luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Use the system rand reader for SSH keypair generation (#12560) 

* Use the system rand reader for SSH keypair generation

* changelog
This commit is contained in:
Scott Miller 2021-09-15 11:59:28 -05:00 committed by GitHub
parent 33d7dc5fb4
commit 241a78a2f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
builtin/logical/ssh/path_config_ca.go
View File

@ -7,6 +7,7 @@ import (
"crypto/x509"
"encoding/pem"
"fmt"
"io"
multierror "github.com/hashicorp/go-multierror"
"github.com/hashicorp/vault/sdk/framework"
@ -190,7 +191,7 @@ func (b *backend) pathConfigCAUpdate(ctx context.Context, req *logical.Request,
}
if generateSigningKey {
publicKey, privateKey, err = generateSSHKeyPair()
publicKey, privateKey, err = generateSSHKeyPair(b.Backend.GetRandomReader())
if err != nil {
return nil, err
}
@ -264,8 +265,11 @@ func (b *backend) pathConfigCAUpdate(ctx context.Context, req *logical.Request,
return nil, nil
}
func generateSSHKeyPair() (string, string, error) {
privateSeed, err := rsa.GenerateKey(rand.Reader, 4096)
func generateSSHKeyPair(randomSource io.Reader) (string, string, error) {
if randomSource == nil {
randomSource = rand.Reader
}
privateSeed, err := rsa.GenerateKey(randomSource, 4096)
if err != nil {
return "", "", err
}

3
changelog/12560.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
secrets/ssh: Use entropy augmentation when available for generation of the signing key.
```