commit 48ed550b926f8866c4bd7a67d5041ba652af9771
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jun 08 17:27:20 2017 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jun 08 17:27:20 2017 +0200
tree a852e6601f92bea81e2ae41066d766d1653ddf04
parent a9ec0cd77fa3e058ea96e67faaf28f8c62bb1a1e

Fix name, documentation & location of config flag

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 33a02b3..60d96ec 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -2063,31 +2063,6 @@
 #define POLARSSL_SHA512_C
 
 /**
- * \def MINIMAL_SUPPORTED_MD_ALG
- *
- * minimal supported md algorithm.
- * The value should be one of the enumerations in
- * md_type_t defined in md.h
- * typedef enum {
- *      POLARSSL_MD_NONE=0,
- *      POLARSSL_MD_MD2,
- *      POLARSSL_MD_MD4,
- *      POLARSSL_MD_MD5,
- *      POLARSSL_MD_SHA1,
- *      POLARSSL_MD_SHA224,
- *      POLARSSL_MD_SHA256,
- *      POLARSSL_MD_SHA384,
- *      POLARSSL_MD_SHA512,
- *      POLARSSL_MD_RIPEMD160,
- *  } md_type_t;
- *
- * Module:  library/x509_crt.c
- * Caller:
- *
- */
-#define POLARSSL_MINIMAL_SUPPORTED_MD_ALG  POLARSSL_MD_SHA1
-
-/**
  * \def POLARSSL_SSL_CACHE_C
  *
  * Enable simple SSL cache implementation.
@@ -2391,6 +2366,29 @@
 /* X509 options */
 //#define POLARSSL_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
 
+/**
+ * \def POLARSSL_X509_MIN_VERIFY_MD_ALG
+ *
+ * Minimal hash algorithm accepted in X.509 chain verification.
+ *
+ * The value should be one of the enumerations in md_type_t defined in md.h
+ * Only algorithms with a value equal or higher are accepted.
+ *
+ * typedef enum {
+ *      POLARSSL_MD_NONE=0,
+ *      POLARSSL_MD_MD2,
+ *      POLARSSL_MD_MD4,
+ *      POLARSSL_MD_MD5,
+ *      POLARSSL_MD_SHA1,
+ *      POLARSSL_MD_SHA224,
+ *      POLARSSL_MD_SHA256,
+ *      POLARSSL_MD_SHA384,
+ *      POLARSSL_MD_SHA512,
+ *      POLARSSL_MD_RIPEMD160,
+ *  } md_type_t;
+ */
+//#define POLARSSL_X509_MIN_VERIFY_MD_ALG  POLARSSL_MD_SHA1
+
 /* \} name SECTION: Module configuration options */
 
 #include "check_config.h"

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 186ecda..3c7bd15 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -76,6 +76,10 @@
 #endif /* !_WIN32 || EFIX64 || EFI32 */
 #endif
 
+#if !defined(POLARSSL_X509_MIN_VERIFY_MD_ALG)
+#define POLARSSL_X509_MIN_VERIFY_MD_ALG  POLARSSL_MD_SHA1
+#endif
+
 /* Implementation that should never be optimized out by the compiler */
 static void polarssl_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -1440,7 +1444,7 @@
  */
 static int x509_check_md_alg( md_type_t md_alg )
 {
-    if( md_alg >= POLARSSL_MINIMAL_SUPPORTED_MD_ALG )
+    if( md_alg >= POLARSSL_X509_MIN_VERIFY_MD_ALG )
         return( 0 );
 
     return( -1 );