Add interface for truncated hmac
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 56d0e91..60e6f7e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -58,6 +58,7 @@
#define DFL_MAX_VERSION -1
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
+#define DFL_TRUNC_HMAC 0
#define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \
"-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
@@ -94,6 +95,7 @@
int max_version; /* maximum protocol version accepted */
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* negotiate truncated hmac or not */
} opt;
static void my_debug( void *ctx, int level, const char *str )
@@ -191,6 +193,7 @@
" options: none, optional, required\n" \
" max_frag_len=%%d default: 16384 (tls default)" \
" options: 512, 1024, 2048, 4096" \
+ " trunc_hmac=%%d default: 0 (disabled)\n" \
USAGE_PSK \
"\n" \
" force_ciphersuite=<name> default: all enabled\n"\
@@ -281,6 +284,7 @@
opt.max_version = DFL_MAX_VERSION;
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
for( i = 1; i < argc; i++ )
{
@@ -416,6 +420,12 @@
else
goto usage;
}
+ else if( strcmp( p, "trunc_hmac" ) == 0 )
+ {
+ opt.trunc_hmac = atoi( q );
+ if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
+ goto usage;
+ }
else
goto usage;
}
@@ -623,6 +633,9 @@
ssl_set_max_frag_len( &ssl, opt.mfl_code );
+ if( opt.trunc_hmac != 0 )
+ ssl_set_truncated_hmac( &ssl );
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
