commit e980a994f0369ef2a8da123ae76688529cc65662
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jul 19 11:08:52 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Fri Jul 19 14:51:47 2013 +0200
tree a44fb9ca20b3a6b152f32d3c0c72815c1cdb88ed
parent 5b55b79021c7e30c8dc7a37e386fb79ed95db212

Add interface for truncated hmac

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 4e1d25a..1403ab3 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -148,6 +148,9 @@
 #define SSL_LEGACY_ALLOW_RENEGOTIATION  1
 #define SSL_LEGACY_BREAK_HANDSHAKE      2
 
+#define SSL_TRUNC_HMAC_DISABLED         0
+#define SSL_TRUNC_HMAC_ENABLED          1
+
 /*
  * Size of the input / output buffer.
  * Note: the RFC defines the default size of SSL / TLS messages. If you
@@ -540,6 +543,7 @@
     int disable_renegotiation;          /*!<  enable/disable renegotiation   */
     int allow_legacy_renegotiation;     /*!<  allow legacy renegotiation     */
     const int *ciphersuite_list[4];     /*!<  allowed ciphersuites / version */
+    int trunc_hmac;                     /*!<  negotiate truncated hmac?      */
 
 #if defined(POLARSSL_DHM_C)
     mpi dhm_P;                          /*!<  prime modulus for DHM   */
@@ -977,6 +981,16 @@
 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
 
 /**
+ * \brief          Activate negotiation of truncated HMAC (Client only)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         O if successful,
+ *                 POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
+ */
+int ssl_set_truncated_hmac( ssl_context *ssl );
+
+/**
  * \brief          Enable / Disable renegotiation support for connection when
  *                 initiated by peer
  *                 (Default: SSL_RENEGOTIATION_DISABLED)