lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-15 17:26:45 +03:00
Code Activity

Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash)

Browse Source 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
This commit is contained in:
Anton Matkin
2025-05-28 20:02:35 +02:00
parent 143d5d8a3a
commit 6eb5335ef0
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/ssl_tls.c
View File

@@ -1808,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
}
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
status = psa_import_key(&attributes, pw, pw_len,

2
programs/ssl/ssl_client2.c
View File

@@ -2059,7 +2059,7 @@ usage:
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
status = psa_import_key(&attributes,

2
programs/ssl/ssl_server2.c
View File

@@ -3336,7 +3336,7 @@ reset:
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
status = psa_import_key(&attributes,

2
tests/suites/test_suite_ssl.function
View File

@@ -3973,7 +3973,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
/* First try with an invalid usage */
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
PSA_ASSERT(psa_import_key(&attributes, pwd_string,