|
 |
4269c7 |
From 3e018afbfe005a3448949bfe3954888b9d8460c4 Mon Sep 17 00:00:00 2001
|
|
|
4269c7 |
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
|
|
4269c7 |
Date: Wed, 15 Jul 2020 16:47:01 +0100
|
|
|
4269c7 |
Subject: [PATCH] crypto: use a stronger private key for tests
|
|
|
4269c7 |
MIME-Version: 1.0
|
|
|
4269c7 |
Content-Type: text/plain; charset=UTF-8
|
|
|
4269c7 |
Content-Transfer-Encoding: 8bit
|
|
|
4269c7 |
|
|
|
4269c7 |
The unit tests using the x509 crypto functionality have started
|
|
|
4269c7 |
failing in Fedora 33 rawhide with a message like
|
|
|
4269c7 |
|
|
|
4269c7 |
The certificate uses an insecure algorithm
|
|
|
4269c7 |
|
|
|
4269c7 |
This is result of Fedora changes to support strong crypto [1]. RSA
|
|
|
4269c7 |
with 1024 bit key is viewed as legacy and thus insecure. Generate
|
|
|
4269c7 |
a new private key which is 3072 bits long and reasonable future
|
|
|
4269c7 |
proof.
|
|
|
4269c7 |
|
|
|
4269c7 |
[1] https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
|
|
|
4269c7 |
|
|
|
4269c7 |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
4269c7 |
Message-Id: <20200715154701.1041325-1-berrange@redhat.com>
|
|
|
4269c7 |
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
|
|
|
4269c7 |
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
4269c7 |
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
4269c7 |
---
|
|
|
4269c7 |
tests/crypto-tls-x509-helpers.c | 59 ++++++++++++++++++++++-----------
|
|
|
4269c7 |
tests/qemu-iotests/common.tls | 57 +++++++++++++++++++++----------
|
|
|
4269c7 |
2 files changed, 79 insertions(+), 37 deletions(-)
|
|
|
4269c7 |
|
|
|
4269c7 |
diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c
|
|
|
4269c7 |
index 9b669c2a4b..01b3daf358 100644
|
|
|
4269c7 |
--- a/tests/crypto-tls-x509-helpers.c
|
|
|
4269c7 |
+++ b/tests/crypto-tls-x509-helpers.c
|
|
|
4269c7 |
@@ -37,25 +37,46 @@ ASN1_TYPE pkix_asn1;
|
|
|
4269c7 |
* here's one we prepared earlier :-)
|
|
|
4269c7 |
*/
|
|
|
4269c7 |
gnutls_x509_privkey_t privkey;
|
|
|
4269c7 |
-# define PRIVATE_KEY \
|
|
|
4269c7 |
- "-----BEGIN PRIVATE KEY-----\n" \
|
|
|
4269c7 |
- "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n" \
|
|
|
4269c7 |
- "BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE\n" \
|
|
|
4269c7 |
- "Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9\n" \
