aboutsummaryrefslogtreecommitdiff
path: root/tools/cert_create/include/key.h
diff options
context:
space:
mode:
authorJustin Chadwell <justin.chadwell@arm.com>2019-09-09 15:24:31 +0100
committerJustin Chadwell <justin.chadwell@arm.com>2019-09-12 15:27:41 +0100
commit6a415a508ea6acec321e4609d3f8e5c03ba67664 (patch)
tree611f85b28280488052a30368bc28bbd5b2198716 /tools/cert_create/include/key.h
parentf29213d9e3c82f8b43e42023d5b39e097d86ff18 (diff)
downloadtrusted-firmware-a-6a415a508ea6acec321e4609d3f8e5c03ba67664.tar.gz
Remove RSA PKCS#1 v1.5 support from cert_tool
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed in SHA fe199e3, however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Diffstat (limited to 'tools/cert_create/include/key.h')
-rw-r--r--tools/cert_create/include/key.h2
1 files changed, 0 insertions, 2 deletions
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index c08beb8b2..d96d9839a 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -21,7 +21,6 @@ enum {
/* Supported key algorithms */
enum {
KEY_ALG_RSA, /* RSA PSS as defined by PKCS#1 v2.1 (default) */
- KEY_ALG_RSA_1_5, /* RSA as defined by PKCS#1 v1.5 */
#ifndef OPENSSL_NO_EC
KEY_ALG_ECDSA,
#endif /* OPENSSL_NO_EC */
@@ -42,7 +41,6 @@ enum{
/* NOTE: the first item in each array is the default key size */
static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
{ 2048, 1024, 3072, 4096 }, /* KEY_ALG_RSA */
- { 2048, 1024, 3072, 4096 }, /* KEY_ALG_RSA_1_5 */
#ifndef OPENSSL_NO_EC
{} /* KEY_ALG_ECDSA */
#endif /* OPENSSL_NO_EC */