Drop pbkdf2 module (superseded by pkcs5)
diff --git a/ChangeLog b/ChangeLog
index 2aad569..ae9b11b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
* Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes
+ * Remove the PBKDF2 module (use PKCS5).
* Remove POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()).
* Headers are now found in the 'mbedtls' directory (previously 'polarssl').
* Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 7938752..05b568d 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1815,20 +1815,6 @@
#define POLARSSL_PADLOCK_C
/**
- * \def POLARSSL_PBKDF2_C
- *
- * Enable PKCS#5 PBKDF2 key derivation function.
- * DEPRECATED: Use POLARSSL_PKCS5_C instead
- *
- * Module: library/pbkdf2.c
- *
- * Requires: POLARSSL_PKCS5_C
- *
- * This module adds support for the PKCS#5 PBKDF2 key derivation function.
- */
-#define POLARSSL_PBKDF2_C
-
-/**
* \def POLARSSL_PEM_PARSE_C
*
* Enable PEM decoding / parsing.
diff --git a/include/mbedtls/pbkdf2.h b/include/mbedtls/pbkdf2.h
deleted file mode 100644
index 5c06bfb..0000000
--- a/include/mbedtls/pbkdf2.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * \file pbkdf2.h
- *
- * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
- * DEPRECATED: use pkcs5.h instead.
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- *
- * Copyright (C) 2006-2012, ARM Limited, All Rights Reserved
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifndef POLARSSL_PBKDF2_H
-#define POLARSSL_PBKDF2_H
-
-#include "md.h"
-
-#include <stddef.h>
-
-#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
-#include <basetsd.h>
-typedef UINT32 uint32_t;
-#else
-#include <inttypes.h>
-#endif
-
-#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA -0x007C /**< Bad input parameters to function. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief PKCS#5 PBKDF2 using HMAC
- * DEPRECATED: Use pkcs5_pbkdf2_hmac() instead!
- *
- * \param ctx Generic HMAC context
- * \param password Password to use when generating key
- * \param plen Length of password
- * \param salt Salt to use when generating key
- * \param slen Length of salt
- * \param iteration_count Iteration count
- * \param key_length Length of generated key
- * \param output Generated key. Must be at least as big as key_length
- *
- * \returns 0 on success, or a POLARSSL_ERR_xxx code if verification fails.
- */
-int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
- size_t plen, const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output );
-
-/**
- * \brief Checkup routine
- * DEPRECATED: Use pkcs5_self_test() instead!
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int pbkdf2_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pbkdf2.h */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index b67fb2c..f42c3d9 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -39,7 +39,6 @@
net.c
oid.c
padlock.c
- pbkdf2.c
pem.c
pkcs5.c
pkcs11.c
diff --git a/library/Makefile b/library/Makefile
index 81a164c..846dee9 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -56,8 +56,7 @@
md.o md_wrap.o md2.o \
md4.o md5.o \
memory_buffer_alloc.o net.o \
- oid.o \
- padlock.o pbkdf2.o pem.o \
+ oid.o padlock.o pem.o \
pkcs5.o pkcs11.o pkcs12.o \
pk.o pk_wrap.o pkparse.o \
pkwrite.o platform.o ripemd160.o \
diff --git a/library/error.c b/library/error.c
index cc23352..9d79240 100644
--- a/library/error.c
+++ b/library/error.c
@@ -125,10 +125,6 @@
#include "mbedtls/padlock.h"
#endif
-#if defined(POLARSSL_PBKDF2_C)
-#include "mbedtls/pbkdf2.h"
-#endif
-
#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
#include "mbedtls/pem.h"
#endif
@@ -701,11 +697,6 @@
polarssl_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
#endif /* POLARSSL_PADLOCK_C */
-#if defined(POLARSSL_PBKDF2_C)
- if( use_ret == -(POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA) )
- polarssl_snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
-#endif /* POLARSSL_PBKDF2_C */
-
#if defined(POLARSSL_RIPEMD160_C)
if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) )
polarssl_snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" );
diff --git a/library/pbkdf2.c b/library/pbkdf2.c
deleted file mode 100644
index 863d016..0000000
--- a/library/pbkdf2.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * \file pbkdf2.c
- *
- * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
- * DEPRECATED: Use pkcs5.c instead
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- *
- * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * PBKDF2 is part of PKCS#5
- *
- * http://tools.ietf.org/html/rfc2898 (Specification)
- * http://tools.ietf.org/html/rfc6070 (Test vectors)
- */
-
-#if !defined(POLARSSL_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include POLARSSL_CONFIG_FILE
-#endif
-
-#if defined(POLARSSL_PBKDF2_C)
-
-#include "mbedtls/pbkdf2.h"
-#include "mbedtls/pkcs5.h"
-
-int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen,
- const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output )
-{
- return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
- key_length, output );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-int pbkdf2_self_test( int verbose )
-{
- return pkcs5_self_test( verbose );
-}
