[openssl] master update

Kurt Roeckx kurt at openssl.org
Wed Feb 5 21:04:50 UTC 2020


The branch master has been updated
       via  b744f915ca8bb37631909728dd2529289bda8438 (commit)
       via  4d9e8c95544d7a86765e6a46951dbe17b801875a (commit)
      from  d8d4e5fb32b3f7d9af28d21ce4c1c46cc1c7614c (commit)


- Log -----------------------------------------------------------------
commit b744f915ca8bb37631909728dd2529289bda8438
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Thu Jan 2 23:25:27 2020 +0100

    Stop accepting certificates signed using SHA1 at security level 1
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    GH: #10786

commit 4d9e8c95544d7a86765e6a46951dbe17b801875a
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Thu Jan 23 00:24:35 2020 +0100

    Create a new embeddedSCTs1 that's signed using SHA256
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    GH: #10786

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                                 |  12 ++++++++
 NEWS                                    |   4 +++
 crypto/rsa/rsa_ameth.c                  |  20 +++++++++++-
 crypto/x509/x509_set.c                  |  14 +++++++++
 test/certs/ct-server-key-public.pem     |   4 +++
 test/certs/ct-server-key.pem            |   5 +++
 test/certs/embeddedSCTs1-key.pem        |  38 +++++++++++++++--------
 test/certs/embeddedSCTs1.pem            |  35 ++++++++++-----------
 test/certs/embeddedSCTs1.sct            |  12 ++++----
 test/certs/embeddedSCTs1.tlssct         | Bin 0 -> 118 bytes
 test/certs/embeddedSCTs1_issuer-key.pem |  15 +++++++++
 test/certs/embeddedSCTs3.sct            |   2 +-
 test/certs/mkcert.sh                    |  52 ++++++++++++++++++++++++++++++++
 test/certs/setup.sh                     |   3 ++
 test/ct_test.c                          |   6 +++-
 test/recipes/25-test_verify.t           |   8 ++---
 16 files changed, 187 insertions(+), 43 deletions(-)
 create mode 100644 test/certs/ct-server-key-public.pem
 create mode 100644 test/certs/ct-server-key.pem
 create mode 100644 test/certs/embeddedSCTs1.tlssct
 create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem

diff --git a/CHANGES b/CHANGES
index 1750162a10..7b18d51077 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,18 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) X509 certificates signed using SHA1 are no longer allowed at security
+     level 1 and above.
+     In TLS/SSL the default security level is 1. It can be set either
+     using the cipher string with @SECLEVEL, or calling
+     SSL_CTX_set_security_level(). If the leaf certificate is signed with SHA-1,
+     a call to SSL_CTX_use_certificate() will fail if the security level is not
+     lowered first.
+     Outside TLS/SSL, the default security level is -1 (effectively 0). It can
+     be set using X509_VERIFY_PARAM_set_auth_level() or using the -auth_level
+     options of the apps.
+     [Kurt Roeckx]
+
   *) Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
      automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC.
      This means that applications don't have to look at the curve NID and
diff --git a/NEWS b/NEWS
index de439d6bb1..4d7f0d01c6 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
 
+      o X509 certificates signed using SHA1 are no longer allowed at security
+        level 1 or higher. The default security level for TLS is 1, so
+        certificates signed using SHA1 are by default no longer trusted to
+        authenticate servers or clients.
       o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
         disabled; the project uses address sanitize/leak-detect instead.
       o Added OSSL_SERIALIZER, a generic serializer API.
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 3246f33688..485ac35a6f 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -859,6 +859,7 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
     uint32_t flags;
     const EVP_MD *mgf1md = NULL, *md = NULL;
     RSA_PSS_PARAMS *pss;
+    int secbits;
 
     /* Sanity check: make sure it is PSS */
     if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
@@ -878,7 +879,24 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
     else
         flags = 0;
     /* Note: security bits half number of digest bits */
-    X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
+    secbits = EVP_MD_size(md) * 4;
+    /*
+     * SHA1 and MD5 are known to be broken. Reduce security bits so that
+     * they're no longer accepted at security level 1. The real values don't
+     * really matter as long as they're lower than 80, which is our security
+     * level 1.
+     * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for SHA1 at
+     * 2^63.4
+     * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf
+     * puts a chosen-prefix attack for MD5 at 2^39.
+     */
+    if (mdnid == NID_sha1)
+        secbits = 64;
+    else if (mdnid == NID_md5_sha1)
+        secbits = 68;
+    else if (mdnid == NID_md5)
+        secbits = 39;
+    X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, secbits,
                       flags);
     rv = 1;
     err:
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index e325a57b29..97676c2ecd 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -222,6 +222,20 @@ static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
         return;
     /* Security bits: half number of bits in digest */
     siginf->secbits = EVP_MD_size(md) * 4;
+    /*
+     * SHA1 and MD5 are known to be broken. Reduce security bits so that
+     * they're no longer accepted at security level 1. The real values don't
+     * really matter as long as they're lower than 80, which is our security
+     * level 1.
+     * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for SHA1 at
+     * 2^63.4
+     * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf
+     * puts a chosen-prefix attack for MD5 at 2^39.
+     */
+    if (mdnid == NID_sha1)
+        siginf->secbits = 63;
+    else if (mdnid == NID_md5)
+        siginf->secbits = 39;
     switch (mdnid) {
         case NID_sha1:
         case NID_sha256:
diff --git a/test/certs/ct-server-key-public.pem b/test/certs/ct-server-key-public.pem
new file mode 100644
index 0000000000..c35ce3f483
--- /dev/null
+++ b/test/certs/ct-server-key-public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3U
+yEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w==
+-----END PUBLIC KEY-----
diff --git a/test/certs/ct-server-key.pem b/test/certs/ct-server-key.pem
new file mode 100644
index 0000000000..ab6a5575bb
--- /dev/null
+++ b/test/certs/ct-server-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFLw4uhuCruGKjrS9MoNeXFbypqZe+Sgh+EL1gnRn1d4oAoGCCqGSM49
+AwEHoUQDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pX
+rGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w==
+-----END EC PRIVATE KEY-----
diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem
index e3e66d55c5..28dd206dbe 100644
--- a/test/certs/embeddedSCTs1-key.pem
+++ b/test/certs/embeddedSCTs1-key.pem
@@ -1,15 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
-WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
-EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
-AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
-PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
-flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
-X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
-pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
-b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
-9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
-83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
-n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
-1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
+MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw
+XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT
+48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ
+b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L
+eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG
+a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm
+tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf
+3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r
+zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF
+nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ
+XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw
+ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ
+S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi
+BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3
+2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn
+MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU
+JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn
+j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA
+jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu
+ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk
+3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P
+o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI
+fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1
+5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP
+RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4=
 -----END RSA PRIVATE KEY-----
diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem
index d1e85120a0..d2a111fb82 100644
--- a/test/certs/embeddedSCTs1.pem
+++ b/test/certs/embeddedSCTs1.pem
@@ -1,20 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
 MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/
-BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk
-EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw
-FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q
-Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD
-VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w
-DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK
-BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L
-vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw
-KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG
-SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE
-oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr
-5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy
+NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK
+/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE
+FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI
+0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I
+QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S
+wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB
+CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I
+Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI
+/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB
+u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ
+BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR
+RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1
+IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W
+YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw==
 -----END CERTIFICATE-----
diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct
index 59362dcee1..9e413e3dc7 100644
--- a/test/certs/embeddedSCTs1.sct
+++ b/test/certs/embeddedSCTs1.sct
@@ -2,11 +2,11 @@ Signed Certificate Timestamp:
     Version   : v1 (0x0)
     Log ID    : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C:
                 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64
-    Timestamp : Apr  5 17:04:16.275 2013 GMT
+    Timestamp : Jan  1 00:00:00.000 2020 GMT
     Extensions: none
     Signature : ecdsa-with-SHA256
-                30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F:
-                D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3:
-                E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2:
-                F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1:
-                05:51:9D:89:ED:BF:08
\ No newline at end of file
+                30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A:
+                D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4:
+                BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F:
+                02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7:
+                60:EB:A8:AF:03:5E:C3
diff --git a/test/certs/embeddedSCTs1.tlssct b/test/certs/embeddedSCTs1.tlssct
new file mode 100644
index 0000000000..0586c94ab0
Binary files /dev/null and b/test/certs/embeddedSCTs1.tlssct differ
diff --git a/test/certs/embeddedSCTs1_issuer-key.pem b/test/certs/embeddedSCTs1_issuer-key.pem
new file mode 100644
index 0000000000..9326e38b1e
--- /dev/null
+++ b/test/certs/embeddedSCTs1_issuer-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR
+yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm
+JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB
+AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK
+QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL
+GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq
+r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr
+4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw
++mCtU8T3L/Ms8bH1yFBZhmkp1PbR8gl48QJAQo70YyWThiN5yfxXcQ96cZWrTdIJ
+b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY
+xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN
+lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei
+T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU=
+-----END RSA PRIVATE KEY-----
diff --git a/test/certs/embeddedSCTs3.sct b/test/certs/embeddedSCTs3.sct
index ad1ccf0ffc..579a890a9a 100644
--- a/test/certs/embeddedSCTs3.sct
+++ b/test/certs/embeddedSCTs3.sct
@@ -33,4 +33,4 @@ Signed Certificate Timestamp:
                 55:83:D2:9D:E5:A1:8D:B6:3D:A6:73:89:42:32:9C:91:
                 0F:3B:6A:74:02:21:00:86:EE:10:F9:10:E6:7B:17:65:
                 D9:2D:37:53:4A:3B:F0:AE:03:E4:21:76:37:EF:AF:B4:
-                44:2E:2B:F5:5C:C6:91
\ No newline at end of file
+                44:2E:2B:F5:5C:C6:91
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index e03b19014e..7a2092aa8b 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -288,4 +288,56 @@ gennocn() {
 	cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@"
 }
 
