Ensure only one of the RPK algorithm parameters are set.

2025-07-31 19:24:42 +02:00 · 2025-07-10 12:43:14 -07:00
parent f942990113
commit 362f0a2cfd
1 changed files with 14 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -23372,6 +23372,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
                                                                oidCurveType);
    ret = GetASN_Items(RPKCertASN, RPKdataASN, RPKCertASN_Length, 1,
                           cert->source, &cert->srcIdx, cert->maxIdx);
+
+    if (ret == 0) {
+        if (( RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_NULL].length &&
+              RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_CURVEID].length)
+#ifdef WC_RSA_PSS
+         || ( RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_P_SEQ].length &&
+            ( RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_NULL].length ||
+              RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_CURVEID].length))
+#endif
+        ) {
+            WOLFSSL_MSG("Multiple RPK algorithm parameters set.");
+            ret = ASN_PARSE_E;
+        }
+    }
    if (ret == 0) {
        cert->keyOID =
                RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_OID].data.oid.sum;