Merge pull request #2263 from andresag01/iotssl-2544-deprecate-record-accel-2
Deprecate feature MBEDTLS_SSL_HW_RECORD_ACCEL
This commit is contained in:
commit
0d20740437
4 changed files with 54 additions and 18 deletions
|
@ -1,5 +1,11 @@
|
|||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
New deprecations
|
||||
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
|
||||
SSL module for hardware acceleration of individual records.
|
||||
|
||||
= mbed TLS 2.21.0 branch released 2020-02-20
|
||||
|
||||
New deprecations
|
||||
|
|
|
@ -798,6 +798,14 @@
|
|||
#endif
|
||||
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#error "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
|
||||
#elif defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
* workaround since this is included by every single file before the
|
||||
|
|
|
@ -1527,6 +1527,9 @@
|
|||
* Enable hooking functions in SSL module for hardware acceleration of
|
||||
* individual records.
|
||||
*
|
||||
* \deprecated This option is deprecated and will be removed in a future
|
||||
* version of Mbed TLS.
|
||||
*
|
||||
* Uncomment this macro to enable hooking functions.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||
|
@ -1781,8 +1784,8 @@
|
|||
*
|
||||
* Fallback to old (pre-2.7), non-conforming implementation of the truncated
|
||||
* HMAC extension which also truncates the HMAC key. Note that this option is
|
||||
* only meant for a transitory upgrade period and is likely to be removed in
|
||||
* a future version of the library.
|
||||
* only meant for a transitory upgrade period and will be removed in a future
|
||||
* version of the library.
|
||||
*
|
||||
* \warning The old implementation is non-compliant and has a security weakness
|
||||
* (2^80 brute force attack on the HMAC key used for a single,
|
||||
|
@ -1791,7 +1794,7 @@
|
|||
* bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
|
||||
* the fixed implementation yet (pre-2.7).
|
||||
*
|
||||
* \deprecated This option is deprecated and will likely be removed in a
|
||||
* \deprecated This option is deprecated and will be removed in a
|
||||
* future version of Mbed TLS.
|
||||
*
|
||||
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
|
||||
|
|
|
@ -1323,21 +1323,40 @@ struct mbedtls_ssl_context
|
|||
|
||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
|
||||
#define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
|
||||
#define MBEDTLS_SSL_CHANNEL_INBOUND 1
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
|
||||
#define MBEDTLS_SSL_CHANNEL_OUTBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 0 )
|
||||
#define MBEDTLS_SSL_CHANNEL_INBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 1 )
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
|
||||
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_init)(
|
||||
mbedtls_ssl_context *ssl,
|
||||
const unsigned char *key_enc, const unsigned char *key_dec,
|
||||
size_t keylen,
|
||||
const unsigned char *iv_enc, const unsigned char *iv_dec,
|
||||
size_t ivlen,
|
||||
const unsigned char *mac_enc, const unsigned char *mac_dec,
|
||||
size_t maclen);
|
||||
extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
|
||||
extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
|
||||
extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
|
||||
extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
|
||||
extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
|
||||
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_activate)(
|
||||
mbedtls_ssl_context *ssl,
|
||||
int direction );
|
||||
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_reset)(
|
||||
mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_write)(
|
||||
mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_read)(
|
||||
mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)(
|
||||
mbedtls_ssl_context *ssl );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||
|
||||
/**
|
||||
|
@ -3169,7 +3188,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems
|
|||
* \warning Use of RC4 in DTLS/TLS has been prohibited by RFC 7465
|
||||
* for security reasons. Use at your own risk.
|
||||
*
|
||||
* \note This function is deprecated and will likely be removed in
|
||||
* \note This function is deprecated and will be removed in
|
||||
* a future version of the library.
|
||||
* RC4 is disabled by default at compile time and needs to be
|
||||
* actively enabled for use with legacy systems.
|
||||
|
|
Loading…
Reference in a new issue