diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 446a8e937..1d9f0d2d8 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -308,9 +308,15 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size, c = tmp_buf + sizeof( tmp_buf ); /* Signature algorithm needed in TBS, and later for actual signature */ - pk_alg = pk_get_type( ctx->issuer_key ); - if( pk_alg == POLARSSL_PK_ECKEY ) + + /* There's no direct way of extracting a signature algorithm + * (represented as an element of pk_type_t) from a PK instance. */ + if( pk_can_do( ctx->issuer_key, POLARSSL_PK_RSA ) ) + pk_alg = POLARSSL_PK_RSA; + else if( pk_can_do( ctx->issuer_key, POLARSSL_PK_ECDSA ) ) pk_alg = POLARSSL_PK_ECDSA; + else + return( POLARSSL_ERR_X509_INVALID_ALG ); if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 1b3d2f58b..4a5e5ca88 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -195,13 +195,20 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size, */ md( md_info_from_type( ctx->md_alg ), c, len, hash ); - pk_alg = pk_get_type( ctx->key ); - if( pk_alg == POLARSSL_PK_ECKEY ) - pk_alg = POLARSSL_PK_ECDSA; - if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 || - ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, + f_rng, p_rng ) ) != 0 ) + { + return( ret ); + } + + if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) ) + pk_alg = POLARSSL_PK_RSA; + else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) ) + pk_alg = POLARSSL_PK_ECDSA; + else + return( POLARSSL_ERR_X509_INVALID_ALG ); + + if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret );