• Justin Chadwell's avatar
    Remove RSA PKCS#1 v1.5 support from cert_tool · 6a415a50
    Justin Chadwell authored
    Support for PKCS#1 v1.5 was deprecated in SHA 1001202d and fully removed
    in SHA fe199e3b
    
    , however, cert_tool is still able to generate
    certificates in that form. This patch fully removes the ability for
    cert_tool to generate these certificates.
    
    Additionally, this patch also fixes a bug where the issuing certificate
    was a RSA and the issued certificate was EcDSA. In this case, the issued
    certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
    PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
    that PKCS#1 v1.5 support is removed, all certificates that are signed
    with RSA now use the more modern padding scheme.
    
    Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
    Signed-off-by: default avatarJustin Chadwell <justin.chadwell@arm.com>
    6a415a50
main.c 13 KB