|
|
|
4269c7 |
- "rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc\n" \
|
|
|
4269c7 |
- "kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL\n" \
|
|
|
4269c7 |
- "IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H\n" \
|
|
|
4269c7 |
- "myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn\n" \
|
|
|
4269c7 |
- "2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO\n" \
|
|
|
4269c7 |
- "m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J\n" \
|
|
|
4269c7 |
- "bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK\n" \
|
|
|
4269c7 |
- "mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA\n" \
|
|
|
4269c7 |
- "Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa\n" \
|
|
|
4269c7 |
- "L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd\n" \
|
|
|
4269c7 |
- "a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W\n" \
|
|
|
4269c7 |
- "nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp\n" \
|
|
|
4269c7 |
- "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \
|
|
|
4269c7 |
- "-----END PRIVATE KEY-----\n"
|
|
|
4269c7 |
+# define PRIVATE_KEY \
|
|
|
4269c7 |
+ "-----BEGIN RSA PRIVATE KEY-----\n" \
|
|
|
4269c7 |
+ "MIIG5AIBAAKCAYEAyjWyLSNm5PZvYUKUcDWGqbLX10b2ood+YaFjWSnJrqx/q3qh\n" \
|
|
|
4269c7 |
+ "rVGBJglD25AJENJsmZF3zPP1oMhfIxsXu63Hdkb6Rdlc2RUoUP34x9VC1izH25mR\n" \
|
|
|
4269c7 |
+ "6c8DPDp1d6IraZ/llDMI1HsBFz0qGWtvOHgm815XG4PAr/N8rDsuqfv/cJ01KlnO\n" \
|
|
|
4269c7 |
+ "0OdO5QRXCJf9g/dYd41MPu7wOXk9FqjQlmRoP59HgtJ+zUpE4z+Keruw9cMT9VJj\n" \
|
|
|
4269c7 |
+ "0oT+pQ9ysenqeZ3gbT224T1khrEhT5kifhtFLNyDssRchUUWH0hiqoOO1vgb+850\n" \
|
|
|
4269c7 |
+ "W6/1VdxvuPam48py4diSPi1Vip8NITCOBaX9FIpVp4Ruw4rTPVMNMjq9Cpx/DwMP\n" \
|
|
|
4269c7 |
+ "9MbfXfnaVaZaMrmq67/zPhl0eVbUrecH2hQ3ZB9oIF4GkNskzlWF5+yPy6zqk304\n" \
|
|
|
4269c7 |
+ "AKaiFR6jRyh3YfHo2XFqV8x/hxdsIEXOtEUGhSIcpynsW+ckUCartzu7xbhXjd4b\n" \
|
|
|
4269c7 |
+ "kxJT89+riPFYij09AgMBAAECggGBAKyFkaZXXROeejrmHlV6JZGlp+fhgM38gkRz\n" \
|
|
|
4269c7 |
+ "+Jp7P7rLLAY3E7gXIPQ91WqAAmwazFNdvHPd9USfkCQYmnAi/VoZhrCPmlsQZRxt\n" \
|
|
|
4269c7 |
+ "A5QjjOnEvSPMa6SrXZxGWDCg6R8uMCb4P+FhrPWR1thnRDZOtRTQ+crc50p3mHgt\n" \
|
|
|
4269c7 |
+ "6ktXWIJRbqnag8zSfQqCYGtRmhe8sfsWT+Yl4El4+jjaAVU/B364u7+PLmaiphGp\n" \
|
|
|
4269c7 |
+ "BdJfTsTwEpgtGkPj+osDmhzXcZkfq3V+fz5JLkemsCiQKmn4VJRpg8c3ZmE8NPNt\n" \
|
|
|
4269c7 |
+ "gRtGWZ4W3WKDvhotT65WpQx4+6R8Duux/blNPBmH1Upmwd7kj7GYFBArbCjgd9PT\n" \
|
|
|
4269c7 |
+ "xgfCSUZpgOZHHkcgSB+022a8XncXna7WYYij28SLtwImFyu0nNtqECFQHH5u+k6C\n" \
|
|
|
4269c7 |
+ "LRYBSN+3t3At8dQuk01NVrJBndmjmXRfxpqUtTdeaNgVpdUYRY98s30G68NYGSra\n" \
|
|
|
4269c7 |
+ "aEvhhRSghkcLNetkobpY9pUgeqW/tQKBwQDZHHK9nDMt/zk1TxtILeUSitPXcv1/\n" \
|
|
|
4269c7 |
+ "8ufXqO0miHdH23XuXhIEA6Ef26RRVGDGgpjkveDJK/1w5feJ4H/ni4Vclil/cm38\n" \
|
|
|
4269c7 |
+ "OwRqjjd7ElHJX6JQbsxEx/gNTk5/QW1iAL9TXUalgepsSXYT6AJ0/CJv0jmJSJ36\n" \
|
|
|
4269c7 |
+ "YoKMOM8uqzb2KhN6i+RlJRi5iY53kUhWTJq5ArWvNhUzQNSYODI4bNxlsKSBL2Ik\n" \
|
|
|
4269c7 |
+ "LZ5QKHuaEjQet0IlPlfIb4PzMm8CHa/urOcCgcEA7m3zW/lL5bIFoKPjWig5Lbn1\n" \
|
|
|
4269c7 |
+ "aHfrG2ngqzWtgWtfZqMH8OkZc1Mdhhmvd46titjiLjeI+UP/uHXR0068PnrNngzl\n" \
|
|
|
4269c7 |
+ "tTgwlakzu+bWzqhBm1F+3/341st/FEk07r0P/3/PhezVjwfO8c8Exj7pLxH4wrH0\n" \
|
|
|
4269c7 |
+ "ROHgDbClmlJRu6OO78wk1+Vapf5DWa8YfA+q+fdvr7KvgGyytheKMT/b/dsqOq7y\n" \
|
|
|
4269c7 |
+ "qZPjmaJKWAvV3RWG8lWHFSdHx2IAHMHfGr17Y/w7AoHBALzwZeYebeekiVucGSjq\n" \
|
|
|
4269c7 |
+ "T8SgLhT7zCIx+JMUPjVfYzaUhP/Iu7Lkma6IzWm9nW6Drpy5pUpMzwUWDCLfzU9q\n" \
|
|
|
4269c7 |
+ "eseFIl337kEn9wLn+t5OpgAyCqYmlftxbqvdrrBN9uvnrJjWvqk/8wsDrw9JxAGc\n" \
|
|
|
4269c7 |
+ "fjeD4nBXUqvYWLXApoR9mZoGKedmoH9pFig4zlO9ig8YITnKYuQ0k6SD0b8agJHc\n" \
|
|
|
4269c7 |
+ "Ir0YSUDnRGgpjvFBGbeOCe+FGbohk/EpItJc3IAh5740lwKBwAdXd2DjokSmYKn7\n" \
|
|
|
4269c7 |
+ "oeqKxofz6+yVlLW5YuOiuX78sWlVp87xPolgi84vSEnkKM/Xsc8+goc6YstpRVa+\n" \
|
|
|
4269c7 |
+ "W+mImoA9YW1dF5HkLeWhTAf9AlgoAEIhbeIfTgBv6KNZSv7RDrDPBBxtXx/vAfSg\n" \
|
|
|
4269c7 |
+ "x0ldwk0scZsVYXLKd67yzfV7KdGUdaX4N/xYgfZm/9gCG3+q8NN2KxVHQ5F71BOE\n" \
|
|
|
4269c7 |
+ "JeABOaGo9WvnU+DNMIDZjHJMUWVw4MHz/a/UArDf/2CxaPVBNQKBwASg6j4ohSTk\n" \
|
|
|
4269c7 |
+ "J7aE6RQ3OBmmDDpixcoCJt9u9SjHVYMlbs5CEJGVSczk0SG3y8P1lOWNDSRnMksZ\n" \
|
|
|
4269c7 |
+ "xWnHdP/ogcuYMuvK7UACNAF0zNddtzOhzcpNmejFj+WCHYY/UmPr2/Kf6t7Cxk2K\n" \
|
|
|
4269c7 |
+ "3cZ4tqWsiTmBT8Bknmah7L5DrhS+ZBJliDeFAA8fZHdMH0Xjr4UBp9kF90EMTdW1\n" \
|
|
|
4269c7 |
+ "Xr5uz7ZrMsYpYQI7mmyqV9SSjUg4iBXwVSoag1iDJ1K8Qg/L7Semgg==\n" \
|
|
|
4269c7 |
+ "-----END RSA PRIVATE KEY-----\n"
|
|
|
4269c7 |
|
|
|
4269c7 |
/*
|
|
|
4269c7 |
* This loads the private key we defined earlier
|
|
|
4269c7 |
diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
|
|
|
4269c7 |
index 54c331d7a5..6ba28a78d3 100644
|
|
|
4269c7 |
