TBB: build 'cert_create' with ECDSA only if OpenSSL supports it

Some Linux distributions include an OpenSSL library which has been
built without ECDSA support. Trying to build the certificate
generation tool on those distributions will result in a build error.

This patch fixes that issue by including ECDSA support only if
OpenSSL has been built with ECDSA. In that case, the OpenSSL
configuration file does not define the OPENSSL_NO_EC macro. The tool
will build successfully, although the resulting binary will not
support ECDSA keys.

Change-Id: I4627d1abd19eef7ad3251997d8218599187eb902

diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index dfb3150866ad968a07e072e0757569a03b8f4bd0..165ffa1cf4e7394ac9feb55fa374ecf7a6dada2f 100644 (file)
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -47,7 +47,10 @@ enum {
 /* Supported key algorithms */
 enum {
        KEY_ALG_RSA,
-       KEY_ALG_ECDSA
+#ifndef OPENSSL_NO_EC
+       KEY_ALG_ECDSA,
+#endif /* OPENSSL_NO_EC */
+       KEY_ALG_MAX_NUM
 };
 
 /*

diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 2137bf7d2e3b67bd52d46a9297dd67a3236c65ae..6072d9ccee1127ce4e86fea60ead1ad684edecd5 100644 (file)
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -59,56 +59,77 @@ static int key_new(key_t *key)
        return 1;
 }
 
-int key_create(key_t *key, int type)
+static int key_create_rsa(key_t *key)
 {
        RSA *rsa = NULL;
-       EC_KEY *ec = NULL;
 
-       /* Create OpenSSL key container */
-       if (!key_new(key)) {
+       rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
+       if (rsa == NULL) {
+               printf("Cannot create RSA key\n");
                goto err;
        }
-
-       switch (type) {
-       case KEY_ALG_RSA:
-               /* Generate a new RSA key */
-               rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
-               if (rsa == NULL) {
-                       printf("Cannot create RSA key\n");
-                       goto err;
-               }
-               if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
-                       printf("Cannot assign RSA key\n");
-                       goto err;
-               }
-               break;
-       case KEY_ALG_ECDSA:
-               /* Generate a new ECDSA key */
-               ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-               if (ec == NULL) {
-                       printf("Cannot create EC key\n");
-                       goto err;
-               }
-               if (!EC_KEY_generate_key(ec)) {
-                       printf("Cannot generate EC key\n");
-                       goto err;
-               }
-               EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
-               EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
-               if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
-                       printf("Cannot assign EC key\n");
-                       goto err;
-               }
-               break;
-       default:
+       if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
+               printf("Cannot assign RSA key\n");
                goto err;
        }
 
        return 1;
-
 err:
        RSA_free(rsa);
+       return 0;
+}
+
+#ifndef OPENSSL_NO_EC
+static int key_create_ecdsa(key_t *key)
+{
+       EC_KEY *ec = NULL;
+
+       ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+       if (ec == NULL) {
+               printf("Cannot create EC key\n");
+               goto err;
+       }
+       if (!EC_KEY_generate_key(ec)) {
+               printf("Cannot generate EC key\n");
+               goto err;
+       }
+       EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
+       EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
+       if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
+               printf("Cannot assign EC key\n");
+               goto err;
+       }
+
+       return 1;
+err:
        EC_KEY_free(ec);
+       return 0;
+}
+#endif /* OPENSSL_NO_EC */
+
+typedef int (*key_create_fn_t)(key_t *key);
+static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
+       key_create_rsa,
+#ifndef OPENSSL_NO_EC
+       key_create_ecdsa,
+#endif /* OPENSSL_NO_EC */
+};
+
+int key_create(key_t *key, int type)
+{
+       if (type >= KEY_ALG_MAX_NUM) {
+               printf("Invalid key type\n");
+               return 0;
+       }
+
+       /* Create OpenSSL key container */
+       if (!key_new(key)) {
+               return 0;
+       }
+
+       if (key_create_fn[type]) {
+               return key_create_fn[type](key);
+       }
 
        return 0;
 }

diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 77faf42e13608c18e667c7147dd90e5bb49d7aca..c78d87ad729fb256990929ed7b4411da78ef581a 100644 (file)
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -142,7 +142,9 @@ static char *strdup(const char *str)
 
 static const char *key_algs_str[] = {
        [KEY_ALG_RSA] = "rsa",
+#ifndef OPENSSL_NO_EC
        [KEY_ALG_ECDSA] = "ecdsa"
+#endif /* OPENSSL_NO_EC */
 };
 
 /* Command line options */