Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-16 09:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(cert-create): add guardrails around brainpool usage

Browse source 
OpenSSL has brainpool support only since version 1.1.0, make sure we
put a proper guardrail around it.

Change-Id: Ia2ee686904ed80699f77b1da953546ab7538ec37
Signed-off-by: Donald Chan <donachan@tesla.com>
This commit is contained in:
Donald Chan 2024-04-10 14:56:53 -07:00
parent e9398e46bc
commit c0c280dfda
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
tools/cert_create/src/key.c
View file

@ -168,6 +168,7 @@ static int key_create_ecdsa_nist(key_t *key, int key_bits)
}
}
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)
{
return key_create_ecdsa(key, key_bits, NID_brainpoolP256r1);
@ -177,6 +178,7 @@ static int key_create_ecdsa_brainpool_t(key_t *key, int key_bits)
{
return key_create_ecdsa(key, key_bits, NID_brainpoolP256t1);
}
#endif
#endif /* USING_OPENSSL3 */
#endif /* OPENSSL_NO_EC */
@ -185,8 +187,10 @@ static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
[KEY_ALG_RSA] = key_create_rsa,
#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA_NIST] = key_create_ecdsa_nist,
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
[KEY_ALG_ECDSA_BRAINPOOL_R] = key_create_ecdsa_brainpool_r,
[KEY_ALG_ECDSA_BRAINPOOL_T] = key_create_ecdsa_brainpool_t,
#endif
#endif /* OPENSSL_NO_EC */
};

8
tools/cert_create/src/main.c
View file

@ -85,8 +85,10 @@ static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA_NIST] = "ecdsa",
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
[KEY_ALG_ECDSA_BRAINPOOL_R] = "ecdsa-brainpool-regular",
[KEY_ALG_ECDSA_BRAINPOOL_T] = "ecdsa-brainpool-twisted",
#endif
#endif /* OPENSSL_NO_EC */
};
@ -269,8 +271,12 @@ static const cmd_opt_t common_cmd_opt[] = {
},
{
{ "key-alg", required_argument, NULL, 'a' },
"Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, " \
"Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, "
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
"'ecdsa', 'ecdsa-brainpool-regular', 'ecdsa-brainpool-twisted'"
#else
"'ecdsa'"
#endif
},
{
{ "key-size", required_argument, NULL, 'b' },