Changed prototype for ssl_set_truncated_hmac() to allow disabling

This commit is contained in:
Paul Bakker 2013-07-19 14:14:37 +02:00
parent 277f7f23e2
commit 8c1ede655f
3 changed files with 7 additions and 4 deletions

View file

@ -986,13 +986,16 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
/**
* \brief Activate negotiation of truncated HMAC (Client only)
* (Default: SSL_TRUNC_HMAC_ENABLED)
*
* \param ssl SSL context
* \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
* SSL_TRUNC_HMAC_DISABLED)
*
* \return O if successful,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
*/
int ssl_set_truncated_hmac( ssl_context *ssl );
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
/**
* \brief Enable / Disable renegotiation support for connection when

View file

@ -3149,12 +3149,12 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
return( 0 );
}
int ssl_set_truncated_hmac( ssl_context *ssl )
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
{
if( ssl->endpoint != SSL_IS_CLIENT )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
ssl->trunc_hmac = truncate;
return( 0 );
}

View file

@ -634,7 +634,7 @@ int main( int argc, char *argv[] )
ssl_set_max_frag_len( &ssl, opt.mfl_code );
if( opt.trunc_hmac != 0 )
ssl_set_truncated_hmac( &ssl );
ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );