Add documentation warnings for weak algorithms MD2, MD4, MD5, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead.

commit: 15e49516518e09d20c100c2ccbd329ab994a4a02 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Sep 25 14:53:51 2017 +0100
committer: Jaeden Amero <jaeden.amero@arm.com> Tue Jan 30 10:39:32 2018 +0000
tree: d1e99044c273c57c52f9b48082a8448480b3bc12
parent: 6138cb3cf300db5ad2edfbcc1ef30b917d6c085b [diff] [blame]
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 70000f5..464c4ad 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h

@@ -65,6 +65,13 @@
 extern "C" {
 #endif
 
+/**
+ * \brief     Enumeration of supported ciphers
+ *
+ * \warning   ARC4 and DES are considered weak ciphers and their use
+ *            constitutes a security risk. We recommend considering stronger
+ *            ciphers instead.
+ */
 typedef enum {
     MBEDTLS_CIPHER_ID_NONE = 0,
     MBEDTLS_CIPHER_ID_NULL,
@@ -76,6 +83,13 @@
     MBEDTLS_CIPHER_ID_ARC4,
 } mbedtls_cipher_id_t;
 
+/**
+ * \brief     Enumeration of supported (cipher,mode) pairs
+ *
+ * \warning   ARC4 and DES are considered weak ciphers and their use
+ *            constitutes a security risk. We recommend considering stronger
+ *            ciphers instead.
+ */
 typedef enum {
     MBEDTLS_CIPHER_NONE = 0,
     MBEDTLS_CIPHER_NULL,
commit	15e49516518e09d20c100c2ccbd329ab994a4a02	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Sep 25 14:53:51 2017 +0100
committer	Jaeden Amero <jaeden.amero@arm.com>	Tue Jan 30 10:39:32 2018 +0000
tree	d1e99044c273c57c52f9b48082a8448480b3bc12
parent	6138cb3cf300db5ad2edfbcc1ef30b917d6c085b [diff] [blame]