lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

tls13: Fix session resumption with 384 bits PSKs

Browse Source 
MBEDTLS_PSK_MAX_LEN main purpose is to determine
a miximum size for the TLS 1.2 pre-master secret.

This is not relevant to TLS 1.3 thus disable in
TLS 1.3 case the check against MBEDTLS_PSK_MAX_LEN
when setting during the handshake the PSK through
mbedtls_ssl_set_hs_psk(). This fixes the session
resumption with 384 bits PSKs when MBEDTLS_PSK_MAX_LEN
is smaller than that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2023-02-20 10:44:22 +01:00
parent 25e9ec61f0
commit 0a1c504156
2 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
library/ssl_tls.c
View File

@ -2145,9 +2145,12 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
if (psk_len > MBEDTLS_PSK_MAX_LEN) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
psk_len > MBEDTLS_PSK_MAX_LEN) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
ssl_remove_psk(ssl);