Remove mentions of RSA-PSK key exchange from documentation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-08 17:42:09 +03:00 · 2024-09-20 18:22:04 +02:00
parent 712e9a1c3e
commit b3ec125580
4 changed files with 3 additions and 11 deletions
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3058,7 +3058,7 @@
 *          library/ssl*_server.c
 *
 * This module is used by the following key exchanges:
- *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *      RSA, DHE-RSA, ECDHE-RSA
 *
 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
 */
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2137,7 +2137,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
    }

    /*
-     * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
+     * ServerKeyExchange may be skipped with PSK when the server
     * doesn't use a psk_identity_hint
     */
    if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) {
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -7019,12 +7019,11 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
     * uint16 with the value N, and the PSK itself.
     *
     * mixed-PSK:
-     * In a DHE-PSK, RSA-PSK, ECDHE-PSK the premaster secret is formed as
+     * In a DHE-PSK, ECDHE-PSK the premaster secret is formed as
     * follows: concatenate a uint16 with the length of the other secret,
     * the other secret itself, uint16 with the length of PSK, and the
     * PSK itself.
     * For details please check:
-     * - RFC 4279, Section 4 for the definition of RSA-PSK,
     * - RFC 4279, Section 3 for the definition of DHE-PSK,
     * - RFC 5489 for the definition of ECDHE-PSK.
     */
--- a/tf-psa-crypto/include/psa/crypto_values.h
+++ b/tf-psa-crypto/include/psa/crypto_values.h
@@ -2020,13 +2020,6 @@
 *   this input may be an output of `psa_raw_key_agreement()` passed with
 *   psa_key_derivation_input_bytes(), or an equivalent input passed with
 *   psa_key_derivation_input_bytes() or psa_key_derivation_input_key().
- * - for a RSA-PSK cipher suite (RFC 4279, Section 4), the other secret
- *   should be the 48-byte client challenge (the PreMasterSecret of
- *   (RFC 5246, Section 7.4.7.1)) concatenation of the TLS version and
- *   a 46-byte random string chosen by the client. On the server, this is
- *   typically an output of psa_asymmetric_decrypt() using
- *   PSA_ALG_RSA_PKCS1V15_CRYPT, passed to the key derivation operation
- *   with `psa_key_derivation_input_bytes()`.
 *
 * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the
 * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.