Add Restricted PSS certificate and key

Create a PSS certificate with parameter restrictions Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9553)
author: Matt Caswell <matt@openssl.org> 2019-08-08 11:08:14 +0100
committer: Matt Caswell <matt@openssl.org> 2019-08-09 13:19:16 +0100
commit: 39d9ea5e502114a204750f641ca76ff5b4912401 (patch)
tree: 43876ed175981773e430ffad0d9c81ad2be15011 /test/certs/setup.sh
parent: 9bcc9f973b2a216461dd6f140e47ef647eb733b4 (diff)
download: openssl-39d9ea5e502114a204750f641ca76ff5b4912401.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 53d4a807a7..26b2f1ddfe 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -369,3 +369,9 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
 OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \
     "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \
     server-ecdsa-brainpoolP256r1-cert rootkey rootcert
+
+openssl req -new -nodes -subj "/CN=localhost" \
+    -newkey rsa-pss -keyout server-pss-restrict-key.pem \
+    -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \
+    ./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \
+    server-pss-restrict-cert rootkey rootcert
author	Matt Caswell <matt@openssl.org>	2019-08-08 11:08:14 +0100
committer	Matt Caswell <matt@openssl.org>	2019-08-09 13:19:16 +0100
commit	39d9ea5e502114a204750f641ca76ff5b4912401 (patch)
tree	43876ed175981773e430ffad0d9c81ad2be15011 /test/certs/setup.sh
parent	9bcc9f973b2a216461dd6f140e47ef647eb733b4 (diff)
download	openssl-39d9ea5e502114a204750f641ca76ff5b4912401.tar.gz