From 094432903603a19e23419652127c34475212a7d0 Mon Sep 17 00:00:00 2001
From: Valerio Setti <vsetti@baylibre.com>
Date: Thu, 1 Dec 2022 15:06:09 +0100
Subject: [PATCH] tls: pake: add check for empty passwords in
 mbedtls_ssl_set_hs_ecjpake_password()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
---
 library/ssl_tls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f1d286c7d7..47c02a6034 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1991,6 +1991,10 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
     else
         role = MBEDTLS_ECJPAKE_CLIENT;
 
+    /* Empty password is not valid  */
+    if( ( pw == NULL) || ( pw_len == 0 ) )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
     return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
                                    role,
                                    MBEDTLS_MD_SHA256,