scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 11:08:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix SHA1 patch for Go 1.19.4; patch test (#18405)

Browse Source 
Bad news: the hot patch we were using breaks in Go 1.19.4: 6109c07ec4

Good news: we can now patch with an environment variable at runtime.

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
This commit is contained in:
Mike Palmiotto
2022-12-15 12:52:45 -05:00
committed by GitHub
parent 014a5ebbe8
commit 807f3936ac
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/credential/aws/pkcs7/sign.go
View File

@@ -12,8 +12,14 @@ import (
"fmt" "fmt"
"math/big" "math/big"
"time" "time"
"github.com/hashicorp/vault/internal"
) )
func init() {
internal.PatchSha1()
}
// SignedData is an opaque data structure for creating signed data payloads // SignedData is an opaque data structure for creating signed data payloads
type SignedData struct { type SignedData struct {
sd signedData sd signedData

9
internal/go118_sha1_patch.go
View File

@@ -26,6 +26,15 @@ var debugAllowSHA1 bool
// TODO: remove when Vault <=1.11 is no longer supported // TODO: remove when Vault <=1.11 is no longer supported
func PatchSha1() { func PatchSha1() {
patchSha1.Do(func() { patchSha1.Do(func() {
// for Go 1.19.4 and later
godebug := os.Getenv("GODEBUG")
if godebug != "" {
godebug += ","
}
godebug += "x509sha1=1"
os.Setenv("GODEBUG", godebug)
// for Go 1.19.3 and earlier, patch the variable
patchBefore, err := goversion.NewSemver(sha1PatchVersionsBefore) patchBefore, err := goversion.NewSemver(sha1PatchVersionsBefore)
if err != nil { if err != nil {
panic(err) panic(err)