Merge branch 'development_3.0' into remove_depr_error_codes
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4f62cb4..fb1ffaf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -38,8 +38,6 @@
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
-
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
diff --git a/ChangeLog.d/issue4280.txt b/ChangeLog.d/issue4280.txt
new file mode 100644
index 0000000..38d9b2c
--- /dev/null
+++ b/ChangeLog.d/issue4280.txt
@@ -0,0 +1,2 @@
+Removals
+ * Removed deprecated functions from hashing modules. Fixes #4280.
diff --git a/ChangeLog.d/remove_pkcs11.txt b/ChangeLog.d/remove_pkcs11.txt
new file mode 100644
index 0000000..5c8134c
--- /dev/null
+++ b/ChangeLog.d/remove_pkcs11.txt
@@ -0,0 +1,6 @@
+Removals
+ * Remove PKCS#11 library wrapper. PKCS#11 has limited functionality,
+ lacks automated tests and has scarce documentation. Also, PSA Crypto
+ provides a more flexible private key management.
+ More details on PCKS#11 wrapper removal can be found in the mailing list
+ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html
diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
index 2047bc4..29c6d14 100644
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@@ -2478,21 +2478,6 @@
#define MBEDTLS_PKCS5_C
/**
- * \def MBEDTLS_PKCS11_C
- *
- * Enable wrapper for PKCS#11 smartcard support.
- *
- * Module: library/pkcs11.c
- * Caller: library/pk.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * This module enables SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
- */
-//#define MBEDTLS_PKCS11_C
-
-/**
* \def MBEDTLS_PKCS12_C
*
* Enable PKCS#12 PBE functions.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index cde5a37..47b5de0 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -362,18 +362,6 @@
#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS11_C)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_PKCS11_C */
-
#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
#endif
@@ -839,6 +827,40 @@
#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
#endif
+
+
+/* Reject attempts to enable options that have been removed and that could
+ * cause a build to succeed but with features removed. */
+
+#if defined(MBEDTLS_HAVEGE_C) //no-check-names
+#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
+#endif
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
+#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
+#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
+#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
+#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#endif
+
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
+#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
+#endif
+
+#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
+#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#endif
+
+
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 3f5f533..9cf626a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2949,24 +2949,6 @@
#define MBEDTLS_PKCS5_C
/**
- * \def MBEDTLS_PKCS11_C
- *
- * Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
- *
- * \deprecated This option is deprecated and will be removed in a future
- * version of Mbed TLS.
- *
- * Module: library/pkcs11.c
- * Caller: library/pk.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * This module enables SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
- */
-//#define MBEDTLS_PKCS11_C
-
-/**
* \def MBEDTLS_PKCS12_C
*
* Enable PKCS#12 PBE functions.
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index b102acd..fbc3b47 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -162,33 +162,6 @@
*/
void mbedtls_md_free( mbedtls_md_context_t *ctx );
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function selects the message digest algorithm to use,
- * and allocates internal structures.
- *
- * It should be called after mbedtls_md_init() or mbedtls_md_free().
- * Makes it necessary to call mbedtls_md_free() later.
- *
- * \deprecated Superseded by mbedtls_md_setup() in 2.0.0
- *
- * \param ctx The context to set up.
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
- */
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief This function selects the message digest algorithm to use,
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index f82f8f8..950afa2 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -164,77 +164,6 @@
*/
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief MD2 context setup
- *
- * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.7.0
- *
- * \param ctx context to be initialized
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
-
-/**
- * \brief MD2 process buffer
- *
- * \deprecated Superseded by mbedtls_md2_update_ret() in 2.7.0
- *
- * \param ctx MD2 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief MD2 final digest
- *
- * \deprecated Superseded by mbedtls_md2_finish_ret() in 2.7.0
- *
- * \param ctx MD2 context
- * \param output MD2 checksum result
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
- unsigned char output[16] );
-
-/**
- * \brief MD2 process data block (internal use only)
- *
- * \deprecated Superseded by mbedtls_internal_md2_process() in 2.7.0
- *
- * \param ctx MD2 context
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief Output = MD2( input buffer )
*
@@ -251,33 +180,6 @@
size_t ilen,
unsigned char output[16] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief Output = MD2( input buffer )
- *
- * \deprecated Superseded by mbedtls_md2_ret() in 2.7.0
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output MD2 checksum result
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index a2e7e89..f9e3987 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -165,79 +165,6 @@
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
const unsigned char data[64] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief MD4 context setup
- *
- * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.7.0
- *
- * \param ctx context to be initialized
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
-
-/**
- * \brief MD4 process buffer
- *
- * \deprecated Superseded by mbedtls_md4_update_ret() in 2.7.0
- *
- * \param ctx MD4 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief MD4 final digest
- *
- * \deprecated Superseded by mbedtls_md4_finish_ret() in 2.7.0
- *
- * \param ctx MD4 context
- * \param output MD4 checksum result
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
- unsigned char output[16] );
-
-/**
- * \brief MD4 process data block (internal use only)
- *
- * \deprecated Superseded by mbedtls_internal_md4_process() in 2.7.0
- *
- * \param ctx MD4 context
- * \param data buffer holding one block of data
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief Output = MD4( input buffer )
*
@@ -256,33 +183,6 @@
size_t ilen,
unsigned char output[16] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief Output = MD4( input buffer )
- *
- * \deprecated Superseded by mbedtls_md4_ret() in 2.7.0
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output MD4 checksum result
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 6b14f9e..71a41dc 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -165,79 +165,6 @@
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
const unsigned char data[64] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief MD5 context setup
- *
- * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0
- *
- * \param ctx context to be initialized
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
-
-/**
- * \brief MD5 process buffer
- *
- * \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0
- *
- * \param ctx MD5 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief MD5 final digest
- *
- * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0
- *
- * \param ctx MD5 context
- * \param output MD5 checksum result
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
- unsigned char output[16] );
-
-/**
- * \brief MD5 process data block (internal use only)
- *
- * \deprecated Superseded by mbedtls_internal_md5_process() in 2.7.0
- *
- * \param ctx MD5 context
- * \param data buffer holding one block of data
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief Output = MD5( input buffer )
*
@@ -256,33 +183,6 @@
size_t ilen,
unsigned char output[16] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief Output = MD5( input buffer )
- *
- * \deprecated Superseded by mbedtls_md5_ret() in 2.7.0
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output MD5 checksum result
- *
- * \warning MD5 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
deleted file mode 100644
index 3530ee1..0000000
--- a/include/mbedtls/pkcs11.h
+++ /dev/null
@@ -1,246 +0,0 @@
-/**
- * \file pkcs11.h
- *
- * \brief Wrapper for PKCS#11 library libpkcs11-helper
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PKCS11_H
-#define MBEDTLS_PKCS11_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PKCS11_C)
-
-#include "mbedtls/x509_crt.h"
-
-#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-
-/**
- * Context for PKCS #11 private keys.
- */
-typedef struct mbedtls_pkcs11_context
-{
- pkcs11h_certificate_t pkcs11h_cert;
- int len;
-} mbedtls_pkcs11_context;
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * Initialize a mbedtls_pkcs11_context.
- * (Just making memory references valid.)
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- */
-MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
-
-/**
- * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- *
- * \param cert X.509 certificate to fill
- * \param pkcs11h_cert PKCS #11 helper certificate
- *
- * \return 0 on success.
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert,
- pkcs11h_certificate_t pkcs11h_cert );
-
-/**
- * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
- * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
- * done.
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- *
- * \param priv_key Private key structure to fill.
- * \param pkcs11_cert PKCS #11 helper certificate
- *
- * \return 0 on success
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind(
- mbedtls_pkcs11_context *priv_key,
- pkcs11h_certificate_t pkcs11_cert );
-
-/**
- * Free the contents of the given private key context. Note that the structure
- * itself is not freed.
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- *
- * \param priv_key Private key structure to cleanup
- */
-MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free(
- mbedtls_pkcs11_context *priv_key );
-
-/**
- * \brief Do an RSA private key decrypt, then remove the message
- * padding
- *
- * \deprecated This function is deprecated and will be removed in a future
- * version of the library.
- *
- * \param ctx PKCS #11 context
- * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
- * \param input buffer holding the encrypted data
- * \param output buffer that will hold the plaintext
- * \param olen will contain the plaintext length
- * \param output_max_len maximum length of the output buffer
- *
- * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The output buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
- * an error is thrown.
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief Do a private RSA to sign a message digest
- *
- * \deprecated This function is deprecated and will be removed in a future
- * version of the library.
