Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-02-19 13:40:25 +01:00 · 2021-02-19 13:40:25 +01:00 · 2012ed7560
commit 2012ed7560
parent 06b07fb839
7 changed files with 1 additions and 70 deletions
--- a/ChangeLog.d/remove_obsolete_tls_features.txt
+++ b/ChangeLog.d/remove_obsolete_tls_features.txt
@ -1,3 +1,4 @@
 API changes
   * Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
   * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
   * Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@ -1597,30 +1597,6 @@
 */
 #define MBEDTLS_SSL_TRUNCATED_HMAC
 /**
 * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 *
 * Fallback to old (pre-2.7), non-conforming implementation of the truncated
 * HMAC extension which also truncates the HMAC key. Note that this option is
 * only meant for a transitory upgrade period and is likely to be removed in
 * a future version of the library.
 *
 * \warning The old implementation is non-compliant and has a security weakness
 *          (2^80 brute force attack on the HMAC key used for a single,
 *          uninterrupted connection). This should only be enabled temporarily
 *          when (1) the use of truncated HMAC is essential in order to save
 *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
 *          the fixed implementation yet (pre-2.7).
 *
 * \deprecated This option is deprecated and will likely be removed in a
 *             future version of Mbed TLS.
 *
 * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
 *
 * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
 */
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 /**
 * \def MBEDTLS_THREADING_ALT
 *
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -81,10 +81,6 @@
 #error "MBEDTLS_DHM_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
 #error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_CMAC_C) && \
    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
 #error "MBEDTLS_CMAC_C defined, but not all prerequisites"
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1924,30 +1924,6 @@
 */
 #define MBEDTLS_SSL_TRUNCATED_HMAC
 /**
 * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 *
 * Fallback to old (pre-2.7), non-conforming implementation of the truncated
 * HMAC extension which also truncates the HMAC key. Note that this option is
 * only meant for a transitory upgrade period and will be removed in a future
 * version of the library.
 *
 * \warning The old implementation is non-compliant and has a security weakness
 *          (2^80 brute force attack on the HMAC key used for a single,
 *          uninterrupted connection). This should only be enabled temporarily
 *          when (1) the use of truncated HMAC is essential in order to save
 *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
 *          the fixed implementation yet (pre-2.7).
 *
 * \deprecated This option is deprecated and will be removed in a
 *             future version of Mbed TLS.
 *
 * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
 *
 * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
 */
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 /**
 * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
 *
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -998,13 +998,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
        if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
        {
            transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
            /* Fall back to old, non-compliant version of the truncated
             * HMAC implementation which also truncates the key
             * (Mbed TLS versions from 1.3 to 2.6.0) */
            mac_key_len = transform->maclen;
 #endif
        }
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
--- a/library/version_features.c
+++ b/library/version_features.c
@ -552,9 +552,6 @@ static const char * const features[] = {
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
    "MBEDTLS_SSL_TRUNCATED_HMAC",
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
    "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
    "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH",
 #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@ -1529,14 +1529,6 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
    if( strcmp( "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT", config ) == 0 )
    {
        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT );
        return( 0 );
    }
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
    if( strcmp( "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH", config ) == 0 )
    {