-#endif /* POLARSSL_SELF_TEST */
-
-#endif /* POLARSSL_PBKDF2_C */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 0e1a8be..d4ce1f7 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -49,7 +49,6 @@
#include "mbedtls/x509.h"
#include "mbedtls/xtea.h"
#include "mbedtls/pkcs5.h"
-#include "mbedtls/pbkdf2.h"
#include "mbedtls/ecp.h"
#include "mbedtls/timing.h"
@@ -203,17 +202,12 @@
return( ret );
#endif
-/* Slow tests last */
-
-#if defined(POLARSSL_PBKDF2_C)
- if( ( ret = pbkdf2_self_test( v ) ) != 0 )
- return( ret );
-#else
#if defined(POLARSSL_PKCS5_C)
if( ( ret = pkcs5_self_test( v ) ) != 0 )
return( ret );
#endif
-#endif
+
+/* Slow tests last */
/* Not stable enough on Windows and FreeBSD yet */
#if __linux__ && defined(POLARSSL_TIMING_C)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 2cfbc18..af4b75f 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -75,7 +75,6 @@
add_test_suite(mdx)
add_test_suite(memory_buffer_alloc)
add_test_suite(mpi)
-add_test_suite(pbkdf2)
add_test_suite(pem)
add_test_suite(pkcs1_v21)
add_test_suite(pkcs5)
diff --git a/tests/Makefile b/tests/Makefile
index 408e953..6aeee79 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -74,7 +74,7 @@
test_suite_hmac_drbg.pr$(EXEXT) \
test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \
test_suite_memory_buffer_alloc$(EXEXT) \
- test_suite_mpi$(EXEXT) test_suite_pbkdf2$(EXEXT) \
+ test_suite_mpi$(EXEXT) \
test_suite_pem$(EXEXT) \
test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \
test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \
diff --git a/tests/suites/test_suite_pbkdf2.data b/tests/suites/test_suite_pbkdf2.data
deleted file mode 100644
index 7ee0360..0000000
--- a/tests/suites/test_suite_pbkdf2.data
+++ /dev/null
@@ -1,19 +0,0 @@
-PBKDF2 RFC 6070 Test Vector #1 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":1:20:"0c60c80f961f0e71f3a9b524af6012062fe037a6"
-
-PBKDF2 RFC 6070 Test Vector #2 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":2:20:"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"
-
-PBKDF2 RFC 6070 Test Vector #3 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f7264":"73616c74":4096:20:"4b007901b765489abead49d926f721d065a429c1"
-
-PBKDF2 RFC 6070 Test Vector #5 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
-
-PBKDF2 RFC 6070 Test Vector #6 (SHA1)
-depends_on:POLARSSL_SHA1_C
-pbkdf2_hmac:POLARSSL_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
diff --git a/tests/suites/test_suite_pbkdf2.function b/tests/suites/test_suite_pbkdf2.function
deleted file mode 100644
index 6b8b278..0000000
--- a/tests/suites/test_suite_pbkdf2.function
+++ /dev/null
@@ -1,48 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/pbkdf2.h"
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:POLARSSL_PBKDF2_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void pbkdf2_hmac( int hash, char *hex_password_string, char *hex_salt_string,
- int it_cnt, int key_len, char *result_key_string )
-{
- unsigned char pw_str[100];
- unsigned char salt_str[100];
- unsigned char dst_str[100];
-
- md_context_t ctx;
- const md_info_t *info;
-
- int pw_len, salt_len;
- unsigned char key[100];
-
- md_init( &ctx );
-
- memset(pw_str, 0x00, 100);
- memset(salt_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
-
- pw_len = unhexify( pw_str, hex_password_string );
- salt_len = unhexify( salt_str, hex_salt_string );
-
-
- info = md_info_from_type( hash );
- TEST_ASSERT( info != NULL );
- if( info == NULL )
- return;
- TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
- TEST_ASSERT( pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
- it_cnt, key_len, key ) == 0 );
-
- hexify( dst_str, key, key_len );
- TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
-
-exit:
- md_free( &ctx );
-}
-/* END_CASE */
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 56390db..a7d0a30 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -180,7 +180,6 @@
<ClInclude Include="..\..\include\mbedtls\net.h" />
<ClInclude Include="..\..\include\mbedtls\oid.h" />
<ClInclude Include="..\..\include\mbedtls\padlock.h" />
- <ClInclude Include="..\..\include\mbedtls\pbkdf2.h" />
<ClInclude Include="..\..\include\mbedtls\pem.h" />
<ClInclude Include="..\..\include\mbedtls\pk.h" />
<ClInclude Include="..\..\include\mbedtls\pk_wrap.h" />
@@ -243,7 +242,6 @@
<ClCompile Include="..\..\library\net.c" />
<ClCompile Include="..\..\library\oid.c" />
<ClCompile Include="..\..\library\padlock.c" />
- <ClCompile Include="..\..\library\pbkdf2.c" />
<ClCompile Include="..\..\library\pem.c" />
<ClCompile Include="..\..\library\pk.c" />
<ClCompile Include="..\..\library\pk_wrap.c" />
diff --git a/visualc/VS6/mbedtls.dsp b/visualc/VS6/mbedtls.dsp
index 3591b34..872502a 100644
--- a/visualc/VS6/mbedtls.dsp
+++ b/visualc/VS6/mbedtls.dsp
@@ -229,10 +229,6 @@
# End Source File
# Begin Source File
-SOURCE=..\..\library\pbkdf2.c
-# End Source File
-# Begin Source File
-
SOURCE=..\..\library\pem.c
# End Source File
# Begin Source File
@@ -517,10 +513,6 @@
# End Source File
# Begin Source File
-SOURCE=..\..\include\mbedtls\pbkdf2.h
-# End Source File
-# Begin Source File
-
SOURCE=..\..\include\mbedtls\pem.h
# End Source File
# Begin Source File