mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-06 22:57:02 +02:00
86ba0dbdeb
* Use DRBG based RSA key generation everywhere * switch to the conditional generator * Use DRBG based RSA key generation everywhere * switch to the conditional generator * Add an ENV var to disable the DRBG in a pinch * update go.mod * Use DRBG based RSA key generation everywhere * switch to the conditional generator * Add an ENV var to disable the DRBG in a pinch * Use DRBG based RSA key generation everywhere * update go.mod * fix import * Remove rsa2 alias, remove test code * move cryptoutil/rsa.go to sdk * move imports too * remove makefile change * rsa2->rsa * more rsa2->rsa, remove test code * fix some overzelous search/replace * Update to a real tag * changelog * copyright * work around copyright check * work around copyright check pt2 * bunch of dupe imports * missing import * wrong license * fix go.mod conflict * missed a spot * dupe import
35 lines
780 B
Go
35 lines
780 B
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package cryptoutil
|
|
|
|
import (
|
|
"crypto/rsa"
|
|
"io"
|
|
"os"
|
|
|
|
"github.com/hashicorp/go-secure-stdlib/cryptoutil"
|
|
"github.com/hashicorp/vault/sdk/helper/parseutil"
|
|
)
|
|
|
|
var disabled bool
|
|
|
|
func init() {
|
|
s := os.Getenv("VAULT_DISABLE_RSA_DRBG")
|
|
var err error
|
|
disabled, err = parseutil.ParseBool(s)
|
|
if err != nil {
|
|
// Assume it's a typo and disable
|
|
disabled = true
|
|
}
|
|
}
|
|
|
|
// Uses go-secure-stdlib's GenerateRSAKey routine conditionally. This exists to be able to disable the feature
|
|
// via an ENV var in a pinch
|
|
func GenerateRSAKey(randomSource io.Reader, bits int) (*rsa.PrivateKey, error) {
|
|
if disabled {
|
|
return rsa.GenerateKey(randomSource, bits)
|
|
}
|
|
return cryptoutil.GenerateRSAKey(randomSource, bits)
|
|
}
|