andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
arm-trusted-firmware/tools/cert_create/src
History
Justin Chadwell 6a415a508e Remove RSA PKCS#1 v1.5 support from cert_tool 
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
 		2019-09-12 15:27:41 +01:00
..
tbbr tools: Remove unused cert_create defines 2019-03-12 13:42:08 +00:00
cert.c Remove RSA PKCS#1 v1.5 support from cert_tool 2019-09-12 15:27:41 +01:00
cmd_opt.c Fix order of #includes 2017-07-12 14:45:31 +01:00
ext.c Reduce the number of memory leaks in cert_create 2019-08-16 14:11:18 +01:00
key.c Remove RSA PKCS#1 v1.5 support from cert_tool 2019-09-12 15:27:41 +01:00
main.c Remove RSA PKCS#1 v1.5 support from cert_tool 2019-09-12 15:27:41 +01:00
sha.c tools: add an option -hash-alg for cert_create 2017-11-21 14:16:18 +08:00