commit dfc7f4a68433ca58306f7e53fc2571775a2b1bb3
author Jaeden Amero <jaeden.amero@arm.com> Wed Jul 10 11:33:37 2019 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Fri Jul 12 13:43:02 2019 +0100
tree 88327feac827c2744c8c56a08875388abe267303
parent 59ebddff68a11af3328e43a44854887902977e31

Deprecate Mbed TLS cryptography API

The PSA Crypto API should be used instead. The Mbed TLS cryptography API
will still remain available under MBEDTLS_DEPRECATED_REMOVED, as Mbed
Crypto (which implements the PSA Crypto API) continues to rely on this
now internal API.

Functions in that are already considered internal and are not deprecated
by this commit. We already have the freedom to change or remove these
internal APIs.

Document the relationship between Mbed Crypto and Mbed TLS, describing
Mbed Crypto's dual purpose of providing both deprecated Mbed TLS
cryptography APIs and the PSA Crypto API.

include/mbedtls/ecdsa.h

diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 2df3eb7..f4c8c7d 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -162,6 +162,7 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX
  *                  or \c MBEDTLS_MPI_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
                 const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
@@ -202,6 +203,7 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
  *                  error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
                             mbedtls_mpi *s, const mbedtls_mpi *d,
                             const unsigned char *buf, size_t blen,
@@ -240,6 +242,7 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
  *                  error code on failure for any other reason.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
                           const unsigned char *buf, size_t blen,
                           const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
@@ -292,6 +295,7 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
  *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
                                    mbedtls_md_type_t md_alg,
                            const unsigned char *hash, size_t hlen,
@@ -338,6 +342,7 @@
  * \return          Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
  *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
                            mbedtls_md_type_t md_alg,
                            const unsigned char *hash, size_t hlen,
@@ -425,6 +430,7 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
  *                  error code on failure for any other reason.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
                           const unsigned char *hash, size_t hlen,
                           const unsigned char *sig, size_t slen );
@@ -460,6 +466,7 @@
  * \return          Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
  *                  error code on failure for any other reason.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
                           const unsigned char *hash, size_t hlen,
                           const unsigned char *sig, size_t slen,
@@ -481,6 +488,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
@@ -499,6 +507,7 @@
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
                                 const mbedtls_ecp_keypair *key );
 
@@ -508,6 +517,7 @@
  * \param ctx       The ECDSA context to initialize.
  *                  This must not be \c NULL.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
 
 /**
@@ -517,6 +527,7 @@
  *                  in which case this function does nothing. If it
  *                  is not \c NULL, it must be initialized.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -526,6 +537,7 @@
  * \param ctx       The restart context to initialize.
  *                  This must not be \c NULL.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
 
 /**
@@ -535,6 +547,7 @@
  *                  in which case this function does nothing. If it
  *                  is not \c NULL, it must be initialized.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
 #endif /* MBEDTLS_ECP_RESTARTABLE */