From a3ee13d199508f641e73c64b650227f3777d23b9 Mon Sep 17 00:00:00 2001
From: Marcos Del Sol Vives <marcos@dracon.es>
Date: Sun, 6 Nov 2016 12:22:25 +0100
Subject: [PATCH 1/4] Compile PBES2 in PKCS5 only if ASN1 is enabled

---
 library/pkcs5.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/library/pkcs5.c b/library/pkcs5.c
index 2168b292e2..fe8d00f7d1 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -38,11 +38,13 @@
 #if defined(MBEDTLS_PKCS5_C)
 
 #include "mbedtls/pkcs5.h"
+#include <string.h>
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
 #include "mbedtls/asn1.h"
 #include "mbedtls/cipher.h"
 #include "mbedtls/oid.h"
-
-#include <string.h>
+#endif
 
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
@@ -51,6 +53,22 @@
 #define mbedtls_printf printf
 #endif
 
+#if !defined(MBEDTLS_ASN1_PARSE_C)
+int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
+                 const unsigned char *pwd,  size_t pwdlen,
+                 const unsigned char *data, size_t datalen,
+                 unsigned char *output )
+{
+    ((void) pbe_params);
+    ((void) mode);
+    ((void) pwd);
+    ((void) pwdlen);
+    ((void) data);
+    ((void) datalen);
+    ((void) output);
+    return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+}
+#else
 static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
                                       mbedtls_asn1_buf *salt, int *iterations,
                                       int *keylen, mbedtls_md_type_t *md_type )
@@ -211,6 +229,7 @@ exit:
 
     return( ret );
 }
+#endif /* MBEDTLS_ASN1_PARSE_C */
 
 int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
                        size_t plen, const unsigned char *salt, size_t slen,

From 624b557e56d660942621c6267f90c8db25c19e9b Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 27 Mar 2018 20:53:07 +0100
Subject: [PATCH 2/4] Fix coding style in pkcs5.c preprocessor directives

---
 library/pkcs5.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/pkcs5.c b/library/pkcs5.c
index fe8d00f7d1..35146b74be 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -38,13 +38,14 @@
 #if defined(MBEDTLS_PKCS5_C)
 
 #include "mbedtls/pkcs5.h"
-#include <string.h>
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 #include "mbedtls/asn1.h"
 #include "mbedtls/cipher.h"
 #include "mbedtls/oid.h"
-#endif
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+#include <string.h>
 
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"

From 748ddda4946584ea509b24ee3ac1a019b7f84350 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 27 Mar 2018 20:53:56 +0100
Subject: [PATCH 3/4] Fix test dependencies of pkcs5 pbs2 on asn1 parse

---
 tests/suites/test_suite_pkcs5.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index bb7d419a88..4c020fb100 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -46,7 +46,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
 void mbedtls_pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex,
                   char *data_hex, int ref_ret, char *ref_out_hex )
 {

From 47569d7384785c8f12d29da42453f439502e22bf Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 27 Mar 2018 21:19:50 +0100
Subject: [PATCH 4/4] Add ChangeLog entry for PBES2 when ASN1 disabled

---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 45c07fe043..2f618de1fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.1.x branch released xxxx-xx-xx
+
+Changes
+   * Provide an empty implementation of mbedtls_pkcs5_pbes2() when
+     MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2
+     without PBES2. Fixed by Marcos Del Sol Vives.
+
 = mbed TLS 2.1.11 branch released 2018-03-16
 
 Default behavior changes