scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-12-04 11:05:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use go-secure-stdlib's RSA key generator backed by a DRBG (#29020)

Browse Source 
* Use DRBG based RSA key generation everywhere

* switch to the conditional generator

* Use DRBG based RSA key generation everywhere

* switch to the conditional generator

* Add an ENV var to disable the DRBG in a pinch

* update go.mod

* Use DRBG based RSA key generation everywhere

* switch to the conditional generator

* Add an ENV var to disable the DRBG in a pinch

* Use DRBG based RSA key generation everywhere

* update go.mod

* fix import

* Remove rsa2 alias, remove test code

* move cryptoutil/rsa.go to sdk

* move imports too

* remove makefile change

* rsa2->rsa

* more rsa2->rsa, remove test code

* fix some overzelous search/replace

* Update to a real tag

* changelog

* copyright

* work around copyright check

* work around copyright check pt2

* bunch of dupe imports

* missing import

* wrong license

* fix go.mod conflict

* missed a spot

* dupe import
This commit is contained in:
Scott Miller
2024-12-05 15:39:16 -06:00
committed by GitHub
parent d8482b008a
commit 86ba0dbdeb
28 changed files with 132 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/credential/cert/backend_test.go
View File

@@ -9,7 +9,6 @@ import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
@@ -39,6 +38,7 @@ import (
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/certutil"
"github.com/hashicorp/vault/sdk/helper/cryptoutil"
"github.com/hashicorp/vault/sdk/helper/tokenutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault"
@@ -658,7 +658,7 @@ func TestBackend_NonCAExpiry(t *testing.T) {
template.IPAddresses = []net.IP{parsedIP}
// Private key for CA cert
caPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
caPrivateKey, err := cryptoutil.GenerateRSAKey(rand.Reader, 2048)
if err != nil {
t.Fatal(err)
}
@@ -726,7 +726,7 @@ func TestBackend_NonCAExpiry(t *testing.T) {
template.SerialNumber = big.NewInt(5678)
template.KeyUsage = x509.KeyUsage(x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign)
issuedPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
issuedPrivateKey, err := cryptoutil.GenerateRSAKey(rand.Reader, 2048)
if err != nil {
t.Fatal(err)
}