Merge branch 'cleanup' into development
* cleanup:
change test function includes to use one convention
cleanup library and some basic tests. Includes, add guards to includes
modify include .gitignore to ignore check_config generated when build fails due to incorrect config
fix bug in makefile that a test doesn't count as a fail even if an assertion fails by inverting logic
fix style issues with tests/suites/helpers.function
fix always true assertion
diff --git a/ChangeLog b/ChangeLog
index f5a3867..1b98cb25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 1.3 branch
+
+Security
+
+Features
+
+Bugfix
+
+Changes
+ * Move from SHA-1 to SHA-256 in example programs using signatures
+ (suggested by Thorsten Mühlfelder).
+
= mbed TLS 1.3.10 released 2015-02-09
Security
* NULL pointer dereference in the buffer-based allocator when the buffer is
diff --git a/README.rst b/README.rst
index 8e2a53f..004f094 100644
--- a/README.rst
+++ b/README.rst
@@ -59,7 +59,7 @@
- ASan.
This instruments the code with AddressSanitizer to check for memory errors.
(This includes LeakSanitizer, with recent version of gcc and clang.)
- (With recent version of clang, this mode also intruments the code with
+ (With recent version of clang, this mode also instruments the code with
UndefinedSanitizer to check for undefined behaviour.)
- ASanDbg.
Same as ASan but slower, with debug information and better stack traces.
@@ -70,7 +70,7 @@
Same as ASan but slower, with debug information, better stack traces and
origin tracking.
- Check.
- This activates the compiler warnings that depend on optimisation and treats
+ This activates the compiler warnings that depend on optimization and treats
all warnings as errors.
Switching build modes in CMake is simple. For debug mode, enter at the command line:
@@ -103,7 +103,7 @@
mbed TLS includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
-For machines with a Unix shell and OpenSSL (and optionnally GnuTLS) installed, additional test scripts are available:
+For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
- *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
- *tests/compat.sh* tests interoperability of every ciphersuite with other implementations.
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 6fb569b..f9a40b5 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -48,7 +48,7 @@
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
@@ -57,7 +57,7 @@
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
@@ -193,7 +193,7 @@
/*
* 5. Check that the server's RSA signature matches
- * the SHA-1 hash of (P,G,Ys)
+ * the SHA-256 hash of (P,G,Ys)
*/
polarssl_printf( "\n . Verifying the server's RSA signature" );
fflush( stdout );
@@ -210,7 +210,7 @@
sha1( buf, (int)( p - 2 - buf ), hash );
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
- POLARSSL_MD_SHA1, 0, hash, p ) ) != 0 )
+ POLARSSL_MD_SHA256, 0, hash, p ) ) != 0 )
{
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
@@ -297,5 +297,5 @@
return( ret );
}
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
- POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+ POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index b7e6482..f37a2b8 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -48,7 +48,7 @@
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
@@ -57,7 +57,7 @@
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DBRG_C not defined.\n");
return( 0 );
}
@@ -201,7 +201,7 @@
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 )
{
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
@@ -298,5 +298,5 @@
return( ret );
}
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
- POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+ POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 981591d..0d02935 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -47,7 +47,7 @@
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
@@ -56,7 +56,7 @@
((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SHA1_C and/or "
+ "POLARSSL_SHA256_C and/or "
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -111,10 +111,10 @@
}
/*
- * Compute the SHA-1 hash of the input file,
+ * Compute the SHA-256 hash of the input file,
* then calculate the signature of the hash.
*/
- polarssl_printf( "\n . Generating the SHA-1 signature" );
+ polarssl_printf( "\n . Generating the SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@@ -123,7 +123,7 @@
goto exit;
}
- if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen,
+ if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
polarssl_printf( " failed\n ! pk_sign returned -0x%04x\n", -ret );
@@ -170,5 +170,5 @@
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C &&
- POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
+ POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 0ce45f6..55f977c 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -45,7 +45,7 @@
#endif
#if !defined(POLARSSL_BIGNUM_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
@@ -53,7 +53,7 @@
((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_FS_IO not defined.\n");
return( 0 );
}
@@ -108,10 +108,10 @@
fclose( f );
/*
- * Compute the SHA-1 hash of the input file and compare
+ * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the signature.
