Deprecate MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
This commit is contained in:
Hanno Becker
parent
563423fb21
commit
4c2ac7ef58
2 changed files with 10 additions and 0 deletions
|
|
@ -1374,6 +1374,9 @@
|
||||||
* (2) the peer is an Mbed TLS stack that doesn't use the fixed
|
* (2) the peer is an Mbed TLS stack that doesn't use the fixed
|
||||||
* implementation yet (version number <= 2.6.0).
|
* implementation yet (version number <= 2.6.0).
|
||||||
*
|
*
|
||||||
|
* \deprecated This option is deprecated and will likely be removed in a
|
||||||
|
* future version of Mbed TLS.
|
||||||
|
*
|
||||||
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
|
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_SSL_TRUNCATED_HMAC
|
* Requires: MBEDTLS_SSL_TRUNCATED_HMAC
|
||||||
|
|
|
||||||
|
|
@ -721,6 +721,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
||||||
* HMAC implementation which also truncates the key
|
* HMAC implementation which also truncates the key
|
||||||
* (Mbed TLS versions from 1.3 to 2.6.0) */
|
* (Mbed TLS versions from 1.3 to 2.6.0) */
|
||||||
mac_key_len = transform->maclen;
|
mac_key_len = transform->maclen;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||||
|
#warning MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT is deprecated and should only be \
|
||||||
|
enabled temporarily when (1) the use of truncated HMAC is essential in order \
|
||||||
|
to save bandwidth, and (2) the peer is an Mbed TLS stack that doesn not use the \
|
||||||
|
fixed implementation yet (version number <= 2.6.0).
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue