tls13: Fix session resumption with 384 bits PSKs
MBEDTLS_PSK_MAX_LEN main purpose is to determine
a miximum size for the TLS 1.2 pre-master secret.
This is not relevant to TLS 1.3 thus disable in
TLS 1.3 case the check against MBEDTLS_PSK_MAX_LEN
when setting during the handshake the PSK through
mbedtls_ssl_set_hs_psk(). This fixes the session
resumption with 384 bits PSKs when MBEDTLS_PSK_MAX_LEN
is smaller than that.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 86f5c0b..4312f15 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2145,9 +2145,12 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- if (psk_len > MBEDTLS_PSK_MAX_LEN) {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+ psk_len > MBEDTLS_PSK_MAX_LEN) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
ssl_remove_psk(ssl);
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b15fe16..3f8b203 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -13222,7 +13222,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: resumption failure, PSK len too big, G->m" \
+run_test "TLS 1.3: NewSessionTicket: Basic check" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
0 \
@@ -13231,9 +13231,31 @@
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
-s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
- -s "mbedtls_ssl_set_hs_psk() returned" \
-s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral"
+ -s "key exchange mode: psk_ephemeral" \
+ -s "found pre_shared_key extension"
+
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
+run_test "TLS 1.3: NewSessionTicket: Basic check with AES-256-GCM only, G->m" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
+ 0 \
+ -c "Connecting again- trying to resume previous session" \
+ -c "NEW SESSION TICKET (4) was received" \
+ -s "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
+ -s "=> write NewSessionTicket msg" \
+ -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
+ -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -s "found pre_shared_key extension"
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C