tls13: Fix session resumption with 384 bits PSKs MBEDTLS_PSK_MAX_LEN main purpose is to determine a miximum size for the TLS 1.2 pre-master secret. This is not relevant to TLS 1.3 thus disable in TLS 1.3 case the check against MBEDTLS_PSK_MAX_LEN when setting during the handshake the PSK through mbedtls_ssl_set_hs_psk(). This fixes the session resumption with 384 bits PSKs when MBEDTLS_PSK_MAX_LEN is smaller than that. Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: 0a1c50415636405ab17a4b5a310d83d7fba0a64f [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Mon Feb 20 10:44:22 2023 +0100
committer: Ronald Cron <ronald.cron@arm.com> Mon Feb 20 11:42:19 2023 +0100
tree: 5c6fe97978ab6a3763bc0cfd93b2e0550e9fdb71
parent: 25e9ec61f07cd1d6fa8f483e03dbde8787f4f235 [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 86f5c0b..4312f15 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2145,9 +2145,12 @@
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    if (psk_len > MBEDTLS_PSK_MAX_LEN) {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+        psk_len > MBEDTLS_PSK_MAX_LEN) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
     ssl_remove_psk(ssl);
commit	0a1c50415636405ab17a4b5a310d83d7fba0a64f	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Mon Feb 20 10:44:22 2023 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Mon Feb 20 11:42:19 2023 +0100
tree	5c6fe97978ab6a3763bc0cfd93b2e0550e9fdb71
parent	25e9ec61f07cd1d6fa8f483e03dbde8787f4f235 [diff]