ssl_tls: remove code related to DHE-RSA

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-08-08 17:42:09 +03:00 · 2025-01-22 11:33:55 +01:00
parent 98f348a2c5
commit 89743b5db5
4 changed files with 0 additions and 151 deletions
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3254,43 +3254,6 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl)
    return 0;
 }

-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p,
-                                      const unsigned char *end)
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    size_t n;
-
-    /*
-     * Receive G^Y mod P, premaster = (G^Y)^X mod P
-     */
-    if (*p + 2 > end) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
-        return MBEDTLS_ERR_SSL_DECODE_ERROR;
-    }
-
-    n = MBEDTLS_GET_UINT16_BE(*p, 0);
-    *p += 2;
-
-    if (*p + n > end) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
-        return MBEDTLS_ERR_SSL_DECODE_ERROR;
-    }
-
-    if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret);
-        return MBEDTLS_ERR_SSL_DECODE_ERROR;
-    }
-
-    *p += n;
-
-    MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
-
-    return ret;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)

 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -3573,30 +3536,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
    }

-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
-        if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret);
-            return ret;
-        }
-
-        if (p != end) {
-            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
-            return MBEDTLS_ERR_SSL_DECODE_ERROR;
-        }
-
-        if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
-                                           ssl->handshake->premaster,
-                                           MBEDTLS_PREMASTER_SIZE,
-                                           &ssl->handshake->pmslen,
-                                           ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
-            return MBEDTLS_ERR_SSL_DECODE_ERROR;
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
-    } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \