TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 80300ad0d91ae6807bbe0379afcc4ee0c58a2a33^! / .
commit80300ad0d91ae6807bbe0379afcc4ee0c58a2a33[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Thu Jul 04 11:57:13 2013 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon Jul 08 17:32:26 2013 +0200
tree12f450d41fa718f26e15dca383099a38f87013d8
parenta9e54129b5b7fc9c690fd12cb7c20fcf014b12b3 [diff]
Add checks for pk_alg.

Used to be implicitly done by oid_get_pk_alg().

diff --git a/library/x509parse.c b/library/x509parse.c
index b231f80..a2ab085 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c

@@ -511,8 +511,11 @@
     /*
      * only RSA public keys handled at this time
      */
-    if( oid_get_pk_alg( pk_alg_oid, &pk_alg ) != 0 )
+    if( oid_get_pk_alg( pk_alg_oid, &pk_alg ) != 0 ||
+            pk_alg != POLARSSL_PK_RSA )
+    {
         return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
+    }
 
     if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
@@ -2256,8 +2259,11 @@
     /*
      * only RSA keys handled at this time
      */
-    if( oid_get_pk_alg( &pk_alg_oid, &pk_alg ) != 0 )
+    if( oid_get_pk_alg( &pk_alg_oid, &pk_alg ) != 0 ||
+            pk_alg != POLARSSL_PK_RSA )
+    {
         return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
+    }
 
     /*
      * Get the OCTET STRING and parse the PKCS#1 format inside