Merge pull request #6533 from valeriosetti/issue5847

Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00 · 2022-11-23 13:27:30 +01:00 · ef25a99f20
commit ef25a99f20
parent 1d1d53622f 99d88c1ab4
8 changed files with 501 additions and 10 deletions
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@ -113,7 +113,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
 * \param curve     The identifier of the elliptic curve to use,
 *                  for example #MBEDTLS_ECP_DP_SECP256R1.
 * \param secret    The pre-shared secret (passphrase). This must be
- *                  a readable buffer of length \p len Bytes. It need
+ *                  a readable not empty buffer of length \p len Bytes. It need
 *                  only be valid for the duration of this call.
 * \param len       The length of the pre-shared secret \p secret.
 *
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -3856,9 +3856,10 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
 * \note           The SSL context needs to be already set up. The right place
 *                 to call this function is between \c mbedtls_ssl_setup() or
 *                 \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
+ *                 Password cannot be empty (see RFC 8236).
 *
 * \param ssl      SSL context
- * \param pw       EC J-PAKE password (pre-shared secret)
+ * \param pw       EC J-PAKE password (pre-shared secret). It cannot be empty
 * \param pw_len   length of pw in bytes
 *
 * \return         0 on success, or a negative error code.