TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 69eba519f0016d1dda72761e24a4e2f4703937c8^! / .
commit69eba519f0016d1dda72761e24a4e2f4703937c8[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Thu Apr 25 16:02:13 2024 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Thu Apr 25 16:35:04 2024 +0200
treedc386446951009c00da464575095a9812ded23be
parent786dff670172ad6bcb4eaa0197ed9df4afea1fcc [diff]
Fix rsa_pkcs1_*_clear.der to actually be PKCS#1 files

With OpenSSL 3.0.2 (which I used to generate the previous set of "pkcs1" DER
files), the output of `openssl rsa -outform DER` is actually a
PKCS#8-encoded key, despite what the documentation says. This is a change
from OpenSSL 1.x, where the output is a PKCS#1-encoded key. OpenSSL 3.0.8
documents the output as PKCS#8.

Change to `openssl pkey`, which seems more reliable. The documentation
states that the output is PKCS#8, but the output is actually consistently
PKCS#1 at least from 1.0.2g to 3.3.0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 0fbdfe5..fa30cf5 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile

@@ -739,7 +739,7 @@
 ### PKCS1-encoded, plaintext RSA keys in derived forms
 
 rsa_pkcs1_%.der: rsa_pkcs1_%.pem
-	$(OPENSSL) rsa -inform PEM -in $< -outform DER -out $@
+	$(OPENSSL) pkey -inform PEM -in $< -outform DER -out $@
 all_final += $(keys_rsa_base:.pem=.der)
 
 ###

diff --git a/tests/data_files/rsa_pkcs1_1024_clear.der b/tests/data_files/rsa_pkcs1_1024_clear.der
index 8dfb09f..cec2c30 100644
--- a/tests/data_files/rsa_pkcs1_1024_clear.der
+++ b/tests/data_files/rsa_pkcs1_1024_clear.der
Binary files differ

diff --git a/tests/data_files/rsa_pkcs1_2048_clear.der b/tests/data_files/rsa_pkcs1_2048_clear.der
index 137395e..667051b 100644
--- a/tests/data_files/rsa_pkcs1_2048_clear.der
+++ b/tests/data_files/rsa_pkcs1_2048_clear.der
Binary files differ

diff --git a/tests/data_files/rsa_pkcs1_4096_clear.der b/tests/data_files/rsa_pkcs1_4096_clear.der
index c65a232..9dc971e 100644
--- a/tests/data_files/rsa_pkcs1_4096_clear.der
+++ b/tests/data_files/rsa_pkcs1_4096_clear.der
Binary files differ

diff --git a/tests/data_files/rsa_pkcs1_768_clear.der b/tests/data_files/rsa_pkcs1_768_clear.der
index 7fbd8b2..a80b891 100644
--- a/tests/data_files/rsa_pkcs1_768_clear.der
+++ b/tests/data_files/rsa_pkcs1_768_clear.der
Binary files differ

diff --git a/tests/data_files/rsa_pkcs1_769_clear.der b/tests/data_files/rsa_pkcs1_769_clear.der
index 3361d0b..c4bfe6c 100644
--- a/tests/data_files/rsa_pkcs1_769_clear.der
+++ b/tests/data_files/rsa_pkcs1_769_clear.der
Binary files differ

diff --git a/tests/data_files/rsa_pkcs1_770_clear.der b/tests/data_files/rsa_pkcs1_770_clear.der
index f9e6c8b..89e140f 100644
--- a/tests/data_files/rsa_pkcs1_770_clear.der
+++ b/tests/data_files/rsa_pkcs1_770_clear.der
Binary files differ

diff --git a/tests/data_files/rsa_pkcs1_776_clear.der b/tests/data_files/rsa_pkcs1_776_clear.der
index 8511881..a311c67 100644
--- a/tests/data_files/rsa_pkcs1_776_clear.der
+++ b/tests/data_files/rsa_pkcs1_776_clear.der
Binary files differ

diff --git a/tests/data_files/rsa_pkcs1_784_clear.der b/tests/data_files/rsa_pkcs1_784_clear.der
index 4fe5ebb..94f3d3b 100644
--- a/tests/data_files/rsa_pkcs1_784_clear.der
+++ b/tests/data_files/rsa_pkcs1_784_clear.der
Binary files differ