Remove detection of _has_native_pbkdf2.

pallets · Apr 21, 2018 · 0751573 · 0751573
1 parent e836a2f
commit 0751573
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 43 deletions.
diff --git a/tests/test_security.py b/tests/test_security.py
@@ -134,13 +134,3 @@ def check(data, salt, iterations, keylen, hashfunc, expected):
           '139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1')
     check('X' * 65, 'pass phrase exceeds block size', 1200, 32, 'sha1',
           '9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a')
-
-
-def test_pbkdf2_non_native():
-    import werkzeug.security as sec
-    prev_value = sec._has_native_pbkdf2
-    sec._has_native_pbkdf2 = None
-
-    assert pbkdf2_hex('password', 'salt', 1, 20, 'sha1') \
-        == '0c60c80f961f0e71f3a9b524af6012062fe037a6'
-    sec._has_native_pbkdf2 = prev_value
diff --git a/werkzeug/security.py b/werkzeug/security.py
@@ -15,8 +15,6 @@
 import codecs
 from struct import Struct
 from random import SystemRandom
-from operator import xor
-from itertools import starmap
 
 from werkzeug._compat import range_type, PY2, text_type, izip, to_bytes, \
     to_native
@@ -52,9 +50,6 @@ def pbkdf2_hex(data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS,
     return to_native(codecs.encode(rv, 'hex_codec'))
 
 
-_has_native_pbkdf2 = hasattr(hashlib, 'pbkdf2_hmac')
-
-
 def pbkdf2_bin(data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS,
                keylen=None, hashfunc=None):
     """Returns a binary digest for the PBKDF2 hash algorithm of `data`
@@ -79,34 +74,12 @@ def pbkdf2_bin(data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS,
     data = to_bytes(data)
     salt = to_bytes(salt)
 
-    # If we're on Python with pbkdf2_hmac we can try to use it for
-    # compatible digests.
-    if _has_native_pbkdf2:
-        if callable(hashfunc):
-            _test_hash = hashfunc()
-            hash_name = getattr(_test_hash, 'name', None)
-        else:
-            hash_name = hashfunc
-        if hash_name:
-            return hashlib.pbkdf2_hmac(
-                hash_name, data, salt, iterations, keylen)
-
-    mac = _create_mac(data, None, hashfunc)
-    if not keylen:
-        keylen = mac.digest_size
-
-    def _pseudorandom(x, mac=mac):
-        h = mac.copy()
-        h.update(x)
-        return bytearray(h.digest())
-    buf = bytearray()
-    for block in range_type(1, -(-keylen // mac.digest_size) + 1):
-        rv = u = _pseudorandom(salt + _pack_int(block))
-        for i in range_type(iterations - 1):
-            u = _pseudorandom(bytes(u))
-            rv = bytearray(starmap(xor, izip(rv, u)))
-        buf.extend(rv)
-    return bytes(buf[:keylen])
+    if callable(hashfunc):
+        _test_hash = hashfunc()
+        hash_name = getattr(_test_hash, 'name', None)
+    else:
+        hash_name = hashfunc
+    return hashlib.pbkdf2_hmac(hash_name, data, salt, iterations, keylen)
 
 
 def safe_str_cmp(a, b):