pool/openssl-1_1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 980599 from home:jsikes:branches:security:tls

Browse Source 
Fixed CVE-2022-1292 and updated expired certificates. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/980599
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=111
This commit is contained in:
Marcus Meissner 2022-06-07 06:28:40 +00:00 committed by Git OBS Bridge
parent eb052185fb
commit 57ab29103c
7 changed files with 242 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openssl-1.1.1o.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f
size 9856386

11
openssl-1.1.1o.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmJxMQAACgkQ2cTSbQ5g
RJH/jwf+OG8lS+nwcyvXkHyXQ5epfnFcbfTLVptjl/t91QjpPgxOdIe58JTnad6H
awt0YY55rfhOwogGFesmdXlgo9fgi84dxyCIAr31+Eaq7NOOfsBqtZFroSccKrUV
rTNvbUdPcgK7FPQNoeLZosN8iNevAiZaQEY23KkG/l/8VYdP5ey11GBHgm8KtjzT
q3uESlKi1MUtHwATnADsz+8isEIm7cfCbWdwDmqqmMzxzSTbAtbEqt9wGEJT5XxQ
4KJZcuIAYNF2v7+29qmqlJMOM9V78JjFz+Ec1u7z1RS74ITOtbC1T3OpB+eb7X1B
h/hs/SZqMNhuY3QHl8leAMaeFbq6Ng==
=8uBM
-----END PGP SIGNATURE-----

14
openssl-1_1.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Thu Jun 2 20:54:04 UTC 2022 - Jason Sikes <jsikes@suse.com>
- Update to 1.1.1o: [CVE-2022-1292, bsc#1199166]
* Fixed a bug in the c_rehash script which was not properly sanitising
shell metacharacters to prevent command injection.
* Rebased openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
* Rebased openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
- Added openssl-update_expired_certificates.patch
* Openssl failed tests because of expired certificates.
* bsc#1185637
* Sourced from https://github.com/openssl/openssl/pull/18446/commits
-------------------------------------------------------------------
Tue Mar 15 17:41:47 UTC 2022 - Pedro Monreal <pmonreal@suse.com>

3
openssl-1_1.spec
View File

@ -41,7 +41,7 @@
%define _rname openssl
Name: openssl-1_1
# Don't forget to update the version in the "openssl" package!
Version: 1.1.1n
Version: 1.1.1o
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -120,6 +120,7 @@ Patch71: openssl-1_1-Optimize-AES-XTS-aarch64.patch
Patch72: openssl-1_1-Optimize-AES-GCM-uarchs.patch
#PATCH-FIX-SUSE bsc#1182959 FIPS: Fix function and reason error codes
Patch73: openssl-1_1-FIPS-fix-error-reason-codes.patch
Patch74: openssl-update_expired_certificates.patch
Requires: libopenssl1_1 = %{version}-%{release}
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)

63
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
View File

@ -1,30 +1,9 @@
From f39ad8dcaa75293968d2633d043de3f5fce4f37b Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Mon, 30 Jan 2017 17:37:54 +0100
Subject: [PATCH] s390x assembly pack: add OPENSSL_s390xcap environment
variable.
The OPENSSL_s390xcap environment variable is used to set bits in the s390x
capability vector to zero. This simplifies testing of different code paths.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6813)
---
crypto/s390x_arch.h | 23 +-
crypto/s390xcap.c | 515 +++++++++++++++++++++++++++++++++++++++++++
crypto/s390xcpuid.pl | 31 ++-
3 files changed, 556 insertions(+), 13 deletions(-)
Index: openssl-1.1.1e/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.1e.orig/crypto/s390x_arch.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390x_arch.h 2020-03-20 17:29:30.459520742 +0100
@@ -49,6 +49,9 @@ struct OPENSSL_s390xcap_st {
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
index 64e7ebb..34e04b4 100644
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
@@ -52,6 +52,9 @@ __attribute__ ((visibility("hidden")))
#endif
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+/* Max number of 64-bit words currently returned by STFLE */
@ -33,7 +12,7 @@ Index: openssl-1.1.1e/crypto/s390x_arch.h
/* convert facility bit number or function code to bit mask */
# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64))
@@ -68,9 +71,15 @@ extern struct OPENSSL_s390xcap_st OPENSS
@@ -71,9 +74,15 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
# define S390X_KMA 0xb0
/* Facility Bit Numbers */
@ -52,7 +31,7 @@ Index: openssl-1.1.1e/crypto/s390x_arch.h
/* Function Codes */
@@ -78,6 +87,9 @@ extern struct OPENSSL_s390xcap_st OPENSS
@@ -81,6 +90,9 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
# define S390X_QUERY 0
/* kimd/klmd */
@ -62,7 +41,7 @@ Index: openssl-1.1.1e/crypto/s390x_arch.h
# define S390X_SHA3_224 32
# define S390X_SHA3_256 33
# define S390X_SHA3_384 34
@@ -91,7 +103,12 @@ extern struct OPENSSL_s390xcap_st OPENSS
@@ -94,7 +106,12 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
# define S390X_AES_192 19
# define S390X_AES_256 20
@ -75,10 +54,10 @@ Index: openssl-1.1.1e/crypto/s390x_arch.h
# define S390X_TRNG 114
/* Register 0 Flags */
Index: openssl-1.1.1e/crypto/s390xcap.c
===================================================================
--- openssl-1.1.1e.orig/crypto/s390xcap.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390xcap.c 2020-03-20 17:29:58.011664305 +0100
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
index 1097c70..da6af34 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
@@ -13,15 +13,51 @@
#include <setjmp.h>
#include <signal.h>
@ -131,7 +110,7 @@ Index: openssl-1.1.1e/crypto/s390xcap.c
void OPENSSL_vx_probe(void);
struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
@@ -30,6 +66,7 @@ void OPENSSL_cpuid_setup(void)
@@ -33,6 +69,7 @@ void OPENSSL_cpuid_setup(void)
{
sigset_t oset;
struct sigaction ill_act, oact_ill, oact_fpe;
@ -139,7 +118,7 @@ Index: openssl-1.1.1e/crypto/s390xcap.c
if (OPENSSL_s390xcap_P.stfle[0])
return;
@@ -37,6 +74,12 @@ void OPENSSL_cpuid_setup(void)
@@ -40,6 +77,12 @@ void OPENSSL_cpuid_setup(void)
/* set a bit that will not be tested later */
OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0);
@ -152,7 +131,7 @@ Index: openssl-1.1.1e/crypto/s390xcap.c
memset(&ill_act, 0, sizeof(ill_act));
ill_act.sa_handler = ill_handler;
sigfillset(&ill_act.sa_mask);
@@ -51,6 +94,12 @@ void OPENSSL_cpuid_setup(void)
@@ -54,6 +97,12 @@ void OPENSSL_cpuid_setup(void)
if (sigsetjmp(ill_jmp, 1) == 0)
OPENSSL_s390x_facilities();
@ -165,7 +144,7 @@ Index: openssl-1.1.1e/crypto/s390xcap.c
/* protection against disabled vector facility */
if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX))
&& (sigsetjmp(ill_jmp, 1) == 0)) {
@@ -64,4 +113,470 @@ void OPENSSL_cpuid_setup(void)
@@ -67,4 +116,470 @@ void OPENSSL_cpuid_setup(void)
sigaction(SIGFPE, &oact_fpe, NULL);
sigaction(SIGILL, &oact_ill, NULL);
sigprocmask(SIG_SETMASK, &oset, NULL);
@ -636,10 +615,10 @@ Index: openssl-1.1.1e/crypto/s390xcap.c
+ free(buff);
+ return rc;
}
Index: openssl-1.1.1e/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1e.orig/crypto/s390xcpuid.pl 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390xcpuid.pl 2020-03-20 17:29:30.459520742 +0100
diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl
index 5cbb962..3602301 100755
--- a/crypto/s390xcpuid.pl
+++ b/crypto/s390xcpuid.pl
@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities:
stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors
stg %r0,S390X_STFLE+16(%r4)

73
openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
View File

@ -1,25 +1,8 @@
From e382f507fb67863be02bfa69b08533cc55f0cd96 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Thu, 27 Jun 2019 01:07:54 +0200
Subject: [PATCH 08967/10000] s390x assembly pack: add support for pcc and kma
instructions
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)
---
crypto/s390x_arch.h | 22 ++++++++
crypto/s390xcap.c | 119 +++++++++++++++++++++++++++++++++++++++++++
crypto/s390xcpuid.pl | 71 ++++++++++++++++++++++++++
3 files changed, 212 insertions(+)
Index: openssl-1.1.1d/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
+++ openssl-1.1.1d/crypto/s390x_arch.h
@@ -26,6 +26,9 @@ void s390x_kmf(const unsigned char *in,
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
index 34e04b4..a156c97 100644
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
@@ -26,6 +26,9 @@ void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
unsigned int fc, void *param);
void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
size_t len, unsigned char *out, unsigned int fc, void *param);
@ -37,8 +20,8 @@ Index: openssl-1.1.1d/crypto/s390x_arch.h
+ unsigned long long kdsa[2];
};
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
@@ -69,6 +74,8 @@ extern struct OPENSSL_s390xcap_st OPENSS
#if defined(__GNUC__) && defined(__linux)
@@ -72,6 +77,8 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
# define S390X_KMF 0x90
# define S390X_PRNO 0xa0
# define S390X_KMA 0xb0
@ -47,7 +30,7 @@ Index: openssl-1.1.1d/crypto/s390x_arch.h
/* Facility Bit Numbers */
# define S390X_MSA 17 /* message-security-assist */
@@ -80,6 +87,7 @@ extern struct OPENSSL_s390xcap_st OPENSS
@@ -83,6 +90,7 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
# define S390X_VXD 134 /* vector packed decimal */
# define S390X_VXE 135 /* vector enhancements 1 */
# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
@ -55,7 +38,7 @@ Index: openssl-1.1.1d/crypto/s390x_arch.h
/* Function Codes */
@@ -111,10 +119,24 @@ extern struct OPENSSL_s390xcap_st OPENSS
@@ -114,10 +122,24 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
# define S390X_SHA_512_DRNG 3
# define S390X_TRNG 114
@ -80,11 +63,11 @@ Index: openssl-1.1.1d/crypto/s390x_arch.h
+# define S390X_KDSA_D 0x80
#endif
Index: openssl-1.1.1d/crypto/s390xcap.c
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcap.c
+++ openssl-1.1.1d/crypto/s390xcap.c
@@ -137,6 +137,10 @@ void OPENSSL_cpuid_setup(void)
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
index da6af34..3d762fd 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
@@ -140,6 +140,10 @@ void OPENSSL_cpuid_setup(void)
OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
@ -95,7 +78,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
}
}
@@ -163,6 +167,8 @@ static int parse_env(struct OPENSSL_s390
@@ -166,6 +170,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
@ -104,7 +87,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
/*-
@@ -189,6 +195,8 @@ static int parse_env(struct OPENSSL_s390
@@ -192,6 +198,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
@ -113,7 +96,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
/*-
@@ -220,6 +228,8 @@ static int parse_env(struct OPENSSL_s390
@@ -223,6 +231,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
@ -122,7 +105,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
/*-
@@ -257,6 +267,8 @@ static int parse_env(struct OPENSSL_s390
@@ -260,6 +270,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
@ -131,7 +114,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
/*-
@@ -313,6 +325,9 @@ static int parse_env(struct OPENSSL_s390
@@ -316,6 +328,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
@ -141,7 +124,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
/*-
@@ -369,6 +384,9 @@ static int parse_env(struct OPENSSL_s390
@@ -372,6 +387,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
@ -151,7 +134,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
/*-
@@ -429,6 +447,9 @@ static int parse_env(struct OPENSSL_s390
@@ -432,6 +450,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
| S390X_CAPBIT(S390X_SHA_512_DRNG),
0ULL},
.kma = {0ULL, 0ULL},
@ -161,7 +144,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
/*-
@@ -508,6 +529,101 @@ static int parse_env(struct OPENSSL_s390
@@ -511,6 +532,101 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
| S390X_CAPBIT(S390X_AES_192)
| S390X_CAPBIT(S390X_AES_256),
0ULL},
@ -263,7 +246,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
};
char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
@@ -551,6 +667,8 @@ static int parse_env(struct OPENSSL_s390
@@ -554,6 +670,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
else if TOK_FUNC(kmf)
else if TOK_FUNC(prno)
else if TOK_FUNC(kma)
@ -272,7 +255,7 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
/* CPU model tokens */
else if TOK_CPU(z900)
@@ -561,6 +679,7 @@ static int parse_env(struct OPENSSL_s390
@@ -564,6 +682,7 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
else if TOK_CPU(zEC12)
else if TOK_CPU(z13)
else if TOK_CPU(z14)
@ -280,10 +263,10 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
/* whitespace(ignored) or invalid tokens */
else {
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl
index 3602301..344f4f6 100755
--- a/crypto/s390xcpuid.pl
+++ b/crypto/s390xcpuid.pl
@@ -77,8 +77,13 @@ OPENSSL_s390x_functions:
stg %r0,S390X_PRNO+8(%r4)
stg %r0,S390X_KMA(%r4)