--- a/tests/qemu-iotests/common.tls
|
|
|
4269c7 |
+++ b/tests/qemu-iotests/common.tls
|
|
|
4269c7 |
@@ -50,24 +50,45 @@ tls_x509_init()
|
|
|
4269c7 |
# use a fixed key so we don't waste system entropy on
|
|
|
4269c7 |
# each test run
|
|
|
4269c7 |
cat > "${tls_dir}/key.pem" <
|
|
|
4269c7 |
------BEGIN PRIVATE KEY-----
|
|
|
4269c7 |
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr
|
|
|
4269c7 |
-BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE
|
|
|
4269c7 |
-Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9
|
|
|
4269c7 |
-rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc
|
|
|
4269c7 |
-kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL
|
|
|
4269c7 |
-IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H
|
|
|
4269c7 |
-myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn
|
|
|
4269c7 |
-2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO
|
|
|
4269c7 |
-m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J
|
|
|
4269c7 |
-bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK
|
|
|
4269c7 |
-mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA
|
|
|
4269c7 |
-Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa
|
|
|
4269c7 |
-L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd
|
|
|
4269c7 |
-a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W
|
|
|
4269c7 |
-nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp
|
|
|
4269c7 |
-dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci
|
|
|
4269c7 |
------END PRIVATE KEY-----
|
|
|
4269c7 |
+-----BEGIN RSA PRIVATE KEY-----
|
|
|
4269c7 |
+MIIG5AIBAAKCAYEAyjWyLSNm5PZvYUKUcDWGqbLX10b2ood+YaFjWSnJrqx/q3qh
|
|
|
4269c7 |
+rVGBJglD25AJENJsmZF3zPP1oMhfIxsXu63Hdkb6Rdlc2RUoUP34x9VC1izH25mR
|
|
|
4269c7 |
+6c8DPDp1d6IraZ/llDMI1HsBFz0qGWtvOHgm815XG4PAr/N8rDsuqfv/cJ01KlnO
|
|
|
4269c7 |
+0OdO5QRXCJf9g/dYd41MPu7wOXk9FqjQlmRoP59HgtJ+zUpE4z+Keruw9cMT9VJj
|
|
|
4269c7 |
+0oT+pQ9ysenqeZ3gbT224T1khrEhT5kifhtFLNyDssRchUUWH0hiqoOO1vgb+850
|
|
|
4269c7 |
+W6/1VdxvuPam48py4diSPi1Vip8NITCOBaX9FIpVp4Ruw4rTPVMNMjq9Cpx/DwMP
|
|
|
4269c7 |
+9MbfXfnaVaZaMrmq67/zPhl0eVbUrecH2hQ3ZB9oIF4GkNskzlWF5+yPy6zqk304
|
|
|
4269c7 |
+AKaiFR6jRyh3YfHo2XFqV8x/hxdsIEXOtEUGhSIcpynsW+ckUCartzu7xbhXjd4b
|
|
|
4269c7 |
+kxJT89+riPFYij09AgMBAAECggGBAKyFkaZXXROeejrmHlV6JZGlp+fhgM38gkRz
|
|
|
4269c7 |
++Jp7P7rLLAY3E7gXIPQ91WqAAmwazFNdvHPd9USfkCQYmnAi/VoZhrCPmlsQZRxt
