pk_set_type() cannot be used to reset key type

library/error.c

@@ -250,6 +250,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
 #if defined(POLARSSL_PK_C)
         if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
             snprintf( buf, buflen, "PK - Memory alloation failed" );
+        if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
+            snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" );
 #endif /* POLARSSL_PK_C */
 
 #if defined(POLARSSL_PKCS12_C)

library/pk.c

@@ -88,6 +88,12 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
 {
     size_t size = 0;
 
+    if( ctx->type == type )
+        return( 0 );
+
+    if( ctx->type != POLARSSL_PK_NONE )
+        return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
     switch( type )
     {
 #if defined(POLARSSL_RSA_C)
@@ -104,7 +110,7 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
 #endif
 
         case POLARSSL_PK_NONE:
-            ; /* Should not happen */
+            ; /* Cannot happen, but the cmpiler doesn't know */
     }
 
     if( ( ctx->data = malloc( size ) ) == NULL )

library/x509parse.c

@@ -3120,6 +3120,8 @@ int x509parse_key( pk_context *ctx,
         return( 0 );
     }
 
+    pk_free( ctx );
+
     if ( ( ret = pk_set_type( ctx, POLARSSL_PK_ECKEY ) ) != 0 )
         return( ret );
 
@@ -3128,6 +3130,8 @@ int x509parse_key( pk_context *ctx,
         return( 0 );
     }
 
+    pk_free( ctx );
+
     return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
 }
 
@@ -3145,12 +3149,16 @@ int x509parse_public_key( pk_context *ctx,
     if( ( ret = x509parse_public_key_rsa( ctx->data, key, keylen ) ) == 0 )
         return( 0 );
 
+    pk_free( ctx );
+
     if ( ( ret = pk_set_type( ctx, POLARSSL_PK_ECKEY ) ) != 0 )
         return( ret );
 
     if( ( ret = x509parse_public_key_ec( ctx->data, key, keylen ) ) == 0 )
         return( 0 );
 
+    pk_free( ctx );
+
     return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
 }