lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option

Browse Source 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei
2025-02-26 18:06:05 +01:00
parent 4515d10163
commit e1e27300a2
14 changed files with 8 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/mbedtls/check_config.h
View File

@ -87,12 +87,6 @@
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_PKCS1_V15) )
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
( !defined(PSA_WANT_ALG_JPAKE) || \
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
@ -155,8 +149,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
!(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \

1
include/mbedtls/config_adjust_ssl.h
View File

@ -61,7 +61,6 @@
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_RENEGOTIATION
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

25
include/mbedtls/mbedtls_config.h
View File

@ -360,31 +360,6 @@
*/
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
*
* Enable the RSA-only based ciphersuite modes in SSL / TLS.
*
* Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*

3
include/mbedtls/ssl.h
View File

@ -650,9 +650,6 @@
/* Dummy type used only for its size */
union mbedtls_ssl_premaster_secret {
unsigned char dummy; /* Make the union non-empty even with SSL disabled */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \

6
include/mbedtls/ssl_ciphersuites.h
View File

@ -201,8 +201,7 @@ typedef enum {
} mbedtls_key_exchange_type_t;
/* Key exchanges using a certificate */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@ -260,8 +259,7 @@ typedef enum {
#endif
/* Key exchanges that don't involve ephemeral keys */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
#endif