Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 052f47c..183367c 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -617,44 +617,6 @@
const unsigned char input[16],
unsigned char output[16] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief Deprecated internal AES block encryption function
- * without return value.
- *
- * \deprecated Superseded by mbedtls_internal_aes_encrypt()
- *
- * \param ctx The AES context to use for encryption.
- * \param input Plaintext block.
- * \param output Output (ciphertext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
-
-/**
- * \brief Deprecated internal AES block decryption function
- * without return value.
- *
- * \deprecated Superseded by mbedtls_internal_aes_decrypt()
- *
- * \param ctx The AES context to use for decryption.
- * \param input Ciphertext block.
- * \param output Output (plaintext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief Checkup routine.
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 637360e..073b4a4 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -904,37 +904,6 @@
int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *N );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief Perform a Miller-Rabin primality test with error
- * probability of 2<sup>-80</sup>.
- *
- * \deprecated Superseded by mbedtls_mpi_is_prime_ext() which allows
- * specifying the number of Miller-Rabin rounds.
- *
- * \param X The MPI to check for primality.
- * This must point to an initialized MPI.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't use a
- * context parameter.
- *
- * \return \c 0 if successful, i.e. \p X is probably prime.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
- * \return Another negative error code on other kinds of failure.
- */
-MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief Miller-Rabin primality test.
*
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 1cafa6e..82e8c41 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -470,8 +470,8 @@
* \param cipher_info The cipher to use.
* \param taglen For AEAD ciphers, the length in bytes of the
* authentication tag to use. Subsequent uses of
- * mbedtls_cipher_auth_encrypt() or
- * mbedtls_cipher_auth_decrypt() must provide
+ * mbedtls_cipher_auth_encrypt_ext() or
+ * mbedtls_cipher_auth_decrypt_ext() must provide
* the same tag length.
* For non-AEAD ciphers, the value must be \c 0.
*
@@ -856,129 +856,6 @@
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen );
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-/**
- * \brief The generic authenticated encryption (AEAD) function.
- *
- * \deprecated Superseded by mbedtls_cipher_auth_encrypt_ext().
- *
- * \note This function only supports AEAD algorithms, not key
- * wrapping algorithms such as NIST_KW; for this, see
- * mbedtls_cipher_auth_encrypt_ext().
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key associated with an AEAD algorithm.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and must not be \c NULL.
- * \param iv_len The length of the nonce. This must satisfy the
- * constraints imposed by the AEAD cipher used.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p ilen Bytes, and must
- * not be \c NULL.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag The buffer for the authentication tag. This must be a
- * writable buffer of at least \p tag_len Bytes. See note
- * below regarding restrictions with PSA-based contexts.
- * \param tag_len The desired length of the authentication tag. This
- * must match the constraints imposed by the AEAD cipher
- * used, and in particular must not be \c 0.
- *
- * \note If the context is based on PSA (that is, it was set up
- * with mbedtls_cipher_setup_psa()), then it is required
- * that \c tag == output + ilen. That is, the tag must be
- * appended to the ciphertext as recommended by RFC 5116.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- unsigned char *tag, size_t tag_len )
- MBEDTLS_DEPRECATED;
-
-/**
- * \brief The generic authenticated decryption (AEAD) function.
- *
- * \deprecated Superseded by mbedtls_cipher_auth_decrypt_ext().
- *
- * \note This function only supports AEAD algorithms, not key
- * wrapping algorithms such as NIST_KW; for this, see
- * mbedtls_cipher_auth_decrypt_ext().
- *
- * \note If the data is not authentic, then the output buffer
- * is zeroed out to prevent the unauthentic plaintext being
- * used, making this interface safer.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key associated with an AEAD algorithm.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and must not be \c NULL.
- * \param iv_len The length of the nonce. This must satisfy the
- * constraints imposed by the AEAD cipher used.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p ilen Bytes, and must
- * not be \c NULL.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag The buffer for the authentication tag. This must be a
- * readable buffer of at least \p tag_len Bytes. See note
- * below regarding restrictions with PSA-based contexts.
- * \param tag_len The length of the authentication tag. This must match
- * the constraints imposed by the AEAD cipher used, and in
- * particular must not be \c 0.
- *
- * \note If the context is based on PSA (that is, it was set up
- * with mbedtls_cipher_setup_psa()), then it is required
- * that \c tag == input + len. That is, the tag must be
- * appended to the ciphertext as recommended by RFC 5116.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- const unsigned char *tag, size_t tag_len )
- MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
/**
* \brief The authenticated encryption (AEAD/NIST_KW) function.
