TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 138109133d2f9121b199dc7777130c17a135ad45^! / . / include / mbedtls
commit138109133d2f9121b199dc7777130c17a135ad45[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Jun 18 12:14:34 2020 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Fri Jun 19 11:00:19 2020 +0200
tree7fd3b3465bd17f3b6d5e0636a305916fd88f156e
parent979728838375f7d750c50c60f1672f41b32c008e [diff]
Remove SHA-1 as a fallback option

- it's 2020, there shouldn't be too many systems out there where SHA-1 is the
  only available hash option, so its usefulness is limited
- OTOH testing configurations without SHA-2 reveal bugs that are not easy to
  fix in a fully compatible way

So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1
as a fallback option here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 473488c..255cef3 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -129,9 +129,8 @@
     defined(MBEDTLS_HMAC_DRBG_C) ||         \
     defined(MBEDTLS_SHA512_C) ||            \
     defined(MBEDTLS_SHA256_C) ||            \
-    defined(MBEDTLS_SHA1_C) ||              \
     defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
-#error "MBEDTLS_ECP_C requires a DRBG or SHA module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
+#error "MBEDTLS_ECP_C requires a DRBG or SHA-2 module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 15df537..d8644f0 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -626,12 +626,11 @@
  * against some side-channel attacks.
  *
  * This protection introduces a dependency of the ECP module on one of the
- * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512, SHA-256 or SHA-1).
- * For very constrained applications that don't require this protection
- * (for example, because you're only doing signature verification, so not
- * manipulating any secret, or because local/physical side-channel attacks are
- * outside your threat model), it might be desirable to get rid of that
- * dependency.
+ * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512 or SHA-256.) For very
+ * constrained applications that don't require this protection (for example,
+ * because you're only doing signature verification, so not manipulating any
+ * secret, or because local/physical side-channel attacks are outside your
+ * threat model), it might be desirable to get rid of that dependency.
  *
  * \warning Enabling this option makes some uses of ECP vulnerable to some
  * side-channel attacks. Only enable it if you know that's not a problem for