Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the DHE-RSA key exchange #9917

Open
wants to merge 10 commits into
base: development
Choose a base branch
from
Open

Remove the DHE-RSA key exchange #9917

wants to merge 10 commits into from

Conversation

valeriosetti
Copy link
Contributor

@valeriosetti valeriosetti commented Jan 22, 2025
edited
Loading

Description

Resolves #9685

Depends on:

PR checklist

Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.

@valeriosetti valeriosetti mentioned this pull request Jan 22, 2025
Open
3 tasks
@valeriosetti valeriosetti self-assigned this Jan 22, 2025
@valeriosetti valeriosetti added needs-review Every commit must be reviewed by at least two team members, needs-ci Needs to pass CI tests needs-preceding-pr Requires another PR to be merged first needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon labels Jan 22, 2025
@valeriosetti valeriosetti removed the needs-preceding-pr Requires another PR to be merged first label Jan 29, 2025
@valeriosetti
Copy link
Contributor Author

Rebased to solve a conflict in library/ssl_tls12_client.c due to the recently merged PR about the removal of unused code !defined(MBEDTLS_USE_PSA_CRYPTO)

@valeriosetti
ssl-opt.sh|compat.sh: remove references to DHE-RSA
4fa47e4 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
ssl_tls: remove code related to DHE-RSA
12bf6d8 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
ssl_ciphersuites: remove references to DHE-RSA key exchanges
0cd6047 
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
ssl_ciphersuites: remove MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED
067c95a 
This symbol is unused in the code so it can be removed.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
tests: remove references to DHE-RSA
86f2afb 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
check_config.h: remove checks for DHE-RSA
d6a1d98 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
docs: remove references to DHE-RSA
fba2441 
Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
mbedtls_config.h: remove definition of MBEDTLS_KEY_EXCHANGE_DHE_RSA_E…
10a6099 
…NABLED

Signed-off-by: Valerio Setti <[email protected]>
@ronald-cron-arm ronald-cron-arm self-requested a review January 30, 2025 17:38
@valeriosetti
test_suite_ssl: use ECDSA as pk alg in handshake_serialization()
6f059f1 
Hanshake serialization requires that the selected ciphersuite uses
an AEAD algorithm. However, following the DHE-RSA removal, trying to
still use RSA signature might select a ciphersuite which is not using
AEAD, but CBC instead.
Also ECDSA has ciphersuites with CBC, but they have lower priority
compared to AEAD ones, so they are less likely to be picked.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
framework: update reference
86d5913 
Signed-off-by: Valerio Setti <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ronald-cron-arm ronald-cron-arm Awaiting requested review from ronald-cron-arm

At least 2 approving reviews are required to merge this pull request.

Assignees

@valeriosetti valeriosetti

Labels
needs-ci Needs to pass CI tests needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)
Projects
Roadmap pull requests (new board)
Status: In Development
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove the DHE-RSA key exchange
1 participant
@valeriosetti