From 1aa6e8d6e9f5af25c24a2484d774f9a879aa873a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Feb 2023 09:46:54 +0100 Subject: [PATCH] Restore same PSK length enforcement Restore same PSK length enforcement in conf_psk and set_hs_psk, whether the negotiated protocol is TLS 1.2 or TLS 1.3. Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 2 +- include/mbedtls/ssl.h | 16 +++++++++++++++- library/ssl_tls.c | 5 +---- tests/ssl-opt.sh | 2 +- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9ae51c964a..4c676c520d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3761,7 +3761,7 @@ */ //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ +//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ /** diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b954bb458..0df142d685 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -599,8 +599,22 @@ * Size defines */ #if !defined(MBEDTLS_PSK_MAX_LEN) -#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ +/* + * If the library supports TLS 1.3 tickets and the cipher suite + * TLS1-3-AES-256-GCM-SHA384, set the PSK maximum length to 48 instead of 32. + * That way, the TLS 1.3 client and server are able to resume sessions where + * the cipher suite was TLS1-3-AES-256-GCM-SHA384 (pre-shared keys are 48 + * bytes long is that case). + */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && \ + defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ +#else +#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ #endif +#endif /* !MBEDTLS_PSK_MAX_LEN */ /* Dummy type used only for its size */ union mbedtls_ssl_premaster_secret { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4312f154af..86f5c0b555 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2145,12 +2145,9 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - psk_len > MBEDTLS_PSK_MAX_LEN) { + if (psk_len > MBEDTLS_PSK_MAX_LEN) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ ssl_remove_psk(ssl); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b1ee654938..6794068731 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13239,7 +13239,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ + "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-AES-256-GCM -V -r" \ 0 \ -c "Connecting again- trying to resume previous session" \ -c "NEW SESSION TICKET (4) was received" \