fix(cert-create): add guardrails around brainpool usage
OpenSSL has brainpool support only since version 1.1.0, make sure we
put a proper guardrail around it.
Change-Id: Ia2ee686904ed80699f77b1da953546ab7538ec37
Signed-off-by: Donald Chan <donachan@tesla.com>
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 04214aa..f6ceeda 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -168,6 +168,7 @@
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)
{
return key_create_ecdsa(key, key_bits, NID_brainpoolP256r1);
@@ -177,6 +178,7 @@
{
return key_create_ecdsa(key, key_bits, NID_brainpoolP256t1);
}
+#endif
#endif /* USING_OPENSSL3 */
#endif /* OPENSSL_NO_EC */
@@ -185,8 +187,10 @@
[KEY_ALG_RSA] = key_create_rsa,
#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA_NIST] = key_create_ecdsa_nist,
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
[KEY_ALG_ECDSA_BRAINPOOL_R] = key_create_ecdsa_brainpool_r,
[KEY_ALG_ECDSA_BRAINPOOL_T] = key_create_ecdsa_brainpool_t,
+#endif
#endif /* OPENSSL_NO_EC */
};
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index f10a768..14610ed 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -85,8 +85,10 @@
[KEY_ALG_RSA] = "rsa",
#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA_NIST] = "ecdsa",
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
[KEY_ALG_ECDSA_BRAINPOOL_R] = "ecdsa-brainpool-regular",
[KEY_ALG_ECDSA_BRAINPOOL_T] = "ecdsa-brainpool-twisted",
+#endif
#endif /* OPENSSL_NO_EC */
};
@@ -269,8 +271,12 @@
},
{
{ "key-alg", required_argument, NULL, 'a' },
- "Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, " \
+ "Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, "
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
"'ecdsa', 'ecdsa-brainpool-regular', 'ecdsa-brainpool-twisted'"
+#else
+ "'ecdsa'"
+#endif
},
{
{ "key-size", required_argument, NULL, 'b' },