tls: pake: minor adjustments
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
parent
ba22c9c1ff
commit
c689ed8633
2 changed files with 10 additions and 11 deletions
|
@ -3864,8 +3864,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||||
/**
|
/**
|
||||||
* \brief Set the EC J-PAKE opaque password for current handshake.
|
* \brief Set the EC J-PAKE opaque password for current handshake.
|
||||||
*
|
*
|
||||||
* \note The input key in not copied, so the caller must not destroy
|
* \note The key must remain valid until the handshake is over.
|
||||||
* it before the handshake is over.
|
|
||||||
*
|
*
|
||||||
* \note The SSL context needs to be already set up. The right place
|
* \note The SSL context needs to be already set up. The right place
|
||||||
* to call this function is between \c mbedtls_ssl_setup() or
|
* to call this function is between \c mbedtls_ssl_setup() or
|
||||||
|
|
|
@ -1932,11 +1932,6 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
|
||||||
if( ssl->handshake == NULL || ssl->conf == NULL )
|
if( ssl->handshake == NULL || ssl->conf == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
|
||||||
psa_role = PSA_PAKE_ROLE_SERVER;
|
|
||||||
else
|
|
||||||
psa_role = PSA_PAKE_ROLE_CLIENT;
|
|
||||||
|
|
||||||
if( mbedtls_svc_key_id_is_null( pwd ) )
|
if( mbedtls_svc_key_id_is_null( pwd ) )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
ssl->handshake->psa_pake_password = pwd;
|
ssl->handshake->psa_pake_password = pwd;
|
||||||
|
@ -1952,6 +1947,11 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||||
|
psa_role = PSA_PAKE_ROLE_SERVER;
|
||||||
|
else
|
||||||
|
psa_role = PSA_PAKE_ROLE_CLIENT;
|
||||||
|
|
||||||
status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
|
status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto error;
|
goto error;
|
||||||
|
@ -1979,15 +1979,15 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||||
if( ssl->handshake == NULL || ssl->conf == NULL )
|
if( ssl->handshake == NULL || ssl->conf == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
/* Empty password is not valid */
|
||||||
|
if( ( pw == NULL) || ( pw_len == 0 ) )
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||||
role = MBEDTLS_ECJPAKE_SERVER;
|
role = MBEDTLS_ECJPAKE_SERVER;
|
||||||
else
|
else
|
||||||
role = MBEDTLS_ECJPAKE_CLIENT;
|
role = MBEDTLS_ECJPAKE_CLIENT;
|
||||||
|
|
||||||
/* Empty password is not valid */
|
|
||||||
if( ( pw == NULL) || ( pw_len == 0 ) )
|
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
|
return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
|
||||||
role,
|
role,
|
||||||
MBEDTLS_MD_SHA256,
|
MBEDTLS_MD_SHA256,
|
||||||
|
|
Loading…
Reference in a new issue