Remove MBEDTLS_KEY_EXCHANGE_RSA key exchange type

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-12-24 17:41:01 +03:00 · 2025-02-26 18:12:50 +01:00
parent e1e27300a2
commit 5814e3e566
4 changed files with 0 additions and 13 deletions
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -190,7 +190,6 @@ extern "C" {
 */
 typedef enum {
    MBEDTLS_KEY_EXCHANGE_NONE = 0,
-    MBEDTLS_KEY_EXCHANGE_RSA,
    MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
    MBEDTLS_KEY_EXCHANGE_PSK,
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1220,7 +1220,6 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui
 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
 {
    switch (info->key_exchange) {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
            return MBEDTLS_PK_RSA;

@@ -1239,8 +1238,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe
 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
 {
    switch (info->key_exchange) {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-            return PSA_ALG_RSA_PKCS1V15_CRYPT;
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
            return PSA_ALG_RSA_PKCS1V15_SIGN(
                mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
@@ -1260,8 +1257,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip
 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
 {
    switch (info->key_exchange) {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-            return PSA_KEY_USAGE_DECRYPT;
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
            return PSA_KEY_USAGE_SIGN_HASH;
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -44,7 +44,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t
    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA:
        case MBEDTLS_KEY_EXCHANGE_PSK:
            return 1;

@@ -71,7 +70,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit
 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
 {
    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -86,7 +84,6 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip
 static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
 {
    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8708,10 +8708,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
        recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
        /* TLS 1.2 server part of the key exchange */
        switch (ciphersuite->key_exchange) {
-            case MBEDTLS_KEY_EXCHANGE_RSA:
-                usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
-                break;
-
            case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
            case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
                usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;