TBB: use SHA256 to generate the certificate signatures This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so certificate signatures are generated according to the NSA Suite B cryptographic algorithm requirements. Documentation updated accordingly. Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6

commit: ea4ec3aad5e15225e8fbdd638872bdceeb96a8dc [log] [tgz]
author: Juan Castillo <juan.castillo@arm.com> Mon Feb 16 10:34:28 2015 +0000
committer: Juan Castillo <juan.castillo@arm.com> Thu Mar 05 16:40:07 2015 +0000
tree: f99bbc98bea51ba67c32bd92363f655d5a099c26
parent: 5930eadbe5d8d4c3f15fd910476f72cd5bf86f44 [diff]
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 9705643..22fe3d5 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c

@@ -170,7 +170,7 @@
 	}
 
 	/* Sign the certificate with the issuer key */
-	if (!X509_sign(x, ikey, EVP_sha1())) {
+	if (!X509_sign(x, ikey, EVP_sha256())) {
 		ERR_print_errors_fp(stdout);
 		return 0;
 	}
commit	ea4ec3aad5e15225e8fbdd638872bdceeb96a8dc	[log] [tgz]
author	Juan Castillo <juan.castillo@arm.com>	Mon Feb 16 10:34:28 2015 +0000
committer	Juan Castillo <juan.castillo@arm.com>	Thu Mar 05 16:40:07 2015 +0000
tree	f99bbc98bea51ba67c32bd92363f655d5a099c26
parent	5930eadbe5d8d4c3f15fd910476f72cd5bf86f44 [diff]