Restrict MD5 in x509 certificates Remove support for X509 certificates signed with MD5. Issue raised by Harm Verhagen

commit: a9ec0cd77fa3e058ea96e67faaf28f8c62bb1a1e [log] [tgz]
author: Ron Eldor <Ron.Eldor@arm.com> Thu Feb 09 19:29:33 2017 +0200
committer: Ron Eldor <Ron.Eldor@arm.com> Wed Jun 07 10:58:36 2017 +0300
tree: 12298e259e1d01dc26cf13be1119ab39de65ac2f
parent: bb4bebc26a8d2f0060422a21cc2ab9a3598efa18 [diff] [blame]
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 498fc5b..33a02b3 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -2063,6 +2063,31 @@
 #define POLARSSL_SHA512_C
 
 /**
+ * \def MINIMAL_SUPPORTED_MD_ALG
+ *
+ * minimal supported md algorithm.
+ * The value should be one of the enumerations in
+ * md_type_t defined in md.h
+ * typedef enum {
+ *      POLARSSL_MD_NONE=0,
+ *      POLARSSL_MD_MD2,
+ *      POLARSSL_MD_MD4,
+ *      POLARSSL_MD_MD5,
+ *      POLARSSL_MD_SHA1,
+ *      POLARSSL_MD_SHA224,
+ *      POLARSSL_MD_SHA256,
+ *      POLARSSL_MD_SHA384,
+ *      POLARSSL_MD_SHA512,
+ *      POLARSSL_MD_RIPEMD160,
+ *  } md_type_t;
+ *
+ * Module:  library/x509_crt.c
+ * Caller:
+ *
+ */
+#define POLARSSL_MINIMAL_SUPPORTED_MD_ALG  POLARSSL_MD_SHA1
+
+/**
  * \def POLARSSL_SSL_CACHE_C
  *
  * Enable simple SSL cache implementation.
commit	a9ec0cd77fa3e058ea96e67faaf28f8c62bb1a1e	[log] [tgz]
author	Ron Eldor <Ron.Eldor@arm.com>	Thu Feb 09 19:29:33 2017 +0200
committer	Ron Eldor <Ron.Eldor@arm.com>	Wed Jun 07 10:58:36 2017 +0300
tree	12298e259e1d01dc26cf13be1119ab39de65ac2f
parent	bb4bebc26a8d2f0060422a21cc2ab9a3598efa18 [diff] [blame]