Merge option to disable truncated hmac on the server-side

2015-01-14 16:16:55 +01:00 · 2015-01-14 16:16:55 +01:00 · c82b7e2003
commit c82b7e2003
parent e522d0fa57 265fe997ff
7 changed files with 80 additions and 24 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -633,7 +633,8 @@ static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,

    ((void) buf);

-    ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+    if( ssl->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
+        ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;

    return( 0 );
 }
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3833,6 +3833,11 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
    if( endpoint == SSL_IS_CLIENT )
        ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
 #endif
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+    if( endpoint == SSL_IS_SERVER )
+        ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+#endif
 }

 void ssl_set_authmode( ssl_context *ssl, int authmode )
@ -4258,9 +4263,6 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
 {
-    if( ssl->endpoint != SSL_IS_CLIENT )
-        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
    ssl->trunc_hmac = truncate;

    return( 0 );