5 files changed, 28 insertions, 120 deletions
diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py
index 6f28c541..21ac1573 100644
--- a/cryptography/hazmat/backends/openssl/rsa.py
+++ b/cryptography/hazmat/backends/openssl/rsa.py
@@ -30,10 +30,7 @@ from cryptography.hazmat.primitives.interfaces import (
 
 
 def _get_rsa_pss_salt_length(pss, key_size, digest_size):
-    if pss._mgf._salt_length is not None:
-        salt = pss._mgf._salt_length
-    else:
-        salt = pss._salt_length
+    salt = pss._salt_length
 
     if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH:
         # bit length - 1 per RFC 3447
diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py
index d44bbda5..3967e065 100644
--- a/cryptography/hazmat/primitives/asymmetric/padding.py
+++ b/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -13,8 +13,6 @@
 
 from __future__ import absolute_import, division, print_function
 
-import warnings
-
 import six
 
 from cryptography import utils
@@ -31,26 +29,15 @@ class PSS(object):
     MAX_LENGTH = object()
     name = "EMSA-PSS"
 
-    def __init__(self, mgf, salt_length=None):
+    def __init__(self, mgf, salt_length):
         self._mgf = mgf
 
-        if salt_length is None:
-            warnings.warn(
-                "salt_length is deprecated on MGF1 and should be added via the"
-                " PSS constructor.",
-                utils.DeprecatedIn04,
-                stacklevel=2
-            )
-        else:
-            if (not isinstance(salt_length, six.integer_types) and
-                    salt_length is not self.MAX_LENGTH):
-                raise TypeError("salt_length must be an integer.")
-
-            if salt_length is not self.MAX_LENGTH and salt_length < 0:
-                raise ValueError("salt_length must be zero or greater.")
+        if (not isinstance(salt_length, six.integer_types) and
+                salt_length is not self.MAX_LENGTH):
+            raise TypeError("salt_length must be an integer.")
 
-        if salt_length is None and self._mgf._salt_length is None:
-            raise ValueError("You must supply salt_length.")
+        if salt_length is not self.MAX_LENGTH and salt_length < 0:
+            raise ValueError("salt_length must be zero or greater.")
 
         self._salt_length = salt_length
 
@@ -71,24 +58,8 @@ class OAEP(object):
 class MGF1(object):
     MAX_LENGTH = object()
 
-    def __init__(self, algorithm, salt_length=None):
+    def __init__(self, algorithm):
         if not isinstance(algorithm, interfaces.HashAlgorithm):
             raise TypeError("Expected instance of interfaces.HashAlgorithm.")
 
         self._algorithm = algorithm
-
-        if salt_length is not None:
-            warnings.warn(
-                "salt_length is deprecated on MGF1 and should be passed to "
-                "the PSS constructor instead.",
-                utils.DeprecatedIn04,
-                stacklevel=2
-            )
-            if (not isinstance(salt_length, six.integer_types) and
-                    salt_length is not self.MAX_LENGTH):
-                raise TypeError("salt_length must be an integer.")
-
-            if salt_length is not self.MAX_LENGTH and salt_length < 0:
-                raise ValueError("salt_length must be zero or greater.")
-
-        self._salt_length = salt_length
diff --git a/cryptography/utils.py b/cryptography/utils.py
index 1db16151..9c574085 100644
--- a/cryptography/utils.py
+++ b/cryptography/utils.py
@@ -16,8 +16,7 @@ from __future__ import absolute_import, division, print_function
 import sys
 
 
-DeprecatedIn04 = DeprecationWarning
-DeprecatedIn05 = PendingDeprecationWarning
+DeprecatedIn05 = DeprecationWarning
 
 
 def register_interface(iface):
diff --git a/docs/hazmat/primitives/asymmetric/padding.rst b/docs/hazmat/primitives/asymmetric/padding.rst
index 40084799..00c77590 100644
--- a/docs/hazmat/primitives/asymmetric/padding.rst
+++ b/docs/hazmat/primitives/asymmetric/padding.rst
@@ -63,8 +63,8 @@ Mask generation functions
 
     .. versionadded:: 0.3
 
-    .. versionchanged:: 0.4
-        Deprecated the ``salt_length`` parameter.
+    .. versionchanged:: 0.6
+        Removed the deprecated ``salt_length`` parameter.
 
     MGF1 (Mask Generation Function 1) is used as the mask generation function
     in :class:`PSS` padding. It takes a hash algorithm and a salt length.
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 04908453..8e850737 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -511,46 +511,6 @@ class TestRSASignature(object):
         verifier.update(binascii.unhexlify(example["message"]))
         verifier.verify()
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.rsa_padding_supported(
-            padding.PSS(
-                mgf=padding.MGF1(hashes.SHA1()),
-                salt_length=padding.PSS.MAX_LENGTH
-            )
-        ),
-        skip_message="Does not support PSS."
-    )
-    def test_deprecated_pss_mgf1_salt_length(self, backend):
-        private_key = RSA_KEY_512.private_key(backend)
-        signer = private_key.signer(
-            pytest.deprecated_call(
-                padding.PSS,
-                mgf=pytest.deprecated_call(
-                    padding.MGF1,
-                    algorithm=hashes.SHA1(),
-                    salt_length=padding.MGF1.MAX_LENGTH
-                )
-            ),
-            hashes.SHA1()
-        )
-        signer.update(b"so deprecated")
-        signature = signer.finalize()
-        assert len(signature) == math.ceil(private_key.key_size / 8.0)
-        verifier = private_key.public_key().verifier(
-            signature,
-            pytest.deprecated_call(
-                padding.PSS,
-                mgf=pytest.deprecated_call(
-                    padding.MGF1,
-                    algorithm=hashes.SHA1(),
-                    salt_length=padding.MGF1.MAX_LENGTH
-                )
-            ),
-            hashes.SHA1()
-        )
-        verifier.update(b"so deprecated")
-        verifier.verify()
-
     @pytest.mark.parametrize(
         "hash_alg",
         [hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()]
@@ -701,7 +661,13 @@ class TestRSASignature(object):
     def test_unsupported_pss_mgf(self, backend):
         private_key = RSA_KEY_512.private_key(backend)
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
-            private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1())
+            private_key.signer(
+                padding.PSS(
+                    mgf=DummyMGF(),
+                    salt_length=padding.PSS.MAX_LENGTH
+                ),
+                hashes.SHA1()
+            )
 
     @pytest.mark.supported(
         only_if=lambda backend: backend.rsa_padding_supported(
@@ -1014,8 +980,14 @@ class TestRSAVerification(object):
         private_key = RSA_KEY_512.private_key(backend)
         public_key = private_key.public_key()
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
-            public_key.verifier(b"sig", padding.PSS(mgf=DummyMGF()),
-                                hashes.SHA1())
+            public_key.verifier(
+                b"sig",
+                padding.PSS(
+                    mgf=DummyMGF(),
+                    salt_length=padding.PSS.MAX_LENGTH
+                ),
+                hashes.SHA1()
+            )
 
     @pytest.mark.supported(
         only_if=lambda backend: backend.rsa_padding_supported(
@@ -1307,12 +1279,6 @@ class TestRSAPKCS1Verification(object):
 
 
 class TestPSS(object):
-    def test_deprecation_warning(self):
-        pytest.deprecated_call(
-            padding.PSS,
-            mgf=padding.MGF1(hashes.SHA1(), 20)
-        )
-
     def test_invalid_salt_length_not_integer(self):
         with pytest.raises(TypeError):
             padding.PSS(
@@ -1331,10 +1297,6 @@ class TestPSS(object):
                 salt_length=-1
             )
 
-    def test_no_salt_length_supplied_pss_or_mgf1(self):
-        with pytest.raises(ValueError):
-            padding.PSS(mgf=padding.MGF1(hashes.SHA1()))
-
     def test_valid_pss_parameters(self):
         algorithm = hashes.SHA1()
         salt_length = algorithm.digest_size
@@ -1352,35 +1314,14 @@ class TestPSS(object):
 
 
 class TestMGF1(object):
-    def test_deprecation_warning(self):
-        pytest.deprecated_call(
-            padding.MGF1, algorithm=hashes.SHA1(), salt_length=20
-        )
-
     def test_invalid_hash_algorithm(self):
         with pytest.raises(TypeError):
-            padding.MGF1(b"not_a_hash", 0)
-
-    def test_invalid_salt_length_not_integer(self):
-        with pytest.raises(TypeError):
-            padding.MGF1(hashes.SHA1(), b"not_a_length")
-
-    def test_invalid_salt_length_negative_integer(self):
-        with pytest.raises(ValueError):
-            padding.MGF1(hashes.SHA1(), -1)
+            padding.MGF1(b"not_a_hash")
 
     def test_valid_mgf1_parameters(self):
         algorithm = hashes.SHA1()
-        salt_length = algorithm.digest_size
-        mgf = padding.MGF1(algorithm, salt_length)
-        assert mgf._algorithm == algorithm
-        assert mgf._salt_length == salt_length
-
-    def test_valid_mgf1_parameters_maximum(self):
-        algorithm = hashes.SHA1()
-        mgf = padding.MGF1(algorithm, padding.MGF1.MAX_LENGTH)
+        mgf = padding.MGF1(algorithm)
         assert mgf._algorithm == algorithm
-        assert mgf._salt_length == padding.MGF1.MAX_LENGTH
 
 
 class TestOAEP(object):