From ea4ec3aad5e15225e8fbdd638872bdceeb96a8dc Mon Sep 17 00:00:00 2001
From: Juan Castillo <juan.castillo@arm.com>
Date: Mon, 16 Feb 2015 10:34:28 +0000
Subject: TBB: use SHA256 to generate the certificate signatures

This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
certificate signatures are generated according to the NSA Suite B
cryptographic algorithm requirements.

Documentation updated accordingly.

Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6
---
 tools/cert_create/src/cert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tools')

diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 9705643d..22fe3d58 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -170,7 +170,7 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk)
 	}
 
 	/* Sign the certificate with the issuer key */
-	if (!X509_sign(x, ikey, EVP_sha1())) {
+	if (!X509_sign(x, ikey, EVP_sha256())) {
 		ERR_print_errors_fp(stdout);
 		return 0;
 	}
-- 
cgit