mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 01:05:35 +00:00
Remove SHA-1 in TLS by default
Default to forbidding the use of SHA-1 in TLS where it is unsafe: for certificate signing, and as the signature hash algorithm for the TLS 1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the XXX_SHA ciphersuites and in the PRF for TLS <= 1.1. For easy backward compatibility for use in controlled environments, turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.
This commit is contained in:
parent
23b33f8663
commit
5e79cb3662
|
@ -2,6 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
mbed TLS 2.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
|
||||
* SHA-1 deprecation: remove it from the default allowed hash
|
||||
algorithms for certificate verification and TLS 1.2 handshake
|
||||
signatures. It can be turned back on at compile time with
|
||||
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 or explicitly with ssl_conf functions.
|
||||
* Removed RIPEMD-160 from the default hash algorithms for
|
||||
certificate verification.
|
||||
|
||||
Bugfix
|
||||
* Remove invalid use of size zero arrays in ECJPAKE test suite.
|
||||
* Fix insufficient support for signature-hash-algorithm extension,
|
||||
|
|
|
@ -2251,7 +2251,8 @@
|
|||
* library/ssl_tls.c
|
||||
* library/x509write_crt.c
|
||||
*
|
||||
* This module is required for SSL/TLS and SHA1-signed certificates.
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
*/
|
||||
#define MBEDTLS_SHA1_C
|
||||
|
||||
|
@ -2636,6 +2637,15 @@
|
|||
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
|
||||
|
||||
/**
|
||||
* Allow SHA-1 in the default TLS configuration for certificate signing and
|
||||
* TLS 1.2 handshake signature. Without this build-time option, SHA-1
|
||||
* support must be activated explicitly through mbedtls_ssl_conf_cert_profile
|
||||
* and mbedtls_ssl_conf_sig_hashes. The use of SHA-1 in TLS <= 1.1 and in
|
||||
* HMAC-SHA-1 for XXX_SHA ciphersuites is always allowed by default.
|
||||
*/
|
||||
// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
/* Target and application specific configurations */
|
||||
|
|
|
@ -7162,7 +7162,7 @@ static int ssl_preset_default_hashes[] = {
|
|||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA224,
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
|
||||
MBEDTLS_MD_SHA1,
|
||||
#endif
|
||||
MBEDTLS_MD_NONE
|
||||
|
|
|
@ -85,9 +85,11 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||
*/
|
||||
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
|
||||
{
|
||||
/* Hashes from SHA-1 and above */
|
||||
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
|
||||
/* Allow SHA-1 (weak, but still safe in controlled environments) */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
|
||||
#endif
|
||||
/* Only SHA-2 hashes */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
||||
|
|
Loading…
Reference in a new issue