Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions ca/ca_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -943,7 +943,7 @@ func TestNoteSignError(t *testing.T) {

func TestGenerateSKID(t *testing.T) {
t.Parallel()
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
key, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "Error generating key")

sha256skid, err := generateSKID(key.Public())
Expand All @@ -957,7 +957,7 @@ func TestVerifyTBSCertIsDeterministic(t *testing.T) {
t.Parallel()

// Create first keypair and cert
testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "unable to generate ECDSA private key")
template := &x509.Certificate{
NotAfter: time.Now().Add(1 * time.Hour),
Expand All @@ -968,7 +968,7 @@ func TestVerifyTBSCertIsDeterministic(t *testing.T) {
test.AssertNotError(t, err, "unable to create certificate")

// Create second keypair and cert
testKey2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
testKey2, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "unable to generate ECDSA private key")
template2 := &x509.Certificate{
NotAfter: time.Now().Add(2 * time.Hour),
Expand Down
2 changes: 1 addition & 1 deletion ca/testdata/testcsr.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
)

func main() {
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
priv, err := ecdsa.GenerateKey(elliptic.P256(), nil)
if err != nil {
log.Fatalf("Failed to parse private key: %s", err)
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/admin/cert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ func TestSerialsFromPrivateKey(t *testing.T) {
fc := clock.NewFake()
fc.Set(time.Now())

privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
privKey, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "creating test private key")
keyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
test.AssertNotError(t, err, "marshalling test private key bytes")
Expand Down
6 changes: 3 additions & 3 deletions cmd/admin/key_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@ import (

func TestSPKIHashesFromPrivateKeys(t *testing.T) {

ecdsaKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
ecdsaKey, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "Generating ECDSA key")
pkcs8ecdsa, err := x509.MarshalPKCS8PrivateKey(ecdsaKey)
test.AssertNotError(t, err, "Marshalling PKCS8 private key")

rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
rsaKey, err := rsa.GenerateKey(nil, 2048)
test.AssertNotError(t, err, "Generating RSA key")
pkcs8rsa, err := x509.MarshalPKCS8PrivateKey(rsaKey)
test.AssertNotError(t, err, "Marshalling PKCS8 private key")
Expand Down Expand Up @@ -166,7 +166,7 @@ func TestBlockSPKIHash(t *testing.T) {
log := blog.NewMock()
msa := mockSARecordingBlocks{}

privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
privKey, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "creating test private key")
keyHash, err := core.KeyDigest(privKey.Public())
test.AssertNotError(t, err, "computing test SPKI hash")
Expand Down
2 changes: 1 addition & 1 deletion cmd/ceremony/cert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,7 @@ func TestGenerateCSR(t *testing.T) {
Country: "country",
}

signer, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
signer, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "failed to generate test key")

csrBytes, err := generateCSR(profile, &wrappedSigner{signer})
Expand Down
4 changes: 2 additions & 2 deletions cmd/ceremony/crl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ func (p wrappedSigner) Public() crypto.PublicKey {
}

func TestGenerateCRLLints(t *testing.T) {
k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
k, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "failed to generate test key")

cert := &x509.Certificate{
Expand Down Expand Up @@ -102,7 +102,7 @@ func TestGenerateCRLLints(t *testing.T) {
}

func TestGenerateCRL(t *testing.T) {
k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
k, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "failed to generate test key")

template := &x509.Certificate{
Expand Down
2 changes: 1 addition & 1 deletion cmd/ceremony/ecdsa_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func TestECGenerate(t *testing.T) {
ctx.GenerateRandomFunc = func(pkcs11.SessionHandle, int) ([]byte, error) {
return []byte{1, 2, 3}, nil
}
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
priv, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "Failed to generate a ECDSA test key")

// Test ecGenerate fails with unknown curve
Expand Down
4 changes: 2 additions & 2 deletions cmd/ceremony/key_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func TestGenerateKeyRSA(t *testing.T) {
tmp := t.TempDir()

ctx := setupCtx()
rsaPriv, err := rsa.GenerateKey(rand.Reader, 1024)
rsaPriv, err := rsa.GenerateKey(nil, 1024)
test.AssertNotError(t, err, "Failed to generate a test RSA key")
ctx.GetAttributeValueFunc = func(pkcs11.SessionHandle, pkcs11.ObjectHandle, []*pkcs11.Attribute) ([]*pkcs11.Attribute, error) {
return []*pkcs11.Attribute{
Expand Down Expand Up @@ -74,7 +74,7 @@ func TestGenerateKeyRSA(t *testing.T) {
}

func setECGenerateFuncs(ctx *pkcs11helpers.MockCtx) {
ecPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
ecPriv, err := ecdsa.GenerateKey(elliptic.P256(), nil)
if err != nil {
panic(err)
}
Expand Down
4 changes: 2 additions & 2 deletions cmd/ceremony/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ import (

func TestLoadPubKey(t *testing.T) {
tmp := t.TempDir()
key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
key, _ := ecdsa.GenerateKey(elliptic.P256(), nil)

