commit 19773ff8357865b0ebd4af44a0c8c4a09f7d85f8
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Oct 24 10:51:26 2017 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Oct 24 10:51:26 2017 +0200
tree c4798313bbd42cc20c9d465a7f86a12bd9b2a326
parent 08c36635cb9ec160e0b8150ce0fce6437e2ab55e

Avoid comparing size between RSA and EC keys

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 8f8f693..a851998 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -193,9 +193,18 @@
                                    mbedtls_pk_type_t pk_alg,
                                    const mbedtls_pk_context *pk )
 {
+    const mbedtls_pk_type_t pk_type = mbedtls_pk_get_type( pk );
+
 #if defined(MBEDTLS_RSA_C)
     if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
     {
+        /* Avoid comparing size between RSA and ECC */
+        if( pk_type != MBEDTLS_PK_RSA &&
+            pk_type != MBEDTLS_PK_RSASSA_PSS )
+        {
+            return( -1 );
+        }
+
         if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
             return( 0 );
 
@@ -209,10 +218,8 @@
         pk_alg == MBEDTLS_PK_ECKEY_DH )
     {
         mbedtls_ecp_group_id gid;
-        mbedtls_pk_type_t pk_type;
 
         /* Avoid calling pk_ec() if this is not an EC key */
-        pk_type = mbedtls_pk_get_type( pk );
         if( pk_type != MBEDTLS_PK_ECDSA &&
             pk_type != MBEDTLS_PK_ECKEY &&
             pk_type != MBEDTLS_PK_ECKEY_DH )