certs: regenerate ecc-leaf-mldsa44 and ecc-leaf-rsapss from renew scripts

This commit is contained in:
aidan garske
2026-06-29 13:46:14 -07:00
parent aa32abc556
commit fef29abf0e
4 changed files with 103 additions and 63 deletions
+54 -54
View File
@@ -1,61 +1,61 @@
-----BEGIN CERTIFICATE-----
MIIK4zCCAVmgAwIBAgIURMREBesDbhFE7MTpbJAhFuwlmNgwCwYJYIZIAWUDBAMR
MIIK4zCCAVmgAwIBAgIUWxTZmWEP7xd/6kP8yG6lrPoDI0EwCwYJYIZIAWUDBAMR
MFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
bWFuMRAwDgYDVQQKDAd3b2xmU1NMMRUwEwYDVQQDDAxUZXN0IG1sZHNhNDQwHhcN
MjYwNjI0MTkyODM5WhcNMzYwNjIxMTkyODM5WjAUMRIwEAYDVQQDDAlsb2NhbGhv
MjYwNjI5MjA0MjExWhcNMzYwNjI2MjA0MjExWjAUMRIwEAYDVQQDDAlsb2NhbGhv
c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS7M6xMJ1BKxkqlBMM83p8223It
zpTqK/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInYo0Iw
QDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAwHwYDVR0jBBgwFoAUswU7
xg6AYh+iTpNtmT4TaDnG/DIwCwYJYIZIAWUDBAMRA4IJdQBp2TdyejDOdGyPgB2n
c4X+/TQ1EhPeHNs4dZ3gxtmRmYtilgonNPtuEm31DNp0RrcB4BXK6PKhJP27fTAR
wuwtfdoU7SnC8tsGr1eX3IKGq3+GCMzunJJgMN0zz6mDi25K3c025AxWFxdHOhhQ
QguUxoZ/GWJsH/e2LJL5qTyeJvHNi/30cNjImsZXFeatQlv87/f1vcwCK4T5/ajd
GWn4g1ktgRxzvtozBhg7Hw0CbOj0jXFIA+3k/GDCw9RxckBJ8Yn/ddMZNbljduZk
zLykzjZsrX9badyy8pFgJaGsptgo/SOcxBhHIpjjGu9rTmi1QxAl1yliNoJXBxJR
RmZijJ619Vmq6w00PSJnM4hP8O7DN8WZ/dZ9f78/WJsNXsv6s036QFwcpj5wo7ex
OB6ZJSEXkIM9w4mPNpPUyAXfl9GauLGiXANFyqPmm/31CV5nL5INAON5Ft2vbOG8
RGQySPVV4Cb9WuTtn0iMYgwqdYMxZJbgFUD4RvXiAl5fsLE8N7AHf7Cuua/k+mgZ
PfH04f2Harzt100Y5J365x5b2ia7QpqRgYeubbCuW8Zd8nVT7+Imo3mgVwNWM9c8
nskP0uHq51y5qrY3s0DSb8FKcZnZD7zQ70l8EVnlTD2G3QeiE8Id0XqubtrEO+DT
vyZuMwU4x5NQKGyPUL6tHeUkt7hEWom9sCvIFkeOa4OadGuktxOdDc3f3w2VgG5/
4nzlP/Y0PSziTw5RuV/G+f4V3VpWlSPCn2CfoTxjoVak/abCiWrijZ8lR3c4ERAl
AevDEIxpvq5jIlv506vXw2CZeq6195KtsPGhrNkaax7ThZJQPFH/NR5Tu0Y2EBJG
0lth79qhKKgQDmhf5VNkomblrqW2R6Dm8CvYRuHwmGSk+FfH4ULavv/fuVXaW+h4
MYjTV8wq4Jdl9qi9G+rfncUzZc2L8/zKisGjuzK0AoWVhs5UgS+/3xjCbsuWkYHG
siJ2kuZvl7KWR7Oc5OWfaRvAokNtglYWCtUzpD86V08X4l3U77Xi5UFJMjGcVVW6
2F/WRyhq653vxvclDtkVyBaYDCcnHND7jGpqBcbJDTJyFE/Z3/GPFiYr1mYkVL/v
jPZ9qklFeWPXCKRVAHESMfFPozMNvdOpWqW0nxZ4P4rjcSKDfXX5wsQC4tW53pK/
0fpqGrNVY5xsIu8zV6OYpvbaPoaDxHS+clvDB9PrJlvjZUFBWPAiCzjYJNgcVFqU
39/aAKWj24dbDarp5QEM8rReQiLvCjzD8ARb1zVAnaeyhaMaxCgwp5v/IEcSShH6
mNX2dcsht10lic5DxJ8Up9ZFNTZhDSD+1E0tX4Vt0DPR8ZVYbW56rnXHTdYiwKhm
4lXia11zR2f4pl3JD23yYRvSfPJTilWkUO+wAazmP5vRPELyodO4vvqDL+lOkwff
7IV6JFCLdOV22RpwMHlO7YZkWpoauocljvfZBLLTOqlmcxKGN+T1na9D39jly5oi
9Aqb4dK6AFaFw5k78kcei3OLNdCDD8dssY1sReMeLM7ENuj4T7XjJh3PVDBDhRS7
0WPjztBAsVkqOvIRxINjoXTIRvTL0u8P/NUWKhduSDKe+NIvHChuF5VycgAS6G2p
C3ZqsVM0D3D4s2AvalPJfyhhBN6c9dVeUfjBCNPWk8z7v+d38VHSAPkq5C4Sp5W3
dD2Wm4ohgkDe1AkvcTtCHSK5tyo8mV0NyObbuMw5YnYyJ5h2CS/PaEfRME+VOsTI
FLhgy0EZwRfxV+3Q6pTRA3DC0NR50F3teF50HbcmuXxae4FL3F/4qGjErubs6tbD
M8QzgBLjALl82UrbtFItELLfTjQC7HtOZgwIGqOwd00Eoy6pqwe2AWzYz63A4F1z
1PPYPAsjfWtfkQmjFeMcljAYaY0YUGox8139lcL8m/7l+2fLhv62m940rRrg41D1
DTiCIqJTe070lq20iJZ/zWUnrWM/Vhn5PVnc4mgQ7d0uIAJ9j8wxgqw5UYNGYKRw
Vf3IqsAyYxPsBo9iibBUy4qPMtPA/wN25B22gorjda2Cp0pQWdBjGSRrFjaO8Bx1
oFJ8nOuzPbG5Q5VJbwGrCxDt7kSueh1ernEAsNAXCWf0L9v+dgJBsYreytCFO7hO
N+29BKEUh0qXwXmO45gc5Lzw0l19NiBbkm2vYBpW/xh6QHzk22WvPTzMilasDOZK
aNDiIOXFqKBi4JcmVpJK04BPCiY69pbSL/OpJS+4oR2tKqYo2+U3z89AHNaiLvuB
v+37j1Z8jMjyZNm+Ex+cKh6PaVTv+sk72goCTfx6hex0WrSDMiU+A9nHho002/oj
jH3cokwIrpUWd0UpEpMvoNPlCaX9j3s2mL1RxGSy4nd+oabobtGuRRcPDxMK6eRY
nd3Bksk05pAVqOnAYZNLIYc3ZypXu6ayK4fOL69Ke41OfbWWHZz+or3htceDwZet
4sAuvL86l1LjFF3kq/G9Z/OxwITrWjocLJemWC32spgelsmOcKV0p6K70JkVFQY6
c9wl2I360F2oP09wVKd+U7cPvHIMUsQyl0xXR3+bqTVdG4fDqRMksD1nkAQEJvyb
Tiinf9pUV9raJN/h6fYKu9tis9GRcdy7XPS0t/uLsVHhmhQv+drlCvaigJadpGUN
79I5WKsFtxXjTLuCxQ9mQspNm9QX8aMnvZLUM7v1oLVxywyWucWSsHBvRM5LP4Kk
ZrReaVsxyrNHZlfZ0UZoVpoE79FzpYOHj9jh081rY6frEM2a1wYNZFb/hKoN/6FM
VVKB19glO7oh1AknhueGaDcbAUuVYhHCEpOZVWbD+uQt4FiI1NNjAJSVzsd2Y6Gw
2/BbAyrdf7lAOopyY4bzJPQsuNCM+kdWNUBrkceWl7d+r3nJUN+g94sMtPIUVQRq
HWweWk8ZZK167I+/3jPE32H73Dp/8GRuzF8UquAZ0TtBepzaP8BRn2LMUiycqXU9
Buq9TC2XpyEBGWN3/ferZ8bBURKKSOJk8GRcElIsXc7e8XgAVCCT8D11ZQgKhAjM
dq6UyK8ufg6jpfx19QvCxduGNZb1KhRSfuGUQXJZMJ6/iOhLqvGSTxCE7sPIk91v
SAIuxvNEjgFeVFaKn3ETUt51lgANHykqPUJOUWNqgZOaq67HyNHa8PQKFhwnOUZM
Zm2Fhqby9PgUNz0/U1aCj5G91OIMDSEoSnF0gITBAAAAAAAAAAAAAAAAAAAAAAAA
AAAAFiUxOw==
xg6AYh+iTpNtmT4TaDnG/DIwCwYJYIZIAWUDBAMRA4IJdQBRjK3IylTYl8c3Xr5o
BPVm8ERo5JxgRVYWclOVjuTlVYjnBg1ldXnyhXDjrq9cWDzYAbsjDD8AF6n2KlWK
YtQ+PDGt9owu4tYuHKHSE3KTsUEXLrZV0sUr1gR6SDGhbKaGTa3mHs+/qTOyh/5U
e2uKuGCr6mVa6QNJnvomq31KcPh52RaBEtpP04zJ3PfR+XEToXLKDS8/q6tLtuAI
5WBUiLMz2f5LW3/ShM5g4ANQNUjp2GgOZp5zx/en/1GyqVep7QJgdY//fj9LSRqP
jkyVSVRf+kOdG5FK1du8pysnZRy5+hj7QVRcuFIcaXfs9ak2xd7A2tti486WzUIF
vVDAhkxNRc6Kk5o0dm7uO+EyiPvtvPw94TOuXp6aPZJfBaYc+DeN2L+yNHDBJu22
wR+1f4vKsRCcZE82J93RfWp86PO9OWFMdghX/GRHC+GF6bR9gvXjXLnYpl5rIQ6q
Y68CNM1oWp6jCNW273X505pvijAoG3m/9JL8XkRbGuhXli/1fKWuo03Plbha9sbe
zPpc/I6Srq3LUcvmbajt+rDzuFRPpweLimAToqtji6eqx/RGusdtROGROd1/e9PI
PEWd9DxfQxttyo+maJ9+o4jB+MIRwCdVp+GYiEDalBXdUd5GmqY2Y64UnzxaATq7
scLJWX3UKN0DPhAfJOQgXnExlkCTg7as3jQ7M3xmfEO1L+v91dRW4PT+yBQxfVm0
1NCmQ058PT0udeqkuMdrEgkdxoRRPN4uoDj08U/0hCaJOLbE2WkgEekdCaIjrJz7
rTpnOrJ9ey3KIUBJLm6uGkqc81na6kRlELU4/1g54O73plpn6+85NUU8sCSs9WqL
uYHDyYskyL+1FbplOtpubCk8hAxQ+cls/uM7mkEms0bjFEej428HlGkVjp9iJP4v
bYdjctEOSbebnujWHT8RnmkIhV68bAQWiNDEoHxvI8GBY4lDrllfXBhxCDVs2mJa
MfTLBRI8ZyiBiDatT04aghySMMuJG2GSu3AoSNTilhpziMVrIYP62aopjSdmoUcH
XLMcUrjtjx4ssINqzEqZXqeW+knaSNdeDtPk1ECiBG5amPpB18GOAAhBYrS+8SNZ
gmyKs5S9l9qLhQZ/ZHWF4BT1BC29gQ863fobxrUd6XSu/WJSoOMCmY+tRFbeQ74U
Q0lTJK995Mru7L7YZEsbYaZsa/pwK7lnaOD+XDmq5P9RV0KTI//zTrQHhnBonViW
gbIoa21eJCvTbax0Jcczd7FvjbFf8zfYzKNq532ZTdzMiZ9Z15ic1EfSArQwy1BC
lsuX8yQIVHt1SdbZFjW0JQycrbDdYC6A4UFA/Ce8SAOf3qMViIw8eGU2aNtwOf/Q
YWfJ+dfhfE6QeQe3sj87j00Hp4k9DG/20zb4W2kMl043xsTa6DzMujSE7Af82zgt
6x5rXhdDph63KQ1E35tiuPekoALnmgEZV5Jg/Ze459ugXlseGNeXIA+6he3iKO3J
gqVLOQQSTXP6nUX4R4E/eI7FnaWFXk+wVWuOgBzLmvyZrjecC1vgnl2j0mvsXbVN
cvIaezO0vB9WcudUs6d4RsnH/yGIvx05FfYWa5iVBhSbugGsn5QfeMBr6UQwQOoh
MAqgSMrgB4UAgiR/zxai/Uyd82rpFaCHNa61j4G/TFHFYyTVCyl2Ru4fhTINF2wD
IM4ZV1qX9Lt65G+/I80I2KZLs2j5huFqMhWApBFdJ2Mxhqg0T+zDgWtK64RxExKH
bzcsiFjBaKBQV6HNxdfmL5K29vR59q4R/FxXmxtqZaZAEMY3rg1mdMNqmea6qO6Z
LBaWytwugs5cSiJJjoyUEoBVGyxDj6kG0qyHCdZ376ryqDAimR/SZDLjfyr9WQdt
/dZ462aaywPjvb+6D9NZHkronNqcOsEyct6O+n15E8j7c1lXc7G5SWGYz2bfgYvs
1VSn+KNsYth9xp67Sx+x2WsGEB3jbR12HybkOBD4EGVIsNgnRW3N2SkJQP2i6UjW
WCHWL0qJwdx/Umv08zo0ACApemUr3u5UWW+5twNiEjzk+oymsQ2Z8fbzA58qBuK4
Yp3eepqozA3ELg9fizfo/+itibHVEHlepjttxbCVfLpAb2psRD/733ZAhV1hLrV8
2Nvou8LqoJY2L01q06OPPgFYpb+e6AdtEv6n2pF0JMK4BVHTAIJIgBCaAoagkQtX
4Nhk+90oA3WKkYkxRKI7dbExMa2wPo2EqS04D1GjFuvnvEhF+KXYUJlIlnyrLnpw
UAJc8jN1v6U3yPwnOS2VMD1bEs/Dc1v97rgqk7lTNjJNJBub7jkLf4kc9wXsuGld
YZPqpb51vgkG9+k/f31LMQ4uFNvPPg/TodUi//4smlTYkTiC20eIgp9hXU9YbRJ0
aH2DcnADL1Zd+L5BUhSmgTSyaViIRUdUOO1G/cRV7MnRx72ufgyTv5yJHcRqS1Qb
W98tnQPDKNb8RsYbvdRnOSpuxEIcfKv7zigdvXuIg4I+XJeBeuICjcLYWcvwJSLa
ouilseTBoMhxFQsPSc/rRuRWWa9quwVwuhippKrXnadjcBD4d14nez6+ipiTlW4+
Hu5JjqHTkBdzdgZCZ223eIobuzul3YNnHoYp15rL1Puphmefpw6ySJDWWLfMm3Wz
4IlpnLoj7MdYRTnb6UP3Y/9uRxfb7LzTuvVKBXsZxLjKhxTL+uFyA0E7glPGypFs
sDl2CErC+yfY7dCGFJIHr+JbegqKZyliIX/Zf1ZRNHg5eGtPrQrATIh96QoOKWKO
T0eD1OWf/V3ySUhD5bW+2DHRLWp9vjxAGHI656nGJEfDaOyOpSkhTBBLPZM7n+0+
Cu+dU/VZgaX+uVGmJLKlcQJUi+G90XGYysHzvjwWE4p04f2vOn1JvZGepOwDk+hA
n1mMN1eHSyXf560GCh0uCzBqW26Faotfq6JNNGa6t5AGAtxaoL/gxLuH1aevaYJY
fcb6hbfpVI35UqIwCqeNQz8afvBYN0zg1xoByfmHwcoOoPX4lAogW3jbAGWoLw52
GTUqbdT76LW8hvTUYYzOA+o4vi9CXtIQl1YUS9cunynNgmrNlPtzOisWu1RvaXgW
Fa3pAXLiYRAfAkIRwmElXIbnfxEXaJCWsrbn9/3+Bh4kKDNkb3a7y9Lf4/YJJ11s
b4SPpMXO2N7o6/T4BxI1OkBKUVRspcXI1OPn6uzu9f7/AAAAAAAAAAAAAAAAAAAA
AAAACxkpPg==
-----END CERTIFICATE-----
+20
View File
@@ -1109,6 +1109,26 @@ EOF
echo "End of ML-DSA-${level} section"
done
# ECC P-256 leaf signed by the ML-DSA-44 CA; used by
# examples/tls13/tls13_memio.c to drive ML-DSA cert verify.
echo "Generating ecc-leaf-mldsa44.pem (P-256 leaf signed by ML-DSA-44 CA)..."
