lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-25 23:43:17 +03:00
Code Activity

Add fallback to non-compliant truncated HMAC for compatibiltiy

Browse Source 
In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated
yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to
temporarily fall back to the old, non-compliant implementation of the truncated
HMAC extension.
This commit is contained in:
Hanno Becker
2017-11-20 16:36:41 +00:00
parent 8d19bcf37f
commit e89353a6b4
3 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
include/mbedtls/config.h
View File

@@ -1363,6 +1363,22 @@
*/
#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
*
* Fallback to old, non-conforming implementation of the truncated
* HMAC extension which also truncates the HMAC key.
*
* \warning This should only be enabled temporarily when the use
* of truncated HMAC is mandatory *and* the peer is an Mbed TLS
* stack that doesn't use the fixed implementation yet.
*
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
*
* Requires: MBEDTLS_SSL_TRUNCATED_HMAC
*/
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
/**
* \def MBEDTLS_THREADING_ALT
*