scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use go-secure-stdlib's RSA key generator backed by a DRBG (#29020)

Browse Source 
* Use DRBG based RSA key generation everywhere

* switch to the conditional generator

* Use DRBG based RSA key generation everywhere

* switch to the conditional generator

* Add an ENV var to disable the DRBG in a pinch

* update go.mod

* Use DRBG based RSA key generation everywhere

* switch to the conditional generator

* Add an ENV var to disable the DRBG in a pinch

* Use DRBG based RSA key generation everywhere

* update go.mod

* fix import

* Remove rsa2 alias, remove test code

* move cryptoutil/rsa.go to sdk

* move imports too

* remove makefile change

* rsa2->rsa

* more rsa2->rsa, remove test code

* fix some overzelous search/replace

* Update to a real tag

* changelog

* copyright

* work around copyright check

* work around copyright check pt2

* bunch of dupe imports

* missing import

* wrong license

* fix go.mod conflict

* missed a spot

* dupe import
This commit is contained in:
Scott Miller
2024-12-05 15:39:16 -06:00
committed by GitHub
parent d8482b008a
commit 86ba0dbdeb
28 changed files with 132 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
command/transit_import_key_test.go
View File

@@ -7,13 +7,13 @@ import (
"bytes"
"context"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"testing"
"time"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/helper/cryptoutil"
"github.com/stretchr/testify/require"
)
@@ -171,7 +171,7 @@ func execTransitImport(t *testing.T, client *api.Client, method string, path str
func generateKeys(t *testing.T) (rsa1 []byte, rsa2 []byte, aes128 []byte, aes256 []byte) {
t.Helper()
priv1, err := rsa.GenerateKey(rand.Reader, 2048)
priv1, err := cryptoutil.GenerateRSAKey(rand.Reader, 2048)
require.NotNil(t, priv1, "failed generating RSA 1 key")
require.NoError(t, err, "failed generating RSA 1 key")
@@ -179,7 +179,7 @@ func generateKeys(t *testing.T) (rsa1 []byte, rsa2 []byte, aes128 []byte, aes256
require.NotNil(t, rsa1, "failed marshaling RSA 1 key")
require.NoError(t, err, "failed marshaling RSA 1 key")
priv2, err := rsa.GenerateKey(rand.Reader, 2048)
priv2, err := cryptoutil.GenerateRSAKey(rand.Reader, 2048)
require.NotNil(t, priv2, "failed generating RSA 2 key")
require.NoError(t, err, "failed generating RSA 2 key")