commit 4c6cea549c28d3dc9b7a23a5ed607009055f7e7f
author Valerio Setti <valerio.setti@nordicsemi.no> Tue Feb 27 10:48:49 2024 +0100
committer Valerio Setti <valerio.setti@nordicsemi.no> Tue Feb 27 10:51:03 2024 +0100
tree 0e9575c4f9e0e639efc306e0d3b225f921a664c5
parent 7541ebea52cc634c5dfc0ec459c477992915fde6

pk: deprecate mbedtls_pk_wrap_as_opaque()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

include/mbedtls/pk.h

diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 534712b..fff1912 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -1213,12 +1213,17 @@
                             const mbedtls_pk_context *key);
 #endif /* MBEDTLS_PK_WRITE_C */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
  * \brief           Turn an EC or RSA key into an opaque one.
  *
- * \warning         This is a temporary utility function for tests. It might
- *                  change or be removed at any time without notice.
+ * \warning         This function is deprecated and will be removed in a
+ *                  future version of the library.
+ *                  To wrap a key into an opaque one the following functions
+ *                  should be used instead:
+ *                  - mbedtls_pk_get_psa_attributes()
+ *                  - mbedtls_pk_import_into_psa()
+ *                  - mbedtls_pk_setup_opaque().
  *
  * \param pk        Input: the EC or RSA key to import to a PSA key.
  *                  Output: a PK context wrapping that PSA key.
@@ -1233,12 +1238,12 @@
  * \return          \c 0 if successful.
  * \return          An Mbed TLS error code otherwise.
  */
-int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
-                              mbedtls_svc_key_id_t *key,
-                              psa_algorithm_t alg,
-                              psa_key_usage_t usage,
-                              psa_algorithm_t alg2);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+MBEDTLS_DEPRECATED  mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
+                                              mbedtls_svc_key_id_t *key,
+                                              psa_algorithm_t alg,
+                                              psa_key_usage_t usage,
+                                              psa_algorithm_t alg2);
+#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
 
 #ifdef __cplusplus
 }

library/pk.c

diff --git a/library/pk.c b/library/pk.c
index 1ded487..322cd58 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -1357,18 +1357,18 @@
     return ctx->pk_info->type;
 }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
 /*
  * Load the key to a PSA key slot,
  * then turn the PK context into a wrapper for that key slot.
  *
  * Currently only works for EC & RSA private keys.
  */
-int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
-                              mbedtls_svc_key_id_t *key,
-                              psa_algorithm_t alg,
-                              psa_key_usage_t usage,
-                              psa_algorithm_t alg2)
+MBEDTLS_DEPRECATED int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
+                                                 mbedtls_svc_key_id_t *key,
+                                                 psa_algorithm_t alg,
+                                                 psa_key_usage_t usage,
+                                                 psa_algorithm_t alg2)
 {
 #if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C)
     ((void) pk);
@@ -1476,5 +1476,5 @@
 #endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
     return MBEDTLS_ERR_PK_TYPE_MISMATCH;
 }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_PK_C */