aboutsummaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorJuan Castillo <juan.castillo@arm.com>2015-02-16 10:34:28 +0000
committerJuan Castillo <juan.castillo@arm.com>2015-03-05 16:40:07 +0000
commitea4ec3aad5e15225e8fbdd638872bdceeb96a8dc (patch)
treef99bbc98bea51ba67c32bd92363f655d5a099c26 /tools
parent5930eadbe5d8d4c3f15fd910476f72cd5bf86f44 (diff)
downloadtrusted-firmware-a-ea4ec3aad5e15225e8fbdd638872bdceeb96a8dc.tar.gz
TBB: use SHA256 to generate the certificate signatures
This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so certificate signatures are generated according to the NSA Suite B cryptographic algorithm requirements. Documentation updated accordingly. Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
Diffstat (limited to 'tools')
-rw-r--r--tools/cert_create/src/cert.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 9705643d48..22fe3d5860 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -170,7 +170,7 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk)
}
/* Sign the certificate with the issuer key */
- if (!X509_sign(x, ikey, EVP_sha1())) {
+ if (!X509_sign(x, ikey, EVP_sha256())) {
ERR_print_errors_fp(stdout);
return 0;
}