projects / project / bcm63xx / atf.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f29213d) | patch
Remove RSA PKCS#1 v1.5 support from cert_tool
authorJustin Chadwell <justin.chadwell@arm.com>
Mon, 9 Sep 2019 14:24:31 +0000 (15:24 +0100)
committerJustin Chadwell <justin.chadwell@arm.com>
Thu, 12 Sep 2019 14:27:41 +0000 (15:27 +0100)
commit6a415a508ea6acec321e4609d3f8e5c03ba67664
tree611f85b28280488052a30368bc28bbd5b2198716tree | snapshot
parentf29213d9e3c82f8b43e42023d5b39e097d86ff18commit | diff
Remove RSA PKCS#1 v1.5 support from cert_tool

Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
docs/getting_started/user-guide.rst diff | blob | history
drivers/auth/mbedtls/mbedtls_common.mk diff | blob | history
tools/cert_create/include/cert.h diff | blob | history
tools/cert_create/include/key.h diff | blob | history
tools/cert_create/src/cert.c diff | blob | history
tools/cert_create/src/key.c diff | blob | history
tools/cert_create/src/main.c diff | blob | history
Broadcom-s Trusted Firmware A