[PATCH ima-evm-utils 2/2] tests: fix gen-keys.sh to generate sha256 certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On systems with OpenSSL sha1 disabled, the sign-verify.test fails:

- openssl dgst   -sha1 sha1.txt
- openssl dgst   -sha1 -sign test-rsa1024.key -hex sha1.txt
Error setting context
804BD5CF787F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:343:
sha1 (test-rsa1024.key) test is skipped (openssl is unable to sign)

Instead of enabling sha1 support on these systems by setting the environment
variable OPENSSL_ENABLE_SHA1_SIGNATURES, generate a sha256 certificate.

Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
 tests/gen-keys.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
index 1a6c22a2f3c4..8905cdf2d216 100755
--- a/tests/gen-keys.sh
+++ b/tests/gen-keys.sh
@@ -71,7 +71,7 @@ for m in 1024 1024_skid 2048; do
     ext=
   fi
   if [ ! -e test-rsa$m.key ]; then
-    log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 $ext \
+    log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 $ext \
       -config test-ca.conf \
       -newkey rsa:$bits \
       -out test-rsa$m.cer -outform DER \
@@ -93,7 +93,7 @@ for curve in prime192v1 prime256v1; do
     continue
   fi
   if [ ! -e test-$curve.key ]; then
-    log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 \
+    log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 \
       -config test-ca.conf \
       -newkey ec \
       -pkeyopt ec_paramgen_curve:$curve \
-- 
2.31.1




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux