replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

After the ECDH keyexchange removal the two became synonyms so the former can be removed. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2026-05-05 01:23:39 +02:00 · 2025-09-08 13:12:43 +01:00
parent 9e360b8f33
commit 5cdbe30804
3 changed files with 7 additions and 12 deletions
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -184,11 +184,6 @@ typedef enum {
 #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
 #endif

-/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
-#endif
-
 /* Key exchanges that involve ephemeral keys */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)     || \
@@ -198,7 +193,7 @@ typedef enum {
 #endif

 /* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)           || \
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
 #endif
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -41,7 +41,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */

-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
 {
    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
@@ -52,7 +52,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t
            return 0;
    }
 }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */

 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
 {
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2902,14 +2902,14 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t signature_len = 0;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
        ssl->handshake->ciphersuite_info;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */

    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange"));

-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
    /* Extract static ECDH parameters and abort if ServerKeyExchange
     * is not needed. */
    if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) {
@@ -2919,7 +2919,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
        mbedtls_ssl_handshake_increment_state(ssl);
        return 0;
    }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */

 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
    defined(MBEDTLS_SSL_ASYNC_PRIVATE)