cat > mldsa/ecc-leaf.ext <<EOF
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
EOF
"$OPENSSL3" req -new -key ecc-key.pem -subj "/CN=localhost" \
-out mldsa/ecc-leaf-mldsa44.csr
check_result $? "ecc-leaf-mldsa44 request"
"$OPENSSL3" x509 -req -in mldsa/ecc-leaf-mldsa44.csr \
-CA mldsa/mldsa44-cert.pem -CAkey mldsa/mldsa44-key.pem \
-CAcreateserial -days 3650 -extfile mldsa/ecc-leaf.ext \
-out mldsa/ecc-leaf-mldsa44.pem
check_result $? "ecc-leaf-mldsa44 certificate"
rm -f mldsa/ecc-leaf-mldsa44.csr mldsa/ecc-leaf.ext mldsa/mldsa44-cert.srl
echo "End of ecc-leaf-mldsa44 section"
echo "---------------------------------------------------------------------"
else
echo "Skipping ML-DSA cert generation (no OpenSSL 3.3+ with ML-DSA support found)"
+9 -9
View File
@@ -1,20 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDNDCCAeigAwIBAgIUJdePE8BDNOOIsd+cyrHxNRYrF/0wQQYJKoZIhvcNAQEK
MIIDNDCCAeigAwIBAgIUcQ837WSJJkEpm5bqUbCnYmh4tPcwQQYJKoZIhvcNAQEK
MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF
AKIDAgEgMIGyMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
BwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNB
LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0y
NjA2MjIxODI2NDBaFw0zNjA2MTkxODI2NDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9z
NjA2MjkyMDQyMTFaFw0zNjA2MjYyMDQyMTFaMBQxEjAQBgNVBAMMCWxvY2FsaG9z
dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3O
lOor+ssgCTksFuhhAumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0idijQjBA
MB0GA1UdDgQWBBRdXSbvrH42+Zt2FStKJQIj77KJMDAfBgNVHSMEGDAWgBSeDODT
37ZL8xljXMpsk4aiFFORMTBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAElprEznMP8A
0b5c12vOMkAWT1jxpXGwDeVNkgZS+RfC82OI7UMN7kzlpjGaHts/JMUIvCTmIyNA
I47x6JteFsnJklrk40Q4Om1ANOI1Zw8Jf/pX9mqwU4uOkto1PzTP7t0EICBr0UG4
JV97K/+9GT2HJccS6UEh6hG2BySYHAFnG7SoBgXm6a2tGTR/Cfz9ZUY8+Cy87F3k
3q9sCB3oqP+REOAM7FN/0Va2eY24nHZkno7sGsl2kDTx3vacBjHkx6u/KaaahB5K
Snb3aGwrksRALpjRHOnz5wYCEtOkLOde0v1sktaVtroVRNXW2pS6iCXPpNApRJyv
MFCkuGEo+gc=
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAFijyXPfkDdV
J/cZg6W5e9pRHpeXlxHLbcX8tcsGE9/la9rLcUtqSi5pWgK4OehwlrKrzufFjkZr
JfyLTjYMuYkkv4NStJZD3XOYRZ5/qIcZX3U2b2Xm3GKW/H7vnuLKrd3wKed315+z
FCYkKPIS04fKTGqb03ZyClCAmzHv2YPpezHsIXJGSJh0YsVsdM/WDKEjuOlL0CRm
UyTsrMNZjqlvMhgGP5GsyTOEbYM8KvfkPn9xyzw7Dmwz4+BAc1LvRoBkS+UAgiZB
gLn9OK5d2mRlcwmgMGDJQm1vaSrXZ/eQBrdVLUGLChjWvw+rPouAZaZVbBhE8q1C
UaqgwTLH/tY=
-----END CERTIFICATE-----
+20
View File
@@ -207,4 +207,24 @@ mv tmp.pem client-3072-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### ecc-leaf-rsapss.pem: P-256 leaf signed by ca ########
############################################################
# Drives RSA-PSS cert verify with a tiny ECC leaf key in
# examples/tls13/tls13_memio.c.
echo "Updating ecc-leaf-rsapss.pem"
echo ""
cat > ecc-leaf.ext <<EOF
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
EOF
openssl req -new -key ../ecc-key.pem -subj "/CN=localhost" -out ecc-leaf-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in ecc-leaf-rsapss.csr -days 3650 -extfile ecc-leaf.ext -CA ca-rsapss.pem -CAkey ca-rsapss-priv.pem -sigopt rsa_padding_mode:pss -CAcreateserial -out ecc-leaf-rsapss.pem
check_result $? "Generate certificate"
rm -f ecc-leaf-rsapss.csr ecc-leaf.ext ca-rsapss.srl
echo "End of section"
echo "---------------------------------------------------------------------"