aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tools/cert_create/include/key.h5
-rw-r--r--tools/cert_create/src/key.c97
-rw-r--r--tools/cert_create/src/main.c2
3 files changed, 65 insertions, 39 deletions
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index dfb3150866..165ffa1cf4 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -47,7 +47,10 @@ enum {
/* Supported key algorithms */
enum {
KEY_ALG_RSA,
- KEY_ALG_ECDSA
+#ifndef OPENSSL_NO_EC
+ KEY_ALG_ECDSA,
+#endif /* OPENSSL_NO_EC */
+ KEY_ALG_MAX_NUM
};
/*
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 2137bf7d2e..6072d9ccee 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -59,56 +59,77 @@ static int key_new(key_t *key)
return 1;
}
-int key_create(key_t *key, int type)
+static int key_create_rsa(key_t *key)
{
RSA *rsa = NULL;
- EC_KEY *ec = NULL;
- /* Create OpenSSL key container */
- if (!key_new(key)) {
+ rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
+ if (rsa == NULL) {
+ printf("Cannot create RSA key\n");
goto err;
}
-
- switch (type) {
- case KEY_ALG_RSA:
- /* Generate a new RSA key */
- rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
- if (rsa == NULL) {
- printf("Cannot create RSA key\n");
- goto err;
- }
- if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
- printf("Cannot assign RSA key\n");
- goto err;
- }
- break;
- case KEY_ALG_ECDSA:
- /* Generate a new ECDSA key */
- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ec == NULL) {
- printf("Cannot create EC key\n");
- goto err;
- }
- if (!EC_KEY_generate_key(ec)) {
- printf("Cannot generate EC key\n");
- goto err;
- }
- EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
- EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
- if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
- printf("Cannot assign EC key\n");
- goto err;
- }
- break;
- default:
+ if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
+ printf("Cannot assign RSA key\n");
goto err;
}
return 1;
-
err:
RSA_free(rsa);
+ return 0;
+}
+
+#ifndef OPENSSL_NO_EC
+static int key_create_ecdsa(key_t *key)
+{
+ EC_KEY *ec = NULL;
+
+ ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (ec == NULL) {
+ printf("Cannot create EC key\n");
+ goto err;
+ }
+ if (!EC_KEY_generate_key(ec)) {
+ printf("Cannot generate EC key\n");
+ goto err;
+ }
+ EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
+ EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
+ if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
+ printf("Cannot assign EC key\n");
+ goto err;
+ }
+
+ return 1;
+err:
EC_KEY_free(ec);
+ return 0;
+}
+#endif /* OPENSSL_NO_EC */
+
+typedef int (*key_create_fn_t)(key_t *key);
+static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
+ key_create_rsa,
+#ifndef OPENSSL_NO_EC
+ key_create_ecdsa,
+#endif /* OPENSSL_NO_EC */
+};
+
+int key_create(key_t *key, int type)
+{
+ if (type >= KEY_ALG_MAX_NUM) {
+ printf("Invalid key type\n");
+ return 0;
+ }
+
+ /* Create OpenSSL key container */
+ if (!key_new(key)) {
+ return 0;
+ }
+
+ if (key_create_fn[type]) {
+ return key_create_fn[type](key);
+ }
return 0;
}
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 77faf42e13..c78d87ad72 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -142,7 +142,9 @@ static char *strdup(const char *str)
static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
+#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA] = "ecdsa"
+#endif /* OPENSSL_NO_EC */
};
/* Command line options */