Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

certutil: select appropriate hash algorithm for ECDSA signature #11216

Merged
merged 4 commits into from
Nov 4, 2021
Merged

certutil: select appropriate hash algorithm for ECDSA signature #11216

merged 4 commits into from
Nov 4, 2021

Conversation

oncilla
Copy link
Contributor

@oncilla oncilla commented Mar 26, 2021
edited
Loading

Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.

The algorithm is selected based on the curve:

  • P-256 -> x509.ECDSAWithSHA256
  • P-384 -> x509.ECDSAWithSHA384
  • P-521 -> x509.ECDSAWithSHA512
  • Other -> x509.ECDSAWithSHA256

fixes #11006

This change is Reviewable

@hashicorp-cla
Copy link

hashicorp-cla commented Mar 26, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

@vercel vercel bot temporarily deployed to Preview – vault March 26, 2021 19:58 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 26, 2021 19:58 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 26, 2021 20:03 Inactive
@vercel vercel bot temporarily deployed to Preview – vault March 26, 2021 20:03 Inactive
@sgmiller
Copy link
Collaborator

@oncilla : Do you mind resolving the conflicts?

@vercel vercel bot temporarily deployed to Preview – vault October 19, 2021 19:25 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook October 19, 2021 19:25 Inactive
@oncilla
Copy link
Contributor Author

oncilla commented Oct 19, 2021

@sgmiller done.

@oncilla oncilla mentioned this pull request Oct 19, 2021
Closed
@cipherboy cipherboy mentioned this pull request Oct 19, 2021
Merged
@sgmiller
Copy link
Collaborator

Just failing one test:

`=== RUN TestBackend_SignSelfIssued_DifferentTypes
--- FAIL: TestBackend_SignSelfIssued_DifferentTypes (0.01s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0xa61d6f]

goroutine 11330 [running]:
testing.tRunner.func1.2(0x25c7620, 0x4156440)
/usr/local/go/src/testing/testing.go:1143 +0x332
testing.tRunner.func1(0xc002604f00)
/usr/local/go/src/testing/testing.go:1146 +0x4b6
panic(0x25c7620, 0x4156440)
/usr/local/go/src/runtime/panic.go:965 +0x1b9
github.com/hashicorp/vault/sdk/helper/certutil.createCertificate(0xc001632858, 0x2f30780, 0xc0000fc1e0, 0x0, 0x0, 0x0)
/go/src/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:676 +0xd8f
github.com/hashicorp/vault/sdk/helper/certutil.CreateCertificateWithRandomSource(...)`

@oncilla
certutil: select appropriate hash algorithm for ECDSA signature
7a9cd52 
Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.

The algorithm is selected based on the curve:

- P-256 -> x509.ECDSAWithSHA256
- P-384 -> x509.ECDSAWithSHA384
- P-521 -> x509.ECDSAWithSHA512
- Other -> x509.ECDSAWithSHA256

fixes hashicorp#11006
@oncilla
fix panic
6539489
@oncilla
Copy link
Contributor Author

oncilla commented Nov 3, 2021

@sgmiller should be fixed now

@vercel vercel bot temporarily deployed to Preview – vault-storybook November 3, 2021 20:35 Inactive
@vercel vercel bot temporarily deployed to Preview – vault November 3, 2021 20:35 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 3, 2021 21:37 Inactive
@vercel vercel bot temporarily deployed to Preview – vault November 3, 2021 21:37 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 4, 2021 15:28 Inactive
@vercel vercel bot temporarily deployed to Preview – vault November 4, 2021 15:28 Inactive
@victorr victorr merged commit 1869a69 into hashicorp:main Nov 4, 2021
victorr pushed a commit that referenced this pull request Nov 9, 2021
@oncilla @victorr
certutil: select appropriate hash algorithm for ECDSA signature (#11216)
d097e18 
* certutil: select appropriate hash algorithm for ECDSA signature

Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.

The algorithm is selected based on the curve:

- P-256 -> x509.ECDSAWithSHA256
- P-384 -> x509.ECDSAWithSHA384
- P-521 -> x509.ECDSAWithSHA512
- Other -> x509.ECDSAWithSHA256

fixes #11006
victorr added a commit that referenced this pull request Nov 9, 2021
@victorr @oncilla
certutil: select appropriate hash algorithm for ECDSA signature (#11216
1ed05d8 
…) (#13096)

* certutil: select appropriate hash algorithm for ECDSA signature

Select the appropriate signature algorithm for certificates signed
with an ECDSA private key.

The algorithm is selected based on the curve:

- P-256 -> x509.ECDSAWithSHA256
- P-384 -> x509.ECDSAWithSHA384
- P-521 -> x509.ECDSAWithSHA512
- Other -> x509.ECDSAWithSHA256

fixes #11006

Co-authored-by: Dominik Roos <[email protected]>
@oncilla oncilla deleted the select-sig-algo branch November 13, 2021 12:25
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgmiller sgmiller sgmiller approved these changes

Assignees
No one assigned
Labels
cryptosec
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

pki: select appropriate hash algorithm for ecdsa signed certificates
5 participants
@oncilla @hashicorp-cla @sgmiller @victorr @pmmukh