Merge branch 'mbedtls-1.3' into development

* mbedtls-1.3:
  Mark a few additional deprecations
  Use proper doxygen markup to mark deprecations
  Add -fdata-sections in memory.sh too

include/mbedtls/cipher.h

@@ -376,7 +376,7 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
  * \brief               Free the cipher-specific context of ctx. Freeing ctx
  *                      itself remains the responsibility of the caller.
  *
- * \note                Deprecated: Redirects to cipher_free()
+ * \deprecated          Use cipher_free() instead
  *
  * \param ctx           Free the cipher-specific context
  *

include/mbedtls/config.h

@@ -1745,7 +1745,9 @@
 
 /**
  * \def POLARSSL_MEMORY_C
- * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead.
+ *
+ * \deprecated Use POLARSSL_PLATFORM_MEMORY instead.
+ *
  * Depends on: POLARSSL_PLATFORM_C
  */
 //#define POLARSSL_MEMORY_C
@@ -1815,6 +1817,24 @@
 #define POLARSSL_PADLOCK_C
 
 /**
+<<<<<<< HEAD:include/mbedtls/config.h
+=======
+ * \def POLARSSL_PBKDF2_C
+ *
+ * Enable PKCS#5 PBKDF2 key derivation function.
+ *
+ * \deprecated Use POLARSSL_PKCS5_C instead
+ *
+ * Module:  library/pbkdf2.c
+ *
+ * Requires: POLARSSL_PKCS5_C
+ *
+ * This module adds support for the PKCS#5 PBKDF2 key derivation function.
+ */
+#define POLARSSL_PBKDF2_C
+
+/**
+>>>>>>> mbedtls-1.3:include/polarssl/config.h
  * \def POLARSSL_PEM_PARSE_C
  *
  * Enable PEM decoding / parsing.

include/mbedtls/md.h

@@ -204,7 +204,7 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
  * \brief          Free the message-specific context of ctx. Freeing ctx itself
  *                 remains the responsibility of the caller.
  *
- * \note           Deprecated: Redirects to md_free()
+ * \deprecated     Use md_free() instead
  *
  * \param ctx      Free the message-specific context
  *

include/mbedtls/platform.h

@@ -30,7 +30,7 @@
 #include POLARSSL_CONFIG_FILE
 #endif
 
-/* Temporary compability hack for to keep the deprecated MEMORY_C working */
+/* Temporary compability hack for to keep MEMORY_C working */
 #if defined(POLARSSL_MEMORY_C) && !defined(POLARSSL_PLATFORM_MEMORY)
 #define POLARSSL_PLATFORM_MEMORY
 #endif

include/mbedtls/ssl.h

@@ -1544,8 +1544,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
  *                 up your certificate chain. The top certificate (self-signed)
  *                 can be omitted.
  *
- * \warning        This backwards-compatibility function is deprecated!
- *                 Please use \c ssl_set_own_cert() instead.
+ * \deprecated     Please use \c ssl_set_own_cert() instead.
  *
  * \param ssl      SSL context
  * \param own_cert own public certificate chain
@@ -1569,8 +1568,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
  *                 up your certificate chain. The top certificate (self-signed)
  *                 can be omitted.
  *
- * \warning        This backwards-compatibility function is deprecated!
- *                 Please use \c pk_init_ctx_rsa_alt()
+ * \deprecated     Please use \c pk_init_ctx_rsa_alt()
  *                 and \c ssl_set_own_cert() instead.
  *
  * \param ssl      SSL context

include/mbedtls/x509.h

@@ -227,8 +227,10 @@ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial );
 
 /**
  * \brief          Give an known OID, return its descriptive string.
- *                 (Deprecated. Use oid_get_extended_key_usage() instead.)
- *                 Warning: only works for extended_key_usage OIDs!
+ *
+ * \deprecated     Use oid_get_extended_key_usage() instead.
+ *
+ * \warning        Only works for extended_key_usage OIDs!
  *
  * \param oid      buffer containing the oid
  *
@@ -239,7 +241,8 @@ const char *x509_oid_get_description( x509_buf *oid );
 
 /**
  * \brief          Give an OID, return a string version of its OID number.
- *                 (Deprecated. Use oid_get_numeric_string() instead)
+ *
+ * \deprecated     Use oid_get_numeric_string() instead.
  *
  * \param buf      Buffer to write to
  * \param size     Maximum size of buffer

library/cipher.c

@@ -165,7 +165,7 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
     return( 0 );
 }
 
-/* Deprecated, redirects to cipher_free() */
+/* compatibility wrapper */
 int cipher_free_ctx( cipher_context_t *ctx )
 {
     cipher_free( ctx );

library/pbkdf2.c

@@ -0,0 +1,60 @@
+/**
+ * \file pbkdf2.c
+ *
+ * \brief Compatibility wrappers for pkcs5.c
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * PBKDF2 is part of PKCS#5
+ *
+ * http://tools.ietf.org/html/rfc2898 (Specification)
+ * http://tools.ietf.org/html/rfc6070 (Test vectors)
+ */
+
+#if !defined(POLARSSL_CONFIG_FILE)
+#include "polarssl/config.h"
+#else
+#include POLARSSL_CONFIG_FILE
+#endif
+
+#if defined(POLARSSL_PBKDF2_C)
+
+#include "polarssl/pbkdf2.h"
+#include "polarssl/pkcs5.h"
+
+int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen,
+                 const unsigned char *salt, size_t slen,
+                 unsigned int iteration_count,
+                 uint32_t key_length, unsigned char *output )
+{
+    return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
+                              key_length, output );
+}
+
+#if defined(POLARSSL_SELF_TEST)
+int pbkdf2_self_test( int verbose )
+{
+    return pkcs5_self_test( verbose );
+}
+#endif /* POLARSSL_SELF_TEST */
+
+#endif /* POLARSSL_PBKDF2_C */

scripts/memory.sh

@@ -12,7 +12,7 @@ CONFIG_H='include/mbedtls/config.h'
 
 CLIENT='mini_client'
 
-CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections'
+CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections -fdata-sections'
 CFLAGS_MEM=-g3
 
 if [ -r $CONFIG_H ]; then :; else