_, _, err := loadPubKey(path.Join(tmp, "does", "not", "exist"))
test.AssertError(t, err, "should fail on non-existent file")
Expand Down Expand Up @@ -1295,7 +1295,7 @@ func TestPostIssuanceLinting(t *testing.T) {
err := postIssuanceLinting(nil, nil)
test.AssertError(t, err, "should have failed because no certificate was provided")

testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "unable to generate ECDSA private key")
template := &x509.Certificate{
NotAfter: clk.Now().Add(1 * time.Hour),
Expand Down
2 changes: 1 addition & 1 deletion cmd/ceremony/rsa_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func TestRSAGenerate(t *testing.T) {
return []byte{1, 2, 3}, nil
}

priv, err := rsa.GenerateKey(rand.Reader, 1024)
priv, err := rsa.GenerateKey(nil, 1024)
test.AssertNotError(t, err, "Failed to generate a RSA test key")

// Test rsaGenerate fails when GenerateKeyPair fails
Expand Down
14 changes: 7 additions & 7 deletions cmd/cert-checker/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func init() {

func BenchmarkCheckCert(b *testing.B) {
checker := newChecker(nil, clock.New(), pa, kp, time.Hour, testValidityDurations, nil, blog.NewMock())
testKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
testKey, _ := ecdsa.GenerateKey(elliptic.P256(), nil)
expiry := time.Now().AddDate(0, 0, 1)
serial := big.NewInt(1337)
rawCert := x509.Certificate{
Expand Down Expand Up @@ -106,7 +106,7 @@ func TestCheckWildcardCert(t *testing.T) {
saCleanup()
}()

testKey, _ := rsa.GenerateKey(rand.Reader, 2048)
testKey, _ := rsa.GenerateKey(nil, 2048)
fc := clock.NewFake()
checker := newChecker(saDbMap, fc, pa, kp, time.Hour, testValidityDurations, nil, blog.NewMock())
issued := checker.clock.Now().Add(-time.Minute)
Expand Down Expand Up @@ -184,13 +184,13 @@ type keyGen interface {
type ecP256Generator struct{}

func (*ecP256Generator) genKey() (crypto.Signer, error) {
return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
return ecdsa.GenerateKey(elliptic.P256(), nil)
}

type rsa2048Generator struct{}

func (*rsa2048Generator) genKey() (crypto.Signer, error) {
return rsa.GenerateKey(rand.Reader, 2048)
return rsa.GenerateKey(nil, 2048)
}

func TestCheckCert(t *testing.T) {
Expand Down Expand Up @@ -348,7 +348,7 @@ func TestGetAndProcessCerts(t *testing.T) {
saCleanUp()
}()

testKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
testKey, _ := ecdsa.GenerateKey(elliptic.P256(), nil)
// Problems
// Expiry period is too long
rawCert := x509.Certificate{
Expand Down Expand Up @@ -559,7 +559,7 @@ func TestIgnoredLint(t *testing.T) {

err = loglist.InitLintList("../../test/ct-test-srv/log_list.json", false)
test.AssertNotError(t, err, "failed to load ct log list")
testKey, _ := rsa.GenerateKey(rand.Reader, 2048)
testKey, _ := rsa.GenerateKey(nil, 2048)
checker := newChecker(saDbMap, clock.NewFake(), pa, kp, time.Hour, testValidityDurations, nil, blog.NewMock())
serial := big.NewInt(1337)

Expand Down Expand Up @@ -646,7 +646,7 @@ func TestPrecertCorrespond(t *testing.T) {
checker.getPrecert = func(_ context.Context, _ string) ([]byte, error) {
return []byte("hello"), nil
}
testKey, _ := rsa.GenerateKey(rand.Reader, 2048)
testKey, _ := rsa.GenerateKey(nil, 2048)
expiry := time.Now().AddDate(0, 0, 1)
serial := big.NewInt(1337)
rawCert := x509.Certificate{
Expand Down
4 changes: 2 additions & 2 deletions cmd/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func TestTLSConfigLoad(t *testing.T) {
key := path.Join(tmp, "TestTLSConfigLoad.key.pem")
caCert := path.Join(tmp, "TestTLSConfigLoad.cacert.pem")

rootKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
rootKey, err := ecdsa.GenerateKey(elliptic.P224(), nil)
test.AssertNotError(t, err, "creating test root key")
rootTemplate := &x509.Certificate{
Subject: pkix.Name{CommonName: "test root"},
Expand All @@ -81,7 +81,7 @@ func TestTLSConfigLoad(t *testing.T) {
err = os.WriteFile(caCert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCert}), os.ModeAppend)
test.AssertNotError(t, err, "writing test root cert to disk")

intKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
intKey, err := ecdsa.GenerateKey(elliptic.P224(), nil)
test.AssertNotError(t, err, "creating test intermediate key")
intKeyBytes, err := x509.MarshalECPrivateKey(intKey)
test.AssertNotError(t, err, "marshalling test intermediate key")
Expand Down
2 changes: 1 addition & 1 deletion crl/storer/storer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ func TestUploadCRLInvalidSignature(t *testing.T) {
},
},
}
fakeSigner, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
fakeSigner, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "creating throwaway signer")
crlBytes, err := x509.CreateRevocationList(
rand.Reader,
Expand Down
6 changes: 3 additions & 3 deletions csr/csr_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func (pa *mockPA) CheckAuthzChallenges(a *core.Authorization) error {
}

func TestVerifyCSR(t *testing.T) {
private, err := rsa.GenerateKey(rand.Reader, 2048)
private, err := rsa.GenerateKey(nil, 2048)
test.AssertNotError(t, err, "error generating test key")
signedReqBytes, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{PublicKey: private.PublicKey, SignatureAlgorithm: x509.SHA256WithRSA}, private)
test.AssertNotError(t, err, "error generating test CSR")
Expand Down Expand Up @@ -257,7 +257,7 @@ func TestSHA1Deprecation(t *testing.T) {
keyPolicy, err := goodkey.NewPolicy(nil, nil)
test.AssertNotError(t, err, "creating test keypolicy")

private, err := rsa.GenerateKey(rand.Reader, 2048)
private, err := rsa.GenerateKey(nil, 2048)
test.AssertNotError(t, err, "error generating test key")

makeAndVerifyCsr := func(alg x509.SignatureAlgorithm) error {
Expand All @@ -283,7 +283,7 @@ func TestSHA1Deprecation(t *testing.T) {
}

func TestDuplicateExtensionRejection(t *testing.T) {
private, err := rsa.GenerateKey(rand.Reader, 2048)
private, err := rsa.GenerateKey(nil, 2048)
test.AssertNotError(t, err, "error generating test key")

csrBytes, err := x509.CreateCertificateRequest(rand.Reader,
Expand Down
22 changes: 11 additions & 11 deletions goodkey/good_key_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,14 +123,14 @@ func TestROCA(t *testing.T) {
}

func TestGoodKey(t *testing.T) {
private, err := rsa.GenerateKey(rand.Reader, 2048)
private, err := rsa.GenerateKey(nil, 2048)
test.AssertNotError(t, err, "Error generating key")
test.AssertNotError(t, testingPolicy.GoodKey(context.Background(), &private.PublicKey), "Should have accepted good key")
}

func TestECDSABadCurve(t *testing.T) {
for _, curve := range invalidCurves {
private, err := ecdsa.GenerateKey(curve, rand.Reader)
private, err := ecdsa.GenerateKey(curve, nil)
test.AssertNotError(t, err, "Error generating key")
err = testingPolicy.GoodKey(context.Background(), &private.PublicKey)
test.AssertError(t, err, "Should have rejected key with unsupported curve")
Expand All @@ -150,7 +150,7 @@ var validCurves = []elliptic.Curve{

func TestECDSAGoodKey(t *testing.T) {
for _, curve := range validCurves {
private, err := ecdsa.GenerateKey(curve, rand.Reader)
private, err := ecdsa.GenerateKey(curve, nil)
test.AssertNotError(t, err, "Error generating key")
test.AssertNotError(t, testingPolicy.GoodKey(context.Background(), &private.PublicKey), "Should have accepted good key")
}
Expand All @@ -159,7 +159,7 @@ func TestECDSAGoodKey(t *testing.T) {
func TestECDSANotOnCurveX(t *testing.T) {
for _, curve := range validCurves {
// Change a public key so that it is no longer on the curve.
private, err := ecdsa.GenerateKey(curve, rand.Reader)
private, err := ecdsa.GenerateKey(curve, nil)
test.AssertNotError(t, err, "Error generating key")

private.X.Add(private.X, big.NewInt(1))
Expand All @@ -172,7 +172,7 @@ func TestECDSANotOnCurveX(t *testing.T) {
func TestECDSANotOnCurveY(t *testing.T) {
for _, curve := range validCurves {
// Again with Y.
private, err := ecdsa.GenerateKey(curve, rand.Reader)
private, err := ecdsa.GenerateKey(curve, nil)
test.AssertNotError(t, err, "Error generating key")

