From 08c36635cb9ec160e0b8150ce0fce6437e2ab55e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 18 Oct 2017 14:57:11 +0200
Subject: [PATCH] Avoid possible miscast of PK key

I don't think this can cause a crash as the member accessed is in the
beginning of the context, so wouldn't be outside of valid memory if the actual
context was RSA.

Also, the mismatch will be caught later when checking signature, so the cert
chain will be rejected anyway.
---
 library/x509_crt.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index e8a46da09..8f8f6930c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -208,7 +208,19 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
         pk_alg == MBEDTLS_PK_ECKEY ||
         pk_alg == MBEDTLS_PK_ECKEY_DH )
     {
-        mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
+        mbedtls_ecp_group_id gid;
+        mbedtls_pk_type_t pk_type;
+
+        /* Avoid calling pk_ec() if this is not an EC key */
+        pk_type = mbedtls_pk_get_type( pk );
+        if( pk_type != MBEDTLS_PK_ECDSA &&
+            pk_type != MBEDTLS_PK_ECKEY &&
+            pk_type != MBEDTLS_PK_ECKEY_DH )
+        {
+            return( -1 );
+        }
+
+        gid = mbedtls_pk_ec( *pk )->grp.id;
 
         if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
             return( 0 );