- *
- * \param ctx PKCS #11 context
- * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
- * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
- * \param hash buffer holding the message digest
- * \param sig buffer that will hold the ciphertext
- *
- * \return 0 if the signing operation was successful,
- * or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note The "sig" buffer must be as large as the size
- * of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * SSL/TLS wrappers for PKCS#11 functions
- *
- * \deprecated This function is deprecated and will be removed in a future
- * version of the library.
- */
-MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
- int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len )
-{
- return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
- output_max_len );
-}
-
-/**
- * \brief This function signs a message digest using RSA.
- *
- * \deprecated This function is deprecated and will be removed in a future
- * version of the library.
- *
- * \param ctx The PKCS #11 context.
- * \param f_rng The RNG function. This parameter is unused.
- * \param p_rng The RNG context. This parameter is unused.
- * \param mode The operation to run. This must be set to
- * MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's
- * signature.
- * \param md_alg The message digest algorithm. One of the MBEDTLS_MD_XXX
- * must be passed to this function and MBEDTLS_MD_NONE can be
- * used for signing raw data.
- * \param hashlen The message digest length (for MBEDTLS_MD_NONE only).
- * \param hash The buffer holding the message digest.
- * \param sig The buffer that will hold the ciphertext.
- *
- * \return \c 0 if the signing operation was successful.
- * \return A non-zero error code on failure.
- *
- * \note The \p sig buffer must be as large as the size of
- * <code>ctx->N</code>. For example, 128 bytes if RSA-1024 is
- * used.
- */
-MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig )
-{
- ((void) f_rng);
- ((void) p_rng);
- return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
- hashlen, hash, sig );
-}
-
-/**
- * This function gets the length of the private key.
- *
- * \deprecated This function is deprecated and will be removed in a future
- * version of the library.
- *
- * \param ctx The PKCS #11 context.
- *
- * \return The length of the private key.
- */
-MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
-{
- return ( (mbedtls_pkcs11_context *) ctx )->len;
-}
-
-#undef MBEDTLS_DEPRECATED
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PKCS11_C */
-
-#endif /* MBEDTLS_PKCS11_H */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index a21a98c..1c72d60 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -121,63 +121,6 @@
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
const unsigned char data[64] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief RIPEMD-160 context setup
- *
- * \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0
- *
- * \param ctx context to be initialized
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
- mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief RIPEMD-160 process buffer
- *
- * \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.7.0
- *
- * \param ctx RIPEMD-160 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
- mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief RIPEMD-160 final digest
- *
- * \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0
- *
- * \param ctx RIPEMD-160 context
- * \param output RIPEMD-160 checksum result
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
- mbedtls_ripemd160_context *ctx,
- unsigned char output[20] );
-
-/**
- * \brief RIPEMD-160 process data block (internal use only)
- *
- * \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.7.0
- *
- * \param ctx RIPEMD-160 context
- * \param data buffer holding one block of data
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
- mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief Output = RIPEMD-160( input buffer )
*
@@ -191,28 +134,6 @@
size_t ilen,
unsigned char output[20] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief Output = RIPEMD-160( input buffer )
- *
- * \deprecated Superseded by mbedtls_ripemd160_ret() in 2.7.0
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output RIPEMD-160 checksum result
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index d9db4c3..56ff948 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -183,85 +183,6 @@
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function starts a SHA-1 checksum calculation.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
- *
- * \param ctx The SHA-1 context to initialize. This must be initialized.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
-
-/**
- * \brief This function feeds an input buffer into an ongoing SHA-1
- * checksum calculation.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
- *
- * \param ctx The SHA-1 context. This must be initialized and
- * have a hash operation started.
- * \param input The buffer holding the input data.
- * This must be a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data \p input in Bytes.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-1 operation, and writes
- * the result to the output buffer.
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
- *
- * \param ctx The SHA-1 context. This must be initialized and
- * have a hash operation started.
- * \param output The SHA-1 checksum result.
- * This must be a writable buffer of length \c 20 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
- unsigned char output[20] );
-
-/**
- * \brief SHA-1 process data block (internal use only).
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
- *
- * \param ctx The SHA-1 context. This must be initialized.
- * \param data The data block being processed.
- * This must be a readable buffer of length \c 64 bytes.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief This function calculates the SHA-1 checksum of a buffer.
*
@@ -289,41 +210,6 @@
size_t ilen,
unsigned char output[20] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function calculates the SHA-1 checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-1 result is calculated as
- * output = SHA-1(input buffer).
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
- *
- * \param input The buffer holding the input data.
- * This must be a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data \p input in Bytes.
- * \param output The SHA-1 checksum result. This must be a writable
- * buffer of size \c 20 Bytes.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 0c6f9dc..9b8d91d 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -150,72 +150,6 @@
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function starts a SHA-224 or SHA-256 checksum
- * calculation.
- *
- * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
- *
- * \param ctx The context to use. This must be initialized.
- * \param is224 Determines which function to use. This must be
- * either \c 0 for SHA-256, or \c 1 for SHA-224.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
- int is224 );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-256 checksum calculation.
- *
- * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0.
- *
- * \param ctx The SHA-256 context to use. This must be
- * initialized and have a hash operation started.
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-256 operation, and writes
- * the result to the output buffer.
- *
- * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
- *
- * \param ctx The SHA-256 context. This must be initialized and
- * have a hash operation started.
- * \param output The SHA-224 or SHA-256 checksum result. This must be
- * a writable buffer of length \c 32 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
- unsigned char output[32] );
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-256 computation. This function is for
- * internal use only.
- *
- * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0.
- *
- * \param ctx The SHA-256 context. This must be initialized.
- * \param data The buffer holding one block of data. This must be
- * a readable buffer of size \c 64 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
/**
* \brief This function calculates the SHA-224 or SHA-256
* checksum of a buffer.
@@ -239,41 +173,6 @@
unsigned char output[32],
int is224 );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief This function calculates the SHA-224 or SHA-256 checksum
- * of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-256 result is calculated as
- * output = SHA-256(input buffer).
- *
- * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0.
- *
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-224 or SHA-256 checksum result. This must be
- * a writable buffer of length \c 32 Bytes.
- * \param is224 Determines which function to use. This must be either
- * \c 0 for SHA-256, or \c 1 for SHA-224.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
- size_t ilen,
- unsigned char output[32],
- int is224 );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 3dce99a..56cefe1 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -156,75 +156,6 @@
*/
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
const unsigned char data[128] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief This function starts a SHA-384 or SHA-512 checksum
- * calculation.
- *
- * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
- *
- * \param ctx The SHA-512 context to use. This must be initialized.
- * \param is384 Determines which function to use. This must be either
- * \c 0 for SHA-512 or \c 1 for SHA-384.
- *
- * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- * be \c 0, or the function will fail to work.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
- int is384 );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-512 checksum calculation.
- *
- * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-512 operation, and writes
- * the result to the output buffer.
- *
- * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param output The SHA-384 or SHA-512 checksum result. This must
- * be a writable buffer of size \c 64 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
- unsigned char output[64] );
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-512 computation. This function is for
- * internal use only.
- *
- * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
- *
- * \param ctx The SHA-512 context. This must be initialized.
- * \param data The buffer holding one block of data. This must be
- * a readable buffer of length \c 128 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_process(
- mbedtls_sha512_context *ctx,
- const unsigned char data[128] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief This function calculates the SHA-512 or SHA-384
@@ -256,44 +187,6 @@
unsigned char output[64],
int is384 );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief This function calculates the SHA-512 or SHA-384
- * checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-512 result is calculated as
- * output = SHA-512(input buffer).
- *
- * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
- *
- * \param input The buffer holding the data. This must be a
- * readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-384 or SHA-512 checksum result. This must
- * be a writable buffer of length \c 64 Bytes.
