Merge pull request Mbed-TLS#4588 from TRodziewicz/remove_MD2_MD4_RC4_…

…Blowfish_and_XTEA Remove MD2, MD4, RC4, Blowfish and XTEA
mstarzyk-mobica · Jun 22, 2021 · a805d57 · a805d57
2 parents 9a32d45 + 4a28ade
commit a805d57
Show file tree

Hide file tree

Showing 102 changed files with 79 additions and 7,003 deletions.
diff --git a/ChangeLog.d/issue4084.txt b/ChangeLog.d/issue4084.txt
@@ -0,0 +1,4 @@
+Removals
+    * Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the
+      corresponding modules and all their APIs and related configuration
+      options. Fixes #4084.
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
@@ -47,11 +47,9 @@
 
 /* Mbed Crypto modules */
 #define MBEDTLS_AES_C
-#define MBEDTLS_ARC4_C
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BASE64_C
-#define MBEDTLS_BLOWFISH_C
 #define MBEDTLS_CAMELLIA_C
 #define MBEDTLS_ARIA_C
 #define MBEDTLS_CCM_C
@@ -68,8 +66,6 @@
 #define MBEDTLS_HMAC_DRBG_C
 #define MBEDTLS_NIST_KW_C
 #define MBEDTLS_MD_C
-#define MBEDTLS_MD2_C
-#define MBEDTLS_MD4_C
 #define MBEDTLS_MD5_C
 #define MBEDTLS_OID_C
 #define MBEDTLS_PEM_PARSE_C
@@ -94,7 +90,6 @@
 //#define MBEDTLS_THREADING_C
 #define MBEDTLS_TIMING_C
 #define MBEDTLS_VERSION_C
-#define MBEDTLS_XTEA_C
 
 #include "mbedtls/config_psa.h"
 

diff --git a/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md b/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md
@@ -0,0 +1,8 @@
+Remove MD2, MD4, RC4, Blowfish and XTEA algorithms
+--
+
+This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms.
+
+They are already niche or obsolete and most of them are weak or broken. For
+those reasons possible users should consider switching to modern and safe
+alternatives to be found in literature.
diff --git a/docs/3.0-migration-guide.d/rename_the__ret_functions.md b/docs/3.0-migration-guide.d/rename_the__ret_functions.md
@@ -13,14 +13,6 @@ original names of those functions. The renamed functions are:
 |------------------------------|--------------------------|
 | mbedtls_ctr_drbg_update_ret  | mbedtls_ctr_drbg_update  |
 | mbedtls_hmac_drbg_update_ret | mbedtls_hmac_drbg_update |
-| mbedtls_md2_starts_ret       | mbedtls_md2_starts       |
-| mbedtls_md2_update_ret       | mbedtls_md2_update       |
-| mbedtls_md2_finish_ret       | mbedtls_md2_finish       |
-| mbedtls_md2_ret              | mbedtls_md2              |
-| mbedtls_md4_starts_ret       | mbedtls_md4_starts       |
-| mbedtls_md4_update_ret       | mbedtls_md4_update       |
-| mbedtls_md4_finish_ret       | mbedtls_md4_finish       |
-| mbedtls_md4_ret              | mbedtls_md4              |
 | mbedtls_md5_starts_ret       | mbedtls_md5_starts       |
 | mbedtls_md5_update_ret       | mbedtls_md5_update       |
 | mbedtls_md5_finish_ret       | mbedtls_md5_finish       |

diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
@@ -22,7 +22,7 @@ in order to match the new signature.
 Deprecated functions were removed from hashing modules
 ------------------------------------------------------
 
-Modules: MD2, MD4, MD5, SHA1, SHA256, SHA512, MD.
+Modules: MD5, SHA1, SHA256, SHA512, MD.
 
 - The functions `mbedtls_xxx_starts()`, `mbedtls_xxx_update()`,
   `mbedtls_xxx_finish()` and `mbedtls_xxx()` were removed. Please use the

diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h
@@ -45,15 +45,11 @@
  * - Symmetric:
  *   - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and
  *     \c mbedtls_aes_crypt_ctr()).
- *   - ARCFOUR (see \c mbedtls_arc4_crypt()).
- *   - Blowfish / BF (see \c mbedtls_blowfish_crypt_ecb(), \c mbedtls_blowfish_crypt_cbc(),
- *     \c mbedtls_blowfish_crypt_cfb64() and \c mbedtls_blowfish_crypt_ctr())
  *   - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(),
  *     \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()).
  *   - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb()
  *     and \c mbedtls_des3_crypt_cbc()).
  *   - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init())
- *   - XTEA (see \c mbedtls_xtea_crypt_ecb()).
  * - Asymmetric:
  *   - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public()
  *     and \c mbedtls_dhm_calc_secret()).

diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h
@@ -34,7 +34,7 @@
  * \c mbedtls_md_setup())
  *
  * The following hashing-algorithms are provided:
- * - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest.
+ * - MD5 128-bit one-way hash function by Ron Rivest.
  * - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
  *   NIST and NSA.
  *

diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h