Add documentation warnings for weak algorithms MD2, MD4, MD5, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead.

commit: ce0c9dbeb64d8d748fd2e321d8ad34c78f888206 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Sep 28 15:39:45 2017 +0100
committer: Jaeden Amero <jaeden.amero@arm.com> Tue Jan 30 10:38:40 2018 +0000
tree: cd7053ff1acb371457b75e395bb11f29ac751032
parent: 8fdb9daa597ec8269268d4e47aa8a2ed4e5c76ab [diff] [blame]
diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h
index bde1d47..9695b3b 100644
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h

@@ -66,6 +66,13 @@
 extern "C" {
 #endif
 
+/**
+ * \brief     Enumeration of supported ciphers
+ *
+ * \warning   ARC4 and DES are considered weak ciphers and their use
+ *            constitutes a security risk. We recommend considering stronger
+ *            ciphers instead.
+ */
 typedef enum {
     POLARSSL_CIPHER_ID_NONE = 0,
     POLARSSL_CIPHER_ID_NULL,
@@ -77,6 +84,14 @@
     POLARSSL_CIPHER_ID_ARC4,
 } cipher_id_t;
 
+/**
+ * \brief     Enumeration of supported (cipher,mode) pairs
+ *
+ * \warning   ARC4 and DES are considered weak ciphers and their use
+ *            constitutes a security risk. We recommend considering stronger
+ *            ciphers instead.
+ *
+ */
 typedef enum {
     POLARSSL_CIPHER_NONE = 0,
     POLARSSL_CIPHER_NULL,
commit	ce0c9dbeb64d8d748fd2e321d8ad34c78f888206	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Sep 28 15:39:45 2017 +0100
committer	Jaeden Amero <jaeden.amero@arm.com>	Tue Jan 30 10:38:40 2018 +0000
tree	cd7053ff1acb371457b75e395bb11f29ac751032
parent	8fdb9daa597ec8269268d4e47aa8a2ed4e5c76ab [diff] [blame]