163
openssl-update_expired_certificates.patch Normal file
View File

@ -0,0 +1,163 @@
diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem
index e3e66d5..28dd206 100644
--- a/test/certs/embeddedSCTs1-key.pem
+++ b/test/certs/embeddedSCTs1-key.pem
@@ -1,15 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
-WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
-EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
-AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
-PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
-flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
-X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
-pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
-b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
-9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
-83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
-n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
-1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
+MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw
+XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT
+48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ
+b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L
+eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG
+a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm
+tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf
+3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r
+zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF
+nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ
+XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw
+ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ
+S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi
+BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3
+2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn
+MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU
+JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn
+j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA
+jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu
+ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk
+3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P
+o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI
+fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1
+5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP
+RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4=
-----END RSA PRIVATE KEY-----
diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem
index d1e8512..d2a111f 100644
--- a/test/certs/embeddedSCTs1.pem
+++ b/test/certs/embeddedSCTs1.pem
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/
-BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk
-EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw
-FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q
-Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD
-VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w
-DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK
-BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L
-vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw
-KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG
-SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE
-oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr
-5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy
+NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK
+/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE
+FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI
+0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I
+QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S
+wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB
+CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I
+Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI
+/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB
+u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ
+BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR
+RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1
+IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W
+YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw==
-----END CERTIFICATE-----
diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct
index 59362dc..35c9eb9 100644
--- a/test/certs/embeddedSCTs1.sct
+++ b/test/certs/embeddedSCTs1.sct
@@ -2,11 +2,11 @@ Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C:
79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64
- Timestamp : Apr 5 17:04:16.275 2013 GMT
+ Timestamp : Jan 1 00:00:00.000 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
- 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F:
- D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3:
- E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2:
- F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1:
- 05:51:9D:89:ED:BF:08
\ No newline at end of file
+ 30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A:
+ D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4:
+ BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F:
+ 02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7:
+ 60:EB:A8:AF:03:5E:C3
\ No newline at end of file
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
index 1fa449d..6aa9455 100644
--- a/test/certs/embeddedSCTs1_issuer.pem
+++ b/test/certs/embeddedSCTs1_issuer.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
-OwqULg==
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
+Doud4XrO
-----END CERTIFICATE-----
diff --git a/test/ct_test.c b/test/ct_test.c
index 78d11ca..535897d 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -63,7 +63,7 @@ static CT_TEST_FIXTURE *set_up(const char *const test_case_name)
if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
goto end;
fixture->test_case_name = test_case_name;
- fixture->epoch_time_in_ms = 1473269626000ULL; /* Sep 7 17:33:46 2016 GMT */
+ fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */
if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new())
|| !TEST_int_eq(
CTLOG_STORE_load_default_file(fixture->ctlog_store), 1))