From be52f500c8cc5974898949a58785fd3436fca817 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Mon, 7 Mar 2022 14:17:26 +0100
Subject: [PATCH] Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in
 mbedtls_ssl_cookie_setup()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index a742888a4..155edfdac 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -121,10 +121,11 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     if( alg == 0 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    ctx->psa_hmac_alg = PSA_ALG_HMAC( alg );
+    ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( alg ),
+                                               COOKIE_HMAC_LEN );
 
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
-    psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+    psa_set_key_algorithm( &attributes, ctx->psa_hmac_alg );
     psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
     psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );