lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Make truncated hmac a runtime option server-side

Browse Source 
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
This commit is contained in:
Manuel Pégourié-Gonnard
2015-01-09 12:39:35 +01:00
parent 8e4b3374d7
commit e117a8fc0d
6 changed files with 72 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/ssl_tls.c
View File

@ -3782,6 +3782,11 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
if( endpoint == SSL_IS_CLIENT )
ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
#endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
if( endpoint == SSL_IS_SERVER )
ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
#endif
}
void ssl_set_authmode( ssl_context *ssl, int authmode )
@ -4203,9 +4208,6 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
{
if( ssl->endpoint != SSL_IS_CLIENT )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->trunc_hmac = truncate;
return( 0 );