Add documentation warnings for weak algorithms
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 4d3a164..613407a 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -2,6 +2,10 @@
* \file sha1.h
*
* \brief SHA-1 cryptographic hash function
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. We recommend considering stronger message
+ * digests instead.
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@@ -50,6 +54,11 @@
/**
* \brief SHA-1 context structure
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
typedef struct
{
@@ -63,6 +72,11 @@
* \brief Initialize SHA-1 context
*
* \param ctx SHA-1 context to be initialized
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
@@ -70,6 +84,11 @@
* \brief Clear SHA-1 context
*
* \param ctx SHA-1 context to be cleared
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
@@ -78,6 +97,11 @@
*
* \param dst The destination context
* \param src The context to be cloned
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src );
@@ -88,6 +112,11 @@
* \param ctx context to be initialized
*
* \return 0 if successful
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
@@ -99,6 +128,11 @@
* \param ilen length of the input data
*
* \return 0 if successful
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
const unsigned char *input,
@@ -111,6 +145,11 @@
* \param output SHA-1 checksum result
*
* \return 0 if successful
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
unsigned char output[20] );
@@ -122,6 +161,11 @@
* \param data buffer holding one block of data
*
* \return 0 if successful
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] );
@@ -138,6 +182,11 @@
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0
*
* \param ctx context to be initialized
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts(
mbedtls_sha1_context *ctx )
@@ -153,6 +202,11 @@
* \param ctx SHA-1 context
* \param input buffer holding the data
* \param ilen length of the input data
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update(
mbedtls_sha1_context *ctx,
@@ -169,6 +223,11 @@
*
* \param ctx SHA-1 context
* \param output SHA-1 checksum result
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish(
mbedtls_sha1_context *ctx,
@@ -184,6 +243,11 @@
*
* \param ctx SHA-1 context
* \param data buffer holding one block of data
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process(
mbedtls_sha1_context *ctx,
@@ -215,6 +279,11 @@
* \param output SHA-1 checksum result
*
* \return 0 if successful
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
int mbedtls_sha1_ret( const unsigned char *input,
size_t ilen,
@@ -234,6 +303,11 @@
* \param input buffer holding the data
* \param ilen length of the input data
* \param output SHA-1 checksum result
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input,
size_t ilen,
@@ -249,6 +323,11 @@
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
*/
int mbedtls_sha1_self_test( int verbose );