Merge branch 'cleanup/remove_deprecated_apis' into 'master'

mahavirj · mahavirj · commit c91dc3f04951 · 2025-08-21T10:05:37.000+05:30
feat: remove some deprecated APIs from 6.0 release

Closes IDF-13093

See merge request espressif/esp-idf!41211
diff --git a/components/app_update/esp_ota_app_desc.c b/components/app_update/esp_ota_app_desc.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2017-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -9,13 +9,3 @@
 #include "esp_ota_ops.h"
 #include "esp_attr.h"
 #include "sdkconfig.h"
-
-const esp_app_desc_t *esp_ota_get_app_description(void)
-{
-    return esp_app_get_description();
-}
-
-int esp_ota_get_app_elf_sha256(char* dst, size_t size)
-{
-   return esp_app_get_elf_sha256(dst, size);
-}
diff --git a/components/app_update/include/esp_ota_ops.h b/components/app_update/include/esp_ota_ops.h
@@ -42,30 +42,6 @@ extern "C"
  */
 typedef uint32_t esp_ota_handle_t;
 
-/**
- * @brief   Return esp_app_desc structure. This structure includes app version.
- *
- * @note This API is present for backward compatibility reasons. Alternative function
- * with the same functionality is `esp_app_get_description`
- *
- * Return description for running app.
- * @return Pointer to esp_app_desc structure.
- */
-const esp_app_desc_t *esp_ota_get_app_description(void) __attribute__((deprecated("Please use esp_app_get_description instead")));
-
-/**
- * @brief   Fill the provided buffer with SHA256 of the ELF file, formatted as hexadecimal, null-terminated.
- * If the buffer size is not sufficient to fit the entire SHA256 in hex plus a null terminator,
- * the largest possible number of bytes will be written followed by a null.
- *
-* @note This API is present for backward compatibility reasons. Alternative function
- * with the same functionality is `esp_app_get_elf_sha256`
- *
- * @param dst   Destination buffer
- * @param size  Size of the buffer
- * @return      Number of bytes written to dst (including null terminator)
- */
-int esp_ota_get_app_elf_sha256(char* dst, size_t size) __attribute__((deprecated("Please use esp_app_get_elf_sha256 instead")));
 
 /**
  * @brief   Commence an OTA update writing to the specified partition.
diff --git a/components/bootloader_support/include/esp_secure_boot.h b/components/bootloader_support/include/esp_secure_boot.h
@@ -269,15 +269,6 @@ typedef struct {
 
 #endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_FULL >= 300
 
-/** @brief Legacy ECDSA verification function
- *
- * @note Deprecated, call either esp_secure_boot_verify_ecdsa_signature_block() or esp_secure_boot_verify_rsa_signature_block() instead.
- *
- * @param sig_block Pointer to ECDSA signature block data
- * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
- */
-esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest)
-    __attribute__((deprecated("use esp_secure_boot_verify_ecdsa_signature_block instead")));
 
 
 #define FLASH_OFFS_SECURE_BOOT_IV_DIGEST 0
diff --git a/components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_bootloader.c b/components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_bootloader.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -53,11 +53,6 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
     return err;
 }
 
-esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest)
-{
-    uint8_t verified_digest[ESP_SECURE_BOOT_DIGEST_LEN] = { 0 };
-    return esp_secure_boot_verify_ecdsa_signature_block(sig_block, image_digest, verified_digest);
-}
 
 esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
 {
diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c
@@ -603,28 +603,6 @@ static int get_port(const char *url, struct http_parser_url *u)
     return 0;
 }
 
-esp_tls_t *esp_tls_conn_http_new(const char *url, const esp_tls_cfg_t *cfg)
-{
-    if (!url || !cfg) {
-        return NULL;
-    }
-
-    /* Parse URI */
-    struct http_parser_url u;
-    http_parser_url_init(&u);
-    http_parser_parse_url(url, strlen(url), 0, &u);
-    esp_tls_t *tls = esp_tls_init();
-    if (!tls) {
-        return NULL;
-    }
-    /* Connect to host */
-    if (esp_tls_conn_new_sync(&url[u.field_data[UF_HOST].off], u.field_data[UF_HOST].len,
-                              get_port(url, &u), cfg, tls) == 1) {
-        return tls;
-    }
-    esp_tls_conn_destroy(tls);
-    return NULL;
-}
 
 /**
  * @brief      Create a new TLS/SSL connection with a given "HTTP" url
diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h
@@ -402,21 +402,6 @@ typedef struct esp_tls esp_tls_t;
  */
 esp_tls_t *esp_tls_init(void);
 
