Remove key exchange based on encryption/decryption
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index a81cc88..8a0e18a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -210,7 +210,7 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#define USAGE_SSL_ASYNC \
- " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
+ " async_operations=%%c... s=sign (default: -=off)\n" \
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
" async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \
" default: -1 (not asynchronous)\n" \
@@ -478,13 +478,13 @@
" key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
- " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
" key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
- " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1227,16 +1227,6 @@
hash, hash_len);
}
-static int ssl_async_decrypt(mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len)
-{
- return ssl_async_start(ssl, cert,
- ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
- input, input_len);
-}
-
static int ssl_async_resume(mbedtls_ssl_context *ssl,
unsigned char *output,
size_t *output_len,
@@ -1257,12 +1247,6 @@
}
switch (ctx->operation_type) {
- case ASYNC_OP_DECRYPT:
- ret = mbedtls_pk_decrypt(key_slot->pk,
- ctx->input, ctx->input_len,
- output, output_len, output_size,
- config_data->f_rng, config_data->p_rng);
- break;
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
@@ -3118,13 +3102,9 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if (opt.async_operations[0] != '-') {
mbedtls_ssl_async_sign_t *sign = NULL;
- mbedtls_ssl_async_decrypt_t *decrypt = NULL;
const char *r;
for (r = opt.async_operations; *r; r++) {
switch (*r) {
- case 'd':
- decrypt = ssl_async_decrypt;
- break;
case 's':
sign = ssl_async_sign;
break;
@@ -3137,7 +3117,6 @@
ssl_async_keys.p_rng = &rng;
mbedtls_ssl_conf_async_private_cb(&conf,
sign,
- decrypt,
ssl_async_resume,
ssl_async_cancel,
&ssl_async_keys);