- * \param is384 Determines which function to use. This must be either
- * \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- * be \c 0, or the function will fail to work.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
- size_t ilen,
- unsigned char output[64],
- int is384 );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index fbc3664..e7ba130 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -89,7 +89,6 @@
list(APPEND src_crypto ${thirdparty_src})
set(src_x509
- pkcs11.c
x509.c
x509_create.c
x509_crl.c
@@ -136,10 +135,6 @@
set(libs ${libs} network)
endif(HAIKU)
-if(USE_PKCS11_HELPER_LIBRARY)
- set(libs ${libs} pkcs11-helper)
-endif(USE_PKCS11_HELPER_LIBRARY)
-
if(LINK_WITH_PTHREAD)
set(libs ${libs} pthread)
endif()
diff --git a/library/Makefile b/library/Makefile
index 6dced76..17e42c2 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -148,7 +148,6 @@
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
OBJS_X509= \
- pkcs11.o \
x509.o \
x509_create.o \
x509_crl.o \
diff --git a/library/md.c b/library/md.c
index a687135..900165d 100644
--- a/library/md.c
+++ b/library/md.c
@@ -390,13 +390,6 @@
return( 0 );
}
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
-{
- return mbedtls_md_setup( ctx, md_info, 1 );
-}
-#endif
-
#define ALLOC( type ) \
do { \
ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \
diff --git a/library/md2.c b/library/md2.c
index 7264e30..a11bc0f 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -106,13 +106,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_starts( mbedtls_md2_context *ctx )
-{
- mbedtls_md2_starts_ret( ctx );
-}
-#endif
-
#if !defined(MBEDTLS_MD2_PROCESS_ALT)
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
{
@@ -153,12 +146,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_process( mbedtls_md2_context *ctx )
-{
- mbedtls_internal_md2_process( ctx );
-}
-#endif
#endif /* !MBEDTLS_MD2_PROCESS_ALT */
/*
@@ -195,15 +182,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_update( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md2_update_ret( ctx, input, ilen );
-}
-#endif
-
/*
* MD2 final digest
*/
@@ -231,14 +209,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_finish( mbedtls_md2_context *ctx,
- unsigned char output[16] )
-{
- mbedtls_md2_finish_ret( ctx, output );
-}
-#endif
-
#endif /* !MBEDTLS_MD2_ALT */
/*
@@ -268,15 +238,6 @@
return( ret );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- mbedtls_md2_ret( input, ilen, output );
-}
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/*
diff --git a/library/md4.c b/library/md4.c
index 4fd6bc3..c366c0d 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -102,13 +102,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_starts( mbedtls_md4_context *ctx )
-{
- mbedtls_md4_starts_ret( ctx );
-}
-#endif
-
#if !defined(MBEDTLS_MD4_PROCESS_ALT)
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
const unsigned char data[64] )
@@ -238,13 +231,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_md4_process( ctx, data );
-}
-#endif
#endif /* !MBEDTLS_MD4_PROCESS_ALT */
/*
@@ -301,15 +287,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_update( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md4_update_ret( ctx, input, ilen );
-}
-#endif
-
static const unsigned char md4_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -355,14 +332,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_finish( mbedtls_md4_context *ctx,
- unsigned char output[16] )
-{
- mbedtls_md4_finish_ret( ctx, output );
-}
-#endif
-
#endif /* !MBEDTLS_MD4_ALT */
/*
@@ -392,15 +361,6 @@
return( ret );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- mbedtls_md4_ret( input, ilen, output );
-}
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/*
diff --git a/library/md5.c b/library/md5.c
index c4f2dbf..019b7f4 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -101,13 +101,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_starts( mbedtls_md5_context *ctx )
-{
- mbedtls_md5_starts_ret( ctx );
-}
-#endif
-
#if !defined(MBEDTLS_MD5_PROCESS_ALT)
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
const unsigned char data[64] )
@@ -244,13 +237,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_md5_process( ctx, data );
-}
-#endif
#endif /* !MBEDTLS_MD5_PROCESS_ALT */
/*
@@ -304,15 +290,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_update( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md5_update_ret( ctx, input, ilen );
-}
-#endif
-
/*
* MD5 final digest
*/
@@ -370,14 +347,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_finish( mbedtls_md5_context *ctx,
- unsigned char output[16] )
-{
- mbedtls_md5_finish_ret( ctx, output );
-}
-#endif
-
#endif /* !MBEDTLS_MD5_ALT */
/*
@@ -407,15 +376,6 @@
return( ret );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- mbedtls_md5_ret( input, ilen, output );
-}
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/*
* RFC 1321 test vectors
diff --git a/library/pkcs11.c b/library/pkcs11.c
deleted file mode 100644
index 4deccf3..0000000
--- a/library/pkcs11.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/**
- * \file pkcs11.c
- *
- * \brief Wrapper for PKCS#11 library libpkcs11-helper
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "mbedtls/pkcs11.h"
-
-#if defined(MBEDTLS_PKCS11_C)
-
-#include "mbedtls/md.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/x509_crt.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
-#include <string.h>
-
-void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
-{
- memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) );
-}
-
-int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
-{
- int ret = 1;
- unsigned char *cert_blob = NULL;
- size_t cert_blob_size = 0;
-
- if( cert == NULL )
- {
- ret = 2;
- goto cleanup;
- }
-
- if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
- &cert_blob_size ) != CKR_OK )
- {
- ret = 3;
- goto cleanup;
- }
-
- cert_blob = mbedtls_calloc( 1, cert_blob_size );
- if( NULL == cert_blob )
- {
- ret = 4;
- goto cleanup;
- }
-
- if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
- &cert_blob_size ) != CKR_OK )
- {
- ret = 5;
- goto cleanup;
- }
-
- if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
- {
- ret = 6;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- if( NULL != cert_blob )
- mbedtls_free( cert_blob );
-
- return( ret );
-}
-
-
-int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
- pkcs11h_certificate_t pkcs11_cert )
-{
- int ret = 1;
- mbedtls_x509_crt cert;
-
- mbedtls_x509_crt_init( &cert );
-
- if( priv_key == NULL )
- goto cleanup;
-
- if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) )
- goto cleanup;
-
- priv_key->len = mbedtls_pk_get_len( &cert.pk );
- priv_key->pkcs11h_cert = pkcs11_cert;
-
- ret = 0;
-
-cleanup:
- mbedtls_x509_crt_free( &cert );
-
- return( ret );
-}
-
-void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
-{
- if( NULL != priv_key )
- pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
-}
-
-int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
- int mode, size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len )
-{
- size_t input_len, output_len;
-
- if( NULL == ctx )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( MBEDTLS_RSA_PRIVATE != mode )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- output_len = input_len = ctx->len;
-
- if( input_len < 16 || input_len > output_max_len )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- /* Determine size of output buffer */
- if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
- input_len, NULL, &output_len ) != CKR_OK )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- }
-
- if( output_len > output_max_len )
- return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
-
- if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
- input_len, output, &output_len ) != CKR_OK )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- }
- *olen = output_len;
- return( 0 );
-}
-
-int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
- int mode,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig )
-{
- size_t sig_len = 0, asn_len = 0, oid_size = 0;
- unsigned char *p = sig;
- const char *oid;
-
- if( NULL == ctx )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( MBEDTLS_RSA_PRIVATE != mode )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( md_alg != MBEDTLS_MD_NONE )
- {
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- hashlen = mbedtls_md_get_size( md_info );
- asn_len = 10 + oid_size;
- }
-
- sig_len = ctx->len;
- if( hashlen > sig_len || asn_len > sig_len ||
- hashlen + asn_len > sig_len )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- }
-
- if( md_alg != MBEDTLS_MD_NONE )
- {
- /*
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm DigestAlgorithmIdentifier,
- * digest Digest }
- *
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
- *
- * Digest ::= OCTET STRING
- */
- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
- *p++ = (unsigned char) ( 0x04 + oid_size );
- *p++ = MBEDTLS_ASN1_OID;
- *p++ = oid_size & 0xFF;
- memcpy( p, oid, oid_size );
- p += oid_size;
- *p++ = MBEDTLS_ASN1_NULL;
- *p++ = 0x00;
- *p++ = MBEDTLS_ASN1_OCTET_STRING;
- *p++ = hashlen;
- }
-
- memcpy( p, hash, hashlen );
-
- if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
- asn_len + hashlen, sig, &sig_len ) != CKR_OK )
- {
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- }
-
- return( 0 );
-}
-
-#endif /* defined(MBEDTLS_PKCS11_C) */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f1678c7..98885ee 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -152,7 +152,6 @@
case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
return( PSA_ERROR_NOT_SUPPORTED );
-
case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
diff --git a/library/ripemd160.c b/library/ripemd160.c
index ae4dee4..0e1df8f 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -103,13 +103,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
-{
- mbedtls_ripemd160_starts_ret( ctx );
-}
-#endif
-
#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
/*
* Process one block
@@ -307,13 +300,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_ripemd160_process( ctx, data );
-}
-#endif
#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
/*
@@ -368,15 +354,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_ripemd160_update_ret( ctx, input, ilen );
-}
-#endif
-
static const unsigned char ripemd160_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -423,14 +400,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] )
-{
- mbedtls_ripemd160_finish_ret( ctx, output );
-}
-#endif
-
#endif /* ! MBEDTLS_RIPEMD160_ALT */
/*
@@ -460,15 +429,6 @@
return( ret );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
-{
- mbedtls_ripemd160_ret( input, ilen, output );
-}
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/*
* Test vectors from the RIPEMD-160 paper and
diff --git a/library/sha1.c b/library/sha1.c
index 6b0f58e..c6087ac 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -114,13 +114,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
-{
- mbedtls_sha1_starts_ret( ctx );
-}
-#endif
-
#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] )
@@ -294,13 +287,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_sha1_process( ctx, data );
-}
-#endif
#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
/*
@@ -356,15 +342,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha1_update_ret( ctx, input, ilen );
-}
-#endif
-
/*
* SHA-1 final digest
*/
@@ -426,14 +403,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
- unsigned char output[20] )
-{
- mbedtls_sha1_finish_ret( ctx, output );
-}
-#endif
-
#endif /* !MBEDTLS_SHA1_ALT */
/*
@@ -466,15 +435,6 @@
return( ret );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
-{
- mbedtls_sha1_ret( input, ilen, output );
-}
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/*
* FIPS-180-1 test vectors
diff --git a/library/sha256.c b/library/sha256.c
index be373d9..a94f325 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -138,14 +138,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
- int is224 )
-{
- mbedtls_sha256_starts_ret( ctx, is224 );
-}
-#endif
-
#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
static const uint32_t K[] =
{
@@ -281,13 +273,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_sha256_process( ctx, data );
-}
-#endif
#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
/*
@@ -343,15 +328,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha256_update_ret( ctx, input, ilen );
-}
-#endif
-
/*
* SHA-256 final digest
*/
@@ -418,14 +394,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
- unsigned char output[32] )
-{
- mbedtls_sha256_finish_ret( ctx, output );
-}
-#endif
-
#endif /* !MBEDTLS_SHA256_ALT */
/*
@@ -460,16 +428,6 @@
return( ret );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256( const unsigned char *input,
- size_t ilen,
- unsigned char output[32],
- int is224 )
-{
- mbedtls_sha256_ret( input, ilen, output, is224 );
-}
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/*
* FIPS-180-2 test vectors
diff --git a/library/sha512.c b/library/sha512.c
index 06a628a..7530629 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -171,14 +171,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
- int is384 )
-{
- mbedtls_sha512_starts_ret( ctx, is384 );
-}
-#endif
-
#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
/*
@@ -330,13 +322,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] )
-{
- mbedtls_internal_sha512_process( ctx, data );
-}
-#endif
#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
/*
@@ -391,15 +376,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha512_update_ret( ctx, input, ilen );
-}
-#endif
-
/*
* SHA-512 final digest
*/
@@ -470,14 +446,6 @@
return( 0 );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
- unsigned char output[64] )
-{
- mbedtls_sha512_finish_ret( ctx, output );
-}
-#endif
-
#endif /* !MBEDTLS_SHA512_ALT */
/*
@@ -516,16 +484,6 @@
return( ret );
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512( const unsigned char *input,
- size_t ilen,
- unsigned char output[64],
- int is384 )
-{
- mbedtls_sha512_ret( input, ilen, output, is384 );
-}
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/*
diff --git a/library/version_features.c b/library/version_features.c
index b82758b..75431b4 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -726,9 +726,6 @@
#if defined(MBEDTLS_PKCS5_C)
"MBEDTLS_PKCS5_C",
#endif /* MBEDTLS_PKCS5_C */
-#if defined(MBEDTLS_PKCS11_C)
- "MBEDTLS_PKCS11_C",
-#endif /* MBEDTLS_PKCS11_C */
#if defined(MBEDTLS_PKCS12_C)
"MBEDTLS_PKCS12_C",
#endif /* MBEDTLS_PKCS12_C */
diff --git a/programs/Makefile b/programs/Makefile
index d30fb84..b194c69 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -1,6 +1,5 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
-# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index 67ecbee..4f35d76 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -2,10 +2,6 @@
${mbedtls_target}
)
-if(USE_PKCS11_HELPER_LIBRARY)
- set(libs ${libs} pkcs11-helper)
-endif(USE_PKCS11_HELPER_LIBRARY)
-
find_library(FUZZINGENGINE_LIB FuzzingEngine)
if(FUZZINGENGINE_LIB)
project(fuzz CXX)
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 1378bd0..def9c7c 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -5,10 +5,6 @@
${mbedtls_target}
)
-if(USE_PKCS11_HELPER_LIBRARY)
- set(libs ${libs} pkcs11-helper)
-endif(USE_PKCS11_HELPER_LIBRARY)
-
set(executables
dtls_client
dtls_server
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index c9cd5c2..807d1bc 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -2,10 +2,6 @@
${mbedtls_target}
)
-if(USE_PKCS11_HELPER_LIBRARY)
- set(libs ${libs} pkcs11-helper)
-endif(USE_PKCS11_HELPER_LIBRARY)
-
set(executables_libs
selftest
udp_proxy
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index dfbed46..68117c5 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -63,7 +63,6 @@
#include "mbedtls/oid.h"
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
-#include "mbedtls/pkcs11.h"
#include "mbedtls/pkcs12.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/platform_time.h"
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 350f35f..07bde15 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -73,7 +73,6 @@
#include "mbedtls/oid.h"
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
-#include "mbedtls/pkcs11.h"
#include "mbedtls/pkcs12.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/platform_time.h"
@@ -1988,14 +1987,6 @@
}
#endif /* MBEDTLS_PKCS5_C */
-#if defined(MBEDTLS_PKCS11_C)
- if( strcmp( "MBEDTLS_PKCS11_C", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS11_C );
- return( 0 );
- }
-#endif /* MBEDTLS_PKCS11_C */
-
#if defined(MBEDTLS_PKCS12_C)
if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 )
{
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index c240dde..cf57ca4 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -2,10 +2,6 @@
${mbedx509_target}
)
-if(USE_PKCS11_HELPER_LIBRARY)
- set(libs ${libs} pkcs11-helper)
-endif(USE_PKCS11_HELPER_LIBRARY)
-
set(executables
cert_app
cert_req
diff --git a/scripts/config.py b/scripts/config.py
index cc0c9cc..4897604 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -183,7 +183,6 @@
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
- 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config
'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
@@ -277,7 +276,6 @@
if name in [
'MBEDTLS_DEBUG_C', # part of libmbedtls
'MBEDTLS_NET_C', # part of libmbedtls
- 'MBEDTLS_PKCS11_C', # part of libmbedx509
]:
return False
return True
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 14084de..6199c62 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -73,7 +73,6 @@
#include "mbedtls/oid.h"
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
-#include "mbedtls/pkcs11.h"
#include "mbedtls/pkcs12.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/platform_time.h"
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index bc80a56..a9c9cf3 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -9,10 +9,6 @@
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
-if(USE_PKCS11_HELPER_LIBRARY)
- set(libs ${libs} pkcs11-helper)
-endif(USE_PKCS11_HELPER_LIBRARY)
-
if(NOT MBEDTLS_PYTHON_EXECUTABLE)
message(FATAL_ERROR "Cannot build test suites without Python 3")
endif()
diff --git a/tests/Makefile b/tests/Makefile
index d9291dc..53f64b9 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -1,6 +1,5 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
-# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 70c64b9..9492896 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -97,8 +97,9 @@
LIBRARY="$LIBRARY 3rdparty/everest/library/everest.c 3rdparty/everest/library/x25519.c"
NL='
'
-sed -n 's/MBED..._[A-Z0-9_]*/\'"$NL"'&\'"$NL"/gp \
- $HEADERS $LIBRARY \
+cat $HEADERS $LIBRARY \
+ | grep -v -e '//no-check-names' -e '#error' \
+ | sed -n 's/MBED..._[A-Z0-9_]*/\'"$NL"'&\'"$NL"/gp \
| grep MBEDTLS | sort -u > _MBEDTLS_XXX
TYPOS=$( diff _caps _MBEDTLS_XXX | sed -n 's/^> //p' \
| egrep -v 'XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$' || true )
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 54846b5..a6f8dbd 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -182,7 +182,6 @@
<ClInclude Include="..\..\include\mbedtls\oid.h" />
<ClInclude Include="..\..\include\mbedtls\pem.h" />
<ClInclude Include="..\..\include\mbedtls\pk.h" />
- <ClInclude Include="..\..\include\mbedtls\pkcs11.h" />
<ClInclude Include="..\..\include\mbedtls\pkcs12.h" />
<ClInclude Include="..\..\include\mbedtls\pkcs5.h" />
<ClInclude Include="..\..\include\mbedtls\platform.h" />
@@ -321,7 +320,6 @@
<ClCompile Include="..\..\library\pem.c" />
<ClCompile Include="..\..\library\pk.c" />
<ClCompile Include="..\..\library\pk_wrap.c" />
- <ClCompile Include="..\..\library\pkcs11.c" />
<ClCompile Include="..\..\library\pkcs12.c" />
<ClCompile Include="..\..\library\pkcs5.c" />
<ClCompile Include="..\..\library\pkparse.c" />