Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove MD2, MD4, RC4, Blowfish and XTEA #4588

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions ChangeLog.d/issue4084.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Removals
* Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the
corresponding modules and all their APIs and related configuration
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
options. Fixes #4084.
5 changes: 0 additions & 5 deletions configs/config-symmetric-only.h
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,9 @@

/* Mbed Crypto modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ARC4_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BLOWFISH_C
#define MBEDTLS_CAMELLIA_C
#define MBEDTLS_ARIA_C
#define MBEDTLS_CCM_C
Expand All @@ -68,8 +66,6 @@
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_NIST_KW_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD2_C
#define MBEDTLS_MD4_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
Expand All @@ -94,7 +90,6 @@
//#define MBEDTLS_THREADING_C
#define MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C
#define MBEDTLS_XTEA_C

#include "mbedtls/config_psa.h"

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
Remove MD2, MD4, RC4, Blowfish and XTEA algorithms
--

This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms.

They are already niche or obsolete and most of them are weak or broken. For
those reasons possible users should consider switching to modern and safe
alternatives to be found in literature.
8 changes: 0 additions & 8 deletions docs/3.0-migration-guide.d/rename_the__ret_functions.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,6 @@ original names of those functions. The renamed functions are:
|------------------------------|--------------------------|
| mbedtls_ctr_drbg_update_ret | mbedtls_ctr_drbg_update |
| mbedtls_hmac_drbg_update_ret | mbedtls_hmac_drbg_update |
| mbedtls_md2_starts_ret | mbedtls_md2_starts |
| mbedtls_md2_update_ret | mbedtls_md2_update |
| mbedtls_md2_finish_ret | mbedtls_md2_finish |
| mbedtls_md2_ret | mbedtls_md2 |
| mbedtls_md4_starts_ret | mbedtls_md4_starts |
| mbedtls_md4_update_ret | mbedtls_md4_update |
| mbedtls_md4_finish_ret | mbedtls_md4_finish |
| mbedtls_md4_ret | mbedtls_md4 |
| mbedtls_md5_starts_ret | mbedtls_md5_starts |
| mbedtls_md5_update_ret | mbedtls_md5_update |
| mbedtls_md5_finish_ret | mbedtls_md5_finish |
Expand Down
2 changes: 1 addition & 1 deletion docs/3.0-migration-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ in order to match the new signature.
Deprecated functions were removed from hashing modules
------------------------------------------------------

Modules: MD2, MD4, MD5, SHA1, SHA256, SHA512, MD.
Modules: MD5, SHA1, SHA256, SHA512, MD.

- The functions `mbedtls_xxx_starts()`, `mbedtls_xxx_update()`,
`mbedtls_xxx_finish()` and `mbedtls_xxx()` were removed. Please use the
Expand Down
4 changes: 0 additions & 4 deletions doxygen/input/doc_encdec.h
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,11 @@
* - Symmetric:
* - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and
* \c mbedtls_aes_crypt_ctr()).
* - ARCFOUR (see \c mbedtls_arc4_crypt()).
* - Blowfish / BF (see \c mbedtls_blowfish_crypt_ecb(), \c mbedtls_blowfish_crypt_cbc(),
* \c mbedtls_blowfish_crypt_cfb64() and \c mbedtls_blowfish_crypt_ctr())
* - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(),
* \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()).
* - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb()
* and \c mbedtls_des3_crypt_cbc()).
* - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init())
* - XTEA (see \c mbedtls_xtea_crypt_ecb()).
* - Asymmetric:
* - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public()
* and \c mbedtls_dhm_calc_secret()).
Expand Down
2 changes: 1 addition & 1 deletion doxygen/input/doc_hashing.h
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
* \c mbedtls_md_setup())
*
* The following hashing-algorithms are provided:
* - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest.
* - MD5 128-bit one-way hash function by Ron Rivest.
* - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
* NIST and NSA.
*
Expand Down
142 changes: 0 additions & 142 deletions include/mbedtls/arc4.h

This file was deleted.

Loading