diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cbf90ccee..ea3cfd859 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1347,45 +1347,45 @@ psa_status_t psa_crypto_driver_pake_get_role( const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_role_t *role); -/** Get the lengths of the user in bytes from given inputs. +/** Get the lengths of the user id in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] user_len Return buffer for user length. + * \param[out] user_len Return buffer for user id length. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * User hasn't been set yet. + * User id hasn't been set yet. */ psa_status_t psa_crypto_driver_pake_get_user_len( const psa_crypto_driver_pake_inputs_t *inputs, size_t *user_len); -/** Get the lengths of the peer in bytes from given inputs. +/** Get the lengths of the peer id in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] peer_len Return buffer for peer length. + * \param[out] peer_len Return buffer for peer id length. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * Peer hasn't been set yet. + * Peer id hasn't been set yet. */ psa_status_t psa_crypto_driver_pake_get_peer_len( const psa_crypto_driver_pake_inputs_t *inputs, size_t *peer_len); -/** Get the user from given inputs. +/** Get the user id from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] buffer Return buffer for user. + * \param[out] buffer Return buffer for user id. * \param buffer_size Size of the return buffer in bytes. * \param[out] buffer_length Actual size of the password in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * User hasn't been set yet. + * User id hasn't been set yet. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p buffer is too small. */ @@ -1393,17 +1393,17 @@ psa_status_t psa_crypto_driver_pake_get_user( const psa_crypto_driver_pake_inputs_t *inputs, uint8_t *buffer, size_t buffer_size, size_t *buffer_length); -/** Get the peer from given inputs. +/** Get the peer id from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] buffer Return buffer for user. + * \param[out] buffer Return buffer for user id. * \param buffer_size Size of the return buffer in bytes. * \param[out] buffer_length Actual size of the password in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * Peer hasn't been set yet. + * Peer id hasn't been set yet. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p buffer is too small. */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7422cbb59..bcdf68336 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7401,7 +7401,7 @@ psa_status_t psa_pake_set_user( goto exit; } - /* Allow only "client" or "server" values. */ + /* Allow only "client" or "server" values (temporary restriction). */ if (memcmp(peer_id, PSA_JPAKE_SERVER_ID, peer_id_len) != 0 && memcmp(peer_id, PSA_JPAKE_CLIENT_ID, peer_id_len) != 0) { status = PSA_ERROR_NOT_SUPPORTED; @@ -7445,7 +7445,7 @@ psa_status_t psa_pake_set_peer( goto exit; } - /* Allow only "client" or "server" values. */ + /* Allow only "client" or "server" values (temporary restriction). */ if (memcmp(user_id, PSA_JPAKE_SERVER_ID, user_id_len) != 0 && memcmp(user_id, PSA_JPAKE_CLIENT_ID, user_id_len) != 0) { status = PSA_ERROR_NOT_SUPPORTED; @@ -7591,6 +7591,8 @@ static psa_status_t psa_pake_complete_inputs( /* User and peer are translated to role. */ mbedtls_free(inputs.user); mbedtls_free(inputs.peer); + inputs.user = NULL; inputs.user_len = 0; + inputs.peer = NULL; inputs.peer_len = 0; if (status == PSA_SUCCESS) { #if defined(PSA_WANT_ALG_JPAKE)