From 053b3459d41070717f1ef79bdeae0e5d439f7d89 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 20 Nov 2017 16:36:41 +0000 Subject: [PATCH] Add fallback to non-compliant truncated HMAC for compatibiltiy In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to temporarily fall back to the old, non-compliant implementation of the truncated HMAC extension. --- include/mbedtls/check_config.h | 4 ++++ include/mbedtls/config.h | 16 ++++++++++++++++ library/ssl_tls.c | 8 ++++++++ 3 files changed, 28 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8dadbe1c5..33ea22a77 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -77,6 +77,10 @@ #error "MBEDTLS_DHM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC) +#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0c51fead7..b174d8a2f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1183,6 +1183,22 @@ */ #define MBEDTLS_SSL_TRUNCATED_HMAC +/** + * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT + * + * Fallback to old, non-conforming implementation of the truncated + * HMAC extension which also truncates the HMAC key. + * + * \warning This should only be enabled temporarily when the use + * of truncated HMAC is mandatory *and* the peer is an Mbed TLS + * stack that doesn't use the fixed implementation yet. + * + * Uncomment to fallback to old, non-compliant truncated HMAC implementation. + * + * Requires: MBEDTLS_SSL_TRUNCATED_HMAC + */ +//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT + /** * \def MBEDTLS_THREADING_ALT * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f27b95ce6..f0cc95f9c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -714,7 +714,15 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * so we only need to adjust the length here. */ if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) + { transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; + +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) + /* Fall back to old, non-compliant version of the truncated + * HMAC implementation which also truncates the key. */ + mac_key_len = transform->maclen; +#endif + } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ /* IV length */