Fix extraction of signature-type from PK context instance
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 446a8e9..1d9f0d2 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -308,9 +308,15 @@
c = tmp_buf + sizeof( tmp_buf );
/* Signature algorithm needed in TBS, and later for actual signature */
- pk_alg = pk_get_type( ctx->issuer_key );
- if( pk_alg == POLARSSL_PK_ECKEY )
+
+ /* There's no direct way of extracting a signature algorithm
+ * (represented as an element of pk_type_t) from a PK instance. */
+ if( pk_can_do( ctx->issuer_key, POLARSSL_PK_RSA ) )
+ pk_alg = POLARSSL_PK_RSA;
+ else if( pk_can_do( ctx->issuer_key, POLARSSL_PK_ECDSA ) )
pk_alg = POLARSSL_PK_ECDSA;
+ else
+ return( POLARSSL_ERR_X509_INVALID_ALG );
if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 1b3d2f5..4a5e5ca 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -195,13 +195,20 @@
*/
md( md_info_from_type( ctx->md_alg ), c, len, hash );
- pk_alg = pk_get_type( ctx->key );
- if( pk_alg == POLARSSL_PK_ECKEY )
- pk_alg = POLARSSL_PK_ECDSA;
-
if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
- f_rng, p_rng ) ) != 0 ||
- ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
+ f_rng, p_rng ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) )
+ pk_alg = POLARSSL_PK_RSA;
+ else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) )
+ pk_alg = POLARSSL_PK_ECDSA;
+ else
+ return( POLARSSL_ERR_X509_INVALID_ALG );
+
+ if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );