diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2ea09bbfa..6c37fc370 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -999,71 +999,6 @@ typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len); - -/** - * \brief Callback type: start external decryption operation. - * - * This callback is called during an SSL handshake to start - * an RSA decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p input if the value - * is needed for later processing, because the \p input buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \warning RSA decryption as used in TLS is subject to a potential - * timing side channel attack first discovered by Bleichenbacher - * in 1998. This attack can be remotely exploitable - * in practice. To avoid this attack, you must ensure that - * if the callback performs an RSA decryption, the time it - * takes to execute and return the result does not depend - * on whether the RSA decryption succeeded or reported - * invalid padding. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param input Buffer containing the input ciphertext. This buffer - * is no longer valid when the function returns. - * \param input_len Size of the \p input buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1071,8 +1006,7 @@ typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, * * This callback is called during an SSL handshake to resume * an external operation started by the - * ::mbedtls_ssl_async_sign_t or - * ::mbedtls_ssl_async_decrypt_t callback. + * ::mbedtls_ssl_async_sign_t callback. * * This function typically checks the status of a pending * request or causes the request queue to make progress, and @@ -1538,7 +1472,6 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ - mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ @@ -2854,17 +2787,10 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( * external processor does not support any signature * operation; in this case the private key object * associated with the certificate will be used. - * \param f_async_decrypt Callback to start a decryption operation. See - * the description of ::mbedtls_ssl_async_decrypt_t - * for more information. This may be \c NULL if the - * external processor does not support any decryption - * operation; in this case the private key object - * associated with the certificate will be used. * \param f_async_resume Callback to resume an asynchronous operation. See * the description of ::mbedtls_ssl_async_resume_t * for more information. This may not be \c NULL unless - * \p f_async_sign and \p f_async_decrypt are both - * \c NULL. + * \p f_async_sign is \c NULL. * \param f_async_cancel Callback to cancel an asynchronous operation. See * the description of ::mbedtls_ssl_async_cancel_t * for more information. This may be \c NULL if @@ -2876,7 +2802,6 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( */ void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *config_data); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 164a23037..d12cee3ce 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -985,7 +985,6 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /** Asynchronous operation context. This field is meant for use by the * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, - * mbedtls_ssl_config::f_async_decrypt_start, * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). * The library does not use it internally. */ void *user_async_ctx; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5cfb83968..46fb92464 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2737,13 +2737,11 @@ void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *async_config_data) { conf->f_async_sign_start = f_async_sign; - conf->f_async_decrypt_start = f_async_decrypt; conf->f_async_resume = f_async_resume; conf->f_async_cancel = f_async_cancel; conf->p_async_config_data = async_config_data; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5a143fc3b..542d1f095 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -693,7 +693,6 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, int key_type_matches = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - ssl->conf->f_async_decrypt_start != NULL || mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); #else diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5c2a63ff..6ed073eef 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -348,10 +348,10 @@ int main(void) #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ #define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ + " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a81cc88c0..8a0e18aef 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -210,7 +210,7 @@ int main(void) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #define USAGE_SSL_ASYNC \ - " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \ + " async_operations=%%c... s=sign (default: -=off)\n" \ " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \ " default: -1 (not asynchronous)\n" \ @@ -478,13 +478,13 @@ int main(void) " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1227,16 +1227,6 @@ static int ssl_async_sign(mbedtls_ssl_context *ssl, hash, hash_len); } -static int ssl_async_decrypt(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len) -{ - return ssl_async_start(ssl, cert, - ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE, - input, input_len); -} - static int ssl_async_resume(mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, @@ -1257,12 +1247,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { - case ASYNC_OP_DECRYPT: - ret = mbedtls_pk_decrypt(key_slot->pk, - ctx->input, ctx->input_len, - output, output_len, output_size, - config_data->f_rng, config_data->p_rng); - break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, @@ -3118,13 +3102,9 @@ usage: #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (opt.async_operations[0] != '-') { mbedtls_ssl_async_sign_t *sign = NULL; - mbedtls_ssl_async_decrypt_t *decrypt = NULL; const char *r; for (r = opt.async_operations; *r; r++) { switch (*r) { - case 'd': - decrypt = ssl_async_decrypt; - break; case 's': sign = ssl_async_sign; break; @@ -3137,7 +3117,6 @@ usage: ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb(&conf, sign, - decrypt, ssl_async_resume, ssl_async_cancel, &ssl_async_keys); diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 2c68489ba..acc01a218 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -197,7 +197,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg1, "rsa-decrypt") != 0 && strcmp(*alg1, "ecdsa-sign") != 0 && strcmp(*alg1, "ecdh") != 0) { return 1; @@ -208,7 +207,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg2, "rsa-decrypt") != 0 && strcmp(*alg2, "ecdsa-sign") != 0 && strcmp(*alg2, "ecdh") != 0 && strcmp(*alg2, "none") != 0) { @@ -245,9 +243,6 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) { *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-decrypt") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; - *usage |= PSA_KEY_USAGE_DECRYPT; } else if (strcmp(algs[i], "ecdsa-sign") == 0) { *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); *usage |= PSA_KEY_USAGE_SIGN_HASH; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index bc5cce51a..c001a2afa 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -202,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len); * Coma-separated pair of values among the following: * - "rsa-sign-pkcs1" * - "rsa-sign-pss" - * - "rsa-decrypt" * - "ecdsa-sign" * - "ecdh" * - "none" (only acceptable for the second value).