From 6507859f36db25af1c56ad7d1aa3296860084eec Mon Sep 17 00:00:00 2001
From: Marcel Jordense <marcel.jordense@adlinktech.com>
Date: Fri, 13 Mar 2020 17:49:59 +0100
Subject: [PATCH] Correct handling of identity certificates with EC key

Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>
---
 .../authentication/src/auth_utils.c           | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/security/builtin_plugins/authentication/src/auth_utils.c b/src/security/builtin_plugins/authentication/src/auth_utils.c
index d2ec77a..ef9d768 100644
--- a/src/security/builtin_plugins/authentication/src/auth_utils.c
+++ b/src/security/builtin_plugins/authentication/src/auth_utils.c
@@ -1288,10 +1288,12 @@ create_asymmetrical_signature(
         goto err_sign;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) {
-        result = DDS_SECURITY_VALIDATION_FAILED;
-        DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: ");
-        goto err_sign;
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+        if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) {
+            result = DDS_SECURITY_VALIDATION_FAILED;
+            DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: ");
+            goto err_sign;
+         }
     }
 
     if (EVP_DigestSignUpdate(mdctx, data, dataLen) != 1) {
@@ -1345,11 +1347,13 @@ validate_asymmetrical_signature(
         goto err_verify;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) {
-         result = DDS_SECURITY_VALIDATION_FAILED;
-         DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: ");
-         goto err_verify;
-     }
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+        if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) {
+            result = DDS_SECURITY_VALIDATION_FAILED;
+            DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: ");
+            goto err_verify;
+        }
+    }
 
     if (EVP_DigestVerifyUpdate(mdctx, data, dataLen) != 1) {
         result = DDS_SECURITY_VALIDATION_FAILED;