diff options
author | Juan Castillo <juan.castillo@arm.com> | 2015-06-30 13:36:57 +0100 |
---|---|---|
committer | Juan Castillo <juan.castillo@arm.com> | 2015-07-01 12:37:00 +0100 |
commit | ed2a76eab4842652408e483e5779a9d657e8d786 (patch) | |
tree | cbaf334d5b7fe0776fcbf669fb19edb6f38ada4f /tools | |
parent | 84f95bed549eab4ca40fbd0505e0e3720384880c (diff) | |
download | trusted-firmware-a-ed2a76eab4842652408e483e5779a9d657e8d786.tar.gz |
TBB: build 'cert_create' with ECDSA only if OpenSSL supports it
Some Linux distributions include an OpenSSL library which has been
built without ECDSA support. Trying to build the certificate
generation tool on those distributions will result in a build error.
This patch fixes that issue by including ECDSA support only if
OpenSSL has been built with ECDSA. In that case, the OpenSSL
configuration file does not define the OPENSSL_NO_EC macro. The tool
will build successfully, although the resulting binary will not
support ECDSA keys.
Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902
Diffstat (limited to 'tools')
-rw-r--r-- | tools/cert_create/include/key.h | 5 | ||||
-rw-r--r-- | tools/cert_create/src/key.c | 97 | ||||
-rw-r--r-- | tools/cert_create/src/main.c | 2 |
3 files changed, 65 insertions, 39 deletions
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h index dfb3150866..165ffa1cf4 100644 --- a/tools/cert_create/include/key.h +++ b/tools/cert_create/include/key.h @@ -47,7 +47,10 @@ enum { /* Supported key algorithms */ enum { KEY_ALG_RSA, - KEY_ALG_ECDSA +#ifndef OPENSSL_NO_EC + KEY_ALG_ECDSA, +#endif /* OPENSSL_NO_EC */ + KEY_ALG_MAX_NUM }; /* diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index 2137bf7d2e..6072d9ccee 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -59,56 +59,77 @@ static int key_new(key_t *key) return 1; } -int key_create(key_t *key, int type) +static int key_create_rsa(key_t *key) { RSA *rsa = NULL; - EC_KEY *ec = NULL; - /* Create OpenSSL key container */ - if (!key_new(key)) { + rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL); + if (rsa == NULL) { + printf("Cannot create RSA key\n"); goto err; } - - switch (type) { - case KEY_ALG_RSA: - /* Generate a new RSA key */ - rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL); - if (rsa == NULL) { - printf("Cannot create RSA key\n"); - goto err; - } - if (!EVP_PKEY_assign_RSA(key->key, rsa)) { - printf("Cannot assign RSA key\n"); - goto err; - } - break; - case KEY_ALG_ECDSA: - /* Generate a new ECDSA key */ - ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - if (ec == NULL) { - printf("Cannot create EC key\n"); - goto err; - } - if (!EC_KEY_generate_key(ec)) { - printf("Cannot generate EC key\n"); - goto err; - } - EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS); - EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); - if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) { - printf("Cannot assign EC key\n"); - goto err; - } - break; - default: + if (!EVP_PKEY_assign_RSA(key->key, rsa)) { + printf("Cannot assign RSA key\n"); goto err; } return 1; - err: RSA_free(rsa); + return 0; +} + +#ifndef OPENSSL_NO_EC +static int key_create_ecdsa(key_t *key) +{ + EC_KEY *ec = NULL; + + ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + if (ec == NULL) { + printf("Cannot create EC key\n"); + goto err; + } + if (!EC_KEY_generate_key(ec)) { + printf("Cannot generate EC key\n"); + goto err; + } + EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS); + EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); + if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) { + printf("Cannot assign EC key\n"); + goto err; + } + + return 1; +err: EC_KEY_free(ec); + return 0; +} +#endif /* OPENSSL_NO_EC */ + +typedef int (*key_create_fn_t)(key_t *key); +static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = { + key_create_rsa, +#ifndef OPENSSL_NO_EC + key_create_ecdsa, +#endif /* OPENSSL_NO_EC */ +}; + +int key_create(key_t *key, int type) +{ + if (type >= KEY_ALG_MAX_NUM) { + printf("Invalid key type\n"); + return 0; + } + + /* Create OpenSSL key container */ + if (!key_new(key)) { + return 0; + } + + if (key_create_fn[type]) { + return key_create_fn[type](key); + } return 0; } diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index 77faf42e13..c78d87ad72 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -142,7 +142,9 @@ static char *strdup(const char *str) static const char *key_algs_str[] = { [KEY_ALG_RSA] = "rsa", +#ifndef OPENSSL_NO_EC [KEY_ALG_ECDSA] = "ecdsa" +#endif /* OPENSSL_NO_EC */ }; /* Command line options */ |