diff options
author | Matthew Oliver <matt@oliver.net.au> | 2022-04-19 15:26:11 +1000 |
---|---|---|
committer | Matthew Oliver <matt@oliver.net.au> | 2022-07-26 10:39:58 +1000 |
commit | 2d063cd61f6915579840a41ac0248a26085e0245 (patch) | |
tree | 06df40ff2f9f4de175039b8641eb9fee89f4e64c /doc | |
parent | 25b6bd9f2cf1d0f9956c99cd418ba295196d2e6a (diff) | |
download | swift-2d063cd61f6915579840a41ac0248a26085e0245.tar.gz |
formpost: deprecate sha1 signatures
We've known this would eventually be necessary for a while [1], and
way back in 2017 we started seeing SHA-1 collisions [2].
This patch follows the approach of soft deprecation of SHA1 in tempurl.
It's still a default digest, but we'll start with warning as the
middleware is loaded and exposing any deprecated digests
(if they're still allowed) in /info.
Further, because there is much shared code between formpost and tempurl, this
patch also goes and refactors shared code out into swift.common.digest.
Now that we have a digest, we also move digest related code:
- get_hmac
- extract_digest_and_algorithm
[1] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
[2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Change-Id: I581cadd6bc79e623f1dae071025e4d375254c1d9
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/misc.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/source/misc.rst b/doc/source/misc.rst index c418dd5ed..4d4b3dcda 100644 --- a/doc/source/misc.rst +++ b/doc/source/misc.rst @@ -39,6 +39,17 @@ Container Sync Realms :members: :show-inheritance: + +.. _digest: + +Digest +====== + +.. automodule:: swift.common.digest + :members: + :undoc-members: + :show-inheritance: + .. _direct_client: Direct Client |