From 7dfe7c9e4a14aa27edc5111bbe88bf0fb488e120 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:16:41 +0200 Subject: [PATCH 1/8] Remove RSA-PSK test cases The test cases removed by this commit are specific to RSA-PSK, not incidentally using RSA-PSK when testing other features, so there is no loss of test coverage. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 175 +------------------------------ tests/suites/test_suite_ssl.data | 20 ---- 2 files changed, 1 insertion(+), 194 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bf399529be..44cbcd311e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -584,7 +584,7 @@ adapt_cmd_for_psk () { # with a pre-shared key, skip it. If the test looks like it's already using # a pre-shared key, do nothing. # -# This code does not consider builds with ECDHE-PSK or RSA-PSK. +# This code does not consider builds with ECDHE-PSK. # # Inputs: # * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. @@ -2537,22 +2537,6 @@ run_test "Opaque key for server authentication: DHE-RSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: RSA-PSK" \ - "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \ - psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ - psk=73776f726466697368 psk_identity=foo" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-RSA-PSK-" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-RSA-PSK-" \ - -S "error" \ - -C "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 @@ -8584,50 +8568,6 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" -run_test "PSK callback: opaque rsa-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ @@ -8762,52 +8702,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" -run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ @@ -8946,52 +8840,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" -run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ @@ -9995,27 +9843,6 @@ run_test "SSL async private: decrypt, delay=1" \ -s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt RSA-PSK, delay=0" \ - "$P_SRV psk=73776f726466697368 \ - async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI psk=73776f726466697368 \ - force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt RSA-PSK, delay=1" \ - "$P_SRV psk=73776f726466697368 \ - async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI psk=73776f726466697368 \ - force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: sign callback not present" \ "$P_SRV \ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c522459bf9..8135ef17ad 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -452,26 +452,6 @@ Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 -Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - -Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - -Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 From ac767e5c691718f829abed6ea335ca7e9a6d2135 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:08:44 +0200 Subject: [PATCH 2/8] Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all code guarded by it. This remove support for the RSA-PSK key exchange in TLS 1.2. Signed-off-by: Gilles Peskine --- docs/architecture/tls13-support.md | 1 - include/mbedtls/check_config.h | 7 - include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 23 --- include/mbedtls/ssl.h | 3 - include/mbedtls/ssl_ciphersuites.h | 3 - library/ssl_ciphersuites.c | 149 ------------------ library/ssl_tls.c | 15 -- library/ssl_tls12_client.c | 20 +-- library/ssl_tls12_server.c | 42 +---- .../components-configuration-crypto.sh | 2 - tests/scripts/depends.py | 1 - tests/ssl-opt.sh | 4 +- 13 files changed, 8 insertions(+), 263 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index d6fc19e4a3..6904c500db 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -117,7 +117,6 @@ Support description | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) | | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a710208505..d7cc3653db 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -310,12 +310,6 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_PKCS1_V15) ) @@ -797,7 +791,6 @@ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) #error "One or more versions of the TLS protocol are enabled " \ diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 1f82d9c006..ce90991c16 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -67,7 +67,6 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ba1dd42802..2c8f91b51a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -745,29 +745,6 @@ */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4246677609..9353eb4932 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -673,9 +673,6 @@ union mbedtls_ssl_premaster_secret { unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ #endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */ -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 4685c72075..d0063616d3 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -274,7 +274,6 @@ typedef enum { defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED @@ -339,7 +338,6 @@ typedef enum { /* Key exchanges that don't involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif @@ -356,7 +354,6 @@ typedef enum { /* Key exchanges using a PSK */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 149595083e..e69c8e29c9 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -371,14 +371,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 && MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -1235,89 +1227,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_CCM) @@ -1421,29 +1330,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #if defined(PSA_WANT_KEY_TYPE_ARIA) @@ -1483,41 +1369,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 39c7a2e3cb..1e51bc7912 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7357,21 +7357,6 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha p += psk_len; } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if (key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { - /* - * other_secret already set by the ClientKeyExchange message, - * and is 48 bytes long - */ - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - *p++ = 0; - *p++ = 48; - p += 48; - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0affc91c49..8591103a03 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1900,8 +1900,7 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) /* * Generate a pre-master secret and encrypt it with the server's RSA key */ @@ -1976,8 +1975,7 @@ static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) @@ -2188,14 +2186,12 @@ start_processing: } /* FALLTHROUGH */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { ; /* nothing more to do */ } else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || @@ -3050,14 +3046,6 @@ ecdh_calc_secret: content_len = 0; } else #endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { - if ((ret = ssl_write_encrypted_pms(ssl, header_len, - &content_len, 2)) != 0) { - return ret; - } - } else -#endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { /* diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 76200be615..5811de5f05 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3414,8 +3414,7 @@ static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char ** #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) MBEDTLS_CHECK_RETURN_CRITICAL @@ -3601,8 +3600,7 @@ static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -3671,8 +3669,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ - (defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)) + defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) && (ssl->handshake->async_in_progress != 0)) { @@ -3842,39 +3839,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) #endif /* !MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->handshake->async_in_progress != 0) { - /* There is an asynchronous operation in progress to - * decrypt the encrypted premaster secret, so skip - * directly to resuming this operation. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("PSK identity already parsed")); - /* Update p to skip the PSK identity. ssl_parse_encrypted_pms - * won't actually use it, but maintain p anyway for robustness. */ - p += ssl->conf->psk_identity_len + 2; - } else -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - return ret; - } - - if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 2)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_encrypted_pms"), ret); - return ret; - } - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index eaa0bcab99..33f39026b6 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1243,7 +1243,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1619,7 +1618,6 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5eddaae79d..bb7e1d050e 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -312,7 +312,6 @@ REVERSE_DEPENDENCIES = { 'PSA_WANT_ALG_RSA_PSS'], 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 44cbcd311e..ef6c607341 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -312,7 +312,6 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" @@ -322,8 +321,7 @@ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" requires_certificate_authentication () { if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From 712e9a1c3e42a025592f9d36e8d2c7acf9aa2076 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:11:31 +0200 Subject: [PATCH 3/8] Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the removal of library code that supports the RSA-PSK key exchange in TLS 1.2. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl_ciphersuites.h | 1 - library/ssl_ciphersuites.c | 4 ---- library/ssl_ciphersuites_internal.h | 2 -- library/ssl_tls.c | 10 ---------- library/ssl_tls12_client.c | 7 ++----- library/ssl_tls12_server.c | 3 +-- 6 files changed, 3 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index d0063616d3..a63255559f 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -262,7 +262,6 @@ typedef enum { MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index e69c8e29c9..5d7fd1570e 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1783,7 +1783,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: return MBEDTLS_PK_RSA; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: @@ -1803,7 +1802,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: return PSA_ALG_RSA_PKCS1V15_CRYPT; case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: @@ -1826,7 +1824,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: return PSA_KEY_USAGE_DECRYPT; case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: @@ -1887,7 +1884,6 @@ int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: return 1; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 27ff72106e..4f71bc0630 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -50,7 +50,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: return 1; default: @@ -93,7 +92,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_cipher { switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1e51bc7912..8b8f519454 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7016,11 +7016,6 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, * Other secret is stored in premaster, where first 2 bytes hold the * length of the other key. */ - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - /* For RSA-PSK other key length is always 48 bytes. */ - other_secret_len = 48; - other_secret = handshake->premaster + 2; - break; case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0); @@ -7820,10 +7815,6 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SRV_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { - return SSL_CERTIFICATE_SKIP; - } - if (authmode == MBEDTLS_SSL_VERIFY_NONE) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; @@ -9670,7 +9661,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, /* TLS 1.2 server part of the key exchange */ switch (ciphersuite->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; break; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 8591103a03..a7f216f2df 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2141,8 +2141,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) * doesn't use a psk_identity_hint */ if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { /* Current message is probably either * CertificateRequest or ServerHelloDone */ ssl->keep_current_message = 1; @@ -2172,7 +2171,6 @@ start_processing: #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { @@ -2187,8 +2185,7 @@ start_processing: #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { ; /* nothing more to do */ } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5811de5f05..9e7c52c5e6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3670,8 +3670,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) && + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA && (ssl->handshake->async_in_progress != 0)) { /* We've already read a record and there is an asynchronous * operation in progress to decrypt it. So skip reading the From b3ec12558025049f1210fdecd0218341101c1ca4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:22:04 +0200 Subject: [PATCH 4/8] Remove mentions of RSA-PSK key exchange from documentation Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 2 +- library/ssl_tls12_client.c | 2 +- tf-psa-crypto/core/psa_crypto.c | 3 +-- tf-psa-crypto/include/psa/crypto_values.h | 7 ------- 4 files changed, 3 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2c8f91b51a..6fa2e6aa40 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3058,7 +3058,7 @@ * library/ssl*_server.c * * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK + * RSA, DHE-RSA, ECDHE-RSA * * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a7f216f2df..14ce37757e 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2137,7 +2137,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } /* - * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server + * ServerKeyExchange may be skipped with PSK when the server * doesn't use a psk_identity_hint */ if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 32a52de291..edecbec13b 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -7019,12 +7019,11 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( * uint16 with the value N, and the PSK itself. * * mixed-PSK: - * In a DHE-PSK, RSA-PSK, ECDHE-PSK the premaster secret is formed as + * In a DHE-PSK, ECDHE-PSK the premaster secret is formed as * follows: concatenate a uint16 with the length of the other secret, * the other secret itself, uint16 with the length of PSK, and the * PSK itself. * For details please check: - * - RFC 4279, Section 4 for the definition of RSA-PSK, * - RFC 4279, Section 3 for the definition of DHE-PSK, * - RFC 5489 for the definition of ECDHE-PSK. */ diff --git a/tf-psa-crypto/include/psa/crypto_values.h b/tf-psa-crypto/include/psa/crypto_values.h index 1d678dbfc2..ad43797604 100644 --- a/tf-psa-crypto/include/psa/crypto_values.h +++ b/tf-psa-crypto/include/psa/crypto_values.h @@ -2020,13 +2020,6 @@ * this input may be an output of `psa_raw_key_agreement()` passed with * psa_key_derivation_input_bytes(), or an equivalent input passed with * psa_key_derivation_input_bytes() or psa_key_derivation_input_key(). - * - for a RSA-PSK cipher suite (RFC 4279, Section 4), the other secret - * should be the 48-byte client challenge (the PreMasterSecret of - * (RFC 5246, Section 7.4.7.1)) concatenation of the TLS version and - * a 46-byte random string chosen by the client. On the server, this is - * typically an output of psa_asymmetric_decrypt() using - * PSA_ALG_RSA_PKCS1V15_CRYPT, passed to the key derivation operation - * with `psa_key_derivation_input_bytes()`. * * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256. From 91e7ebebfe7c5933d3f854eda32fa800b1713263 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:24:41 +0200 Subject: [PATCH 5/8] Remove RSA_PSK suites from cipher suite lists Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 17 ----------------- include/mbedtls/ssl_ciphersuites.h | 20 -------------------- library/ssl_ciphersuites.c | 21 --------------------- tests/compat.sh | 18 ------------------ 4 files changed, 76 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 6fa2e6aa40..fa223ffa8d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -523,9 +523,6 @@ * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 * MBEDTLS_TLS_RSA_WITH_NULL_SHA * MBEDTLS_TLS_RSA_WITH_NULL_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 * MBEDTLS_TLS_PSK_WITH_NULL_SHA @@ -2117,12 +2114,6 @@ * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA @@ -2260,10 +2251,6 @@ * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 @@ -2310,14 +2297,10 @@ * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index a63255559f..dc7f46216d 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -29,7 +29,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ -#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */ #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 @@ -55,9 +54,6 @@ extern "C" { #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91 -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94 -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95 - #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ @@ -67,8 +63,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF @@ -80,11 +74,6 @@ extern "C" { #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */ #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */ -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6 -#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7 -#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */ -#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */ - #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ @@ -161,14 +150,10 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ @@ -198,15 +183,11 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 -#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B @@ -242,7 +223,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */ /* RFC 8446, Appendix B.4 */ #define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 5d7fd1570e..f4621876b5 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -211,24 +211,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - /* The RSA PSK suites */ - MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, - - MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, - /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, @@ -266,9 +248,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_RSA_WITH_NULL_MD5, MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, - MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, MBEDTLS_TLS_PSK_WITH_NULL_SHA384, MBEDTLS_TLS_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_PSK_WITH_NULL_SHA, diff --git a/tests/compat.sh b/tests/compat.sh index 22da5ee4ed..080b62777b 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -514,18 +514,6 @@ add_gnutls_ciphersuites() TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_PSK_WITH_NULL_SHA256 \ TLS_PSK_WITH_NULL_SHA384 \ - TLS_RSA_PSK_WITH_AES_128_CBC_SHA \ - TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 \ - TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 \ - TLS_RSA_PSK_WITH_AES_256_CBC_SHA \ - TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 \ - TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 \ - TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_RSA_PSK_WITH_NULL_SHA256 \ - TLS_RSA_PSK_WITH_NULL_SHA384 \ " ;; esac @@ -579,12 +567,6 @@ add_mbedtls_ciphersuites() TLS_PSK_WITH_ARIA_128_CBC_SHA256 \ TLS_PSK_WITH_ARIA_256_CBC_SHA384 \ TLS_PSK_WITH_NULL_SHA \ - TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 \ - TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 \ - TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 \ - TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 \ - TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_RSA_PSK_WITH_NULL_SHA \ " ;; esac From fdf7db019b8a3a454dfce43013b81d14273220e5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:25:09 +0200 Subject: [PATCH 6/8] Remove support for RSA-PSK in compat.sh Signed-off-by: Gilles Peskine --- tests/compat.sh | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 080b62777b..05102e3f16 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -369,10 +369,6 @@ add_common_ciphersuites() # Based on client's naming convention, all ciphersuite names will be # translated into another naming format before sent to the client. # -# NOTE: for some reason RSA-PSK doesn't work with OpenSSL, -# so RSA-PSK ciphersuites need to go in other sections, see -# https://github.com/Mbed-TLS/mbedtls/issues/1419 -# # ChachaPoly suites are here rather than in "common", as they were added in # GnuTLS in 3.5.0 and the CI only has 3.4.x so far. add_openssl_ciphersuites() @@ -624,7 +620,7 @@ setup_arguments() M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" + G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:-VERS-TLS-ALL:$G_PRIO_MODE" # The default prime for `openssl s_server` depends on the version: # * OpenSSL <= 1.0.2a: 512-bit @@ -733,11 +729,9 @@ setup_arguments() ;; "PSK") - # give RSA-PSK-capable server a RSA cert - # (should be a separate type, but harder to close with openssl) - M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none" O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --pskpasswd $DATA_FILES_PATH/passwd.psk" + G_SERVER_ARGS="$G_SERVER_ARGS --pskpasswd $DATA_FILES_PATH/passwd.psk" M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" From 0068fceba3110bf9feaae0518e84ca3cbe36f1ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:39:29 +0200 Subject: [PATCH 7/8] Note the equivalence of two macros, thanks to RSA-PSK removal Removing the now-duplicate internal macro is left for future work. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl_ciphersuites.h | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index dc7f46216d..3e235f33fd 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -272,19 +272,14 @@ typedef enum { /* Key exchanges allowing client certificate requests. * - * Note: that's almost the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED - * above, except RSA-PSK uses a server certificate but no client cert. - * - * Note: this difference is specific to TLS 1.2, as with TLS 1.3, things are - * more symmetrical: client certs and server certs are either both allowed - * (Ephemeral mode) or both disallowed (PSK and PKS-Ephemeral modes). + * This is now the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED, + * and the two macros could be unified. + * Until Mbed TLS 3.x, the two sets were different because + * MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED covers + * MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED plus RSA-PSK. + * But RSA-PSK was removed in Mbed TLS 4.0. */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED #endif From ff60a0bf4e39aedd4632008290d10a0fe4fe2ba2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Sep 2024 18:40:46 +0200 Subject: [PATCH 8/8] Changelog entry for removal of the RSA-PSK key exchange Signed-off-by: Gilles Peskine --- ChangeLog.d/tls-key-exchange-rsa.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt new file mode 100644 index 0000000000..4df6b3e303 --- /dev/null +++ b/ChangeLog.d/tls-key-exchange-rsa.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA-PSK key exchange in TLS 1.2.