andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #833 from masahir0y/cert_create 

Bug fix and cleanup of cert_create tool
This commit is contained in:
davidcunado-arm 2017-02-14 08:56:44 +00:00 committed by GitHub
parent 27e16d85ec c893c73309
commit 7a1c268fd8
5 changed files with 40 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/cert_create/include/key.h
View File

@ -73,6 +73,7 @@ typedef struct key_s {
/* Exported API */
int key_init(void);
key_t *key_get_by_opt(const char *opt);
int key_new(key_t *key);
int key_create(key_t *key, int type);
int key_load(key_t *key, unsigned int *err_code);
int key_store(key_t *key);

10
tools/cert_create/src/cert.c
View File

@ -103,10 +103,10 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk)
cert_t *issuer_cert = &certs[cert->issuer];
EVP_PKEY *ikey = keys[issuer_cert->key].key;
X509 *issuer = issuer_cert->x;
X509 *x = NULL;
X509_EXTENSION *ex = NULL;
X509_NAME *name = NULL;
ASN1_INTEGER *sno = NULL;
X509 *x;
X509_EXTENSION *ex;
X509_NAME *name;
ASN1_INTEGER *sno;
int i, num;
/* Create the certificate structure */
@ -202,7 +202,7 @@ int cert_init(void)
cert_t *cert_get_by_opt(const char *opt)
{
cert_t *cert = NULL;
cert_t *cert;
unsigned int i;
for (i = 0; i < num_certs; i++) {

29
tools/cert_create/src/ext.c
View File

@ -181,13 +181,13 @@ X509_EXTENSION *ext_new(int nid, int crit, unsigned char *data, int len)
X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
unsigned char *buf, size_t len)
{
X509_EXTENSION *ex = NULL;
ASN1_OCTET_STRING *octet = NULL;
HASH *hash = NULL;
ASN1_OBJECT *algorithm = NULL;
X509_ALGOR *x509_algor = NULL;
X509_EXTENSION *ex;
ASN1_OCTET_STRING *octet;
HASH *hash;
ASN1_OBJECT *algorithm;
X509_ALGOR *x509_algor;
unsigned char *p = NULL;
int sz = -1;
int sz;
/* OBJECT_IDENTIFIER with hash algorithm */
algorithm = OBJ_nid2obj(md->type);
@ -254,16 +254,15 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
*/
X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value)
{
X509_EXTENSION *ex = NULL;
ASN1_INTEGER *counter = NULL;
X509_EXTENSION *ex;
ASN1_INTEGER *counter;
unsigned char *p = NULL;
int sz = -1;
int sz;
/* Encode counter */
counter = ASN1_INTEGER_new();
ASN1_INTEGER_set(counter, value);
sz = i2d_ASN1_INTEGER(counter, NULL);
i2d_ASN1_INTEGER(counter, &p);
sz = i2d_ASN1_INTEGER(counter, &p);
/* Create the extension */
ex = ext_new(nid, crit, p, sz);
@ -292,9 +291,9 @@ X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value)
*/
X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k)
{
X509_EXTENSION *ex = NULL;
unsigned char *p = NULL;
int sz = -1;
X509_EXTENSION *ex;
unsigned char *p;
int sz;
/* Encode key */
BIO *mem = BIO_new(BIO_s_mem());
@ -316,7 +315,7 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k)
ext_t *ext_get_by_opt(const char *opt)
{
ext_t *ext = NULL;
ext_t *ext;
unsigned int i;
/* Sequential search. This is not a performance concern since the number

28
tools/cert_create/src/key.c
View File

@ -49,7 +49,7 @@
/*
* Create a new key container
*/
static int key_new(key_t *key)
int key_new(key_t *key)
{
/* Create key pair container */
key->key = EVP_PKEY_new();
@ -62,7 +62,7 @@ static int key_new(key_t *key)
static int key_create_rsa(key_t *key)
{
RSA *rsa = NULL;
RSA *rsa;
rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
if (rsa == NULL) {
@ -83,7 +83,7 @@ err:
#ifndef OPENSSL_NO_EC
static int key_create_ecdsa(key_t *key)
{
EC_KEY *ec = NULL;
EC_KEY *ec;
ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ec == NULL) {
@ -123,11 +123,6 @@ int key_create(key_t *key, int type)
return 0;
}
/* Create OpenSSL key container */
if (!key_new(key)) {
return 0;
}
if (key_create_fn[type]) {
return key_create_fn[type](key);
}
@ -137,14 +132,8 @@ int key_create(key_t *key, int type)
int key_load(key_t *key, unsigned int *err_code)
{
FILE *fp = NULL;
EVP_PKEY *k = NULL;
/* Create OpenSSL key container */
if (!key_new(key)) {
*err_code = KEY_ERR_MALLOC;
return 0;
}
FILE *fp;
EVP_PKEY *k;
if (key->fn) {
/* Load key from file */
@ -173,7 +162,7 @@ int key_load(key_t *key, unsigned int *err_code)
int key_store(key_t *key)
{
FILE *fp = NULL;
FILE *fp;
if (key->fn) {
fp = fopen(key->fn, "w");
@ -196,7 +185,6 @@ int key_init(void)
{
cmd_opt_t cmd_opt;
key_t *key;
int rc = 0;
unsigned int i;
for (i = 0; i < num_keys; i++) {
@ -211,12 +199,12 @@ int key_init(void)
}
}
return rc;
return 0;
}
key_t *key_get_by_opt(const char *opt)
{
key_t *key = NULL;
key_t *key;
unsigned int i;
/* Sequential search. This is not a performance concern since the number

24
tools/cert_create/src/main.c
View File

@ -134,7 +134,6 @@ static void print_help(const char *cmd, const struct option *long_opt)
printf("\t%s [OPTIONS]\n\n", cmd);
printf("Available options:\n");
i = 0;
opt = long_opt;
while (opt->name) {
p = line;
@ -261,12 +260,12 @@ static const cmd_opt_t common_cmd_opt[] = {
int main(int argc, char *argv[])
{
STACK_OF(X509_EXTENSION) * sk = NULL;
X509_EXTENSION *cert_ext = NULL;
ext_t *ext = NULL;
key_t *key = NULL;
cert_t *cert = NULL;
FILE *file = NULL;
STACK_OF(X509_EXTENSION) * sk;
X509_EXTENSION *cert_ext;
ext_t *ext;
key_t *key;
cert_t *cert;
FILE *file;
int i, j, ext_nid, nvctr;
int c, opt_idx = 0;
const struct option *cmd_opt;
@ -367,6 +366,11 @@ int main(int argc, char *argv[])
/* Load private keys from files (or generate new ones) */
for (i = 0 ; i < num_keys ; i++) {
if (!key_new(&keys[i])) {
ERROR("Failed to allocate key container\n");
exit(1);
}
/* First try to load the key from disk */
if (key_load(&keys[i], &err_code)) {
/* Key loaded successfully */
@ -374,11 +378,7 @@ int main(int argc, char *argv[])
}
/* Key not loaded. Check the error code */
if (err_code == KEY_ERR_MALLOC) {
/* Cannot allocate memory. Abort. */
ERROR("Malloc error while loading '%s'\n", keys[i].fn);
exit(1);
} else if (err_code == KEY_ERR_LOAD) {
if (err_code == KEY_ERR_LOAD) {
/* File exists, but it does not contain a valid private
* key. Abort. */
ERROR("Error loading '%s'\n", keys[i].fn);