Add documentation warnings for weak algorithms
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h
index 9de0577..49cc37c 100644
--- a/include/polarssl/arc4.h
+++ b/include/polarssl/arc4.h
@@ -20,6 +20,10 @@
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers instead.
+ *
*/
#ifndef POLARSSL_ARC4_H
#define POLARSSL_ARC4_H
@@ -42,6 +46,11 @@
/**
* \brief ARC4 context structure
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
+ *
*/
typedef struct
{
@@ -55,6 +64,11 @@
* \brief Initialize ARC4 context
*
* \param ctx ARC4 context to be initialized
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
+ *
*/
void arc4_init( arc4_context *ctx );
@@ -62,6 +76,11 @@
* \brief Clear ARC4 context
*
* \param ctx ARC4 context to be cleared
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
+ *
*/
void arc4_free( arc4_context *ctx );
@@ -71,6 +90,11 @@
* \param ctx ARC4 context to be setup
* \param key the secret key
* \param keylen length of the key, in bytes
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
+ *
*/
void arc4_setup( arc4_context *ctx, const unsigned char *key,
unsigned int keylen );
@@ -84,6 +108,11 @@
* \param output buffer for the output data
*
* \return 0 if successful
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
+ *
*/
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
@@ -104,6 +133,11 @@
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
+ *
+ * \warning ARC4 is considered a weak cipher and its use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
+ *
*/
int arc4_self_test( int verbose );