yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 21:21:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT

Browse source
This commit is contained in:
Hanno Becker 2017-11-21 18:22:53 +00:00
parent 563423fb21
commit 4c2ac7ef58
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/mbedtls/config.h
View file

@ -1374,6 +1374,9 @@
* (2) the peer is an Mbed TLS stack that doesn't use the fixed * (2) the peer is an Mbed TLS stack that doesn't use the fixed
* implementation yet (version number <= 2.6.0). * implementation yet (version number <= 2.6.0).
* *
* \deprecated This option is deprecated and will likely be removed in a
* future version of Mbed TLS.
*
* Uncomment to fallback to old, non-compliant truncated HMAC implementation. * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
* *
* Requires: MBEDTLS_SSL_TRUNCATED_HMAC * Requires: MBEDTLS_SSL_TRUNCATED_HMAC

7
library/ssl_tls.c
View file

@ -721,6 +721,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
* HMAC implementation which also truncates the key * HMAC implementation which also truncates the key
* (Mbed TLS versions from 1.3 to 2.6.0) */ * (Mbed TLS versions from 1.3 to 2.6.0) */
mac_key_len = transform->maclen; mac_key_len = transform->maclen;
#if defined(MBEDTLS_DEPRECATED_WARNING)
#warning MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT is deprecated and should only be \
enabled temporarily when (1) the use of truncated HMAC is essential in order \
to save bandwidth, and (2) the peer is an Mbed TLS stack that doesn not use the \
fixed implementation yet (version number <= 2.6.0).
#endif
#endif #endif
} }
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */