diff --git a/NOTICE.txt b/NOTICE.txt index 81414df..479c916 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -2134,43 +2134,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. --------------------------------------------------------------------------------- -Dependency : golang.org/x/crypto -Version: v0.36.0 -Licence type (autodetected): BSD-3-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/golang.org/x/crypto@v0.36.0/LICENSE: - -Copyright 2009 The Go Authors. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google LLC nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -------------------------------------------------------------------------------- Dependency : golang.org/x/net Version: v0.38.0 @@ -5953,6 +5916,43 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-------------------------------------------------------------------------------- +Dependency : golang.org/x/crypto +Version: v0.36.0 +Licence type (autodetected): BSD-3-Clause +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/golang.org/x/crypto@v0.36.0/LICENSE: + +Copyright 2009 The Go Authors. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google LLC nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + -------------------------------------------------------------------------------- Dependency : golang.org/x/lint Version: v0.0.0-20190930215403-16217165b5de diff --git a/go.mod b/go.mod index 5a85976..0b47989 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/elastic/elastic-agent-libs -go 1.23.0 +go 1.24.0 require ( github.com/Microsoft/go-winio v0.5.2 @@ -20,7 +20,6 @@ require ( go.elastic.co/ecszap v1.0.2 go.elastic.co/go-licence-detector v0.6.0 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.36.0 golang.org/x/net v0.38.0 golang.org/x/sys v0.31.0 golang.org/x/text v0.23.0 @@ -53,6 +52,7 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect go.uber.org/multierr v1.11.0 // indirect + golang.org/x/crypto v0.36.0 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/sync v0.12.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/keystore/file_keystore.go b/keystore/file_keystore.go index 457aebd..ca762ec 100644 --- a/keystore/file_keystore.go +++ b/keystore/file_keystore.go @@ -19,7 +19,9 @@ package keystore import ( "bytes" + "crypto/pbkdf2" "crypto/rand" + "crypto/sha512" "encoding/base64" "encoding/json" "fmt" @@ -137,6 +139,10 @@ func (k *FileKeystore) Retrieve(key string) (*SecureString, error) { return NewSecureString(secret.Value), nil } +func (k *FileKeystore) hashPassword(password string, salt []byte) ([]byte, error) { + return pbkdf2.Key(sha512.New, password, salt, iterationsCount, keyLength) +} + // Store add the key pair to the secret store and mark the store as dirty. func (k *FileKeystore) Store(key string, value []byte) error { k.Lock() diff --git a/keystore/file_keystore_fips.go b/keystore/file_keystore_fips.go index 4899515..a786fad 100644 --- a/keystore/file_keystore_fips.go +++ b/keystore/file_keystore_fips.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -//go:build go1.24 && requirefips +//go:build requirefips package keystore diff --git a/keystore/file_keystore_fips_test.go b/keystore/file_keystore_fips_test.go index 75ad359..4eac59e 100644 --- a/keystore/file_keystore_fips_test.go +++ b/keystore/file_keystore_fips_test.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -//go:build go1.24 && requirefips +//go:build requirefips package keystore diff --git a/keystore/pbkdf2_go124.go b/keystore/pbkdf2_go124.go deleted file mode 100644 index 597e1e6..0000000 --- a/keystore/pbkdf2_go124.go +++ /dev/null @@ -1,29 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -//go:build go1.24 - -package keystore - -import ( - "crypto/pbkdf2" - "crypto/sha512" -) - -func (k *FileKeystore) hashPassword(password string, salt []byte) ([]byte, error) { - return pbkdf2.Key(sha512.New, password, salt, iterationsCount, keyLength) -} diff --git a/keystore/pbkdf2_legacy.go b/keystore/pbkdf2_legacy.go deleted file mode 100644 index 300904b..0000000 --- a/keystore/pbkdf2_legacy.go +++ /dev/null @@ -1,30 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -//go:build !go1.24 - -package keystore - -import ( - "crypto/sha512" - - "golang.org/x/crypto/pbkdf2" -) - -func (k *FileKeystore) hashPassword(password string, salt []byte) ([]byte, error) { - return pbkdf2.Key([]byte(password), salt, iterationsCount, keyLength, sha512.New), nil -}