Made support for the truncated_hmac extension configurable
This commit is contained in:
Paul Bakker
parent
05decb24c3
commit
1f2bc6238b
6 changed files with 45 additions and 1 deletions
|
|
@ -302,6 +302,7 @@ static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
|
|||
}
|
||||
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
|
||||
unsigned char *buf, size_t *olen )
|
||||
{
|
||||
|
|
@ -323,6 +324,7 @@ static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
|
|||
|
||||
*olen = 4;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
static void ssl_write_session_ticket_ext( ssl_context *ssl,
|
||||
|
|
@ -553,8 +555,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
|
||||
|
|
@ -645,6 +649,7 @@ static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
|
|||
}
|
||||
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
|
@ -661,6 +666,7 @@ static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
static int ssl_parse_session_ticket_ext( ssl_context *ssl,
|
||||
|
|
@ -910,6 +916,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
break;
|
||||
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
case TLS_EXT_TRUNCATED_HMAC:
|
||||
SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
|
||||
|
||||
|
|
@ -920,6 +927,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
}
|
||||
|
||||
break;
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
case TLS_EXT_SESSION_TICKET:
|
||||
|
|
|
|||
|
|
@ -581,6 +581,7 @@ static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
|
|||
}
|
||||
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
|
@ -597,6 +598,7 @@ static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
static int ssl_parse_session_ticket_ext( ssl_context *ssl,
|
||||
|
|
@ -1186,6 +1188,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||
break;
|
||||
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
case TLS_EXT_TRUNCATED_HMAC:
|
||||
SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
|
||||
|
||||
|
|
@ -1193,6 +1196,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
case TLS_EXT_SESSION_TICKET:
|
||||
|
|
@ -1313,6 +1317,7 @@ have_ciphersuite:
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
|
|
@ -1335,6 +1340,7 @@ static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
|
|||
|
||||
*olen = 4;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
static void ssl_write_session_ticket_ext( ssl_context *ssl,
|
||||
|
|
@ -1562,8 +1568,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
|
||||
|
|
|
|||
|
|
@ -516,6 +516,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
|
||||
transform->maclen = md_get_size( md_info );
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
/*
|
||||
* If HMAC is to be truncated, we shall keep the leftmost bytes,
|
||||
* (rfc 6066 page 13 or rfc 2104 section 4),
|
||||
|
|
@ -523,6 +524,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
*/
|
||||
if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
|
||||
transform->maclen = SSL_TRUNCATED_HMAC_LEN;
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
}
|
||||
|
||||
transform->keylen = cipher_info->key_length;
|
||||
|
|
@ -3255,6 +3257,7 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
|
|||
}
|
||||
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
|
||||
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
|
||||
{
|
||||
if( ssl->endpoint != SSL_IS_CLIENT )
|
||||
|
|
@ -3264,6 +3267,7 @@ int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
|
||||
|
||||
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue