cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add a check for multiple curve specification

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-07-04 12:04:57 +02:00
parent 80300ad0d9
commit d4ec21dd47
1 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
library/x509parse.c
View File

@ -2676,12 +2676,25 @@ static int x509parse_key_sec1_der( ecp_keypair *eck,
if( ( ret = x509_get_ecparams( &p, p + len, &grp_id) ) != 0 )
return( ret );
/* TODO: grp may not be empty at this point,
* if we're wrapped inside a PKCS#8 structure: check consistency */
if( ( ret = ecp_use_known_dp( &eck->grp, grp_id ) ) != 0 )
/*
* If we're wrapped in a bigger structure (eg PKCS#8), grp may have been
* defined externally. In this case, make sure both definitions match.
*/
if( eck->grp.id != 0 )
{
ecp_keypair_free( eck );
return( ret );
if( eck->grp.id != grp_id )
{
ecp_keypair_free( eck );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
}
}
else
{
if( ( ret = ecp_use_known_dp( &eck->grp, grp_id ) ) != 0 )
{
ecp_keypair_free( eck );
return( ret );
}
}
}
else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )