tls: pake: add check for empty passwords in mbedtls_ssl_set_hs_ecjpake_password()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2025-01-30 15:32:58 +00:00 · 2022-12-01 15:06:09 +01:00 · 2022-12-01 15:06:09 +01:00 · 0944329036
commit 0944329036
parent a6b69dabc5
1 changed files with 4 additions and 0 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1991,6 +1991,10 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
    else
        role = MBEDTLS_ECJPAKE_CLIENT;

+    /* Empty password is not valid  */
+    if( ( pw == NULL) || ( pw_len == 0 ) )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
    return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
                                   role,
                                   MBEDTLS_MD_SHA256,