From 712e9a1c3e42a025592f9d36e8d2c7acf9aa2076 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 20 Sep 2024 18:11:31 +0200
Subject: [PATCH] Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK

Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the
configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the
removal of library code that supports the RSA-PSK key exchange in TLS 1.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl_ciphersuites.h  |  1 -
 library/ssl_ciphersuites.c          |  4 ----
 library/ssl_ciphersuites_internal.h |  2 --
 library/ssl_tls.c                   | 10 ----------
 library/ssl_tls12_client.c          |  7 ++-----
 library/ssl_tls12_server.c          |  3 +--
 6 files changed, 3 insertions(+), 24 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index d0063616d3..a63255559f 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -262,7 +262,6 @@ typedef enum {
     MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
     MBEDTLS_KEY_EXCHANGE_PSK,
     MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-    MBEDTLS_KEY_EXCHANGE_RSA_PSK,
     MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
     MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
     MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index e69c8e29c9..5d7fd1570e 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1783,7 +1783,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
             return MBEDTLS_PK_RSA;
 
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
@@ -1803,7 +1802,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip
 {
     switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
             return PSA_ALG_RSA_PKCS1V15_CRYPT;
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
@@ -1826,7 +1824,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c
 {
     switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
             return PSA_KEY_USAGE_DECRYPT;
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
@@ -1887,7 +1884,6 @@ int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
             return 1;
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
index 27ff72106e..4f71bc0630 100644
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -50,7 +50,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
             return 1;
 
         default:
@@ -93,7 +92,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_cipher
 {
     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1e51bc7912..8b8f519454 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7016,11 +7016,6 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
              * Other secret is stored in premaster, where first 2 bytes hold the
              * length of the other key.
              */
-            case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-                /* For RSA-PSK other key length is always 48 bytes. */
-                other_secret_len = 48;
-                other_secret = handshake->premaster + 2;
-                break;
             case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
             case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
                 other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0);
@@ -7820,10 +7815,6 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_SRV_C)
     if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
-        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
-            return SSL_CERTIFICATE_SKIP;
-        }
-
         if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
             ssl->session_negotiate->verify_result =
                 MBEDTLS_X509_BADCERT_SKIP_VERIFY;
@@ -9670,7 +9661,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
         /* TLS 1.2 server part of the key exchange */
         switch (ciphersuite->key_exchange) {
             case MBEDTLS_KEY_EXCHANGE_RSA:
-            case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
                 usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
                 break;
 
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 8591103a03..a7f216f2df 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2141,8 +2141,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
      * doesn't use a psk_identity_hint
      */
     if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) {
-        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-            ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
             /* Current message is probably either
              * CertificateRequest or ServerHelloDone */
             ssl->keep_current_message = 1;
@@ -2172,7 +2171,6 @@ start_processing:
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
         if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) {
@@ -2187,8 +2185,7 @@ start_processing:
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
         ; /* nothing more to do */
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 5811de5f05..9e7c52c5e6 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3670,8 +3670,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
     defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) &&
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA &&
         (ssl->handshake->async_in_progress != 0)) {
         /* We've already read a record and there is an asynchronous
          * operation in progress to decrypt it. So skip reading the