-
Notifications
You must be signed in to change notification settings - Fork 4.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reject supplied nonces for non-convergent encryption operations (#22852)
* Ignore nonces when encrypting without convergence or with convergence versions > 1 * Honor nonce use warning in non-FIPS modes * Revert "Honor nonce use warning in non-FIPS modes" This reverts commit 2aee3db. * Add a test func that removes a nonce when not needed * err out rather than ignore the nonce * Alter unit test to cover, also cover convergent version 3 * More unit test work * Fix test 14 * changelog * tests not already in a nonce present path * Update unit test to not assume warning when nonce provided incorrectly * remove unused test field * Fix auto-squash events experiments When #22835 was merged, it was auto-squashed, so the `experiments` import was removed, but the test still referenced it. This removes the (now unnecessary) experiment from the test. * Allow nonces for managed keys, because we have no way of knowing if the backing cipher/mode needs one --------- Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
- Loading branch information
Showing
7 changed files
with
142 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:security | ||
secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters