Avoid comparing size between RSA and EC keys

This commit is contained in:
Manuel Pégourié-Gonnard 2017-10-24 10:51:26 +02:00
parent 08c36635cb
commit 19773ff835

View file

@ -193,9 +193,18 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
mbedtls_pk_type_t pk_alg,
const mbedtls_pk_context *pk )
{
const mbedtls_pk_type_t pk_type = mbedtls_pk_get_type( pk );
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
{
/* Avoid comparing size between RSA and ECC */
if( pk_type != MBEDTLS_PK_RSA &&
pk_type != MBEDTLS_PK_RSASSA_PSS )
{
return( -1 );
}
if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
return( 0 );
@ -209,10 +218,8 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
pk_alg == MBEDTLS_PK_ECKEY_DH )
{
mbedtls_ecp_group_id gid;
mbedtls_pk_type_t pk_type;
/* Avoid calling pk_ec() if this is not an EC key */
pk_type = mbedtls_pk_get_type( pk );
if( pk_type != MBEDTLS_PK_ECDSA &&
pk_type != MBEDTLS_PK_ECKEY &&
pk_type != MBEDTLS_PK_ECKEY_DH )