mirror of
https://github.com/minio/minio.git
synced 2025-01-26 22:23:15 -05:00
fix: allow P-384/P-512 constant time implementation (#15445)
since go1.18.x P-384/P-512 are now constant time implementations, enable them.
This commit is contained in:
parent
10b49eb4fb
commit
fd349103e8
@ -86,8 +86,6 @@ Alternatively, use the following command to generate a private ECDSA key protect
|
|||||||
openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out private.key -passout pass:PASSWORD
|
openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out private.key -passout pass:PASSWORD
|
||||||
```
|
```
|
||||||
|
|
||||||
**Note:** NIST curves P-384 and P-521 are not currently supported.
|
|
||||||
|
|
||||||
#### 3.2.2 Generate a private key with RSA
|
#### 3.2.2 Generate a private key with RSA
|
||||||
|
|
||||||
Use the following command to generate a private key with RSA:
|
Use the following command to generate a private key with RSA:
|
||||||
|
@ -19,8 +19,6 @@ package config
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto"
|
|
||||||
"crypto/ecdsa"
|
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
@ -103,19 +101,6 @@ func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return tls.Certificate{}, ErrSSLUnexpectedData(nil).Msg(err.Error())
|
return tls.Certificate{}, ErrSSLUnexpectedData(nil).Msg(err.Error())
|
||||||
}
|
}
|
||||||
// Ensure that the private key is not a P-384 or P-521 EC key.
|
|
||||||
// The Go TLS stack does not provide constant-time implementations of P-384 and P-521.
|
|
||||||
if priv, ok := cert.PrivateKey.(crypto.Signer); ok {
|
|
||||||
if pub, ok := priv.Public().(*ecdsa.PublicKey); ok {
|
|
||||||
switch pub.Params().Name {
|
|
||||||
case "P-384":
|
|
||||||
fallthrough
|
|
||||||
case "P-521":
|
|
||||||
// unfortunately there is no cleaner way to check
|
|
||||||
return tls.Certificate{}, ErrSSLUnexpectedData(nil).Msg("tls: the ECDSA curve '%s' is not supported", pub.Params().Name)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return cert, nil
|
return cert, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user