Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject supplied nonces for non-convergent encryption operations #22852

Merged
merged 27 commits into from Sep 8, 2023
Merged

Reject supplied nonces for non-convergent encryption operations #22852

merged 27 commits into from Sep 8, 2023

Conversation

sgmiller
Copy link
Collaborator

@sgmiller sgmiller commented Sep 7, 2023

Fixes a regression where nonces were being honored if provided on encrypt
operations in non-convergent keys.

@sgmiller sgmiller requested a review from a team as a code owner September 7, 2023 16:10
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Sep 7, 2023
@github-actions
Copy link

github-actions bot commented Sep 7, 2023
edited

CI Results:
All Go tests succeeded! ✅

@sgmiller sgmiller marked this pull request as draft September 7, 2023 16:54
@sgmiller sgmiller modified the milestones: 1.14.3, 1.13.7, 1.15 Sep 7, 2023
@sgmiller sgmiller marked this pull request as ready for review September 7, 2023 17:58
@github-actions
Copy link

github-actions bot commented Sep 7, 2023

Build Results:
All builds succeeded! ✅

sgmiller and others added 8 commits September 7, 2023 15:36
@sgmiller
Merge branch 'main' into transit-nonce-guard
c09d54d
Fix auto-squash events experiments
6d869ec 
When #22835 was merged, it was auto-squashed, so the `experiments`
import was removed, but the test still referenced it.

This removes the (now unnecessary) experiment from the test.
@sgmiller
Merge branch 'main' into transit-nonce-guard
92b8341
@sgmiller
Merge remote-tracking branch 'origin/vault-19136/events-b-expr-test-f…
88ff4dd 
…ix' into transit-nonce-guard
@sgmiller
Merge branch 'transit-nonce-guard' of github.com:/hashicorp/vault int…
a3a588d 
…o transit-nonce-guard
@sgmiller
Merge branch 'main' into transit-nonce-guard
1c0ee3d
@sgmiller
Allow nonces for managed keys, because we have no way of knowing if t…
7fd3c00 
…he backing cipher/mode needs one
@sgmiller
Merge branch 'transit-nonce-guard' of github.com:/hashicorp/vault int…
b85d990 
…o transit-nonce-guard
cipherboy
cipherboy approved these changes Sep 7, 2023
View reviewed changes
Copy link
Contributor

@cipherboy cipherboy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on internal discussion, I believe this looks good!

@sgmiller sgmiller merged commit 7d4d8cb into main Sep 8, 2023
102 checks passed
@sgmiller sgmiller deleted the transit-nonce-guard branch September 8, 2023 13:07
Closed
@sgmiller sgmiller added backport/1.13.x Backport changes to `release/1.13.x` backport/1.14.x Backport changes to `release/1.14.x` backport/1.15.x Backport changes to `release/1.15.x` and removed backport/1.13.x Backport changes to `release/1.13.x` backport/1.14.x Backport changes to `release/1.14.x` backport/1.15.x Backport changes to `release/1.15.x` labels Sep 8, 2023
This was referenced Sep 8, 2023
Closed
Merged
Merged
sgmiller added a commit that referenced this pull request Sep 8, 2023
@sgmiller
Reject supplied nonces for non-convergent encryption operations (#22852)
cd58b39 
Backport to 1.13.x
sgmiller added a commit that referenced this pull request Sep 8, 2023
@sgmiller
Reject supplied nonces for non-convergent encryption operations (#22852)
4ff9d9a 
Backport to 1.12.x
sgmiller added a commit that referenced this pull request Sep 8, 2023
@sgmiller
Revert "Reject supplied nonces for non-convergent encryption operatio…
d653525 
…ns (#22852)"

This reverts commit 4ff9d9a.
sgmiller added a commit that referenced this pull request Sep 8, 2023
@sgmiller
Reject supplied nonces for non-convergent encryption operations (#22852)
96581cc 
Backport to 1.12.x
sgmiller added a commit that referenced this pull request Sep 8, 2023
@sgmiller
Reject supplied nonces for non-convergent encryption operations (#22852
ac9b65f 
…) (#22902)

Backport to 1.12.x
sgmiller added a commit that referenced this pull request Sep 8, 2023
@sgmiller
Reject supplied nonces for non-convergent encryption operations (#22852
8abe3cd 
…) (#22901)

* Reject supplied nonces for non-convergent encryption operations (#22852)

Backport to 1.13.x

* need http after all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cipherboy cipherboy cipherboy approved these changes

@stevendpclark stevendpclark stevendpclark approved these changes

@schultz-is schultz-is Awaiting requested review from schultz-is

Assignees
No one assigned
Labels
backport/1.13.x Backport changes to `release/1.13.x` backport/1.14.x Backport changes to `release/1.14.x` backport/1.15.x Backport changes to `release/1.15.x` hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.15.0-rc1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sgmiller @cipherboy @schultz-is @stevendpclark