*/
- polarssl_printf( "\n . Verifying the SHA-1 signature" );
+ polarssl_printf( "\n . Verifying the SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@@ -120,14 +120,14 @@
goto exit;
}
- if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0,
+ if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
buf, i ) ) != 0 )
{
polarssl_printf( " failed\n ! pk_verify returned -0x%04x\n", -ret );
goto exit;
}
- polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
+ polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0;
@@ -146,5 +146,5 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA256_C &&
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index e4f4970..f65c2a7 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -1,5 +1,5 @@
/*
- * RSA/SHA-1 signature creation program
+ * RSA/SHA-256 signature creation program
*
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
@@ -40,14 +40,14 @@
#include "polarssl/sha1.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -112,10 +112,10 @@
}
/*
- * Compute the SHA-1 hash of the input file,
+ * Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
- polarssl_printf( "\n . Generating the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
@@ -124,7 +124,7 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
20, hash, buf ) ) != 0 )
{
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
@@ -160,5 +160,5 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index e022db2..de90b7e 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -1,5 +1,5 @@
/*
- * RSASSA-PSS/SHA-1 signature creation program
+ * RSASSA-PSS/SHA-256 signature creation program
*
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
@@ -47,7 +47,7 @@
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
@@ -56,7 +56,7 @@
((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_RSA_C and/or POLARSSL_SHA1_C and/or "
+ "POLARSSL_RSA_C and/or POLARSSL_SHA256_C and/or "
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -118,13 +118,13 @@
goto exit;
}
- rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+ rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
/*
- * Compute the SHA-1 hash of the input file,
+ * Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
- polarssl_printf( "\n . Generating the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@@ -133,7 +133,7 @@
goto exit;
}
- if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen,
+ if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
polarssl_printf( " failed\n ! pk_sign returned %d\n\n", ret );
@@ -175,5 +175,5 @@
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
- POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
+ POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 6ff16e4..4b43380 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -1,5 +1,5 @@
/*
- * RSA/SHA-1 signature verification program
+ * RSA/SHA-256 signature verification program
*
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
@@ -39,14 +39,14 @@
#include "polarssl/sha1.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -122,10 +122,10 @@
}
/*
- * Compute the SHA-1 hash of the input file and compare
+ * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
*/
- polarssl_printf( "\n . Verifying the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
@@ -135,13 +135,13 @@
}
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
- POLARSSL_MD_SHA1, 20, hash, buf ) ) != 0 )
+ POLARSSL_MD_SHA256, 20, hash, buf ) ) != 0 )
{
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
goto exit;
}
- polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
+ polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0;
@@ -154,5 +154,5 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 3ffdfbe..dd625b4 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -1,5 +1,5 @@
/*
- * RSASSA-PSS/SHA-1 signature verification program
+ * RSASSA-PSS/SHA-256 signature verification program
*
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
@@ -46,7 +46,7 @@
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
@@ -54,7 +54,7 @@
((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_FS_IO not defined.\n");
return( 0 );
}
@@ -99,7 +99,7 @@
goto exit;
}
- rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+ rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
/*
* Extract the RSA signature from the text file
@@ -119,10 +119,10 @@
fclose( f );
/*
- * Compute the SHA-1 hash of the input file and compare
+ * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
*/
- polarssl_printf( "\n . Verifying the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@@ -131,14 +131,14 @@
goto exit;
}
- if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0,
+ if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
buf, i ) ) != 0 )
{
polarssl_printf( " failed\n ! pk_verify returned %d\n\n", ret );
goto exit;
}
- polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
+ polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0;
@@ -152,5 +152,5 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 3b67f65..f936097 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -149,7 +149,7 @@
* Set to sane values
*/
x509write_csr_init( &req );
- x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA1 );
+ x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA256 );
pk_init( &key );
memset( buf, 0, sizeof( buf ) );
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index eed12cf..7d68858 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -209,7 +209,7 @@
* Set to sane values
*/
x509write_crt_init( &crt );
- x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA1 );
+ x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA256 );
pk_init( &loaded_issuer_key );
pk_init( &loaded_subject_key );
mpi_init( &serial );