Avoid possible miscast of PK key

I don't think this can cause a crash as the member accessed is in the
beginning of the context, so wouldn't be outside of valid memory if the actual
context was RSA.

Also, the mismatch will be caught later when checking signature, so the cert
chain will be rejected anyway.
This commit is contained in:
Manuel Pégourié-Gonnard 2017-10-18 14:57:11 +02:00
parent 900fba616f
commit 08c36635cb

View file

@ -208,7 +208,19 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH )
{
mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
mbedtls_ecp_group_id gid;
mbedtls_pk_type_t pk_type;
/* Avoid calling pk_ec() if this is not an EC key */
pk_type = mbedtls_pk_get_type( pk );
if( pk_type != MBEDTLS_PK_ECDSA &&
pk_type != MBEDTLS_PK_ECKEY &&
pk_type != MBEDTLS_PK_ECKEY_DH )
{
return( -1 );
}
gid = mbedtls_pk_ec( *pk )->grp.id;
if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
return( 0 );