mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 23:25:43 +01:00
Improve documentation of MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT option
Explain more clearly when this option should be used and which versions of Mbed TLS build on the non-compliant implementation.
This commit is contained in:
parent
8e75b6ce56
commit
adb30b9453
@ -1186,12 +1186,17 @@
|
|||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
* \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
||||||
*
|
*
|
||||||
* Fallback to old, non-conforming implementation of the truncated
|
* Fallback to old (pre-2.1.10), non-conforming implementation of the truncated
|
||||||
* HMAC extension which also truncates the HMAC key.
|
* HMAC extension which also truncates the HMAC key. Note that this option is
|
||||||
|
* only meant for a transitory upgrade period and is likely to be removed in
|
||||||
|
* a future version of the library.
|
||||||
*
|
*
|
||||||
* \warning This should only be enabled temporarily when the use
|
* \warning The old implementation is non-compliant and has a security weakness
|
||||||
* of truncated HMAC is mandatory *and* the peer is an Mbed TLS
|
* (2^80 brute force attack on the HMAC key used for a single,
|
||||||
* stack that doesn't use the fixed implementation yet.
|
* uninterrupted connection). This should only be enabled temporarily
|
||||||
|
* when (1) the use of truncated HMAC is essential in order to save
|
||||||
|
* bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
|
||||||
|
* the fixed implementation yet (pre-2.1.10).
|
||||||
*
|
*
|
||||||
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
|
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
|
||||||
*
|
*
|
||||||
|
@ -719,7 +719,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
|
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
|
||||||
/* Fall back to old, non-compliant version of the truncated
|
/* Fall back to old, non-compliant version of the truncated
|
||||||
* HMAC implementation which also truncates the key. */
|
* HMAC implementation which also truncates the key (pre 2.1.10) */
|
||||||
mac_key_len = transform->maclen;
|
mac_key_len = transform->maclen;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user