From 411ff0a7206d75596659cecdae7f24bba3ba8548 Mon Sep 17 00:00:00 2001
From: Mimi Zohar <zohar@linux.ibm.com>
Date: Mon, 6 Mar 2023 05:57:27 -0500
Subject: [PATCH] tests: fix gen-keys.sh to generate sha256 certificates

On systems with OpenSSL sha1 disabled, the sign-verify.test fails:

- openssl dgst   -sha1 sha1.txt
- openssl dgst   -sha1 -sign test-rsa1024.key -hex sha1.txt
Error setting context
804BD5CF787F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:343:
sha1 (test-rsa1024.key) test is skipped (openssl is unable to sign)

Instead of enabling sha1 support on these systems by setting the environment
variable OPENSSL_ENABLE_SHA1_SIGNATURES, generate a sha256 certificate.

Reported-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
---
 tests/gen-keys.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
index 1a6c22a..8905cdf 100755
--- a/tests/gen-keys.sh
+++ b/tests/gen-keys.sh
@@ -71,7 +71,7 @@ for m in 1024 1024_skid 2048; do
     ext=
   fi
   if [ ! -e test-rsa$m.key ]; then
-    log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 $ext \
+    log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 $ext \
       -config test-ca.conf \
       -newkey rsa:$bits \
       -out test-rsa$m.cer -outform DER \
@@ -93,7 +93,7 @@ for curve in prime192v1 prime256v1; do
     continue
   fi
   if [ ! -e test-$curve.key ]; then
-    log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 \
+    log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 \
       -config test-ca.conf \
       -newkey ec \
       -pkeyopt ec_paramgen_curve:$curve \