Remove mbedTLS v3.1 support on Linux

Remove unused mbedTLS source files

.github/workflows/build.yml

@@ -32,8 +32,8 @@ jobs:
           - args: "CLOUD=1"
           # cloud on (tcp on, ipv4 on), debug on
           - args: "CLOUD=1 DEBUG=1"
-          # cloud on (tcp on, ipv4 on), debug on, mbedTLS v3.5.0
-          - args: "CLOUD=1 DEBUG=1 MBEDTLS_FORCE_3_5_0=1"
+          # cloud on (tcp on, ipv4 on), debug on, mbedTLS v3.6.2
+          - args: "CLOUD=1 DEBUG=1 MBEDTLS_FORCE_3_6_2=1"
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:

port/android/Makefile

@@ -123,18 +123,14 @@ SWIG_DIR = $(ROOT_DIR)/swig
 OBJDIR ?= ./${ANDROID_HOST}obj
 MBEDTLS_DIR := $(ROOT_DIR)/deps/mbedtls
 
-DTLS = aes.c	aesni.c		asn1parse.c	asn1write.c	aria.c	base64.c \
-	bignum_core.c	bignum.c	camellia.c	ccm.c		cipher.c	cipher_wrap.c \
-	cmac.c		constant_time.c	ctr_drbg.c	debug.c	des.c		dhm.c		ecdh.c \
-	ecdsa.c 	ecjpake.c	ecp.c		ecp_curves.c	entropy.c	entropy_poll.c \
-	error.c	gcm.c		hmac_drbg.c	md.c	md5.c	net_sockets.c	nist_kw.c	oid.c \
-	padlock.c	pem.c		pk.c		pk_wrap.c	pkcs12.c	pkcs5.c		pkparse.c \
-	pkwrite.c	platform.c	platform_util.c	ripemd160.c	rsa.c	rsa_alt_helpers.c \
-	sha1.c	sha256.c	sha512.c	threading.c	timing.c	version.c	version_features.c \
-	ssl_cache.c	ssl_client.c	ssl_ciphersuites.c	ssl_cookie.c	ssl_debug_helpers_generated.c \
-	ssl_msg.c	ssl_ticket.c	ssl_tls.c	ssl_tls12_client.c	ssl_tls12_server.c\
-	x509.c		x509_crt.c	x509_csr.c	x509_create.c	x509write.c	x509write_csr.c \
-	x509write_crt.c
+DTLS = aes.c	asn1parse.c	asn1write.c	aria.c	base64.c	bignum_core.c	bignum.c \
+	ccm.c	cipher.c	cipher_wrap.c	cmac.c		constant_time.c	ctr_drbg.c	debug.c \
+	ecdh.c	ecdsa.c	ecjpake.c	ecp.c	ecp_curves.c	entropy_poll.c	entropy.c	error.c \
+	gcm.c	md.c	net_sockets.c	nist_kw.c	oid.c pem.c	pk.c	pk_wrap.c	pkcs5.c \
+	pkparse.c	pkwrite.c	platform.c	platform_util.c		rsa.c	rsa_alt_helpers.c \
+	sha1.c	sha256.c	sha512.c	timing.c	ssl_ciphersuites.c	ssl_client.c	ssl_cookie.c \
+	ssl_debug_helpers_generated.c	ssl_msg.c	ssl_tls.c	ssl_tls12_client.c	ssl_tls12_server.c \
+	x509.c	x509_create.c	x509_crt.c	x509_csr.c	x509write.c	x509write_csr.c x509write_crt.c
 
 ifeq ($(MBEDTLS_FORCE_3_6_2),1)
 	DTLS += pk_ecc.c
@@ -470,6 +466,8 @@ $(MBEDTLS_PATCH_FILE): ${MBEDTLS_DIR}/.git ${MBEDTLS_PATCHES}
 
 endif
 
+endif
+
 clean:
 	$(RM) -rf ${OBJDIR} $(CONSTRAINED_LIBS)
 	${MAKE} -C ${SWIG_DIR} clean

port/linux/Makefile

@@ -40,8 +40,7 @@ ifeq ($(TSAN),1)
 endif
 BUILD_SAMPLES ?= 1
 TEST ?= 1
-# for now use v3.1.0 as default
-MBEDTLS_FORCE_3_5_0 ?= 0
+# use v3.5.0 as default
 MBEDTLS_FORCE_3_6_2 ?= 0
 
 TINYCBOR_DIR := $(ROOT_DIR)/deps/tinycbor
@@ -103,34 +102,17 @@ CLOUD_TEST_OBJ_FILES := $(patsubst $(CLOUD_TEST_DIR)/%.cpp,$(CLOUD_TEST_OBJ_DIR)
 
