Add fallback to non-compliant truncated HMAC for compatibiltiy
In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated
yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to
temporarily fall back to the old, non-compliant implementation of the truncated
HMAC extension.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index fa72454..bc77b21 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -77,6 +77,10 @@
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_CMAC_C) && \
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 47c7196..de49d3a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1364,6 +1364,22 @@
#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+ *
+ * Fallback to old, non-conforming implementation of the truncated
+ * HMAC extension which also truncates the HMAC key.
+ *
+ * \warning This should only be enabled temporarily when the use
+ * of truncated HMAC is mandatory *and* the peer is an Mbed TLS
+ * stack that doesn't use the fixed implementation yet.
+ *
+ * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
+ *
+ * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
+ */
+//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+
+/**
* \def MBEDTLS_THREADING_ALT
*
* Provide your own alternate threading implementation.