+genct() {
+    local OPTIND=1
+    local purpose=serverAuth
+
+    while getopts p: o
+    do
+        case $o in
+        p) purpose="$OPTARG";;
+        *) echo "Usage: $0 genct [-p EKU] cn keyname certname cakeyname cacertname ctlogkey" >&2
+           return 1;;
+        esac
+    done
+
+    shift $((OPTIND - 1))
+    local cn=$1; shift
+    local key=$1; shift
+    local cert=$1; shift
+    local cakey=$1; shift
+    local ca=$1; shift
+    local logkey=$1; shift
+
+    exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+	    "subjectKeyIdentifier = hash" \
+	    "authorityKeyIdentifier = keyid, issuer" \
+	    "basicConstraints = CA:false" \
+	    "extendedKeyUsage = $purpose" \
+            "1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL"\
+	    "subjectAltName = @alts" "DNS=${cn}")
+    csr=$(req "$key" "CN = $cn") || return 1
+    echo "$csr" |
+	cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+	    -set_serial 2 -days "${DAYS}" "$@"
+    cat ${cert}.pem ${ca}.pem > ${cert}-chain.pem
+    go run github.com/google/certificate-transparency-go/ctutil/sctgen \
+       --log_private_key ${logkey}.pem \
+       --timestamp="2020-01-01T00:00:00Z" \
+       --cert_chain ${cert}-chain.pem \
+       --tls_out ${cert}.tlssct
+    rm ${cert}-chain.pem
+    filesize=$(wc -c <${cert}.tlssct)
+    exts=$(printf "%s\n%s\n%s\n%s\n%s%04X%04X%s\n%s\n[alts]\n%s\n" \
+	    "subjectKeyIdentifier = hash" \
+	    "authorityKeyIdentifier = keyid, issuer" \
+	    "basicConstraints = CA:false" \
+	    "extendedKeyUsage = $purpose" \
+	    "1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:" $((filesize+2)) $filesize `xxd -p ${cert}.tlssct | tr -d '\n'` \
+	    "subjectAltName = @alts" "DNS=${cn}")
+    echo "$csr" |
+	cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+	    -set_serial 2 -days "${DAYS}" "$@"
+}
+
 "$@"
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 26b2f1ddfe..bd0b663944 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -375,3 +375,6 @@ openssl req -new -nodes -subj "/CN=localhost" \
     -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \
     ./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \
     server-pss-restrict-cert rootkey rootcert
+
+# CT entry
+./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key
diff --git a/test/ct_test.c b/test/ct_test.c
index e2f50efcf3..c55fb7ca90 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -63,7 +63,7 @@ static CT_TEST_FIXTURE *set_up(const char *const test_case_name)
     if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
         goto end;
     fixture->test_case_name = test_case_name;
-    fixture->epoch_time_in_ms = 1473269626000ULL; /* Sep 7 17:33:46 2016 GMT */
+    fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */
     if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new())
             || !TEST_int_eq(
                     CTLOG_STORE_load_default_file(fixture->ctlog_store), 1))
@@ -160,6 +160,10 @@ static int compare_extension_printout(X509_EXTENSION *extension,
                                            X509V3_EXT_DEFAULT, 0)))
         goto end;
 
+    /* Append \n because it's easier to create files that end with one. */
+    if (!TEST_true(BIO_write(text_buffer, "\n", 1)))
+        goto end;
+
     /* Append \0 because we're about to use the buffer contents as a string. */
     if (!TEST_true(BIO_write(text_buffer, "\0", 1)))
         goto end;
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 915c902b15..219e7e1149 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -336,14 +336,14 @@ ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cer
 ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
    "Name constraints nested DNS name excluded");
 
-ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
-    "Certificate PSS signature using SHA1");
+ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
+    "Accept PSS signature using SHA1 at auth level 0");
 
 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
     "CA with PSS signature using SHA256");
 
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
-    "Reject PSS signature using SHA1 and auth level 2");
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
+    "Reject PSS signature using SHA1 and auth level 1");
 
 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
     "PSS signature using SHA256 and auth level 2");


More information about the openssl-commits mailing list