 UNIT_TESTS = apitest platformtest securitytest messagingtest
 
-DTLS = aes.c	aesni.c   	asn1parse.c	asn1write.c	base64.c	\
-	bignum.c	camellia.c	ccm.c		cipher.c	cipher_wrap.c	\
-	cmac.c		ctr_drbg.c	des.c		dhm.c		ecdh.c		ecdsa.c		\
-	ecjpake.c	ecp.c		ecp_curves.c	entropy.c	entropy_poll.c	error.c		\
-	gcm.c		hmac_drbg.c	md.c		\
-	md5.c		oid.c		padlock.c	\
-	pem.c		pk.c		pk_wrap.c	pkcs12.c	pkcs5.c		pkparse.c	\
-	pkwrite.c	platform.c	ripemd160.c	rsa.c		sha1.c		sha256.c	\
-	sha512.c	threading.c	timing.c	version.c	version_features.c		\
-	x509.c 		x509_crt.c	debug.c		net_sockets.c	\
-	ssl_cache.c	ssl_ciphersuites.c		ssl_cookie.c	platform_util.c	\
-	ssl_ticket.c	ssl_tls.c	x509write_csr.c \
-	x509write_crt.c	x509_create.c	x509_csr.c ssl_msg.c constant_time.c \
-	nist_kw.c aria.c rsa_alt_helpers.c
+DTLS = aes.c	asn1parse.c	asn1write.c	aria.c	base64.c	bignum_core.c	bignum.c \
+	ccm.c	cipher.c	cipher_wrap.c	cmac.c		constant_time.c	ctr_drbg.c	debug.c \
+	ecdh.c	ecdsa.c	ecjpake.c	ecp.c	ecp_curves.c	entropy_poll.c	entropy.c	error.c \
+	gcm.c	md.c	net_sockets.c	nist_kw.c	oid.c pem.c	pk.c	pk_wrap.c	pkcs5.c \
+	pkparse.c	pkwrite.c	platform.c	platform_util.c		rsa.c	rsa_alt_helpers.c \
+	sha1.c	sha256.c	sha512.c	timing.c	ssl_ciphersuites.c	ssl_client.c	ssl_cookie.c \
+	ssl_debug_helpers_generated.c	ssl_msg.c	ssl_tls.c	ssl_tls12_client.c	ssl_tls12_server.c \
+	x509.c	x509_create.c	x509_crt.c	x509_csr.c	x509write.c	x509write_csr.c x509write_crt.c
 
 ifeq ($(MBEDTLS_FORCE_3_6_2),1)
-DTLS += bignum_core.c \
-		pk_ecc.c \
-		ssl_client.c ssl_debug_helpers_generated.c ssl_tls12_client.c ssl_tls12_server.c \
-		x509write.c
-else
-ifeq ($(MBEDTLS_FORCE_3_5_0),1)
-DTLS += bignum_core.c \
-		ssl_client.c ssl_debug_helpers_generated.c ssl_tls12_client.c ssl_tls12_server.c \
-		x509write.c
-else
-DTLS += ssl_cli.c ssl_srv.c
-endif
+	DTLS += pk_ecc.c
 endif
 
 DTLSFLAGS=-I../../deps/mbedtls/include -Wno-error=unused
@@ -740,6 +722,7 @@ $(MBEDTLS_PATCH_FILE): ${MBEDTLS_DIR}/.git ${MBEDTLS_PATCHES}
 		git reset --hard && \
 		(git fetch --unshallow --tags || git fetch --all) && \
 		git checkout v3.6.2 && \
+		git submodule update --init \
 		cd - && \
 		git add -u ${MBEDTLS_DIR} ; \
 	fi && \
@@ -751,8 +734,6 @@ $(MBEDTLS_PATCH_FILE): ${MBEDTLS_DIR}/.git ${MBEDTLS_PATCHES}
 
 else
 
-ifeq ($(MBEDTLS_FORCE_3_5_0),1)
-
 MBEDTLS_PATCHES := $(sort $(wildcard ../../patches/mbedtls/3.5/*.patch) $(wildcard ../../patches/mbedtls/3.5/make/*.patch))
 
 $(MBEDTLS_PATCH_FILE): ${MBEDTLS_DIR}/.git ${MBEDTLS_PATCHES}
@@ -771,23 +752,6 @@ $(MBEDTLS_PATCH_FILE): ${MBEDTLS_DIR}/.git ${MBEDTLS_PATCHES}
 	for patch in $(MBEDTLS_PATCHES); do patch -r - -s -N -p1 < $${patch} ; done && \
 	echo "Patches applied in $^" > ${@F}
 
-else
-
-MBEDTLS_PATCHES := $(sort $(wildcard ../../patches/mbedtls/3.1/*.patch) $(wildcard ../../patches/mbedtls/3.1/make/*.patch))
-
-$(MBEDTLS_PATCH_FILE): ${MBEDTLS_DIR}/.git ${MBEDTLS_PATCHES}
-	if [ -d ${MBEDTLS_DIR} ]; then \
-		cd ${MBEDTLS_DIR} && \
-		git clean -fdx . && \
-		git reset --hard && \
-		cd -; \
-	fi && \
-	git submodule update --init && \
-	cd ${MBEDTLS_DIR} && \
-	for patch in $(MBEDTLS_PATCHES); do patch -r - -s -N -p1 < $${patch} ; done && \
-	echo "Patches applied in $^" > ${@F}
-endif
-
 endif
 
 endif