Made support for the truncated_hmac extension configurable
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 772b2c9..a80a769 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -302,6 +302,7 @@
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
unsigned char *buf, size_t *olen )
{
@@ -323,6 +324,7 @@
*olen = 4;
}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static void ssl_write_session_ticket_ext( ssl_context *ssl,
@@ -553,8 +555,10 @@
ext_len += olen;
#endif
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
+#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
@@ -645,6 +649,7 @@
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
const unsigned char *buf,
size_t len )
@@ -661,6 +666,7 @@
return( 0 );
}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_parse_session_ticket_ext( ssl_context *ssl,
@@ -910,6 +916,7 @@
break;
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
case TLS_EXT_TRUNCATED_HMAC:
SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
@@ -920,6 +927,7 @@
}
break;
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
case TLS_EXT_SESSION_TICKET:
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ff0e9d1..2b6f06f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -581,6 +581,7 @@
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
const unsigned char *buf,
size_t len )
@@ -597,6 +598,7 @@
return( 0 );
}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_parse_session_ticket_ext( ssl_context *ssl,
@@ -1186,6 +1188,7 @@
break;
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
case TLS_EXT_TRUNCATED_HMAC:
SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
@@ -1193,6 +1196,7 @@
if( ret != 0 )
return( ret );
break;
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
case TLS_EXT_SESSION_TICKET:
@@ -1313,6 +1317,7 @@
return( 0 );
}
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
unsigned char *buf,
size_t *olen )
@@ -1335,6 +1340,7 @@
*olen = 4;
}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static void ssl_write_session_ticket_ext( ssl_context *ssl,
@@ -1562,8 +1568,10 @@
ext_len += olen;
#endif
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
+#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1281bc8..039b536 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -516,6 +516,7 @@
transform->maclen = md_get_size( md_info );
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
/*
* If HMAC is to be truncated, we shall keep the leftmost bytes,
* (rfc 6066 page 13 or rfc 2104 section 4),
@@ -523,6 +524,7 @@
*/
if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
transform->maclen = SSL_TRUNCATED_HMAC_LEN;
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
}
transform->keylen = cipher_info->key_length;
@@ -3255,6 +3257,7 @@
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
{
if( ssl->endpoint != SSL_IS_CLIENT )
@@ -3264,6 +3267,7 @@
return( 0 );
}
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
{