Drop support for TLS record-level compression.

Remove option MBEDTLS_ZLIB_SUPPORT.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 260dbab..8ec1428 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2147,31 +2147,6 @@
  * Comment this macro to disallow using RSASSA-PSS in certificates.
  */
 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-
-/**
- * \def MBEDTLS_ZLIB_SUPPORT
- *
- * If set, the SSL/TLS module uses ZLIB to support compression and
- * decompression of packet data.
- *
- * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
- * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be applicable to your use case.
- *
- * \note Currently compression can't be used with DTLS.
- *
- * \deprecated This feature is deprecated and will be removed
- *             in the next major revision of the library.
- *
- * Used in: library/ssl_tls.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This feature requires zlib library and headers to be present.
- *
- * Uncomment to enable use of ZLIB
- */
-//#define MBEDTLS_ZLIB_SUPPORT
 /* \} name SECTION: mbed TLS feature support */
 
 /**
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 446d261..a535d21 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -51,19 +51,6 @@
 #include "mbedtls/ecdh.h"
 #endif
 
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
-#endif
-
-#include "zlib.h"
-#endif
-
 #if defined(MBEDTLS_HAVE_TIME)
 #include "mbedtls/platform_time.h"
 #endif
@@ -107,7 +94,6 @@
 #define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
-#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
@@ -183,7 +169,6 @@
 #define MBEDTLS_SSL_ETM_ENABLED                 1
 
 #define MBEDTLS_SSL_COMPRESS_NULL               0
-#define MBEDTLS_SSL_COMPRESS_DEFLATE            1
 
 #define MBEDTLS_SSL_VERIFY_NONE                 0
 #define MBEDTLS_SSL_VERIFY_OPTIONAL             1
@@ -1334,9 +1319,6 @@
     uint16_t mtu;               /*!< path mtu, used to fragment outgoing messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    unsigned char *compress_buf;        /*!<  zlib data buffer        */
-#endif /* MBEDTLS_ZLIB_SUPPORT */
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
     signed char split_done;     /*!< current record already splitted? */
 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
@@ -1497,9 +1479,8 @@
  *                 pointers and data.
  *
  * \param ssl      SSL context
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED,
-                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
- *                 MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+ * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
+                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
  */
 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
 
@@ -1814,9 +1795,6 @@
  * \note           Values lower than the current record layer expansion will
  *                 result in an error when trying to send data.
  *
- * \note           Using record compression together with a non-zero MTU value
- *                 will result in an error when trying to send data.
- *
  * \param ssl      SSL context
  * \param mtu      Value of the path MTU in bytes
  */
@@ -3711,14 +3689,9 @@
  * \brief          Return the (maximum) number of bytes added by the record
  *                 layer: header + encryption/MAC overhead (inc. padding)
  *
- * \note           This function is not available (always returns an error)
- *                 when record compression is enabled.
- *
  * \param ssl      SSL context
  *
- * \return         Current maximum record expansion in bytes, or
- *                 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
- *                 enabled, which makes expansion much less predictable
+ * \return         Current maximum record expansion in bytes
  */
 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
 
@@ -3795,9 +3768,6 @@
  *                 to the caller to call \c mbedtls_ssl_write() again in
  *                 order to send the remaining bytes if any.
  *
- * \note           This function is not available (always returns an error)
- *                 when record compression is enabled.
- *
  * \sa             mbedtls_ssl_set_mtu()
  * \sa             mbedtls_ssl_get_output_max_frag_len()
  * \sa             mbedtls_ssl_get_input_max_frag_len()
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 318591b..a4d4b74 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -127,15 +127,8 @@
 
 /*
  * Allow extra bytes for record, authentication and encryption overhead:
- * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
- * and allow for a maximum of 1024 of compression expansion if
- * enabled.
+ * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256).
  */
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-#define MBEDTLS_SSL_COMPRESSION_ADD          1024
-#else
-#define MBEDTLS_SSL_COMPRESSION_ADD             0
-#endif
 
 /* This macro determines whether CBC is supported. */
 #if defined(MBEDTLS_CIPHER_MODE_CBC) &&                               \
@@ -185,8 +178,7 @@
 #define MBEDTLS_SSL_MAX_CID_EXPANSION        0
 #endif
 
-#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD +    \
-                                       MBEDTLS_MAX_IV_LENGTH +          \
+#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_MAX_IV_LENGTH +          \
                                        MBEDTLS_SSL_MAC_ADD +            \
                                        MBEDTLS_SSL_PADDING_ADD +        \
                                        MBEDTLS_SSL_MAX_CID_EXPANSION    \
@@ -292,15 +284,6 @@
 }
 #endif
 
-#ifdef MBEDTLS_ZLIB_SUPPORT
-/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
-#define MBEDTLS_SSL_COMPRESS_BUFFER_LEN (                               \
-        ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN )      \
-        ? MBEDTLS_SSL_IN_BUFFER_LEN                                     \
-        : MBEDTLS_SSL_OUT_BUFFER_LEN                                    \
-        )
-#endif
-
 /*
  * TLS extension flags (for extensions with outgoing ServerHello content
  * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
@@ -750,14 +733,6 @@
     unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-    /*
-     * Session specific compression layer
-     */
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    z_stream ctx_deflate;               /*!<  compression context     */
-    z_stream ctx_inflate;               /*!<  decompression context   */
-#endif
-
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
     /* We need the Hello random bytes in order to re-derive keys from the
      * Master Secret and other session info, see ssl_populate_transform() */