mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 13:21:07 +00:00
Remove SHA-1 in TLS by default
Default to forbidding the use of SHA-1 in TLS where it is unsafe: for certificate signing, and as the signature hash algorithm for the TLS 1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the XXX_SHA ciphersuites and in the PRF for TLS <= 1.1. For easy backward compatibility for use in controlled environments, turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.
This commit is contained in:
parent
23b33f8663
commit
5e79cb3662
|
@ -2,6 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
mbed TLS 2.x.x branch released xxxx-xx-xx
|
mbed TLS 2.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Security
|
||||||
|
|
||||||
|
* SHA-1 deprecation: remove it from the default allowed hash
|
||||||
|
algorithms for certificate verification and TLS 1.2 handshake
|
||||||
|
signatures. It can be turned back on at compile time with
|
||||||
|
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 or explicitly with ssl_conf functions.
|
||||||
|
* Removed RIPEMD-160 from the default hash algorithms for
|
||||||
|
certificate verification.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Remove invalid use of size zero arrays in ECJPAKE test suite.
|
* Remove invalid use of size zero arrays in ECJPAKE test suite.
|
||||||
* Fix insufficient support for signature-hash-algorithm extension,
|
* Fix insufficient support for signature-hash-algorithm extension,
|
||||||
|
|
|
@ -2251,7 +2251,8 @@
|
||||||
* library/ssl_tls.c
|
* library/ssl_tls.c
|
||||||
* library/x509write_crt.c
|
* library/x509write_crt.c
|
||||||
*
|
*
|
||||||
* This module is required for SSL/TLS and SHA1-signed certificates.
|
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||||
|
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SHA1_C
|
#define MBEDTLS_SHA1_C
|
||||||
|
|
||||||
|
@ -2636,6 +2637,15 @@
|
||||||
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||||
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
|
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Allow SHA-1 in the default TLS configuration for certificate signing and
|
||||||
|
* TLS 1.2 handshake signature. Without this build-time option, SHA-1
|
||||||
|
* support must be activated explicitly through mbedtls_ssl_conf_cert_profile
|
||||||
|
* and mbedtls_ssl_conf_sig_hashes. The use of SHA-1 in TLS <= 1.1 and in
|
||||||
|
* HMAC-SHA-1 for XXX_SHA ciphersuites is always allowed by default.
|
||||||
|
*/
|
||||||
|
// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1
|
||||||
|
|
||||||
/* \} name SECTION: Customisation configuration options */
|
/* \} name SECTION: Customisation configuration options */
|
||||||
|
|
||||||
/* Target and application specific configurations */
|
/* Target and application specific configurations */
|
||||||
|
|
|
@ -7162,7 +7162,7 @@ static int ssl_preset_default_hashes[] = {
|
||||||
MBEDTLS_MD_SHA256,
|
MBEDTLS_MD_SHA256,
|
||||||
MBEDTLS_MD_SHA224,
|
MBEDTLS_MD_SHA224,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
|
||||||
MBEDTLS_MD_SHA1,
|
MBEDTLS_MD_SHA1,
|
||||||
#endif
|
#endif
|
||||||
MBEDTLS_MD_NONE
|
MBEDTLS_MD_NONE
|
||||||
|
|
|
@ -85,9 +85,11 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
*/
|
*/
|
||||||
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
|
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
|
||||||
{
|
{
|
||||||
/* Hashes from SHA-1 and above */
|
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
|
||||||
|
/* Allow SHA-1 (weak, but still safe in controlled environments) */
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
|
#endif
|
||||||
|
/* Only SHA-2 hashes */
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
||||||
|
|
Loading…
Reference in a new issue