lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Add fallback to non-compliant truncated HMAC for compatibiltiy

Browse Source 
In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated
yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to
temporarily fall back to the old, non-compliant implementation of the truncated
HMAC extension.
This commit is contained in:
Hanno Becker
2017-11-20 16:36:41 +00:00
parent 8d19bcf37f
commit e89353a6b4
3 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/ssl_tls.c
View File

@ -713,7 +713,15 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
* so we only need to adjust the length here.
*/
if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
{
transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
/* Fall back to old, non-compliant version of the truncated
* HMAC implementation which also truncates the key. */
mac_key_len = transform->maclen;
#endif
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
/* IV length */