Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK

Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the removal of library code that supports the RSA-PSK key exchange in TLS 1.2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-07 06:42:56 +03:00 · 2024-09-20 18:11:31 +02:00
parent ac767e5c69
commit 712e9a1c3e
6 changed files with 3 additions and 24 deletions
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2141,8 +2141,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
     * doesn't use a psk_identity_hint
     */
    if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) {
-        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-            ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
            /* Current message is probably either
             * CertificateRequest or ServerHelloDone */
            ssl->keep_current_message = 1;
@@ -2172,7 +2171,6 @@ start_processing:

 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
        if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) {
@@ -2187,8 +2185,7 @@ start_processing:
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */

 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
        ; /* nothing more to do */
    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */