dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-26 22:02:31 +02:00
Code Releases Activity

tests: fix gen-keys.sh to generate sha256 certificates

Browse Source 
On systems with OpenSSL sha1 disabled, the sign-verify.test fails:

- openssl dgst   -sha1 sha1.txt
- openssl dgst   -sha1 -sign test-rsa1024.key -hex sha1.txt
Error setting context
804BD5CF787F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:343:
sha1 (test-rsa1024.key) test is skipped (openssl is unable to sign)

Instead of enabling sha1 support on these systems by setting the environment
variable OPENSSL_ENABLE_SHA1_SIGNATURES, generate a sha256 certificate.

Reported-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
This commit is contained in:
Mimi Zohar 2023-03-06 05:57:27 -05:00
parent 2ea31a943c
commit 411ff0a720
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/gen-keys.sh
View File

@ -71,7 +71,7 @@ for m in 1024 1024_skid 2048; do
ext=
fi
if [ ! -e test-rsa$m.key ]; then
log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 $ext \
log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 $ext \
-config test-ca.conf \
-newkey rsa:$bits \
-out test-rsa$m.cer -outform DER \
@ -93,7 +93,7 @@ for curve in prime192v1 prime256v1; do
continue
fi
if [ ! -e test-$curve.key ]; then
log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 \
log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 \
-config test-ca.conf \
-newkey ec \
-pkeyopt ec_paramgen_curve:$curve \