Add documentation warnings for weak algorithms MD2, MD4, MD5, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead.

commit: bbca8c5d3c531cb26cad0a642cbdf48287a79cab [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Sep 25 14:53:51 2017 +0100
committer: Jaeden Amero <jaeden.amero@arm.com> Tue Jan 30 14:40:10 2018 +0000
tree: db0cf119c1228a075975dafffd8b02ced64bbfaa
parent: 3b8fbaab870cc31179f77fa5b3ba83d6ba0bc8bd [diff] [blame]
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 97b9226..7ac0fd1 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h

@@ -68,6 +68,13 @@
 extern "C" {
 #endif
 
+/**
+ * \brief     An enumeration of supported ciphers.
+ *
+ * \warning   ARC4 and DES are considered weak ciphers and their use
+ *            constitutes a security risk. We recommend considering stronger
+ *            ciphers instead.
+ */
 typedef enum {
     MBEDTLS_CIPHER_ID_NONE = 0,
     MBEDTLS_CIPHER_ID_NULL,
@@ -79,6 +86,13 @@
     MBEDTLS_CIPHER_ID_ARC4,
 } mbedtls_cipher_id_t;
 
+/**
+ * \brief     An enumeration of supported (cipher, mode) pairs.
+ *
+ * \warning   ARC4 and DES are considered weak ciphers and their use
+ *            constitutes a security risk. We recommend considering stronger
+ *            ciphers instead.
+ */
 typedef enum {
     MBEDTLS_CIPHER_NONE = 0,
     MBEDTLS_CIPHER_NULL,
commit	bbca8c5d3c531cb26cad0a642cbdf48287a79cab	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Sep 25 14:53:51 2017 +0100
committer	Jaeden Amero <jaeden.amero@arm.com>	Tue Jan 30 14:40:10 2018 +0000
tree	db0cf119c1228a075975dafffd8b02ced64bbfaa
parent	3b8fbaab870cc31179f77fa5b3ba83d6ba0bc8bd [diff] [blame]