eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove SHA-1 as a fallback option

Browse source 
- it's 2020, there shouldn't be too many systems out there where SHA-1 is the
  only available hash option, so its usefulness is limited
- OTOH testing configurations without SHA-2 reveal bugs that are not easy to
  fix in a fully compatible way

So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1
as a fallback option here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2020-06-18 12:14:34 +02:00
parent 2ebb1e18e9
commit 2df5857dbe
5 changed files with 17 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

3
include/mbedtls/check_config.h
View file

@ -146,9 +146,8 @@
defined(MBEDTLS_HMAC_DRBG_C) || \
defined(MBEDTLS_SHA512_C) || \
defined(MBEDTLS_SHA256_C) || \
defined(MBEDTLS_SHA1_C) || \
defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
#error "MBEDTLS_ECP_C requires a DRBG or SHA module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
#error "MBEDTLS_ECP_C requires a DRBG or SHA-2 module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)

11
include/mbedtls/config.h
View file

@ -788,12 +788,11 @@
* against some side-channel attacks.
*
* This protection introduces a dependency of the ECP module on one of the
* DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512, SHA-256 or SHA-1).
* For very constrained applications that don't require this protection
* (for example, because you're only doing signature verification, so not
* manipulating any secret, or because local/physical side-channel attacks are
* outside your threat model), it might be desirable to get rid of that
* dependency.
* DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512 or SHA-256.) For very
* constrained applications that don't require this protection (for example,
* because you're only doing signature verification, so not manipulating any
* secret, or because local/physical side-channel attacks are outside your
* threat model), it might be desirable to get rid of that dependency.
*
* \warning Enabling this option makes some uses of ECP vulnerable to some
* side-channel attacks. Only enable it if you know that's not a problem for