tls: pake: minor adjustments

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-12-07 14:40:38 +01:00
parent ba22c9c1ff
commit c689ed8633
2 changed files with 10 additions and 11 deletions

View file

@ -3864,8 +3864,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
/** /**
* \brief Set the EC J-PAKE opaque password for current handshake. * \brief Set the EC J-PAKE opaque password for current handshake.
* *
* \note The input key in not copied, so the caller must not destroy * \note The key must remain valid until the handshake is over.
* it before the handshake is over.
* *
* \note The SSL context needs to be already set up. The right place * \note The SSL context needs to be already set up. The right place
* to call this function is between \c mbedtls_ssl_setup() or * to call this function is between \c mbedtls_ssl_setup() or

View file

@ -1932,11 +1932,6 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
if( ssl->handshake == NULL || ssl->conf == NULL ) if( ssl->handshake == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
psa_role = PSA_PAKE_ROLE_SERVER;
else
psa_role = PSA_PAKE_ROLE_CLIENT;
if( mbedtls_svc_key_id_is_null( pwd ) ) if( mbedtls_svc_key_id_is_null( pwd ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->handshake->psa_pake_password = pwd; ssl->handshake->psa_pake_password = pwd;
@ -1952,6 +1947,11 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto error; goto error;
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
psa_role = PSA_PAKE_ROLE_SERVER;
else
psa_role = PSA_PAKE_ROLE_CLIENT;
status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role ); status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto error; goto error;
@ -1979,15 +1979,15 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
if( ssl->handshake == NULL || ssl->conf == NULL ) if( ssl->handshake == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* Empty password is not valid */
if( ( pw == NULL) || ( pw_len == 0 ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
role = MBEDTLS_ECJPAKE_SERVER; role = MBEDTLS_ECJPAKE_SERVER;
else else
role = MBEDTLS_ECJPAKE_CLIENT; role = MBEDTLS_ECJPAKE_CLIENT;
/* Empty password is not valid */
if( ( pw == NULL) || ( pw_len == 0 ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
role, role,
MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA256,