Deprecate Mbed TLS cryptography API
The PSA Crypto API should be used instead. The Mbed TLS cryptography API
will still remain available under MBEDTLS_DEPRECATED_REMOVED, as Mbed
Crypto (which implements the PSA Crypto API) continues to rely on this
now internal API.
Functions in that are already considered internal and are not deprecated
by this commit. We already have the freedom to change or remove these
internal APIs.
Document the relationship between Mbed Crypto and Mbed TLS, describing
Mbed Crypto's dual purpose of providing both deprecated Mbed TLS
cryptography APIs and the PSA Crypto API.
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 831cfd7..7f67f11 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -71,6 +71,7 @@
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/bignum.h"
+#include "mbedtls/platform_util.h"
/*
* DHM Error codes
@@ -124,6 +125,7 @@
*
* \param ctx The DHM context to initialize.
*/
+MBEDTLS_DEPRECATED
void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
/**
@@ -148,6 +150,7 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
unsigned char **p,
const unsigned char *end );
@@ -184,6 +187,7 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -204,6 +208,7 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
const mbedtls_mpi *P,
const mbedtls_mpi *G );
@@ -224,6 +229,7 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
const unsigned char *input, size_t ilen );
@@ -251,6 +257,7 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t olen,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -282,6 +289,7 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
unsigned char *output, size_t output_size, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -295,6 +303,7 @@
* in which case this function is a no-op. If it is not \c NULL,
* it must point to an initialized DHM context.
*/
+MBEDTLS_DEPRECATED
void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
#if defined(MBEDTLS_ASN1_PARSE_C)
@@ -312,6 +321,7 @@
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
* code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
size_t dhminlen );
@@ -328,6 +338,7 @@
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
* error code on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -340,6 +351,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
+MBEDTLS_DEPRECATED
int mbedtls_dhm_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */