Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0

Update the default hash and curve selection for X.509 and TLS
This commit is contained in:
Manuel Pégourié-Gonnard 2021-06-22 12:08:37 +02:00 committed by GitHub
commit 3e7ddb2bb6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 235 additions and 152 deletions

View file

@ -2901,7 +2901,6 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_ECP_C)
/**
* \brief Set the allowed curves in order of preference.
* (Default: all defined curves.)
*
* On server: this only affects selection of the ECDHE curve;
* the curves used for ECDH and ECDSA are determined by the
@ -2922,6 +2921,19 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
* \note This list should be ordered by decreasing preference
* (preferred curve first).
*
* \note The default list is the same set of curves that
* #mbedtls_x509_crt_profile_default allows, plus
* ECDHE-only curves selected according to the same criteria.
* The order favors curves with the lowest resource usage.
*
* \note New minor versions of Mbed TLS may extend this list,
* for example if new curves are added to the library.
* New minor versions of Mbed TLS will not remove items
* from this list unless serious security concerns require it.
* New minor versions of Mbed TLS may change the order in
* keeping with the general principle of favoring the lowest
* resource usage.
*
* \param conf SSL configuration
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
@ -2933,7 +2945,6 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
* (Default: all available hashes except MD5.)
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
@ -2945,6 +2956,18 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
* \note This list should be ordered by decreasing preference
* (preferred hash first).
*
* \note By default, all supported hashes whose length is at least
* 256 bits are allowed. This is the same set as the default
* for certificate verification
* (#mbedtls_x509_crt_profile_default).
* The preference order is currently unspecified and may
* change in future versions.
*
* \note New minor versions of Mbed TLS may extend this list,
* for example if new curves are added to the library.
* New minor versions of Mbed TLS will not remove items
* from this list unless serious security concerns require it.
*
* \param conf SSL configuration
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.