PSK identity hint lengths don't match RFC 4279 (doesn't support identity hint length of 0 from client) #614
Labels
Comments
|
Thank you for your report. Based on the triage you are correct in marking this as an issue. |
|
ARM Internal Ref: IOTSSL-986 |
Draft
simonbutcher
pushed a commit
to simonbutcher/mbedtls
that referenced
this issue
May 6, 2020
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
iameli
pushed a commit
to livepeer/mbedtls
that referenced
this issue
Dec 5, 2023
Call `set_aad` and `get_tag` in AEAD performance tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In RFC 4279, the PSK identity is defined as "opaque psk_identity<0..2^16-1>". RFC 4279 link
However, in the ssl_srv.c, it is indicating that if the PSK identity length is < 1, to return an error of MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE.
in - ssl_srv.c - ssl_parse_client_psk_identity()
if( n < 1 || n > 65535 || *p + n > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); }There are a few other places in code where it is checking for existence of an identity hint based on the length of the ssl->conf->psk_identity_len == 0 that may be suspect as well.
For security purposes some implementations utilizing TLS with a PSK based ciphersuite may not want to pass anything as a client identity. However, that is currently not possible with the server side implementation.
The text was updated successfully, but these errors were encountered: