From 379227cc596d8dbb293c8056e7c6ed9abe9724be Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 18 Jun 2021 10:46:12 +0100 Subject: [PATCH] Modifies ChangeLog and Migration Guide Entries in ChangeLog and Migration guide files have been merged to cover both the removal of MBEDTLS_SSL_TRUNCATED_HMAC and MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT. Signed-off-by: Thomas Daubney --- ChangeLog | 12 ------------ ChangeLog.d/rm-truncated-hmac-ext.txt | 5 +++-- .../remove-truncated-HMAC-extension.md | 10 ---------- docs/3.0-migration-guide.md | 16 ++++++---------- 4 files changed, 9 insertions(+), 34 deletions(-) delete mode 100644 docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md diff --git a/ChangeLog b/ChangeLog index ddaf3fd9f7..b525492fb9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,8 +32,6 @@ API changes * Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO). * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3). - * Drop support for compatibility with our own previous buggy - implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT). * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT). * Drop support for RC4 TLS ciphersuites. * Drop support for single-DES ciphersuites. @@ -1688,16 +1686,6 @@ Changes = mbed TLS 2.8.0 branch released 2018-03-16 -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). - Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the diff --git a/ChangeLog.d/rm-truncated-hmac-ext.txt b/ChangeLog.d/rm-truncated-hmac-ext.txt index c82415ba7e..3739256957 100644 --- a/ChangeLog.d/rm-truncated-hmac-ext.txt +++ b/ChangeLog.d/rm-truncated-hmac-ext.txt @@ -1,4 +1,5 @@ Removals - * Remove MBEDTLS_SSL_TRUNCATED_HMAC config option. Users are better served by + * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove + MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC. - Addresses #4341. + See issue #4341 for more details. diff --git a/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md b/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md deleted file mode 100644 index 12f7c2385e..0000000000 --- a/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md +++ /dev/null @@ -1,10 +0,0 @@ -Remove the truncated HMAC extension ------------------------------------ - -This affects all users who use the truncated HMAC extension for cryptographic -operations. - -The config option `MBEDTLS_SSL_TRUNCATED_HMAC` has been removed. Users concerned -about overhead are better served by using any of the CCM-8 ciphersuites rather -than a CBC ciphersuite with truncated HMAC, and so going forward this must be -the approach taken. diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index a4a59b8895..a30e786771 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -137,17 +137,13 @@ and relied on that version in order to communicate with peers that are not up to date. If one of your peers is in that case, please try contacting them and encouraging them to upgrade their software. -Remove support for compatibility with old Mbed TLS's truncated HMAC -------------------------------------------------------------------- +Remove support for truncated HMAC +--------------------------------- -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and -used the Truncated HMAC extension to communicate with peers using old version -of Mbed TLS. Please consider using a CCM-8 ciphersuite instead of the -Truncated HMAC extension, or convincing your peer to upgrade their version of -Mbed TLS. +This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC` +`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and used the truncated HMAC extension. +Please consider using a CCM-8 ciphersuite instead of the Truncated HMAC +extension, or convincing your peer to upgrade their version of Mbed TLS. Remove support for TLS record-level compression -----------------------------------------------