-/**
- * @brief      Create a new blocking TLS/SSL connection with a given "HTTP" url
- *
- * Note: This API is present for backward compatibility reasons. Alternative function
- * with the same functionality is `esp_tls_conn_http_new_sync` (and its asynchronous version
- * `esp_tls_conn_http_new_async`)
- *
- * @param[in]  url  url of host.
- * @param[in]  cfg  TLS configuration as esp_tls_cfg_t. If you wish to open
- *                  non-TLS connection, keep this NULL. For TLS connection,
- *                  a pass pointer to 'esp_tls_cfg_t'. At a minimum, this
- *                  structure should be zero-initialized.
- * @return pointer to esp_tls_t, or NULL if connection couldn't be opened.
- */
-esp_tls_t *esp_tls_conn_http_new(const char *url, const esp_tls_cfg_t *cfg) __attribute__((deprecated("Please use esp_tls_conn_http_new_sync (or its asynchronous version esp_tls_conn_http_new_async) instead")));
 
 /**
  * @brief      Create a new blocking TLS/SSL connection
diff --git a/components/esp_local_ctrl/include/esp_local_ctrl.h b/components/esp_local_ctrl/include/esp_local_ctrl.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -260,22 +260,14 @@ typedef struct esp_local_ctrl_proto_sec_cfg {
      */
     void *custom_handle;
 
-    /* Anonymous union */
-    union {
-        /**
-         * Proof of possession to be used for local control. Could be NULL.
-         */
-        const void *pop __attribute__((deprecated("use sec_params field instead")));
-
-        /**
-         * Pointer to security params (NULL if not needed).
-         * This is not needed for protocomm security 0
-         * This pointer should hold the struct of type
-         * esp_local_ctrl_security1_params_t for protocomm security 1
-         * and esp_local_ctrl_security2_params_t for protocomm security 2 respectively. Could be NULL.
-         */
-        const void *sec_params;
-    };
+    /**
+     * Pointer to security params (NULL if not needed).
+     * This is not needed for protocomm security 0
+     * This pointer should hold the struct of type
+     * esp_local_ctrl_security1_params_t for protocomm security 1
+     * and esp_local_ctrl_security2_params_t for protocomm security 2 respectively. Could be NULL.
+     */
+    const void *sec_params;
 } esp_local_ctrl_proto_sec_cfg_t;
 
 /**
diff --git a/components/mbedtls/port/aes/block/esp_aes.c b/components/mbedtls/port/aes/block/esp_aes.c
@@ -150,12 +150,6 @@ static int esp_aes_validate_input(esp_aes_context *ctx, const unsigned char *inp
 }
 
 
-void esp_aes_encrypt(esp_aes_context *ctx,
-                     const unsigned char input[16],
-                     unsigned char output[16] )
-{
-    esp_internal_aes_encrypt(ctx, input, output);
-}
 
 /*
  * AES-ECB block encryption
@@ -182,12 +176,6 @@ int esp_internal_aes_encrypt(esp_aes_context *ctx,
     return r;
 }
 
-void esp_aes_decrypt(esp_aes_context *ctx,
-                     const unsigned char input[16],
-                     unsigned char output[16] )
-{
-    esp_internal_aes_decrypt(ctx, input, output);
-}
 
 /*
  * AES-ECB block decryption
diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c
@@ -106,12 +106,6 @@ int esp_internal_aes_encrypt(esp_aes_context *ctx,
     return r;
 }
 
-void esp_aes_encrypt(esp_aes_context *ctx,
-                     const unsigned char input[16],
-                     unsigned char output[16] )
-{
-    esp_internal_aes_encrypt(ctx, input, output);
-}
 
 /*
  * AES-ECB single block decryption
@@ -140,12 +134,6 @@ int esp_internal_aes_decrypt(esp_aes_context *ctx,
     return r;
 }
 
-void esp_aes_decrypt(esp_aes_context *ctx,
-                     const unsigned char input[16],
-                     unsigned char output[16] )
-{
-    esp_internal_aes_decrypt(ctx, input, output);
-}
 
 
 /*
diff --git a/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c b/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -109,50 +109,6 @@ static esp_err_t crypto_shared_gdma_init(void)
     return ret;
 }
 
-esp_err_t esp_crypto_shared_gdma_start(const lldesc_t *input, const lldesc_t *output, gdma_trigger_peripheral_t peripheral)
-{
-    int rx_ch_id = 0;
-    esp_err_t ret = ESP_OK;
-
-    if (tx_channel == NULL) {
-        /* Allocate a pair of RX and TX for crypto, should only happen the first time we use the GMDA
-           or if user called esp_crypto_shared_gdma_release */
-        ret = crypto_shared_gdma_init();
-    }
-
-    if (ret != ESP_OK) {
-        return ret;
-    }
-
-    /* Tx channel is shared between AES and SHA, need to connect to peripheral every time */
-    gdma_disconnect(tx_channel);
-
-#ifdef SOC_SHA_SUPPORTED
-    if (peripheral == GDMA_TRIG_PERIPH_SHA) {
-        gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_SHA, 0));
-    } else
-#endif // SOC_SHA_SUPPORTED
-#ifdef SOC_AES_SUPPORTED
-    if (peripheral == GDMA_TRIG_PERIPH_AES) {
-        gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0));
-    } else
-#endif // SOC_AES_SUPPORTED
-    {
-        return ESP_ERR_INVALID_ARG;
-    }
-
-    /* tx channel is reset by gdma_connect(), also reset rx to ensure a known state */
-    gdma_get_channel_id(rx_channel, &rx_ch_id);
-
-#if SOC_AHB_GDMA_VERSION == 1
-    gdma_ll_rx_reset_channel(&GDMA, rx_ch_id);
-#endif /* SOC_AHB_GDMA_VERSION */
-
-    gdma_start(tx_channel, (intptr_t)input);
-    gdma_start(rx_channel, (intptr_t)output);
-
-    return ESP_OK;
-}
 
 /* The external memory ecc-aes access must be enabled when there exists
    at least one buffer in the DMA descriptors that resides in external memory. */
diff --git a/components/mbedtls/port/include/aes/esp_aes.h b/components/mbedtls/port/include/aes/esp_aes.h
@@ -345,11 +345,6 @@ int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16
 /** XTS-AES buffer encryption/decryption */
 int esp_aes_crypt_xts( esp_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output );
 
-/** Deprecated, see esp_aes_internal_decrypt */
-void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
-
-/** Deprecated, see esp_aes_internal_encrypt */
-void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
 
 #ifdef __cplusplus
 }
diff --git a/components/mbedtls/port/include/esp_crypto_shared_gdma.h b/components/mbedtls/port/include/esp_crypto_shared_gdma.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -15,19 +15,6 @@
 extern "C" {
 #endif
 
-/**
- * @brief Start a GDMA transfer on the shared crypto DMA channel
- *        Only supports AHB-DMA.
- *
- * @note Will allocate a GDMA channel for AES & SHA if no such channel is already allocated
- *
- * @param input Input linked list descriptor (lldesc_t *)
- * @param output Output linked list descriptor (lldesc_t *)
- * @param peripheral Crypto peripheral to connect the DMA to, either GDMA_TRIG_PERIPH_AES or
- *                   GDMA_TRIG_PERIPH_SHA
- * @return esp_err_t ESP_FAIL if no GDMA channel available
- */
-esp_err_t esp_crypto_shared_gdma_start(const lldesc_t *input, const lldesc_t *output, gdma_trigger_peripheral_t peripheral) __attribute__((deprecated("use esp_crypto_shared_gdma_start_axi_ahb instead")));
 
 /**
  * @brief Start a GDMA transfer on the shared crypto DMA channel
@@ -60,7 +47,7 @@ bool esp_crypto_shared_gdma_done(void);
  *       This means this function should not be called from code which already takes these locks,
  *       i.e. inside our AES/SHA code.
  *
- *       If you are continously using AES/SHA (e.g. because of a wifi connection) then it's not recommended
+ *       If you are continuously using AES/SHA (e.g. because of a wifi connection) then it's not recommended
  *       to use this API. Freeing the channel is mainly for use cases where you are finished with the crypto peripherals
  *       and need the DMA channel for other peripherals. An example would be doing some processing after disconnecting WiFi
  */
diff --git a/components/protocomm/include/security/protocomm_security.h b/components/protocomm/include/security/protocomm_security.h
@@ -41,7 +41,6 @@ typedef struct protocomm_security1_params {
     uint16_t len;
 } protocomm_security1_params_t;
 
-typedef protocomm_security1_params_t  protocomm_security_pop_t __attribute__((deprecated("Use protocomm_security1_params_t instead")));
 
 /**
  * @brief Protocomm Security 2 parameters: Salt and Verifier
diff --git a/docs/en/migration-guides/release-6.x/6.0/protocols.rst b/docs/en/migration-guides/release-6.x/6.0/protocols.rst
@@ -1,8 +1,24 @@
-ESP-Modbus
-==========
+Protocols
+=========
 
 :link_to_translation:`zh_CN:[中文]`
 
+
+ESP-TLS
+-------
+
+**Removed Deprecated API**
+
+The deprecated :cpp:func:`esp_tls_conn_http_new` function has been removed. Use either:
+
+- :cpp:func:`esp_tls_conn_http_new_sync` for blocking connections
+- :cpp:func:`esp_tls_conn_http_new_async` for non-blocking connections
+
+The new API requires you to create the :cpp:type:`esp_tls_t` structure using :cpp:func:`esp_tls_init` and provides better control over the connection process.
+
+ESP-Modbus
+----------
+
 The Espressif ESP-Modbus Library (esp-modbus) supports Modbus communication in the networks based on RS485, Wi-Fi, and Ethernet interfaces.
 
 The component ``esp-modbus v2 (v2.x.x)`` is the current supported component version:
diff --git a/docs/en/migration-guides/release-6.x/6.0/security.rst b/docs/en/migration-guides/release-6.x/6.0/security.rst
@@ -6,8 +6,27 @@ Security
 Mbed TLS
 --------
 
-    Starting from **ESP-IDF v6.0**, some already deprecated mbedtls header files like ``esp32/aes.h``, ``esp32/sha.h``, ``esp32s2/aes.h``, ``esp32s2/sha.h`` and ``esp32s2/gcm.h`` have been removed, instead, you should include ``aes/esp_aes.h``, ``sha/sha_core.h`` and ``aes/esp_aes_gcm.h`` respectively.
+Starting from **ESP-IDF v6.0**, some already deprecated mbedtls header files like ``esp32/aes.h``, ``esp32/sha.h``, ``esp32s2/aes.h``, ``esp32s2/sha.h`` and ``esp32s2/gcm.h`` have been removed, instead, you should include ``aes/esp_aes.h``, ``sha/sha_core.h`` and ``aes/esp_aes_gcm.h`` respectively.
 
-    .. only:: SOC_SHA_SUPPORTED
+.. only:: SOC_SHA_SUPPORTED
 
-        The SHA module headers ``sha/sha_dma.h`` and ``sha/sha_block.h`` are also deprecated and removed. You should include ``sha/sha_core.h`` instead.
+    The SHA module headers ``sha/sha_dma.h`` and ``sha/sha_block.h`` are also deprecated and removed. You should include ``sha/sha_core.h`` instead.
+
+**Removed Deprecated APIs**
+
+The following deprecated functions have been removed:
+
+- :cpp:func:`esp_aes_encrypt` – Use :cpp:func:`esp_internal_aes_encrypt` instead.
+- :cpp:func:`esp_aes_decrypt` – Use :cpp:func:`esp_internal_aes_decrypt` instead.
+- :cpp:func:`esp_crypto_shared_gdma_start` – Use :cpp:func:`esp_crypto_shared_gdma_start_axi_ahb` instead.
+
+Note that the new AES functions return error codes for better error handling, unlike the old void functions.
+
+Bootloader Support
+------------------
+
+**Removed Deprecated APIs**
+
+The following deprecated functions have been removed:
+
+- :cpp:func:`esp_secure_boot_verify_signature_block` – Use :cpp:func:`esp_secure_boot_verify_ecdsa_signature_block` instead.
diff --git a/docs/en/migration-guides/release-6.x/6.0/system.rst b/docs/en/migration-guides/release-6.x/6.0/system.rst
diff --git a/docs/zh_CN/migration-guides/release-6.x/6.0/protocols.rst b/docs/zh_CN/migration-guides/release-6.x/6.0/protocols.rst
diff --git a/docs/zh_CN/migration-guides/release-6.x/6.0/security.rst b/docs/zh_CN/migration-guides/release-6.x/6.0/security.rst
diff --git a/docs/zh_CN/migration-guides/release-6.x/6.0/system.rst b/docs/zh_CN/migration-guides/release-6.x/6.0/system.rst

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD`
	`2`	`+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD`
`3`	`3`	`*`
`4`	`4`	`* SPDX-License-Identifier: Apache-2.0`
`5`	`5`	`*/`
`@@ -53,11 +53,6 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)`
`53`	`53`	`return err;`
`54`	`54`	`}`
`55`	`55`
`56`		`-esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t sig_block, const uint8_t image_digest)`
`57`		`-{`
`58`		`- uint8_t verified_digest[ESP_SECURE_BOOT_DIGEST_LEN] = { 0 };`
`59`		`- return esp_secure_boot_verify_ecdsa_signature_block(sig_block, image_digest, verified_digest);`
`60`		`-}`
`61`	`56`
`62`	`57`	`esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig_block_t sig_block, const uint8_t image_digest, uint8_t *verified_digest)`
`63`	`58`	`{`