Add documentation warnings for weak algorithms
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index 0f93fbf..d516042 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -19,6 +19,11 @@
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
+ *
+ * \warning MD2 is considered a weak message digest and its use constitutes a
+ * security risk. We recommend considering stronger message
+ * digests instead.
+ *
*/
#ifndef MBEDTLS_MD2_H
#define MBEDTLS_MD2_H
@@ -41,6 +46,11 @@
/**
* \brief MD2 context structure
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
typedef struct
{
@@ -55,6 +65,11 @@
* \brief Initialize MD2 context
*
* \param ctx MD2 context to be initialized
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_md2_init( mbedtls_md2_context *ctx );
@@ -62,6 +77,11 @@
* \brief Clear MD2 context
*
* \param ctx MD2 context to be cleared
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_md2_free( mbedtls_md2_context *ctx );
@@ -70,6 +90,11 @@
*
* \param dst The destination context
* \param src The context to be cloned
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_md2_clone( mbedtls_md2_context *dst,
const mbedtls_md2_context *src );
@@ -78,6 +103,11 @@
* \brief MD2 context setup
*
* \param ctx context to be initialized
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_md2_starts( mbedtls_md2_context *ctx );
@@ -87,6 +117,11 @@
* \param ctx MD2 context
* \param input buffer holding the data
* \param ilen length of the input data
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
@@ -95,6 +130,11 @@
*
* \param ctx MD2 context
* \param output MD2 checksum result
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
@@ -116,6 +156,11 @@
* \param input buffer holding the data
* \param ilen length of the input data
* \param output MD2 checksum result
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
@@ -123,6 +168,11 @@
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
+ *
+ * \warning MD2 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
int mbedtls_md2_self_test( int verbose );