linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

identity: Use SHA256 fingerprints in events (#7836) 

When the identity controller emits logs & events, these messages
include the MD5 of the issued certificate. MD5 is unreliable and should
not be used, especially in a security-sensitive context.

This change replaces the use of md5 with sha256.

Signed-off-by: Oliver Gould <ver@buoyant.io>
This commit is contained in:
Oliver Gould 2022-02-07 19:15:27 -08:00 committed by GitHub
parent e03f6182f4
commit ec7ed1c3e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/identity/service.go
View File

@ -2,7 +2,7 @@ package identity
import ( import (
"context" "context"
"crypto/md5" "crypto/sha256"
"crypto/x509" "crypto/x509"
"encoding/hex" "encoding/hex"
"errors" "errors"
@ -241,7 +241,7 @@ func (svc *Service) Certify(ctx context.Context, req *pb.CertifyRequest) (*pb.Ce
return nil, status.Error(codes.Internal, err.Error()) return nil, status.Error(codes.Internal, err.Error())
} }
hasher := md5.New() hasher := sha256.New()
hasher.Write(crts[0]) hasher.Write(crts[0])
hash := hex.EncodeToString(hasher.Sum(nil)) hash := hex.EncodeToString(hasher.Sum(nil))
identitySegments := strings.Split(tokIdentity, ".") identitySegments := strings.Split(tokIdentity, ".")