pk_get_len(public_key);
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    /* If we have already started decoding the message and there is an ongoing
-     * decryption operation, resume signing. */
-    if (ssl->handshake->async_in_progress != 0) {
-        MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation"));
-        return ssl_resume_decrypt_pms(ssl,
-                                      peer_pms, peer_pmslen, peer_pmssize);
-    }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-    /*
-     * Prepare to decrypt the premaster using own private RSA key
-     */
-    if (p + 2 > end) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
-        return MBEDTLS_ERR_SSL_DECODE_ERROR;
-    }
-    if (*p++ != MBEDTLS_BYTE_1(len) ||
-        *p++ != MBEDTLS_BYTE_0(len)) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
-        return MBEDTLS_ERR_SSL_DECODE_ERROR;
-    }
-
-    if (p + len != end) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
-        return MBEDTLS_ERR_SSL_DECODE_ERROR;
-    }
-
-    /*
-     * Decrypt the premaster secret
-     */
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    if (ssl->conf->f_async_decrypt_start != NULL) {
-        ret = ssl->conf->f_async_decrypt_start(ssl,
-                                               mbedtls_ssl_own_cert(ssl),
-                                               p, len);
-        switch (ret) {
-            case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
-                /* act as if f_async_decrypt_start was null */
-                break;
-            case 0:
-                ssl->handshake->async_in_progress = 1;
-                return ssl_resume_decrypt_pms(ssl,
-                                              peer_pms,
-                                              peer_pmslen,
-                                              peer_pmssize);
-            case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
-                ssl->handshake->async_in_progress = 1;
-                return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
-            default:
-                MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret);
-                return ret;
-        }
-    }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-    if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key"));
-        return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
-    }
-
-    ret = mbedtls_pk_decrypt(private_key, p, len,
-                             peer_pms, peer_pmslen, peer_pmssize,
-                             ssl->conf->f_rng, ssl->conf->p_rng);
-    return ret;
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl,
-                                   const unsigned char *p,
-                                   const unsigned char *end,
-                                   size_t pms_offset)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *pms = ssl->handshake->premaster + pms_offset;
-    unsigned char ver[2];
-    unsigned char fake_pms[48], peer_pms[48];
-    size_t peer_pmslen;
-    mbedtls_ct_condition_t diff;
-
-    /* In case of a failure in decryption, the decryption may write less than
-     * 2 bytes of output, but we always read the first two bytes. It doesn't
-     * matter in the end because diff will be nonzero in that case due to
-     * ret being nonzero, and we only care whether diff is 0.
-     * But do initialize peer_pms and peer_pmslen for robustness anyway. This
-     * also makes memory analyzers happy (don't access uninitialized memory,
-     * even if it's an unsigned char). */
-    peer_pms[0] = peer_pms[1] = ~0;
-    peer_pmslen = 0;
-
-    ret = ssl_decrypt_encrypted_pms(ssl, p, end,
-                                    peer_pms,
-                                    &peer_pmslen,
-                                    sizeof(peer_pms));
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
-        return ret;
-    }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-    mbedtls_ssl_write_version(ver, ssl->conf->transport,
-                              ssl->session_negotiate->tls_version);
-
-    /* Avoid data-dependent branches while checking for invalid
-     * padding, to protect against timing-based Bleichenbacher-type
-     * attacks. */
-    diff = mbedtls_ct_bool(ret);
-    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48));
-    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0]));
-    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1]));
-
-    /*
-     * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
-     * must not cause the connection to end immediately; instead, send a
-     * bad_record_mac later in the handshake.
-     * To protect against timing-based variants of the attack, we must
-     * not have any branch that depends on whether the decryption was
-     * successful. In particular, always generate the fake premaster secret,
-     * regardless of whether it will ultimately influence the output or not.
-     */
-    ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms));
-    if (ret != 0) {
-        /* It's ok to abort on an RNG failure, since this does not reveal
-         * anything about the RSA decryption. */
-        return ret;
-    }
-
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
-    if (diff != MBEDTLS_CT_FALSE) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
-    }
-#endif
-
-    if (sizeof(ssl->handshake->premaster) < pms_offset ||
-        sizeof(ssl->handshake->premaster) - pms_offset < 48) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
-        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    }
-    ssl->handshake->pmslen = 48;
-
-    /* Set pms to either the true or the fake PMS, without
-     * data-dependent branches. */
-    mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen);
-
-    return 0;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p,
@@ -3435,16 +3247,6 @@
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange"));
 
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA &&
-        (ssl->handshake->async_in_progress != 0)) {
-        /* We've already read a record and there is an asynchronous
-         * operation in progress to decrypt it. So skip reading the
-         * record. */
-        MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record"));
-    } else
-#endif
     if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
         return ret;
@@ -3635,14 +3437,6 @@
 
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
-        if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret);
-            return ret;
-        }
-    } else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
         if ((ret = mbedtls_psa_ecjpake_read_round(