Update mbedtls_pk_sign_ext in x509write_crt.c to use mbedtls_pk_sigalg_t directly and remove casts

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-11-15 15:21:08 +03:00 · 2025-10-30 15:11:09 +00:00
parent 5f037c7fb3
commit 00b04a6590
1 changed files with 6 additions and 6 deletions
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -396,7 +396,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,

    size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
    size_t len = 0;
-    mbedtls_pk_type_t pk_alg;
+    mbedtls_pk_sigalg_t pk_alg;
    int write_sig_null_par;

    /*
@@ -409,9 +409,9 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
    /* There's no direct way of extracting a signature algorithm
     * (represented as an element of mbedtls_pk_type_t) from a PK instance. */
    if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) {
-        pk_alg = MBEDTLS_PK_RSA;
+        pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
    } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) {
-        pk_alg = MBEDTLS_PK_ECDSA;
+        pk_alg = MBEDTLS_PK_SIGALG_ECDSA;
    } else {
        return MBEDTLS_ERR_X509_INVALID_ALG;
    }
@@ -489,7 +489,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
    /*
     *  Signature   ::=  AlgorithmIdentifier
     */
-    if (pk_alg == MBEDTLS_PK_ECDSA) {
+    if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) {
        /*
         * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
         * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
@@ -571,7 +571,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
    }


-    if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg,
+    if ((ret = mbedtls_pk_sign_ext(pk_alg, ctx->issuer_key, ctx->md_alg,
                                   hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
        return ret;
    }
@@ -588,7 +588,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
    MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
                                                                 sig_oid, sig_oid_len,
                                                                 sig, sig_len,
-                                                                 (mbedtls_pk_sigalg_t) pk_alg));
+                                                                 pk_alg));

    /*
     * Memory layout after this step: