Commit 277f7f23 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard Committed by Paul Bakker

Implement hmac truncation

parent 57c28528
......@@ -150,6 +150,7 @@
#define SSL_TRUNC_HMAC_DISABLED 0
#define SSL_TRUNC_HMAC_ENABLED 1
#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
/*
* Size of the input / output buffer.
......
......@@ -475,6 +475,14 @@ int ssl_derive_keys( ssl_context *ssl )
}
transform->maclen = md_get_size( md_info );
/*
* If HMAC is to be truncated, we shall keep the leftmost bytes,
* (rfc 6066 page 13 or rfc 2104 section 4),
* so we only need to adjust the length here.
*/
if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
transform->maclen = SSL_TRUNCATED_HMAC_LEN;
}
transform->keylen = cipher_info->key_length;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment