From 6b64a1ba379681fdc71ee3106ca3a830a2df9000 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 16 Jan 2025 15:00:10 +0100
Subject: [PATCH 1/3] x509: remove definition and implementation of
 x509write_crt_set_serial

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 include/mbedtls/x509_crt.h | 22 ----------------------
 library/x509write_crt.c    | 24 ------------------------
 2 files changed, 46 deletions(-)

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 491343f896..5943cfcfa5 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -943,28 +943,6 @@ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx);
  */
 void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version);
 
-#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief           Set the serial number for a Certificate.
- *
- * \deprecated      This function is deprecated and will be removed in a
- *                  future version of the library. Please use
- *                  mbedtls_x509write_crt_set_serial_raw() instead.
- *
- * \note            Even though the MBEDTLS_BIGNUM_C guard looks redundant since
- *                  X509 depends on PK and PK depends on BIGNUM, this emphasizes
- *                  a direct dependency between X509 and BIGNUM which is going
- *                  to be deprecated in the future.
- *
- * \param ctx       CRT context to use
- * \param serial    serial number to set
- *
- * \return          0 if successful
- */
-int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial(
-    mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
-#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
-
 /**
  * \brief           Set the serial number for a Certificate.
  *
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 8bce1ccf52..4bae0fbf67 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -92,30 +92,6 @@ int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
     return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
 }
 
-#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
-                                     const mbedtls_mpi *serial)
-{
-    int ret;
-    size_t tmp_len;
-
-    /* Ensure that the MPI value fits into the buffer */
-    tmp_len = mbedtls_mpi_size(serial);
-    if (tmp_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
-        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
-    }
-
-    ctx->serial_len = tmp_len;
-
-    ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len);
-    if (ret < 0) {
-        return ret;
-    }
-
-    return 0;
-}
-#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
-
 int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
                                          unsigned char *serial, size_t serial_len)
 {

From 6487da15e9b6ab2f514f67d82d7ce91a18cfb60c Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 16 Jan 2025 15:02:15 +0100
Subject: [PATCH 2/3] tests: remove usage of mbedtls_x509write_crt_set_serial

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/suites/test_suite_x509write.function | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index d0fdd8aeef..d1df9e3912 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -471,14 +471,8 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
         mbedtls_x509write_crt_set_version(&crt, ver);
     }
 
-#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
-    TEST_ASSERT(mbedtls_mpi_read_binary(&serial_mpi, serial_arg->x,
-                                        serial_arg->len) == 0);
-    TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial_mpi) == 0);
-#else
     TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x,
                                                      serial_arg->len) == 0);
-#endif
     TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before,
                                                    not_after) == 0);
     mbedtls_x509write_crt_set_md_alg(&crt, md_type);
@@ -665,13 +659,6 @@ void x509_set_serial_check()
     USE_PSA_INIT();
     memset(invalid_serial, 0x01, sizeof(invalid_serial));
 
-#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
-    TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial,
-                                       sizeof(invalid_serial)), 0);
-    TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi),
-               MBEDTLS_ERR_X509_BAD_INPUT_DATA);
-#endif
-
     TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial,
                                                     sizeof(invalid_serial)),
                MBEDTLS_ERR_X509_BAD_INPUT_DATA);

From 19846f5561482da1c4ad29efee98b15fbb7301d2 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 16 Jan 2025 15:06:19 +0100
Subject: [PATCH 3/3] changelog: add note for
 mbedtls_x509write_crt_set_serial() deprecation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 ChangeLog.d/9892.txt | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 ChangeLog.d/9892.txt

diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt
new file mode 100644
index 0000000000..01d21b6e5f
--- /dev/null
+++ b/ChangeLog.d/9892.txt
@@ -0,0 +1,4 @@
+Removals
+   * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was
+     already deprecated and superseeded by
+     mbedtls_x509write_crt_set_serial_raw().