Skip to content

Commit e286272

Browse files
TinCanTechTinCanTech
committed
Only use build_ecparam_file() when required
Signed-off-by: Richard T Bonhomme <[email protected]>
1 parent fe9d03e commit e286272

File tree

1 file changed

+11
-21
lines changed

1 file changed

+11
-21
lines changed

easyrsa3/easyrsa

Lines changed: 11 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1846,6 +1846,7 @@ Please update 'openssl-easyrsa.cnf' to the latest Easy-RSA release."
18461846
|| die "Failed create CA private key"
18471847
;;
18481848
ec)
1849+
build_ecparam_file
18491850
easyrsa_openssl genpkey \
18501851
-paramfile "$EASYRSA_ALGO_PARAMS" \
18511852
-out "$out_key_tmp" \
@@ -2255,6 +2256,7 @@ $EASYRSA_EXTRA_EXTS"
22552256
case "$EASYRSA_ALGO" in
22562257
rsa|ec)
22572258
# Set elliptic curve parameters-file
2259+
build_ecparam_file
22582260
# or RSA bit-length
22592261
algo_opts="$EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS"
22602262
;;
@@ -5415,25 +5417,16 @@ Elliptic curve cryptography cannot be use with algo '$EASYRSA_ALGO'"
54155417
EASYRSA_ALGO_PARAMS="$EASYRSA_KEY_SIZE"
54165418
;;
54175419
ec)
5418-
case "$cmd" in
5419-
build-ca|gen-req|build-*-full)
5420-
# build ec-params file as $EASYRSA_ALGO_PARAMS
5421-
build_ecparam_file
5422-
;;
5423-
*)
5424-
# Verify Elliptic curve
5425-
"$EASYRSA_OPENSSL" ecparam \
5426-
-name "$EASYRSA_CURVE" \
5427-
>/dev/null 2>&1 || user_error "\
5428-
Failed to generate ecparam file for curve '$EASYRSA_CURVE'"
5429-
esac
5420+
# Verify Elliptic curve
5421+
"$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" \
5422+
>/dev/null 2>&1 || user_error \
5423+
"Failed to generate ecparam file for curve '$EASYRSA_CURVE'"
54305424
;;
54315425
ed)
54325426
# Verify Edwards curve
5433-
"$EASYRSA_OPENSSL" genpkey \
5434-
-algorithm "$EASYRSA_CURVE" \
5435-
>/dev/null 2>&1 || user_error "\
5436-
Edwards Curve '$EASYRSA_CURVE' not found."
5427+
"$EASYRSA_OPENSSL" genpkey -algorithm "$EASYRSA_CURVE" \
5428+
>/dev/null 2>&1 || user_error \
5429+
"Edwards Curve '$EASYRSA_CURVE' not found."
54375430
;;
54385431
*) user_error "\
54395432
Unknown algorithm '$EASYRSA_ALGO': Must be 'rsa', 'ec' or 'ed'"
@@ -5442,16 +5435,13 @@ Unknown algorithm '$EASYRSA_ALGO': Must be 'rsa', 'ec' or 'ed'"
54425435
verify_algo_params; OK: algo '$EASYRSA_ALGO' | curve '$EASYRSA_CURVE'"
54435436
} # => verify_algo_params()
54445437

5445-
# build ecparam file
5438+
# build ecparam file - required for EC private keys
54465439
build_ecparam_file() {
54475440
# Only valid for algo ec
54485441
[ "$EASYRSA_ALGO" = ec ] || return 0
54495442

5450-
# User specified algo params file exists
5451-
[ "$EASYRSA_ALGO_PARAMS" ] && [ -f "$EASYRSA_ALGO_PARAMS" ] && return
5443+
unset -v EASYRSA_ALGO_PARAMS
54525444
easyrsa_mktemp EASYRSA_ALGO_PARAMS
5453-
5454-
# Create the required ecparams file, temp-file
54555445
"$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" \
54565446
-out "$EASYRSA_ALGO_PARAMS" >/dev/null 2>&1 || user_error \
54575447
"Failed to generate ecparam file for curve '$EASYRSA_CURVE'"

0 commit comments

Comments
 (0)