Affected by GO-2023-1849 and 11 other vulnerabilities

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2063: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-2982: Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault

GO-2024-3162: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

dhutil

package

v1.11.9 Latest Latest Go to latest Published: Mar 23, 2023 License: MPL-2.0 Imports: 10 Imported by: 15

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

func DecryptAES(key, ciphertext, nonce, aad []byte) ([]byte, error)
func DeriveSharedKey(secret, ourPublic, theirPublic []byte) ([]byte, error)
func EncryptAES(key, plaintext, aad []byte) ([]byte, []byte, error)
func GeneratePublicPrivateKey() ([]byte, []byte, error)
func GenerateSharedSecret(ourPrivate, theirPublic []byte) ([]byte, error)
type Envelope
type PublicKeyInfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecryptAES ¶

func DecryptAES(key, ciphertext, nonce, aad []byte) ([]byte, error)

Use AES256-GCM to decrypt some ciphertext with a provided key and nonce. The returned values are the plaintext and error respectively.

func DeriveSharedKey ¶ added in v1.4.4

func DeriveSharedKey(secret, ourPublic, theirPublic []byte) ([]byte, error)

DeriveSharedKey uses HKDF to derive a key from a shared secret and public keys

func EncryptAES ¶

func EncryptAES(key, plaintext, aad []byte) ([]byte, []byte, error)

Use AES256-GCM to encrypt some plaintext with a provided key. The returned values are the ciphertext, the nonce, and error respectively.

func GeneratePublicPrivateKey ¶

func GeneratePublicPrivateKey() ([]byte, []byte, error)

generatePublicPrivateKey uses curve25519 to generate a public and private key pair.

func GenerateSharedSecret ¶ added in v1.4.4

func GenerateSharedSecret(ourPrivate, theirPublic []byte) ([]byte, error)

GenerateSharedSecret uses the private key and the other party's public key to generate the shared secret.

Types ¶

type Envelope ¶

type Envelope struct {
	Curve25519PublicKey []byte `json:"curve25519_public_key"`
	Nonce               []byte `json:"nonce"`
	EncryptedPayload    []byte `json:"encrypted_payload"`
}

type PublicKeyInfo ¶

type PublicKeyInfo struct {
	Curve25519PublicKey []byte `json:"curve25519_public_key"`
}

Source Files ¶

View all Source files

dhutil.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL