Complete x509write_csr support for EC key

No automated test yet (complicated by the fact that ECDSA signatures are not deterministic), tested using cert_req (and openssl for verification).
2024-11-26 19:55:36 +01:00 · 2013-09-12 02:38:04 +02:00 · 2013-09-12 02:38:04 +02:00 · 0088c69fbf
commit 0088c69fbf
parent edda9041fc
1 changed files with 6 additions and 1 deletions
--- a/library/x509write.c
+++ b/library/x509write.c
@ -779,6 +779,7 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
    unsigned char tmp_buf[2048];
    size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
    size_t len = 0;
+    pk_type_t pk_alg;

    /*
     * Prepare data to be signed in tmp_buf
@ -828,9 +829,13 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
     */
    md( md_info_from_type( ctx->md_alg ), c, len, hash );

+    pk_alg = pk_get_type( ctx->key );
+    if( pk_alg == POLARSSL_PK_ECKEY )
+        pk_alg = POLARSSL_PK_ECDSA;
+
    if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
                         f_rng, p_rng ) ) != 0 ||
-        ( ret = oid_get_oid_by_sig_alg( pk_get_type( ctx->key ), ctx->md_alg,
+        ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
                                        &sig_oid, &sig_oid_len ) ) != 0 )
    {
        return( ret );