Remove SHA-1 as a fallback option - it's 2020, there shouldn't be too many systems out there where SHA-1 is the only available hash option, so its usefulness is limited - OTOH testing configurations without SHA-2 reveal bugs that are not easy to fix in a fully compatible way So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1 as a fallback option here. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 138109133d2f9121b199dc7777130c17a135ad45 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jun 18 12:14:34 2020 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Jun 19 11:00:19 2020 +0200
tree: 7fd3b3465bd17f3b6d5e0636a305916fd88f156e
parent: 979728838375f7d750c50c60f1672f41b32c008e [diff] [blame]
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 473488c..255cef3 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -129,9 +129,8 @@
     defined(MBEDTLS_HMAC_DRBG_C) ||         \
     defined(MBEDTLS_SHA512_C) ||            \
     defined(MBEDTLS_SHA256_C) ||            \
-    defined(MBEDTLS_SHA1_C) ||              \
     defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
-#error "MBEDTLS_ECP_C requires a DRBG or SHA module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
+#error "MBEDTLS_ECP_C requires a DRBG or SHA-2 module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
commit	138109133d2f9121b199dc7777130c17a135ad45	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Jun 18 12:14:34 2020 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Jun 19 11:00:19 2020 +0200
tree	7fd3b3465bd17f3b6d5e0636a305916fd88f156e
parent	979728838375f7d750c50c60f1672f41b32c008e [diff] [blame]