Add fallback to non-compliant truncated HMAC for compatibiltiy In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to temporarily fall back to the old, non-compliant implementation of the truncated HMAC extension.

commit: e89353a6b4aaa91a9e7a89ae047174928699fa19 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Nov 20 16:36:41 2017 +0000
committer: Hanno Becker <hanno.becker@arm.com> Mon Nov 20 16:50:43 2017 +0000
tree: 6365d2ac24dde19c997cd4ad8741de7e65dd1ded
parent: 8d19bcf37ff7fe26127d2a6c2f2e52c44137fe8d [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index eda49d6..62de5f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -713,7 +713,15 @@
          * so we only need to adjust the length here.
          */
         if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
+        {
             transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
+            /* Fall back to old, non-compliant version of the truncated
+             * HMAC implementation which also truncates the key. */
+            mac_key_len = transform->maclen;
+#endif
+        }
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
 
         /* IV length */
commit	e89353a6b4aaa91a9e7a89ae047174928699fa19	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Nov 20 16:36:41 2017 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Mon Nov 20 16:50:43 2017 +0000
tree	6365d2ac24dde19c997cd4ad8741de7e65dd1ded
parent	8d19bcf37ff7fe26127d2a6c2f2e52c44137fe8d [diff] [blame]