sha: remove SHA1 from ssl_cookie

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2025-02-06 12:40:02 +00:00 · 2022-12-22 14:27:34 +01:00 · 2022-12-22 14:27:34 +01:00 · 543d00ef6f
commit 543d00ef6f
parent d55cb5b3f0
1 changed files with 5 additions and 9 deletions
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@ -38,23 +38,19 @@
 #include <string.h>

 /*
- * If DTLS is in use, then at least one of SHA-1, SHA-224, SHA-384 is
- * available. Try SHA-224 first, 384 wastes resources
+ * If DTLS is in use, then at least one of SHA-256 or SHA-384 is
+ * available. Try SHA-256 first as 384 wastes resources
 */
-#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
-#define COOKIE_MD           MBEDTLS_MD_SHA224
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
+#define COOKIE_MD           MBEDTLS_MD_SHA256
 #define COOKIE_MD_OUTLEN    32
 #define COOKIE_HMAC_LEN     28
 #elif defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
 #define COOKIE_MD           MBEDTLS_MD_SHA384
 #define COOKIE_MD_OUTLEN    48
 #define COOKIE_HMAC_LEN     28
-#elif defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
-#define COOKIE_MD           MBEDTLS_MD_SHA1
-#define COOKIE_MD_OUTLEN    20
-#define COOKIE_HMAC_LEN     20
 #else
-#error "DTLS hello verify needs SHA-1 or SHA-2"
+#error "DTLS hello verify needs SHA-256 or SHA-384"
 #endif

 /*