// Change the public key so that it is no longer on the curve.
Expand All @@ -186,7 +186,7 @@ func TestECDSANotOnCurveY(t *testing.T) {
func TestECDSANegative(t *testing.T) {
for _, curve := range validCurves {
// Check that negative X is not accepted.
private, err := ecdsa.GenerateKey(curve, rand.Reader)
private, err := ecdsa.GenerateKey(curve, nil)
test.AssertNotError(t, err, "Error generating key")

private.X.Neg(private.X)
Expand All @@ -206,7 +206,7 @@ func TestECDSANegative(t *testing.T) {
func TestECDSAXOutsideField(t *testing.T) {
for _, curve := range validCurves {
// Check that X outside [0, p-1] is not accepted.
private, err := ecdsa.GenerateKey(curve, rand.Reader)
private, err := ecdsa.GenerateKey(curve, nil)
test.AssertNotError(t, err, "Error generating key")

private.X.Mul(private.X, private.Curve.Params().P)
Expand All @@ -219,7 +219,7 @@ func TestECDSAXOutsideField(t *testing.T) {
func TestECDSAYOutsideField(t *testing.T) {
for _, curve := range validCurves {
// Check that Y outside [0, p-1] is not accepted.
private, err := ecdsa.GenerateKey(curve, rand.Reader)
private, err := ecdsa.GenerateKey(curve, nil)
test.AssertNotError(t, err, "Error generating key")

private.X.Mul(private.Y, private.Curve.Params().P)
Expand All @@ -245,7 +245,7 @@ func TestECDSAIdentity(t *testing.T) {
}

func TestNonRefKey(t *testing.T) {
private, err := rsa.GenerateKey(rand.Reader, 2048)
private, err := rsa.GenerateKey(nil, 2048)
test.AssertNotError(t, err, "Error generating key")
test.AssertError(t, testingPolicy.GoodKey(context.Background(), private.PublicKey), "Accepted non-reference key")
}
Expand All @@ -260,7 +260,7 @@ func TestDBBlocklistAccept(t *testing.T) {
policy, err := NewPolicy(nil, testCheck)
test.AssertNotError(t, err, "NewKeyPolicy failed")

k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
k, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "ecdsa.GenerateKey failed")
err = policy.GoodKey(context.Background(), k.Public())
test.AssertNotError(t, err, "GoodKey failed with a non-blocked key")
Expand All @@ -275,7 +275,7 @@ func TestDBBlocklistReject(t *testing.T) {
policy, err := NewPolicy(nil, testCheck)
test.AssertNotError(t, err, "NewKeyPolicy failed")

k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
k, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "ecdsa.GenerateKey failed")
err = policy.GoodKey(context.Background(), k.Public())
test.AssertError(t, err, "GoodKey didn't fail with a blocked key")
Expand Down
4 changes: 2 additions & 2 deletions goodkey/sagoodkey/good_key_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ func TestDBBlocklistAccept(t *testing.T) {
policy, err := NewPolicy(&goodkey.Config{}, testCheck)
test.AssertNotError(t, err, "NewKeyPolicy failed")

k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
k, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "ecdsa.GenerateKey failed")
err = policy.GoodKey(context.Background(), k.Public())
test.AssertNotError(t, err, "GoodKey failed with a non-blocked key")
Expand All @@ -39,7 +39,7 @@ func TestDBBlocklistReject(t *testing.T) {
policy, err := NewPolicy(&goodkey.Config{}, testCheck)
test.AssertNotError(t, err, "NewKeyPolicy failed")

k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
k, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "ecdsa.GenerateKey failed")
err = policy.GoodKey(context.Background(), k.Public())
test.AssertError(t, err, "GoodKey didn't fail with a blocked key")
Expand Down
2 changes: 1 addition & 1 deletion grpc/creds/creds_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ func TestServerTransportCredentials(t *testing.T) {
}

func TestClientTransportCredentials(t *testing.T) {
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
priv, err := ecdsa.GenerateKey(elliptic.P256(), nil)
test.AssertNotError(t, err, "failed to generate test key")

temp := &x509.Certificate{
Expand Down
Loading
Loading