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index c423812..00597f2 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -998,12 +998,6 @@
#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
#define POLARSSL_DES_H MBEDTLS_DES_H
#define POLARSSL_DHM_H MBEDTLS_DHM_H
-#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
-#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
-#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
-#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
-#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
-#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
#define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS
#define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS
@@ -1786,8 +1780,6 @@
#define ccm_free mbedtls_ccm_free
#define ccm_init mbedtls_ccm_init
#define ccm_self_test mbedtls_ccm_self_test
-#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt
-#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt
#define cipher_base_t mbedtls_cipher_base_t
#define cipher_check_tag mbedtls_cipher_check_tag
#define cipher_context_t mbedtls_cipher_context_t
@@ -1831,7 +1823,6 @@
#define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len
#define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance
#define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval
-#define ctr_drbg_update mbedtls_ctr_drbg_update
#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
#define debug_print_buf mbedtls_debug_print_buf
@@ -1892,10 +1883,8 @@
#define ecdsa_init mbedtls_ecdsa_init
#define ecdsa_read_signature mbedtls_ecdsa_read_signature
#define ecdsa_sign mbedtls_ecdsa_sign
-#define ecdsa_sign_det mbedtls_ecdsa_sign_det
#define ecdsa_verify mbedtls_ecdsa_verify
#define ecdsa_write_signature mbedtls_ecdsa_write_signature
-#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
#define eckey_info mbedtls_eckey_info
#define eckeydh_info mbedtls_eckeydh_info
#define ecp_check_privkey mbedtls_ecp_check_privkey
@@ -1967,7 +1956,6 @@
#define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len
#define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance
#define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval
-#define hmac_drbg_update mbedtls_hmac_drbg_update
#define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file
#define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file
#define hr_time mbedtls_timing_hr_time
@@ -2053,7 +2041,6 @@
#define mpi_grow mbedtls_mpi_grow
#define mpi_init mbedtls_mpi_init
#define mpi_inv_mod mbedtls_mpi_inv_mod
-#define mpi_is_prime mbedtls_mpi_is_prime
#define mpi_lsb mbedtls_mpi_lsb
#define mpi_lset mbedtls_mpi_lset
#define mpi_mod_int mbedtls_mpi_mod_int
@@ -2352,7 +2339,6 @@
#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
#define ssl_set_curves mbedtls_ssl_conf_curves
#define ssl_set_dbg mbedtls_ssl_conf_dbg
-#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 46941e2..e2a65e8 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -424,8 +424,8 @@
* \note Because of a signature change, the core AES encryption and decryption routines are
* currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
* respectively. When setting up alternative implementations, these functions should
- * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- * must stay untouched.
+ * be overridden, but the wrapper functions mbedtls_internal_aes_decrypt and
+ * mbedtls_internal_aes_encrypt must stay untouched.
*
* \note If you use the AES_xxx_ALT macros, then is is recommended to also set
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
@@ -446,8 +446,8 @@
* the ephemeral key and nothing else. If this is not possible, then
* MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
* implementation should be provided for mbedtls_ecdsa_sign_det_ext()
- * (and for mbedtls_ecdsa_sign_det() too if backward compatibility is
- * desirable).
+ * (and for mbedtls_ecdsa_sign_det_ext() too if backward compatibility
+ * is desirable).
*
*/
//#define MBEDTLS_MD2_PROCESS_ALT
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 7f1d232..b84ab83 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -487,35 +487,6 @@
int mbedtls_ctr_drbg_random( void *p_rng,
unsigned char *output, size_t output_len );
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function updates the state of the CTR_DRBG context.
- *
- * \deprecated Superseded by mbedtls_ctr_drbg_update_ret()
- * in 2.16.0.
- *
- * \note If \p add_len is greater than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
- * The remaining Bytes are silently discarded.
- *
- * \param ctx The CTR_DRBG context.
- * \param additional The data to update the state with.
- * \param add_len Length of \p additional data.
- */
-MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
- mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len );
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_FS_IO)
/**
* \brief This function writes a seed file.
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index c7830b9..16dd165 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -386,161 +386,6 @@
*
*/
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-/**
- * \warning The origin of the primes in RFC 5114 is not documented and
- * their use therefore constitutes a security risk!
- *
- * \deprecated The hex-encoded primes from RFC 5114 are deprecated and are
- * likely to be removed in a future version of the library without
- * replacement.
- */
-
-/**
- * The hexadecimal presentation of the prime underlying the
- * 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined
- * in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
- * IETF Standards</em>.
- */
-#define MBEDTLS_DHM_RFC5114_MODP_2048_P \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( \
- "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
- "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
- "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
- "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
- "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
- "B3BF8A317091883681286130BC8985DB1602E714415D9330" \
- "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
- "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
- "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
- "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
- "CF9DE5384E71B81C0AC4DFFE0C10E64F" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
- * Group with 224-bit Prime Order Subgroup, as defined in <em>RFC-5114:
- * Additional Diffie-Hellman Groups for Use with IETF Standards</em>.
- */
-#define MBEDTLS_DHM_RFC5114_MODP_2048_G \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( \
- "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" \
- "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" \
- "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" \
- "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" \
- "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" \
- "F180EB34118E98D119529A45D6F834566E3025E316A330EF" \
- "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" \
- "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \
- "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \
- "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \
- "81BC087F2A7065B384B890D3191F2BFA" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 2048-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- *
- * \deprecated The hex-encoded primes from RFC 3625 are deprecated and
- * superseded by the corresponding macros providing them as
- * binary constants. Their hex-encoded constants are likely
- * to be removed in a future version of the library.
- *
- */
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( \
- "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
- "15728E5A8AACAA68FFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 3072-bit MODP
- * Group, as defined in <em>RFC-3072: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( \
- "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
- "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
- "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
- "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
- "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
- "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
- "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 3072-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 4096-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( \
- "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
- "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
- "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
- "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
- "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
- "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
- "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
- "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
- "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
- "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
- "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
- "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
- "FFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 4096-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G \
- MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
/*
* Trustworthy DHM parameters in binary form
*/
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 264a638..525de5d 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -138,7 +138,7 @@
* previously-hashed message.
*
* \note The deterministic version implemented in
- * mbedtls_ecdsa_sign_det() is usually preferred.
+ * mbedtls_ecdsa_sign_det_ext() is usually preferred.
*
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated
@@ -174,67 +174,6 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message, deterministic version.
- *
- * For more information, see <em>RFC-6979: Deterministic
- * Usage of the Digital Signature Algorithm (DSA) and Elliptic
- * Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in <em>Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- * 4.1.3, step 5.
- *
- * \warning Since the output of the internal RNG is always the same for
- * the same key and message, this limits the efficiency of
- * blinding and leaks information through side channels. For
- * secure behavior use mbedtls_ecdsa_sign_det_ext() instead.
- *
- * (Optimally the blinding is a random value that is different
- * on every execution. In this case the blinding is still
- * random from the attackers perspective, but is the same on
- * each execution. This means that this blinding does not
- * prevent attackers from recovering secrets by combining
- * several measurement traces, but may prevent some attacks
- * that exploit relationships between secret data.)
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized
- * and setup, for example through mbedtls_ecp_gen_privkey().
- * \param buf The hashed content to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param md_alg The hash algorithm used to hash the original data.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief This function computes the ECDSA signature of a
* previously-hashed message, deterministic version.
@@ -421,64 +360,6 @@
void *p_rng,
mbedtls_ecdsa_restart_ctx *rs_ctx );
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function computes an ECDSA signature and writes
- * it to a buffer, serialized as defined in <em>RFC-4492:
- * Elliptic Curve Cryptography (ECC) Cipher Suites for
- * Transport Layer Security (TLS)</em>.
- *
- * The deterministic version is defined in <em>RFC-6979:
- * Deterministic Usage of the Digital Signature Algorithm (DSA)
- * and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \warning It is not thread-safe to use the same context in
- * multiple threads.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in <em>Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \deprecated Superseded by mbedtls_ecdsa_write_signature() in
- * Mbed TLS version 2.0 and later.
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and private key bound to it, for example
- * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
- * \param hlen The length of the hash \p hash in Bytes.
- * \param sig The buffer to which to write the signature. This must be a
- * writable buffer of length at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param slen The address at which to store the actual length of
- * the signature written. Must not be \c NULL.
- * \param md_alg The message digest that was used to hash the message.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t *slen,
- mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
/**
* \brief This function reads and verifies an ECDSA signature.
*
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 9116541..f8536e7 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -345,30 +345,6 @@
*/
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function updates the state of the HMAC_DRBG context.
- *
- * \deprecated Superseded by mbedtls_hmac_drbg_update_ret()
- * in 2.16.0.
- *
- * \param ctx The HMAC_DRBG context.
- * \param additional The data to update the state with.
- * If this is \c NULL, there is no additional data.
- * \param add_len Length of \p additional in bytes.
- * Unused if \p additional is \c NULL.
- */
-MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
- mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_FS_IO)
/**
* \brief This function writes a seed file.
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
deleted file mode 100644
index 6692188..0000000
--- a/include/mbedtls/net.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * \file net.h
- *
- * \brief Deprecated header file that includes net_sockets.h
- *
- * \deprecated Superseded by mbedtls/net_sockets.h
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#include "mbedtls/net_sockets.h"
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7815ad9..0413196 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2914,34 +2914,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief Set the Diffie-Hellman public P and G values,
- * read as hexadecimal strings (server-side only)
- * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
- *
- * \param conf SSL configuration
- * \param dhm_P Diffie-Hellman-Merkle modulus
- * \param dhm_G Diffie-Hellman-Merkle generator
- *
- * \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin.
- *
- * \return 0 if successful
- */
-MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
- const char *dhm_P,
- const char *dhm_G );
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief Set the Diffie-Hellman public P and G values
* from big-endian binary presentations.
@@ -3741,32 +3713,6 @@
* \return Current maximum fragment length for the output buffer.
*/
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief This function is a deprecated approach to getting the max
- * fragment length. Its an alias for
- * \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour
- * is the same. See \c mbedtls_ssl_get_output_max_frag_len() for
- * more detail.
- *
- * \sa mbedtls_ssl_get_input_max_frag_len()
- * \sa mbedtls_ssl_get_output_max_frag_len()
- *
- * \param ssl SSL context
- *
- * \return Current maximum fragment length for the output buffer.
- */
-MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
- const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
/**