yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-26 11:55:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve documentation of MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT option

Browse source 
Explain more clearly when this option should be used and which versions of Mbed
TLS build on the non-compliant implementation.
This commit is contained in:
Hanno Becker 2017-11-21 17:20:17 +00:00
parent 909f9a389a
commit 563423fb21
2 changed files with 6 additions and 4 deletions
include/mbedtls
config.h
library
ssl_tls.c

7
include/mbedtls/config.h
View file

@ -1369,9 +1369,10 @@
* Fallback to old, non-conforming implementation of the truncated * Fallback to old, non-conforming implementation of the truncated
* HMAC extension which also truncates the HMAC key. * HMAC extension which also truncates the HMAC key.
* *
* \warning This should only be enabled temporarily when the use * \warning This should only be enabled temporarily when (1) the use of
* of truncated HMAC is mandatory *and* the peer is an Mbed TLS * truncated HMAC is essential in order to save bandwidth, and
* stack that doesn't use the fixed implementation yet. * (2) the peer is an Mbed TLS stack that doesn't use the fixed
* implementation yet (version number <= 2.6.0).
* *
* Uncomment to fallback to old, non-compliant truncated HMAC implementation. * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
* *

3
library/ssl_tls.c
View file

@ -718,7 +718,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
/* Fall back to old, non-compliant version of the truncated /* Fall back to old, non-compliant version of the truncated
* HMAC implementation which also truncates the key. */ * HMAC implementation which also truncates the key
* (Mbed TLS versions from 1.3 to 2.6.0) */
mac_key_len = transform->maclen; mac_key_len = transform->maclen;
#endif #endif
} }