lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED

Browse Source 
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all
code guarded by it. This remove support for the RSA-PSK key exchange in TLS
1.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2024-09-20 18:08:44 +02:00
parent 7dfe7c9e4a
commit ac767e5c69
13 changed files with 8 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
library/ssl_tls.c
View File

@@ -7357,21 +7357,6 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha
p += psk_len;
} else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
if (key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
/*
* other_secret already set by the ClientKeyExchange message,
* and is 48 bytes long
*/
if (end - p < 2) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
*p++ = 0;
*p++ = 48;
p += 48;
} else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;