Add documentation warnings for weak algorithms

MD2, MD4, MD5, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead.
2017-09-25 14:53:51 +01:00 · 2017-09-25 14:53:51 +01:00 · bbca8c5d3c
commit bbca8c5d3c
parent 3b8fbaab87
9 changed files with 482 additions and 5 deletions
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@ -44,6 +44,14 @@
 extern "C" {
 #endif

+/**
+ * \brief     Enumeration of supported message digests
+ *
+ * \warning   MD2, MD4, MD5 and SHA-1 are considered weak message digests and
+ *            their use constitutes a security risk. We recommend considering
+ *            stronger message digests instead.
+ *
+ */
 typedef enum {
    MBEDTLS_MD_NONE=0,
    MBEDTLS_MD_MD2,