From 0049f7857dcd2096b893e66a650d6c9231485fb1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 7 Feb 2017 19:14:58 +0200 Subject: [PATCH] check matching issuer crt and key for all algs use mbedtls_pk_check_pair to verify if issuer certificate and issuer key match, instad of explicitely comparing RSA public component. Raised and fix suggested by dbedev in #777 --- programs/x509/cert_write.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 66e5f1dab..ff9afbc33 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -497,11 +497,7 @@ int main( int argc, char *argv[] ) // if( strlen( opt.issuer_crt ) ) { - if( !mbedtls_pk_can_do( &issuer_crt.pk, MBEDTLS_PK_RSA ) || - mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->N, - &mbedtls_pk_rsa( *issuer_key )->N ) != 0 || - mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E, - &mbedtls_pk_rsa( *issuer_key )->E ) != 0 ) + if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 ) { mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" ); ret = -1;