emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: introduce FEATURE_TLS_SHA1 to make SHA1 code optional

Browse Source 
When disabled:

function                                             old     new   delta
xwrite_encrypted                                     580     579      -1
prf_hmac_sha256                                      222     217      -5
hmac_begin                                           158     149      -9
static.ciphers                                        32      20     -12
tls_handshake                                       2115    2095     -20
hmac                                                  87      61     -26
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/6 up/down: 0/-73)             Total: -73 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko
2018-12-10 16:14:58 +01:00
parent dafbc2cdb8
commit 71fa5b0a4c
2 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
networking/Config.src
View File

@@ -46,6 +46,17 @@ config VERBOSE_RESOLUTION_ERRORS
"can't resolve 'hostname.com'" and want to know more.
This may increase size of your executable a bit.
config FEATURE_TLS_SHA1
bool "In TLS code, support ciphers which use deprecated SHA1"
depends on TLS
default n
help
Selecting this option increases interoperability with very old
servers, but slightly increases code size.
Most TLS servers support SHA256 today (2018), since SHA1 is
considered possibly insecure (although not yet definitely broken).
INSERT
source networking/udhcp/Config.in