Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

commit: be52f500c8cc5974898949a58785fd3436fca817 [log] [tgz]
author: Neil Armstrong <narmstrong@baylibre.com> Mon Mar 07 14:17:26 2022 +0100
committer: Neil Armstrong <narmstrong@baylibre.com> Mon Mar 07 14:33:21 2022 +0100
tree: 567907dd81d4e9e5dff218245f5d1d6198c1e630
parent: 7cd0270d6c9e0b4afc3d72ed0e908cd0a1a50477 [diff] [blame]
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index a742888..155edfd 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c

@@ -121,10 +121,11 @@
     if( alg == 0 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    ctx->psa_hmac_alg = PSA_ALG_HMAC( alg );
+    ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( alg ),
+                                               COOKIE_HMAC_LEN );
 
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
-    psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+    psa_set_key_algorithm( &attributes, ctx->psa_hmac_alg );
     psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
     psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
commit	be52f500c8cc5974898949a58785fd3436fca817	[log] [tgz]
author	Neil Armstrong <narmstrong@baylibre.com>	Mon Mar 07 14:17:26 2022 +0100
committer	Neil Armstrong <narmstrong@baylibre.com>	Mon Mar 07 14:33:21 2022 +0100
tree	567907dd81d4e9e5dff218245f5d1d6198c1e630
parent	7cd0270d6c9e0b4afc3d72ed0e908cd0a1a50477 [diff] [blame]