Remove legacy_or_psa.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

include/mbedtls/legacy_or_psa.h

@@ -1,215 +0,0 @@
-/**
- *  Macros to express dependencies for code and tests that may use either the
- *  legacy API or PSA in various builds. This whole header file is currently
- *  for internal use only and both the header file and the macros it defines
- *  may change or be removed without notice.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * Note: applications that are targeting a specific configuration do not need
- * to use these macros; instead they should directly use the functions they
- * know are available in their configuration.
- *
- * Note: code that is purely based on PSA Crypto (psa_xxx() functions)
- * does not need to use these macros; instead it should use the relevant
- * PSA_WANT_xxx macros.
- *
- * Note: code that is purely based on the legacy crypto APIs (mbedtls_xxx())
- * does not need to use these macros; instead it should use the relevant
- * MBEDTLS_xxx macros.
- *
- * These macros are for code that wants to use <crypto feature> and will do so
- * using <legacy API> or PSA depending on <condition>, where:
- * - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
- *   also be a key type (AES, RSA, EC) or domain parameters (elliptic curve);
- * - <legacy API> will be either:
- *      - low-level module API (aes.h, sha256.h), or
- *      - an abstraction layer (md.h, cipher.h);
- * - <condition> will be either:
- *      - depending on what's available in the build:
- *          legacy API used if available, PSA otherwise
- *          (this is done to ensure backwards compatibility); or
- *      - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined.
- *
- * Examples:
- * - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
- *   mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
- *   MBEDTLS_USE_PSA_CRYPTO is defined;
- * - RSA PKCS#1 v2.1 will compute hashes (for padding) using either
- *   `mbedtls_md()` if it's available, or `psa_hash_compute()` otherwise;
- * - PEM decoding of PEM-encrypted keys will compute MD5 hashes using either
- *   `mbedtls_md5_xxx()` if it's available, or `psa_hash_xxx()` otherwise.
- *
- * Note: the macros are essential to express test dependencies. Inside code,
- * we could instead just use the equivalent pre-processor condition, but
- * that's not possible in test dependencies where we need a single macro.
- * Hopefully, using these macros in code will also help with consistency.
- *
- * The naming scheme for these macros is:
- *      MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition)
- * where:
- * - feature is expressed the same way as in PSA_WANT_xxx macros, for example:
- *   KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256;
- * - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER;
- * - condition is omitted if it's based on availability, else it's
- *   BASED_ON_USE_PSA.
- *
- * Coming back to the examples above:
- * - TLS 1.2 will determine if it can use SHA-256 using
- *      MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
- *   for the purposes of negotiation, and in test dependencies;
- * - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on
- *      MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
- * - PEM decoding code and its associated tests will depend on
- *      MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
- *
- * Note: every time it's possible to use, say SHA-256, via the MD API, then
- * it's also possible to use it via the low-level API. So, code that wants to
- * use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
- * just so happens that all the code choosing which API to use based on
- * MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
- * layer (sometimes in addition to the low-level API), so we don't need the
- * MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
- * (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself,
- * even less makes use of ciphers.)
- *
- * Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal
- * condition for being able to use <feature> at all. As such, they should be
- * used for guarding data about <feature>, such as OIDs or size. For example,
- * OID values related to SHA-256 are only useful when SHA-256 can be used at
- * least in some way.
- */
-
-#ifndef MBEDTLS_OR_PSA_HELPERS_H
-#define MBEDTLS_OR_PSA_HELPERS_H
-
-#include "mbedtls/build_info.h"
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/*
- * Hashes
- */
-
-/* Hashes using low-level or PSA based on availability */
-#if defined(MBEDTLS_MD5_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5))
-#define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_RIPEMD160_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160))
-#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA1_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1))
-#define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA224_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224))
-#define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA256_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
-#define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA384_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
-#define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA
-#endif
-#if defined(MBEDTLS_SHA512_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
-#define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA
-#endif
-
-/* Hashes using MD or PSA based on availability */
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C)) || \
-    (!defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5))
-#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C)) || \
-    (!defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160))
-#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C)) || \
-    (!defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1))
-#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C)) || \
-    (!defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224))
-#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C)) || \
-    (!defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
-#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C)) || \
-    (!defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
-#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
-#endif
-#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C)) || \
-    (!defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
-#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
-#endif
-
-/* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C)) || \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5))
-#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C)) || \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160))
-#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C)) || \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1))
-#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C)) || \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224))
-#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C)) || \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256))
-#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C)) || \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384))
-#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C)) || \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512))
-#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-
-#endif /* MBEDTLS_OR_PSA_HELPERS_H */

include/mbedtls/x509_crt.h

@@ -24,7 +24,6 @@
 #include "mbedtls/private_access.h"
 
 #include "mbedtls/build_info.h"
-#include "mbedtls/legacy_or_psa.h"
 
 #include "mbedtls/x509.h"
 #include "mbedtls/x509_crl.h"

library/hash_info.c

@@ -21,7 +21,6 @@
  */
 
 #include "hash_info.h"
-#include "mbedtls/legacy_or_psa.h"
 #include "mbedtls/error.h"
 
 typedef struct {

library/oid.c

@@ -28,8 +28,6 @@
 #include "mbedtls/error.h"
 #include "mbedtls/pk.h"
 
-#include "mbedtls/legacy_or_psa.h"
-
 #include <stdio.h>
 #include <string.h>
 

library/pem.c

@@ -39,8 +39,6 @@
 #include "psa/crypto.h"
 #endif
 
-#include "mbedtls/legacy_or_psa.h"
-
 #if defined(MBEDTLS_MD_CAN_MD5) &&  \
     defined(MBEDTLS_CIPHER_MODE_CBC) &&                             \
     (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C))

library/ssl_ciphersuites.c

@@ -29,8 +29,6 @@
 #include "mbedtls/ssl.h"
 #include "ssl_misc.h"
 
-#include "mbedtls/legacy_or_psa.h"
-
 #include <string.h>
 
 /*

library/ssl_cookie.c

@@ -33,8 +33,6 @@
 #include "mbedtls/platform_util.h"
 #include "mbedtls/constant_time.h"
 
-#include "mbedtls/legacy_or_psa.h"
-
 #include <string.h>
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)

library/ssl_misc.h

@@ -32,7 +32,6 @@
 #include "mbedtls/psa_util.h"
 #include "hash_info.h"
 #endif
-#include "mbedtls/legacy_or_psa.h"
 
 #if defined(MBEDTLS_MD_CAN_MD5)
 #include "mbedtls/md5.h"

library/ssl_tls.c

@@ -44,7 +44,6 @@
 #include "mbedtls/psa_util.h"
 #include "psa/crypto.h"
 #endif
-#include "mbedtls/legacy_or_psa.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #include "mbedtls/oid.h"

library/x509.c

@@ -53,8 +53,6 @@
 #include <time.h>
 #endif
 
-#include "mbedtls/legacy_or_psa.h"
-
 #define CHECK(code) if ((ret = (code)) != 0) { return ret; }
 #define CHECK_RANGE(min, max, val)                      \
     do                                                  \

library/x509write_crt.c

@@ -46,7 +46,6 @@
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #include "hash_info.h"
-#include "mbedtls/legacy_or_psa.h"
 
 void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
 {

programs/fuzz/fuzz_dtlsserver.c

@@ -11,7 +11,6 @@
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/ssl_cookie.h"
-#include "mbedtls/legacy_or_psa.h"
 
 #if defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_ENTROPY_C) && \

tests/src/certs.c

@@ -23,8 +23,6 @@
 
 #include "mbedtls/build_info.h"
 
-#include "mbedtls/legacy_or_psa.h"
-
 #include "mbedtls/pk.h"
 
 /*

tests/suites/test_suite_constant_time_hmac.function

@@ -1,7 +1,6 @@
 /* BEGIN_HEADER */
 
 #include <mbedtls/constant_time.h>
-#include <mbedtls/legacy_or_psa.h>
 #include <mbedtls/md.h>
 #include <constant_time_internal.h>
 #include <hash_info.h>

tests/suites/test_suite_debug.function

@@ -1,7 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/debug.h"
 #include "string.h"
-#include "mbedtls/legacy_or_psa.h"
 #include "mbedtls/pk.h"
 
 struct buffer_data {

tests/suites/test_suite_ecjpake.function

@@ -1,6 +1,5 @@
 /* BEGIN_HEADER */
 #include "mbedtls/ecjpake.h"
-#include "mbedtls/legacy_or_psa.h"
 
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_MD_CAN_SHA256)
 static const unsigned char ecjpake_test_x1[] = {

tests/suites/test_suite_oid.function

@@ -3,7 +3,6 @@
 #include "mbedtls/asn1.h"
 #include "mbedtls/asn1write.h"
 #include "string.h"
-#include "mbedtls/legacy_or_psa.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES

tests/suites/test_suite_pem.function

@@ -3,8 +3,6 @@
 #include "mbedtls/pem.h"
 #include "mbedtls/des.h"
 #include "mbedtls/aes.h"
-#include "mbedtls/legacy_or_psa.h"
-
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */

tests/suites/test_suite_pk.function

@@ -8,7 +8,6 @@
 #include "mbedtls/rsa.h"
 
 #include "hash_info.h"
-#include "mbedtls/legacy_or_psa.h"
 
 #include <limits.h>
 #include <stdint.h>

tests/suites/test_suite_pkcs12.function

@@ -2,8 +2,6 @@
 #include "mbedtls/pkcs12.h"
 #include "common.h"
 
-#include "mbedtls/legacy_or_psa.h"
-
 typedef enum {
     USE_NULL_INPUT = 0,
     USE_GIVEN_INPUT = 1,

tests/suites/test_suite_pkcs1_v15.function

@@ -1,8 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/rsa.h"
 #include "mbedtls/md.h"
-
-#include "mbedtls/legacy_or_psa.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES

tests/suites/test_suite_pkcs1_v21.function

@@ -1,6 +1,5 @@
 /* BEGIN_HEADER */
 #include "mbedtls/rsa.h"
-#include "mbedtls/legacy_or_psa.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES

tests/suites/test_suite_pkcs5.function

@@ -1,6 +1,5 @@
 /* BEGIN_HEADER */
 #include "mbedtls/pkcs5.h"
-#include "mbedtls/legacy_or_psa.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES

tests/suites/test_suite_pkparse.function

@@ -3,7 +3,6 @@
 #include "mbedtls/pem.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/ecp.h"
-#include "mbedtls/legacy_or_psa.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES

tests/suites/test_suite_psa_crypto.function

@@ -25,7 +25,6 @@
 #else
 #define TEST_DRIVER_LOCATION 0x7fffff
 #endif
-#include "mbedtls/legacy_or_psa.h"
 
 /* If this comes up, it's a bug in the test code or in the test data. */
 #define UNUSED 0xdeadbeef

tests/suites/test_suite_rsa.function

@@ -1,8 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/rsa.h"
 #include "rsa_alt_helpers.h"
-
-#include "mbedtls/legacy_or_psa.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES

tests/suites/test_suite_ssl.function

@@ -7,7 +7,6 @@
 #include <ssl_tls13_invasive.h>
 #include <test/ssl_helpers.h>
 
-#include <mbedtls/legacy_or_psa.h>
 #include "hash_info.h"
 
 #include <constant_time_internal.h>

tests/suites/test_suite_x509parse.function

@@ -11,8 +11,6 @@
 #include "mbedtls/pk.h"
 #include "string.h"
 
-#include "mbedtls/legacy_or_psa.h"
-
 #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
 #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
     than the current threshold 19. To test larger values, please \

tests/suites/test_suite_x509write.function

@@ -9,7 +9,6 @@
 #include "mbedtls/pk.h"
 
 #include "hash_info.h"
-#include "mbedtls/legacy_or_psa.h"
 
 #if defined(MBEDTLS_RSA_C)
 int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,