diff options
author | Juan Castillo <juan.castillo@arm.com> | 2015-06-30 13:36:57 +0100 |
---|---|---|
committer | Juan Castillo <juan.castillo@arm.com> | 2015-07-01 12:37:00 +0100 |
commit | ed2a76eab4842652408e483e5779a9d657e8d786 (patch) | |
tree | cbaf334d5b7fe0776fcbf669fb19edb6f38ada4f /tools/cert_create | |
parent | 84f95bed549eab4ca40fbd0505e0e3720384880c (diff) |
TBB: build 'cert_create' with ECDSA only if OpenSSL supports it
Some Linux distributions include an OpenSSL library which has been
built without ECDSA support. Trying to build the certificate
generation tool on those distributions will result in a build error.
This patch fixes that issue by including ECDSA support only if
OpenSSL has been built with ECDSA. In that case, the OpenSSL
configuration file does not define the OPENSSL_NO_EC macro. The tool
will build successfully, although the resulting binary will not
support ECDSA keys.
Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902
Diffstat (limited to 'tools/cert_create')
-rw-r--r-- | tools/cert_create/include/key.h | 5 | ||||
-rw-r--r-- | tools/cert_create/src/key.c | 97 | ||||
-rw-r--r-- | tools/cert_create/src/main.c | 2 |
3 files changed, 65 insertions, 39 deletions
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h index dfb31508..165ffa1c 100644 --- a/tools/cert_create/include/key.h +++ b/tools/cert_create/include/key.h @@ -47,7 +47,10 @@ enum { /* Supported key algorithms */ enum { KEY_ALG_RSA, - KEY_ALG_ECDSA +#ifndef OPENSSL_NO_EC + KEY_ALG_ECDSA, +#endif /* OPENSSL_NO_EC */ + KEY_ALG_MAX_NUM }; /* diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index 2137bf7d..6072d9cc 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -59,56 +59,77 @@ static int key_new(key_t *key) return 1; } -int key_create(key_t *key, int type) +static int key_create_rsa(key_t *key) { RSA *rsa = NULL; - EC_KEY *ec = NULL; - /* Create OpenSSL key container */ - if (!key_new(key)) { + rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL); + if (rsa == NULL) { + printf("Cannot create RSA key\n"); goto err; } - - switch (type) { - case KEY_ALG_RSA: - /* Generate a new RSA key */ - rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL); - if (rsa == NULL) { - printf("Cannot create RSA key\n"); - goto err; - } - if (!EVP_PKEY_assign_RSA(key->key, rsa)) { - printf("Cannot assign RSA key\n"); - goto err; - } - break; - case KEY_ALG_ECDSA: - /* Generate a new ECDSA key */ - ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - if (ec == NULL) { - printf("Cannot create EC key\n"); - goto err; - } - if (!EC_KEY_generate_key(ec)) { - printf("Cannot generate EC key\n"); - goto err; - } - EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS); - EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); - if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) { - printf("Cannot assign EC key\n"); - goto err; - } - break; - default: + if (!EVP_PKEY_assign_RSA(key->key, rsa)) { + printf("Cannot assign RSA key\n"); goto err; } return 1; - err: RSA_free(rsa); + return 0; +} + +#ifndef OPENSSL_NO_EC +static int key_create_ecdsa(key_t *key) +{ + EC_KEY *ec = NULL; + + ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + if (ec == NULL) { + printf("Cannot create EC key\n"); + goto err; + } + if (!EC_KEY_generate_key(ec)) { + printf("Cannot generate EC key\n"); + goto err; + } + EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS); + EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); + if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) { + printf("Cannot assign EC key\n"); + goto err; + } + + return 1; +err: EC_KEY_free(ec); + return 0; +} +#endif /* OPENSSL_NO_EC */ + +typedef int (*key_create_fn_t)(key_t *key); +static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = { + key_create_rsa, +#ifndef OPENSSL_NO_EC + key_create_ecdsa, +#endif /* OPENSSL_NO_EC */ +}; + +int key_create(key_t *key, int type) +{ + if (type >= KEY_ALG_MAX_NUM) { + printf("Invalid key type\n"); + return 0; + } + + /* Create OpenSSL key container */ + if (!key_new(key)) { + return 0; + } + + if (key_create_fn[type]) { + return key_create_fn[type](key); + } return 0; } diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index 77faf42e..c78d87ad 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -142,7 +142,9 @@ static char *strdup(const char *str) static const char *key_algs_str[] = { [KEY_ALG_RSA] = "rsa", +#ifndef OPENSSL_NO_EC [KEY_ALG_ECDSA] = "ecdsa" +#endif /* OPENSSL_NO_EC */ }; /* Command line options */ |