From 0da16fe32f41387f4ad32e96a939c67a3dc8e611 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maxime=20M=C3=A9r=C3=A9?= <maxime.mere@foss.st.com>
Date: Wed, 18 Sep 2024 17:53:21 +0200
Subject: [PATCH] fix(cert-create): add default keysize to Brainpool ECDSA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

By default, the ECDSA Brainpool regular and ECDSA Brainpool twisted
algorithms support 256-bit sized keys. Not defining this leads to
an error indicating that '256' is not a valid key size for ECDSA
Brainpool. KEY_SIZES matrix must have a value in its table to avoid
problems when KEY_SIZE is defined.

Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: I34886659315f59a9582dcee1d92d0e24d4a4138e
---
 docs/getting_started/build-options.rst | 4 ++--
 tools/cert_create/include/key.h        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 14eac5ff1..d2d2eb537 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -737,9 +737,9 @@ Common build options
    +---------------------------+------------------------------------+
    |          ecdsa            |         256 (default), 384         |
    +---------------------------+------------------------------------+
-   |  ecdsa-brainpool-regular  |            unavailable             |
+   |  ecdsa-brainpool-regular  |            256 (default)           |
    +---------------------------+------------------------------------+
-   |  ecdsa-brainpool-twisted  |            unavailable             |
+   |  ecdsa-brainpool-twisted  |            256 (default)           |
    +---------------------------+------------------------------------+
 
 -  ``HASH_ALG``: This build flag enables the user to select the secure hash
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index f7adfab2b..83a7b1889 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -45,8 +45,8 @@ static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
 	{ 2048, 1024, 3072, 4096 },	/* KEY_ALG_RSA */
 #ifndef OPENSSL_NO_EC
 	{ 256, 384 },			/* KEY_ALG_ECDSA_NIST */
-	{},				/* KEY_ALG_ECDSA_BRAINPOOL_R */
-	{}				/* KEY_ALG_ECDSA_BRAINPOOL_T */
+	{ 256 },			/* KEY_ALG_ECDSA_BRAINPOOL_R */
+	{ 256 }				/* KEY_ALG_ECDSA_BRAINPOOL_T */
 #endif /* OPENSSL_NO_EC */
 };