mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 15:14:17 +01:00
check matching issuer crt and key for all algs
use mbedtls_pk_check_pair to verify if issuer certificate and issuer key match, instad of explicitely comparing RSA public component. Raised and fix suggested by dbedev in #777
This commit is contained in:
parent
cef21e4cd9
commit
0049f7857d
@ -497,11 +497,7 @@ int main( int argc, char *argv[] )
|
|||||||
//
|
//
|
||||||
if( strlen( opt.issuer_crt ) )
|
if( strlen( opt.issuer_crt ) )
|
||||||
{
|
{
|
||||||
if( !mbedtls_pk_can_do( &issuer_crt.pk, MBEDTLS_PK_RSA ) ||
|
if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 )
|
||||||
mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->N,
|
|
||||||
&mbedtls_pk_rsa( *issuer_key )->N ) != 0 ||
|
|
||||||
mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E,
|
|
||||||
&mbedtls_pk_rsa( *issuer_key )->E ) != 0 )
|
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
|
mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
Loading…
Reference in New Issue
Block a user