aboutsummaryrefslogtreecommitdiff
path: root/tools/cert_create/src/key.c
diff options
context:
space:
mode:
authorJustin Chadwell <justin.chadwell@arm.com>2019-09-09 15:24:31 +0100
committerJustin Chadwell <justin.chadwell@arm.com>2019-09-12 15:27:41 +0100
commit6a415a508ea6acec321e4609d3f8e5c03ba67664 (patch)
tree611f85b28280488052a30368bc28bbd5b2198716 /tools/cert_create/src/key.c
parentf29213d9e3c82f8b43e42023d5b39e097d86ff18 (diff)
downloadtrusted-firmware-a-6a415a508ea6acec321e4609d3f8e5c03ba67664.tar.gz
Remove RSA PKCS#1 v1.5 support from cert_tool
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed in SHA fe199e3, however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Diffstat (limited to 'tools/cert_create/src/key.c')
-rw-r--r--tools/cert_create/src/key.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 93d31f7c34..0f80cce9b7 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -112,7 +112,6 @@ err:
typedef int (*key_create_fn_t)(key_t *key, int key_bits);
static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
key_create_rsa, /* KEY_ALG_RSA */
- key_create_rsa, /* KEY_ALG_RSA_1_5 */
#ifndef OPENSSL_NO_EC
key_create_ecdsa, /* KEY_ALG_ECDSA */
#endif /* OPENSSL_NO_EC */