TBB: build 'cert_create' with ECDSA only if OpenSSL supports it
Some Linux distributions include an OpenSSL library which has been
built without ECDSA support. Trying to build the certificate
generation tool on those distributions will result in a build error.
This patch fixes that issue by including ECDSA support only if
OpenSSL has been built with ECDSA. In that case, the OpenSSL
configuration file does not define the OPENSSL_NO_EC macro. The tool
will build successfully, although the resulting binary will not
support ECDSA keys.
Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index dfb3150..165ffa1 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -47,7 +47,10 @@
/* Supported key algorithms */
enum {
KEY_ALG_RSA,
- KEY_ALG_ECDSA
+#ifndef OPENSSL_NO_EC
+ KEY_ALG_ECDSA,
+#endif /* OPENSSL_NO_EC */
+ KEY_ALG_MAX_NUM
};
/*
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 2137bf7..6072d9c 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -59,56 +59,77 @@
return 1;
}
-int key_create(key_t *key, int type)
+static int key_create_rsa(key_t *key)
{
RSA *rsa = NULL;
- EC_KEY *ec = NULL;
- /* Create OpenSSL key container */
- if (!key_new(key)) {
+ rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
+ if (rsa == NULL) {
+ printf("Cannot create RSA key\n");
goto err;
}
-
- switch (type) {
- case KEY_ALG_RSA:
- /* Generate a new RSA key */
- rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
- if (rsa == NULL) {
- printf("Cannot create RSA key\n");
- goto err;
- }
- if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
- printf("Cannot assign RSA key\n");
- goto err;
- }
- break;
- case KEY_ALG_ECDSA:
- /* Generate a new ECDSA key */
- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ec == NULL) {
- printf("Cannot create EC key\n");
- goto err;
- }
- if (!EC_KEY_generate_key(ec)) {
- printf("Cannot generate EC key\n");
- goto err;
- }
- EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
- EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
- if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
- printf("Cannot assign EC key\n");
- goto err;
- }
- break;
- default:
+ if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
+ printf("Cannot assign RSA key\n");
goto err;
}
return 1;
-
err:
RSA_free(rsa);
+ return 0;
+}
+
+#ifndef OPENSSL_NO_EC
+static int key_create_ecdsa(key_t *key)
+{
+ EC_KEY *ec = NULL;
+
+ ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (ec == NULL) {
+ printf("Cannot create EC key\n");
+ goto err;
+ }
+ if (!EC_KEY_generate_key(ec)) {
+ printf("Cannot generate EC key\n");
+ goto err;
+ }
+ EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
+ EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
+ if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
+ printf("Cannot assign EC key\n");
+ goto err;
+ }
+
+ return 1;
+err:
EC_KEY_free(ec);
+ return 0;
+}
+#endif /* OPENSSL_NO_EC */
+
+typedef int (*key_create_fn_t)(key_t *key);
+static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
+ key_create_rsa,
+#ifndef OPENSSL_NO_EC
+ key_create_ecdsa,
+#endif /* OPENSSL_NO_EC */
+};
+
+int key_create(key_t *key, int type)
+{
+ if (type >= KEY_ALG_MAX_NUM) {
+ printf("Invalid key type\n");
+ return 0;
+ }
+
+ /* Create OpenSSL key container */
+ if (!key_new(key)) {
+ return 0;
+ }
+
+ if (key_create_fn[type]) {
+ return key_create_fn[type](key);
+ }
return 0;
}
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 77faf42..c78d87a 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -142,7 +142,9 @@
static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
+#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA] = "ecdsa"
+#endif /* OPENSSL_NO_EC */
};
/* Command line options */