yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 10:55:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid possible miscast of PK key

Browse Source 
I don't think this can cause a crash as the member accessed is in the
beginning of the context, so wouldn't be outside of valid memory if the actual
context was RSA.

Also, the mismatch will be caught later when checking signature, so the cert
chain will be rejected anyway.
This commit is contained in:
Manuel Pégourié-Gonnard 2017-10-18 14:57:11 +02:00
parent 900fba616f
commit 08c36635cb
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
library/x509_crt.c
View File

@ -208,7 +208,19 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH )
{
mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
mbedtls_ecp_group_id gid;
mbedtls_pk_type_t pk_type;
/* Avoid calling pk_ec() if this is not an EC key */
pk_type = mbedtls_pk_get_type( pk );
if( pk_type != MBEDTLS_PK_ECDSA &&
pk_type != MBEDTLS_PK_ECKEY &&
pk_type != MBEDTLS_PK_ECKEY_DH )
{
return( -1 );
}
gid = mbedtls_pk_ec( *pk )->grp.id;
if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
return( 0 );