mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 09:42:25 +00:00
7d4d8cb708
* Ignore nonces when encrypting without convergence or with convergence versions > 1 * Honor nonce use warning in non-FIPS modes * Revert "Honor nonce use warning in non-FIPS modes" This reverts commit 2aee3dbdc11c4e333ecb20503539c7993b24ee57. * Add a test func that removes a nonce when not needed * err out rather than ignore the nonce * Alter unit test to cover, also cover convergent version 3 * More unit test work * Fix test 14 * changelog * tests not already in a nonce present path * Update unit test to not assume warning when nonce provided incorrectly * remove unused test field * Fix auto-squash events experiments When #22835 was merged, it was auto-squashed, so the `experiments` import was removed, but the test still referenced it. This removes the (now unnecessary) experiment from the test. * Allow nonces for managed keys, because we have no way of knowing if the backing cipher/mode needs one --------- Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
4 lines
140 B
Plaintext
4 lines
140 B
Plaintext
```release-note:security
|
|
secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption.
|
|
```
|