SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-02-19 00:39:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove SHA-1 as a fallback option

Browse Source 
- it's 2020, there shouldn't be too many systems out there where SHA-1 is the
  only available hash option, so its usefulness is limited
- OTOH testing configurations without SHA-2 reveal bugs that are not easy to
  fix in a fully compatible way

So overall, the benefit/cost ratio is not good enough to justify keeping SHA-1
as a fallback option here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2020-06-18 12:14:34 +02:00
parent 2ebb1e18e9
commit 2df5857dbe
5 changed files with 17 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog.d/ecp-internal-rng.txt
View File

@@ -1,9 +1,9 @@
Changes
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
`MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C`,
`MBEDTLS_SHA256_C` or `MBEDTLS_SHA1_C` for some side-channel
coutermeasures. If side channels are not a concern, this dependency can
be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
`MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C` or
`MBEDTLS_SHA256_C` for some side-channel coutermeasures. If side channels
are not a concern, this dependency can be avoided by enabling the new
option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
Security
* Fix side channel in mbedtls_ecp_check_pub_priv() and