Check that imported private key is RSA; Prevents a crash.

Fixes Bug #5662

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5662

svn path=/trunk/; revision=36174

1 files changed, 14 insertions, 0 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 131c12657d..9489fb13a8 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -2467,6 +2467,14 @@ ssl_load_key(FILE* fp)
         g_free(key.data);
         return NULL;
     }
+
+    if (gnutls_x509_privkey_get_pk_algorithm(priv_key) != GNUTLS_PK_RSA) {
+        ssl_debug_printf("ssl_load_key: private key public key algorithm isn't RSA\n");
+        g_free(private_key);
+        g_free(key.data);
+        return NULL;
+    }
+
     g_free(key.data);
 
     private_key->x509_pkey = priv_key;
@@ -2631,6 +2639,12 @@ ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd) {
                         return 0;
                     }
 
+                    if (gnutls_x509_privkey_get_pk_algorithm(ssl_pkey) != GNUTLS_PK_RSA) {
+                        ssl_debug_printf("ssl_load_pkcs12: private key public key algorithm isn't RSA\n");
+                        g_free(private_key);
+                        return 0;
+                    }
+
                     private_key->x509_pkey = ssl_pkey;
                     private_key->sexp_pkey = ssl_privkey_to_sexp(ssl_pkey);
                     if ( !private_key->sexp_pkey ) {