aboutsummaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorJuan Castillo <juan.castillo@arm.com>2015-06-30 13:36:57 +0100
committerJuan Castillo <juan.castillo@arm.com>2015-07-01 12:37:00 +0100
commited2a76eab4842652408e483e5779a9d657e8d786 (patch)
treecbaf334d5b7fe0776fcbf669fb19edb6f38ada4f /tools
parent84f95bed549eab4ca40fbd0505e0e3720384880c (diff)
downloadtrusted-firmware-a-ed2a76eab4842652408e483e5779a9d657e8d786.tar.gz
TBB: build 'cert_create' with ECDSA only if OpenSSL supports it
Some Linux distributions include an OpenSSL library which has been built without ECDSA support. Trying to build the certificate generation tool on those distributions will result in a build error. This patch fixes that issue by including ECDSA support only if OpenSSL has been built with ECDSA. In that case, the OpenSSL configuration file does not define the OPENSSL_NO_EC macro. The tool will build successfully, although the resulting binary will not support ECDSA keys. Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902
Diffstat (limited to 'tools')
-rw-r--r--tools/cert_create/include/key.h5
-rw-r--r--tools/cert_create/src/key.c97
-rw-r--r--tools/cert_create/src/main.c2
3 files changed, 65 insertions, 39 deletions
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index dfb3150866..165ffa1cf4 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -47,7 +47,10 @@ enum {
/* Supported key algorithms */
enum {
KEY_ALG_RSA,
- KEY_ALG_ECDSA
+#ifndef OPENSSL_NO_EC
+ KEY_ALG_ECDSA,
+#endif /* OPENSSL_NO_EC */
+ KEY_ALG_MAX_NUM
};
/*
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 2137bf7d2e..6072d9ccee 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -59,56 +59,77 @@ static int key_new(key_t *key)
return 1;
}
-int key_create(key_t *key, int type)
+static int key_create_rsa(key_t *key)
{
RSA *rsa = NULL;
- EC_KEY *ec = NULL;
- /* Create OpenSSL key container */
- if (!key_new(key)) {
+ rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
+ if (rsa == NULL) {
+ printf("Cannot create RSA key\n");
goto err;
}
-
- switch (type) {
- case KEY_ALG_RSA:
- /* Generate a new RSA key */
- rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
- if (rsa == NULL) {
- printf("Cannot create RSA key\n");
- goto err;
- }
- if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
- printf("Cannot assign RSA key\n");
- goto err;
- }
- break;
- case KEY_ALG_ECDSA:
- /* Generate a new ECDSA key */
- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ec == NULL) {
- printf("Cannot create EC key\n");
- goto err;
- }
- if (!EC_KEY_generate_key(ec)) {
- printf("Cannot generate EC key\n");
- goto err;
- }
- EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
- EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
- if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
- printf("Cannot assign EC key\n");
- goto err;
- }
- break;
- default:
+ if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
+ printf("Cannot assign RSA key\n");
goto err;
}
return 1;
-
err:
RSA_free(rsa);
+ return 0;
+}
+
+#ifndef OPENSSL_NO_EC
+static int key_create_ecdsa(key_t *key)
+{
+ EC_KEY *ec = NULL;
+
+ ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (ec == NULL) {
+ printf("Cannot create EC key\n");
+ goto err;
+ }
+ if (!EC_KEY_generate_key(ec)) {
+ printf("Cannot generate EC key\n");
+ goto err;
+ }
+ EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
+ EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
+ if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
+ printf("Cannot assign EC key\n");
+ goto err;
+ }
+
+ return 1;
+err:
EC_KEY_free(ec);
+ return 0;
+}
+#endif /* OPENSSL_NO_EC */
+
+typedef int (*key_create_fn_t)(key_t *key);
+static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
+ key_create_rsa,
+#ifndef OPENSSL_NO_EC
+ key_create_ecdsa,
+#endif /* OPENSSL_NO_EC */
+};
+
+int key_create(key_t *key, int type)
+{
+ if (type >= KEY_ALG_MAX_NUM) {
+ printf("Invalid key type\n");
+ return 0;
+ }
+
+ /* Create OpenSSL key container */
+ if (!key_new(key)) {
+ return 0;
+ }
+
+ if (key_create_fn[type]) {
+ return key_create_fn[type](key);
+ }
return 0;
}
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 77faf42e13..c78d87ad72 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -142,7 +142,9 @@ static char *strdup(const char *str)
static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
+#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA] = "ecdsa"
+#endif /* OPENSSL_NO_EC */
};
/* Command line options */