From 94cf845c0540ce0938bdebea268400858de7938a Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 24 Mar 2023 16:43:34 +0100
Subject: [PATCH] Truncated hmac check

---
 wolfssl/wolfcrypt/settings.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 95ddcd513..6c8346e9a 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2965,6 +2965,12 @@ extern void uITRON4_free(void *p) ;
 #error "Dynamic session cache currently does not support persistent session cache."
 #endif
 
+#ifdef WOLFSSL_HARDEN_TLS
+    #ifdef HAVE_TRUNCATED_HMAC
+        #error "Truncated HMAC Extension not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.6"
+    #endif
+#endif
+
 #ifdef __cplusplus
     }   /* extern "C" */
 #endif