Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash)

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
2025-10-20 03:32:32 +03:00 · 2025-05-28 20:02:35 +02:00
parent 143d5d8a3a
commit 6eb5335ef0
4 changed files with 4 additions and 4 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1808,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
    }

    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
-    psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
+    psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
    psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);

    status = psa_import_key(&attributes, pw, pw_len,