Merge pull request #10015 from gabor-mezei-arm/9682_remove_RSA_key_exchange
Remove the RSA-decryption key exchange
diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt
new file mode 100644
index 0000000..f9baaf1
--- /dev/null
+++ b/ChangeLog.d/remove_RSA_key_exchange.txt
@@ -0,0 +1,2 @@
+Removals
+ * Remove support for the RSA key exchange in TLS 1.2.
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index aa09e30..f49e919 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -116,7 +116,6 @@
| | |
| MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) |
| MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a |
- | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a |
diff --git a/framework b/framework
index cab0c5f..72b5acd 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd
+Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index c2b5200..4328f71 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -87,12 +87,6 @@
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
( !defined(PSA_WANT_ALG_JPAKE) || \
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
@@ -155,8 +149,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
index 7070283..2221e5b 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -61,7 +61,6 @@
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_RENEGOTIATION
-#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index dd9ccac..2dc475b 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -361,31 +361,6 @@
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 681584b..6c37fc3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -650,9 +650,6 @@
/* Dummy type used only for its size */
union mbedtls_ssl_premaster_secret {
unsigned char dummy; /* Make the union non-empty even with SSL disabled */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -1002,71 +999,6 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len);
-
-/**
- * \brief Callback type: start external decryption operation.
- *
- * This callback is called during an SSL handshake to start
- * an RSA decryption operation using an
- * external processor. The parameter \p cert contains
- * the public key; it is up to the callback function to
- * determine how to access the associated private key.
- *
- * This function typically sends or enqueues a request, and
- * does not wait for the operation to complete. This allows
- * the handshake step to be non-blocking.
- *
- * The parameters \p ssl and \p cert are guaranteed to remain
- * valid throughout the handshake. On the other hand, this
- * function must save the contents of \p input if the value
- * is needed for later processing, because the \p input buffer
- * is no longer valid after this function returns.
- *
- * This function may call mbedtls_ssl_set_async_operation_data()
- * to store an operation context for later retrieval
- * by the resume or cancel callback.
- *
- * \warning RSA decryption as used in TLS is subject to a potential
- * timing side channel attack first discovered by Bleichenbacher
- * in 1998. This attack can be remotely exploitable
- * in practice. To avoid this attack, you must ensure that
- * if the callback performs an RSA decryption, the time it
- * takes to execute and return the result does not depend
- * on whether the RSA decryption succeeded or reported
- * invalid padding.
- *
- * \param ssl The SSL connection instance. It should not be
- * modified other than via
- * mbedtls_ssl_set_async_operation_data().
- * \param cert Certificate containing the public key.
- * In simple cases, this is one of the pointers passed to
- * mbedtls_ssl_conf_own_cert() when configuring the SSL
- * connection. However, if other callbacks are used, this
- * property may not hold. For example, if an SNI callback
- * is registered with mbedtls_ssl_conf_sni(), then
- * this callback determines what certificate is used.
- * \param input Buffer containing the input ciphertext. This buffer
- * is no longer valid when the function returns.
- * \param input_len Size of the \p input buffer in bytes.
- *
- * \return 0 if the operation was started successfully and the SSL
- * stack should call the resume callback immediately.
- * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
- * was started successfully and the SSL stack should return
- * immediately without calling the resume callback yet.
- * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
- * processor does not support this key. The SSL stack will
- * use the private key object instead.
- * \return Any other error indicates a fatal failure and is
- * propagated up the call chain. The callback should
- * use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
- * use \c MBEDTLS_ERR_SSL_xxx error codes except as
- * directed in the documentation of this callback.
- */
-typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -1074,8 +1006,7 @@
*
* This callback is called during an SSL handshake to resume
* an external operation started by the
- * ::mbedtls_ssl_async_sign_t or
- * ::mbedtls_ssl_async_decrypt_t callback.
+ * ::mbedtls_ssl_async_sign_t callback.
*
* This function typically checks the status of a pending
* request or causes the request queue to make progress, and
@@ -1541,7 +1472,6 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
@@ -2857,17 +2787,10 @@
* external processor does not support any signature
* operation; in this case the private key object
* associated with the certificate will be used.
- * \param f_async_decrypt Callback to start a decryption operation. See
- * the description of ::mbedtls_ssl_async_decrypt_t
- * for more information. This may be \c NULL if the
- * external processor does not support any decryption
- * operation; in this case the private key object
- * associated with the certificate will be used.
* \param f_async_resume Callback to resume an asynchronous operation. See
* the description of ::mbedtls_ssl_async_resume_t
* for more information. This may not be \c NULL unless
- * \p f_async_sign and \p f_async_decrypt are both
- * \c NULL.
+ * \p f_async_sign is \c NULL.
* \param f_async_cancel Callback to cancel an asynchronous operation. See
* the description of ::mbedtls_ssl_async_cancel_t
* for more information. This may be \c NULL if
@@ -2879,7 +2802,6 @@
*/
void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf,
mbedtls_ssl_async_sign_t *f_async_sign,
- mbedtls_ssl_async_decrypt_t *f_async_decrypt,
mbedtls_ssl_async_resume_t *f_async_resume,
mbedtls_ssl_async_cancel_t *f_async_cancel,
void *config_data);
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 5d5b4b9..b031231 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -24,28 +24,11 @@
/*
* Supported ciphersuites (Official IANA names)
*/
-#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
-
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
-
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
-
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
-#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
-
#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
@@ -54,10 +37,6 @@
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
-
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
@@ -100,8 +79,6 @@
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
@@ -110,8 +87,6 @@
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
@@ -136,8 +111,6 @@
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
@@ -155,10 +128,6 @@
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
@@ -190,7 +159,6 @@
*/
typedef enum {
MBEDTLS_KEY_EXCHANGE_NONE = 0,
- MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_KEY_EXCHANGE_PSK,
@@ -201,8 +169,7 @@
} mbedtls_key_exchange_type_t;
/* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@@ -260,8 +227,7 @@
#endif
/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
#endif
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index e4cc226..b979cad 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -110,22 +110,14 @@
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
/* All AES-256 suites */
- MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
- MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
- MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
- MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
/* All CAMELLIA-256 suites */
- MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
- MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
@@ -134,28 +126,18 @@
/* All ARIA-256 suites */
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
- MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
- MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
/* All AES-128 suites */
- MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
- MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
- MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
- MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
/* All CAMELLIA-128 suites */
- MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
- MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
@@ -164,10 +146,8 @@
/* All ARIA-128 suites */
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
- MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
- MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
/* The PSK suites */
MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
@@ -198,9 +178,6 @@
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
- MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
- MBEDTLS_TLS_RSA_WITH_NULL_SHA,
- MBEDTLS_TLS_RSA_WITH_NULL_MD5,
MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
@@ -490,116 +467,6 @@
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(PSA_WANT_ALG_SHA_384) && \
- defined(PSA_WANT_ALG_GCM)
- { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
- MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(PSA_WANT_ALG_GCM)
- { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
- MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
- { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
- { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_1 */
-#if defined(PSA_WANT_ALG_CCM)
- { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CCM */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
#if defined(PSA_WANT_KEY_TYPE_AES)
#if defined(PSA_WANT_ALG_SHA_1)
@@ -947,29 +814,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(PSA_WANT_ALG_MD5)
- { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
#if defined(PSA_WANT_ALG_SHA_1)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
@@ -1019,41 +863,6 @@
#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
- MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
@@ -1388,7 +1197,6 @@
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return MBEDTLS_PK_RSA;
@@ -1407,8 +1215,6 @@
psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- return PSA_ALG_RSA_PKCS1V15_CRYPT;
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return PSA_ALG_RSA_PKCS1V15_SIGN(
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
@@ -1428,8 +1234,6 @@
psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- return PSA_KEY_USAGE_DECRYPT;
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return PSA_KEY_USAGE_SIGN_HASH;
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
index b60acdc..a7981db 100644
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -44,7 +44,6 @@
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_PSK:
return 1;
@@ -71,7 +70,6 @@
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -86,7 +84,6 @@
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 164a230..d12cee3 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -985,7 +985,6 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/** Asynchronous operation context. This field is meant for use by the
* asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start,
- * mbedtls_ssl_config::f_async_decrypt_start,
* mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel).
* The library does not use it internally. */
void *user_async_ctx;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3572f3f..46fb924 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2737,13 +2737,11 @@
void mbedtls_ssl_conf_async_private_cb(
mbedtls_ssl_config *conf,
mbedtls_ssl_async_sign_t *f_async_sign,
- mbedtls_ssl_async_decrypt_t *f_async_decrypt,
mbedtls_ssl_async_resume_t *f_async_resume,
mbedtls_ssl_async_cancel_t *f_async_cancel,
void *async_config_data)
{
conf->f_async_sign_start = f_async_sign;
- conf->f_async_decrypt_start = f_async_decrypt;
conf->f_async_resume = f_async_resume;
conf->f_async_cancel = f_async_cancel;
conf->p_async_config_data = async_config_data;
@@ -8708,10 +8706,6 @@
recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
/* TLS 1.2 server part of the key exchange */
switch (ciphersuite->key_exchange) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
- break;
-
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 36f79cb..c06844d 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1732,83 +1732,6 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-/*
- * Generate a pre-master secret and encrypt it with the server's RSA key
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl,
- size_t offset, size_t *olen,
- size_t pms_offset)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len_bytes = 2;
- unsigned char *p = ssl->handshake->premaster + pms_offset;
- mbedtls_pk_context *peer_pk;
-
- if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms"));
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
- }
-
- /*
- * Generate (part of) the pre-master as
- * struct {
- * ProtocolVersion client_version;
- * opaque random[46];
- * } PreMasterSecret;
- */
- mbedtls_ssl_write_version(p, ssl->conf->transport,
- MBEDTLS_SSL_VERSION_TLS1_2);
-
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
- return ret;
- }
-
- ssl->handshake->pmslen = 48;
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- peer_pk = &ssl->handshake->peer_pubkey;
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if (ssl->session_negotiate->peer_cert == NULL) {
- /* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
- peer_pk = &ssl->session_negotiate->peer_cert->pk;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
- /*
- * Now write it out, encrypted
- */
- if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch"));
- return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
- }
-
- if ((ret = mbedtls_pk_encrypt(peer_pk,
- p, ssl->handshake->pmslen,
- ssl->out_msg + offset + len_bytes, olen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
- return ret;
- }
-
- if (len_bytes == 2) {
- MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset);
- *olen += 2;
- }
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- /* We don't need the peer's public key anymore. Free it. */
- mbedtls_pk_free(peer_pk);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- return 0;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1902,16 +1825,6 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
- ssl->state++;
- return 0;
- }
- ((void) p);
- ((void) end);
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
@@ -2742,15 +2655,6 @@
} else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
- header_len = 4;
- if ((ret = ssl_write_encrypted_pms(ssl, header_len,
- &content_len, 0)) != 0) {
- return ret;
- }
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
header_len = 4;
@@ -2768,7 +2672,7 @@
return ret;
}
} else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
((void) ciphersuite_info);
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index a302af4..fb88cf2 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -654,6 +654,7 @@
* Try picking a certificate for this ciphersuite,
* return 0 on success and -1 on failure.
*/
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_pick_cert(mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
@@ -693,7 +694,6 @@
int key_type_matches = 0;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
- ssl->conf->f_async_decrypt_start != NULL ||
mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) &&
mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage));
#else
@@ -745,6 +745,8 @@
return -1;
}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
@@ -807,6 +809,8 @@
}
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
* Final check: if ciphersuite requires us to have a
@@ -822,7 +826,6 @@
}
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* If the ciphersuite requires signing, check whether
* a suitable hash algorithm is present. */
sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info);
@@ -3181,194 +3184,6 @@
return 0;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl,
- unsigned char *peer_pms,
- size_t *peer_pmslen,
- size_t peer_pmssize)
-{
- int ret = ssl->conf->f_async_resume(ssl,
- peer_pms, peer_pmslen, peer_pmssize);
- if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
- ssl->handshake->async_in_progress = 0;
- mbedtls_ssl_set_async_operation_data(ssl, NULL);
- }
- MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret);
- return ret;
-}
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl,
- const unsigned char *p,
- const unsigned char *end,
- unsigned char *peer_pms,
- size_t *peer_pmslen,
- size_t peer_pmssize)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl);
- if (own_cert == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate"));
- return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
- }
- mbedtls_pk_context *public_key = &own_cert->pk;
- mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
- size_t len = mbedtls_pk_get_len(public_key);
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- /* If we have already started decoding the message and there is an ongoing
- * decryption operation, resume signing. */
- if (ssl->handshake->async_in_progress != 0) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation"));
- return ssl_resume_decrypt_pms(ssl,
- peer_pms, peer_pmslen, peer_pmssize);
- }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
- /*
- * Prepare to decrypt the premaster using own private RSA key
- */
- if (p + 2 > end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
- if (*p++ != MBEDTLS_BYTE_1(len) ||
- *p++ != MBEDTLS_BYTE_0(len)) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- if (p + len != end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- /*
- * Decrypt the premaster secret
- */
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if (ssl->conf->f_async_decrypt_start != NULL) {
- ret = ssl->conf->f_async_decrypt_start(ssl,
- mbedtls_ssl_own_cert(ssl),
- p, len);
- switch (ret) {
- case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
- /* act as if f_async_decrypt_start was null */
- break;
- case 0:
- ssl->handshake->async_in_progress = 1;
- return ssl_resume_decrypt_pms(ssl,
- peer_pms,
- peer_pmslen,
- peer_pmssize);
- case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
- ssl->handshake->async_in_progress = 1;
- return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
- default:
- MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret);
- return ret;
- }
- }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
- if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key"));
- return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
- }
-
- ret = mbedtls_pk_decrypt(private_key, p, len,
- peer_pms, peer_pmslen, peer_pmssize,
- ssl->conf->f_rng, ssl->conf->p_rng);
- return ret;
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl,
- const unsigned char *p,
- const unsigned char *end,
- size_t pms_offset)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char *pms = ssl->handshake->premaster + pms_offset;
- unsigned char ver[2];
- unsigned char fake_pms[48], peer_pms[48];
- size_t peer_pmslen;
- mbedtls_ct_condition_t diff;
-
- /* In case of a failure in decryption, the decryption may write less than
- * 2 bytes of output, but we always read the first two bytes. It doesn't
- * matter in the end because diff will be nonzero in that case due to
- * ret being nonzero, and we only care whether diff is 0.
- * But do initialize peer_pms and peer_pmslen for robustness anyway. This
- * also makes memory analyzers happy (don't access uninitialized memory,
- * even if it's an unsigned char). */
- peer_pms[0] = peer_pms[1] = ~0;
- peer_pmslen = 0;
-
- ret = ssl_decrypt_encrypted_pms(ssl, p, end,
- peer_pms,
- &peer_pmslen,
- sizeof(peer_pms));
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
- return ret;
- }
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
- mbedtls_ssl_write_version(ver, ssl->conf->transport,
- ssl->session_negotiate->tls_version);
-
- /* Avoid data-dependent branches while checking for invalid
- * padding, to protect against timing-based Bleichenbacher-type
- * attacks. */
- diff = mbedtls_ct_bool(ret);
- diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48));
- diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0]));
- diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1]));
-
- /*
- * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
- * must not cause the connection to end immediately; instead, send a
- * bad_record_mac later in the handshake.
- * To protect against timing-based variants of the attack, we must
- * not have any branch that depends on whether the decryption was
- * successful. In particular, always generate the fake premaster secret,
- * regardless of whether it will ultimately influence the output or not.
- */
- ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms));
- if (ret != 0) {
- /* It's ok to abort on an RNG failure, since this does not reveal
- * anything about the RSA decryption. */
- return ret;
- }
-
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
- if (diff != MBEDTLS_CT_FALSE) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- }
-#endif
-
- if (sizeof(ssl->handshake->premaster) < pms_offset ||
- sizeof(ssl->handshake->premaster) - pms_offset < 48) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
- ssl->handshake->pmslen = 48;
-
- /* Set pms to either the true or the fake PMS, without
- * data-dependent branches. */
- mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen);
-
- return 0;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p,
@@ -3435,16 +3250,6 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange"));
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA &&
- (ssl->handshake->async_in_progress != 0)) {
- /* We've already read a record and there is an asynchronous
- * operation in progress to decrypt it. So skip reading the
- * record. */
- MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record"));
- } else
-#endif
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
return ret;
@@ -3635,14 +3440,6 @@
} else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
- if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret);
- return ret;
- }
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
if ((ret = mbedtls_psa_ecjpake_read_round(
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d5c2a63..6ed073e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -348,10 +348,10 @@
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
#define USAGE_KEY_OPAQUE_ALGS \
- " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
+ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
- " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index a81cc88..8a0e18a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -210,7 +210,7 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#define USAGE_SSL_ASYNC \
- " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
+ " async_operations=%%c... s=sign (default: -=off)\n" \
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
" async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \
" default: -1 (not asynchronous)\n" \
@@ -478,13 +478,13 @@
" key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
- " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
" key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
- " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1227,16 +1227,6 @@
hash, hash_len);
}
-static int ssl_async_decrypt(mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len)
-{
- return ssl_async_start(ssl, cert,
- ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
- input, input_len);
-}
-
static int ssl_async_resume(mbedtls_ssl_context *ssl,
unsigned char *output,
size_t *output_len,
@@ -1257,12 +1247,6 @@
}
switch (ctx->operation_type) {
- case ASYNC_OP_DECRYPT:
- ret = mbedtls_pk_decrypt(key_slot->pk,
- ctx->input, ctx->input_len,
- output, output_len, output_size,
- config_data->f_rng, config_data->p_rng);
- break;
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
@@ -3118,13 +3102,9 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if (opt.async_operations[0] != '-') {
mbedtls_ssl_async_sign_t *sign = NULL;
- mbedtls_ssl_async_decrypt_t *decrypt = NULL;
const char *r;
for (r = opt.async_operations; *r; r++) {
switch (*r) {
- case 'd':
- decrypt = ssl_async_decrypt;
- break;
case 's':
sign = ssl_async_sign;
break;
@@ -3137,7 +3117,6 @@
ssl_async_keys.p_rng = &rng;
mbedtls_ssl_conf_async_private_cb(&conf,
sign,
- decrypt,
ssl_async_resume,
ssl_async_cancel,
&ssl_async_keys);
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 6c7eed5..354e97e 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -315,6 +315,7 @@
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
* for more info.
@@ -352,7 +353,6 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static void mbedtls_print_supported_sig_algs(void)
{
mbedtls_printf("supported signature algorithms:\n");
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 2c68489..acc01a2 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -197,7 +197,6 @@
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
- strcmp(*alg1, "rsa-decrypt") != 0 &&
strcmp(*alg1, "ecdsa-sign") != 0 &&
strcmp(*alg1, "ecdh") != 0) {
return 1;
@@ -208,7 +207,6 @@
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
- strcmp(*alg2, "rsa-decrypt") != 0 &&
strcmp(*alg2, "ecdsa-sign") != 0 &&
strcmp(*alg2, "ecdh") != 0 &&
strcmp(*alg2, "none") != 0) {
@@ -245,9 +243,6 @@
} else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) {
*psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
- } else if (strcmp(algs[i], "rsa-decrypt") == 0) {
- *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
- *usage |= PSA_KEY_USAGE_DECRYPT;
} else if (strcmp(algs[i], "ecdsa-sign") == 0) {
*psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index bc5cce5..c001a2a 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -202,7 +202,6 @@
* Coma-separated pair of values among the following:
* - "rsa-sign-pkcs1"
* - "rsa-sign-pss"
- * - "rsa-decrypt"
* - "ecdsa-sign"
* - "ecdh"
* - "none" (only acceptable for the second value).
diff --git a/tests/compat.sh b/tests/compat.sh
index de8c1bb..975d8dc 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -327,17 +327,6 @@
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_NULL_SHA \
- TLS_RSA_WITH_AES_128_CBC_SHA \
- TLS_RSA_WITH_AES_128_CBC_SHA256 \
- TLS_RSA_WITH_AES_128_GCM_SHA256 \
- TLS_RSA_WITH_AES_256_CBC_SHA \
- TLS_RSA_WITH_AES_256_CBC_SHA256 \
- TLS_RSA_WITH_AES_256_GCM_SHA384 \
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \
- TLS_RSA_WITH_NULL_MD5 \
- TLS_RSA_WITH_NULL_SHA \
- TLS_RSA_WITH_NULL_SHA256 \
"
;;
@@ -388,8 +377,6 @@
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
- TLS_RSA_WITH_ARIA_128_GCM_SHA256 \
- TLS_RSA_WITH_ARIA_256_GCM_SHA384 \
"
;;
@@ -437,14 +424,6 @@
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
- TLS_RSA_WITH_AES_128_CCM \
- TLS_RSA_WITH_AES_128_CCM_8 \
- TLS_RSA_WITH_AES_256_CCM \
- TLS_RSA_WITH_AES_256_CCM_8 \
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
- TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
- TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
"
;;
@@ -506,8 +485,6 @@
M_CIPHERS="$M_CIPHERS \
TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
- TLS_RSA_WITH_ARIA_128_CBC_SHA256 \
- TLS_RSA_WITH_ARIA_256_CBC_SHA384 \
"
;;
diff --git a/tests/context-info.sh b/tests/context-info.sh
index 6c08b86..066bd3d 100755
--- a/tests/context-info.sh
+++ b/tests/context-info.sh
@@ -241,16 +241,6 @@
-u "basic constraints.* CA=false$" \
-n "bytes left to analyze from context"
-run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
- "srv_ciphersuite.txt" \
- -n "ERROR" \
- -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
-
-run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
- "cli_ciphersuite.txt" \
- -n "ERROR" \
- -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
-
run_test "No packing, server" \
"srv_no_packing.txt" \
-n "ERROR" \
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index ef4927f..3ba314f 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -66,8 +66,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
#endif
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 8ba4161..3d58895 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1165,7 +1165,6 @@
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
# Also disable key exchanges that depend on RSA
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -1525,7 +1524,6 @@
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index a08ede5..816d2de 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -315,7 +315,6 @@
'PSA_WANT_ALG_RSA_OAEP',
'PSA_WANT_ALG_RSA_PSS'],
'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT',
'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'],
'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6a5e760..0634c26 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -311,8 +311,7 @@
SKIP_NEXT="YES"
}
-TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
@@ -320,9 +319,8 @@
TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
-TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
+TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
requires_certificate_authentication () {
if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -2308,20 +2306,6 @@
-C "error"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_hash_alg SHA_256
-run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \
- "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
- key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \
- debug_level=1" \
- "$P_CLI force_version=tls12" \
- 1 \
- -s "key types: Opaque, none" \
- -s "error" \
- -c "error" \
- -c "Public key type mismatch"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
@@ -2338,20 +2322,6 @@
-c "Public key type mismatch"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_hash_alg SHA_256
-run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \
- "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
- key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \
- debug_level=1" \
- "$P_CLI force_version=tls12" \
- 1 \
- -s "key types: Opaque, none" \
- -s "got ciphersuites in common, but none of them usable" \
- -s "error" \
- -c "error"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
@@ -2439,8 +2409,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 opaque key: no suitable algorithm found" \
- "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
- "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
1 \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
@@ -2452,8 +2422,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 opaque key: suitable algorithm found" \
- "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
- "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
+ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
0 \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
@@ -2479,8 +2449,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
- "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
- "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
+ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
0 \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
@@ -7725,12 +7695,12 @@
0 \
-c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
-run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
+run_test "keyUsage srv 1.2: RSA, keyEncipherment -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-"
+ 1 \
+ -C "Ciphersuite is "
run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
@@ -8862,17 +8832,6 @@
# Test for ClientHello without extensions
-# Without extensions, ECC is impossible (no curve negotiation).
-requires_config_enabled MBEDTLS_RSA_C
-requires_gnutls
-run_test "ClientHello without extensions: RSA" \
- "$P_SRV force_version=tls12 debug_level=3" \
- "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
- 0 \
- -s "Ciphersuite is .*-RSA-WITH-.*" \
- -S "Ciphersuite is .*-EC.*" \
- -s "dumping 'client hello extensions' (0 bytes)"
-
requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
requires_gnutls
run_test "ClientHello without extensions: PSK" \
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6b491d4..3f84458 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -63,6 +63,45 @@
}
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(PSA_WANT_ECC_SECP_R1_384) && \
+ defined(PSA_WANT_ALG_SHA_256)
+/*
+ * Test function to perform a handshake using the mfl extension and with
+ * setting the resize buffer option.
+ */
+static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
+ int serialize, int dtls, char *cipher)
+{
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
+
+ options.mfl = mfl;
+ options.cipher = cipher;
+ options.renegotiate = renegotiation;
+ options.legacy_renegotiation = legacy_renegotiation;
+ options.serialize = serialize;
+ options.dtls = dtls;
+ if (dtls) {
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
+ options.resize_buffers = 1;
+
+ const mbedtls_ssl_ciphersuite_t *ciphersuite =
+ mbedtls_ssl_ciphersuite_from_string(cipher);
+ if (ciphersuite != NULL) {
+ options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite);
+ }
+
+ mbedtls_test_ssl_perform_handshake(&options);
+
+ mbedtls_test_free_handshake_options(&options);
+}
+
+#endif
+
#if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305)
#define TEST_GCM_OR_CHACHAPOLY_ENABLED
#endif
@@ -2825,40 +2864,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */
-void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
- int serialize, int dtls, char *cipher)
-{
- mbedtls_test_handshake_test_options options;
- mbedtls_test_init_handshake_options(&options);
-
- options.mfl = mfl;
- options.cipher = cipher;
- options.renegotiate = renegotiation;
- options.legacy_renegotiation = legacy_renegotiation;
- options.serialize = serialize;
- options.dtls = dtls;
- if (dtls) {
- options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
- }
- options.resize_buffers = 1;
-
- const mbedtls_ssl_ciphersuite_t *ciphersuite =
- mbedtls_ssl_ciphersuite_from_string(cipher);
- if (ciphersuite != NULL) {
- options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite);
- }
-
- mbedtls_test_ssl_perform_handshake(&options);
-
- /* The goto below is used to avoid an "unused label" warning.*/
- goto exit;
-exit:
- mbedtls_test_free_handshake_options(&options);
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */
void resize_buffers_serialize_mfl(int mfl)
{
/* Choose an AEAD ciphersuite */
@@ -2885,16 +2891,16 @@
TEST_ASSERT(ciphersuite != NULL);
- test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
- (char *) ciphersuite->name);
+ resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
+ (char *) ciphersuite->name);
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
char *cipher)
{
- test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
+ resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}