Implement hmac truncation

This commit is contained in:
Manuel Pégourié-Gonnard 2013-07-19 12:19:21 +02:00 committed by Paul Bakker
parent 57c2852807
commit 277f7f23e2
2 changed files with 9 additions and 0 deletions

View file

@ -150,6 +150,7 @@
#define SSL_TRUNC_HMAC_DISABLED 0
#define SSL_TRUNC_HMAC_ENABLED 1
#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
/*
* Size of the input / output buffer.

View file

@ -475,6 +475,14 @@ int ssl_derive_keys( ssl_context *ssl )
}
transform->maclen = md_get_size( md_info );
/*
* If HMAC is to be truncated, we shall keep the leftmost bytes,
* (rfc 6066 page 13 or rfc 2104 section 4),
* so we only need to adjust the length here.
*/
if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
transform->maclen = SSL_TRUNCATED_HMAC_LEN;
}
transform->keylen = cipher_info->key_length;