|
|
|
4269c7 |
+A5QjjOnEvSPMa6SrXZxGWDCg6R8uMCb4P+FhrPWR1thnRDZOtRTQ+crc50p3mHgt
|
|
|
4269c7 |
+6ktXWIJRbqnag8zSfQqCYGtRmhe8sfsWT+Yl4El4+jjaAVU/B364u7+PLmaiphGp
|
|
|
4269c7 |
+BdJfTsTwEpgtGkPj+osDmhzXcZkfq3V+fz5JLkemsCiQKmn4VJRpg8c3ZmE8NPNt
|
|
|
4269c7 |
+gRtGWZ4W3WKDvhotT65WpQx4+6R8Duux/blNPBmH1Upmwd7kj7GYFBArbCjgd9PT
|
|
|
4269c7 |
+xgfCSUZpgOZHHkcgSB+022a8XncXna7WYYij28SLtwImFyu0nNtqECFQHH5u+k6C
|
|
|
4269c7 |
+LRYBSN+3t3At8dQuk01NVrJBndmjmXRfxpqUtTdeaNgVpdUYRY98s30G68NYGSra
|
|
|
4269c7 |
+aEvhhRSghkcLNetkobpY9pUgeqW/tQKBwQDZHHK9nDMt/zk1TxtILeUSitPXcv1/
|
|
|
4269c7 |
+8ufXqO0miHdH23XuXhIEA6Ef26RRVGDGgpjkveDJK/1w5feJ4H/ni4Vclil/cm38
|
|
|
4269c7 |
+OwRqjjd7ElHJX6JQbsxEx/gNTk5/QW1iAL9TXUalgepsSXYT6AJ0/CJv0jmJSJ36
|
|
|
4269c7 |
+YoKMOM8uqzb2KhN6i+RlJRi5iY53kUhWTJq5ArWvNhUzQNSYODI4bNxlsKSBL2Ik
|
|
|
4269c7 |
+LZ5QKHuaEjQet0IlPlfIb4PzMm8CHa/urOcCgcEA7m3zW/lL5bIFoKPjWig5Lbn1
|
|
|
4269c7 |
+aHfrG2ngqzWtgWtfZqMH8OkZc1Mdhhmvd46titjiLjeI+UP/uHXR0068PnrNngzl
|
|
|
4269c7 |
+tTgwlakzu+bWzqhBm1F+3/341st/FEk07r0P/3/PhezVjwfO8c8Exj7pLxH4wrH0
|
|
|
4269c7 |
+ROHgDbClmlJRu6OO78wk1+Vapf5DWa8YfA+q+fdvr7KvgGyytheKMT/b/dsqOq7y
|
|
|
4269c7 |
+qZPjmaJKWAvV3RWG8lWHFSdHx2IAHMHfGr17Y/w7AoHBALzwZeYebeekiVucGSjq
|
|
|
4269c7 |
+T8SgLhT7zCIx+JMUPjVfYzaUhP/Iu7Lkma6IzWm9nW6Drpy5pUpMzwUWDCLfzU9q
|
|
|
4269c7 |
+eseFIl337kEn9wLn+t5OpgAyCqYmlftxbqvdrrBN9uvnrJjWvqk/8wsDrw9JxAGc
|
|
|
4269c7 |
+fjeD4nBXUqvYWLXApoR9mZoGKedmoH9pFig4zlO9ig8YITnKYuQ0k6SD0b8agJHc
|
|
|
4269c7 |
+Ir0YSUDnRGgpjvFBGbeOCe+FGbohk/EpItJc3IAh5740lwKBwAdXd2DjokSmYKn7
|
|
|
4269c7 |
+oeqKxofz6+yVlLW5YuOiuX78sWlVp87xPolgi84vSEnkKM/Xsc8+goc6YstpRVa+
|
|
|
4269c7 |
+W+mImoA9YW1dF5HkLeWhTAf9AlgoAEIhbeIfTgBv6KNZSv7RDrDPBBxtXx/vAfSg
|
|
|
4269c7 |
+x0ldwk0scZsVYXLKd67yzfV7KdGUdaX4N/xYgfZm/9gCG3+q8NN2KxVHQ5F71BOE
|
|
|
4269c7 |
+JeABOaGo9WvnU+DNMIDZjHJMUWVw4MHz/a/UArDf/2CxaPVBNQKBwASg6j4ohSTk
|
|
|
4269c7 |
+J7aE6RQ3OBmmDDpixcoCJt9u9SjHVYMlbs5CEJGVSczk0SG3y8P1lOWNDSRnMksZ
|
|
|
4269c7 |
+xWnHdP/ogcuYMuvK7UACNAF0zNddtzOhzcpNmejFj+WCHYY/UmPr2/Kf6t7Cxk2K
|
|
|
4269c7 |
+3cZ4tqWsiTmBT8Bknmah7L5DrhS+ZBJliDeFAA8fZHdMH0Xjr4UBp9kF90EMTdW1
|
|
|
4269c7 |
+Xr5uz7ZrMsYpYQI7mmyqV9SSjUg4iBXwVSoag1iDJ1K8Qg/L7Semgg==
|
|
|
4269c7 |
+-----END RSA PRIVATE KEY-----
|
|
|
4269c7 |
EOF
|
|
|
4269c7 |
}
|
|
|
4269c7 |
|
|
|
4269c7 |
--
|
|
|
4269c7 |
2.28.0.rc2
|
|
|
4269c7 |
|