diff --git a/ca/ca_test.go b/ca/ca_test.go index 0c5b94ca7dc..0a37780e295 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -943,7 +943,7 @@ func TestNoteSignError(t *testing.T) { func TestGenerateSKID(t *testing.T) { t.Parallel() - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Error generating key") sha256skid, err := generateSKID(key.Public()) @@ -957,7 +957,7 @@ func TestVerifyTBSCertIsDeterministic(t *testing.T) { t.Parallel() // Create first keypair and cert - testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "unable to generate ECDSA private key") template := &x509.Certificate{ NotAfter: time.Now().Add(1 * time.Hour), @@ -968,7 +968,7 @@ func TestVerifyTBSCertIsDeterministic(t *testing.T) { test.AssertNotError(t, err, "unable to create certificate") // Create second keypair and cert - testKey2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey2, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "unable to generate ECDSA private key") template2 := &x509.Certificate{ NotAfter: time.Now().Add(2 * time.Hour), diff --git a/ca/testdata/testcsr.go b/ca/testdata/testcsr.go index cd22487cde0..aaa527584b5 100644 --- a/ca/testdata/testcsr.go +++ b/ca/testdata/testcsr.go @@ -13,7 +13,7 @@ import ( ) func main() { - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + priv, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { log.Fatalf("Failed to parse private key: %s", err) } diff --git a/cmd/admin/cert_test.go b/cmd/admin/cert_test.go index deeb80cd8c9..6f467c48564 100644 --- a/cmd/admin/cert_test.go +++ b/cmd/admin/cert_test.go @@ -105,7 +105,7 @@ func TestSerialsFromPrivateKey(t *testing.T) { fc := clock.NewFake() fc.Set(time.Now()) - privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + privKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating test private key") keyBytes, err := x509.MarshalPKCS8PrivateKey(privKey) test.AssertNotError(t, err, "marshalling test private key bytes") diff --git a/cmd/admin/key_test.go b/cmd/admin/key_test.go index 0d0732a0192..eb8aaae01e6 100644 --- a/cmd/admin/key_test.go +++ b/cmd/admin/key_test.go @@ -32,12 +32,12 @@ import ( func TestSPKIHashesFromPrivateKeys(t *testing.T) { - ecdsaKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + ecdsaKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Generating ECDSA key") pkcs8ecdsa, err := x509.MarshalPKCS8PrivateKey(ecdsaKey) test.AssertNotError(t, err, "Marshalling PKCS8 private key") - rsaKey, err := rsa.GenerateKey(rand.Reader, 2048) + rsaKey, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "Generating RSA key") pkcs8rsa, err := x509.MarshalPKCS8PrivateKey(rsaKey) test.AssertNotError(t, err, "Marshalling PKCS8 private key") @@ -166,7 +166,7 @@ func TestBlockSPKIHash(t *testing.T) { log := blog.NewMock() msa := mockSARecordingBlocks{} - privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + privKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating test private key") keyHash, err := core.KeyDigest(privKey.Public()) test.AssertNotError(t, err, "computing test SPKI hash") diff --git a/cmd/ceremony/cert_test.go b/cmd/ceremony/cert_test.go index 2fd8f8c11f9..990760c6d9b 100644 --- a/cmd/ceremony/cert_test.go +++ b/cmd/ceremony/cert_test.go @@ -549,7 +549,7 @@ func TestGenerateCSR(t *testing.T) { Country: "country", } - signer, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + signer, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") csrBytes, err := generateCSR(profile, &wrappedSigner{signer}) diff --git a/cmd/ceremony/crl_test.go b/cmd/ceremony/crl_test.go index 60f951af1ea..77603aa6c61 100644 --- a/cmd/ceremony/crl_test.go +++ b/cmd/ceremony/crl_test.go @@ -61,7 +61,7 @@ func (p wrappedSigner) Public() crypto.PublicKey { } func TestGenerateCRLLints(t *testing.T) { - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") cert := &x509.Certificate{ @@ -102,7 +102,7 @@ func TestGenerateCRLLints(t *testing.T) { } func TestGenerateCRL(t *testing.T) { - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") template := &x509.Certificate{ diff --git a/cmd/ceremony/ecdsa_test.go b/cmd/ceremony/ecdsa_test.go index 8bd34867581..ef3678cfe62 100644 --- a/cmd/ceremony/ecdsa_test.go +++ b/cmd/ceremony/ecdsa_test.go @@ -40,7 +40,7 @@ func TestECGenerate(t *testing.T) { ctx.GenerateRandomFunc = func(pkcs11.SessionHandle, int) ([]byte, error) { return []byte{1, 2, 3}, nil } - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + priv, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Failed to generate a ECDSA test key") // Test ecGenerate fails with unknown curve diff --git a/cmd/ceremony/key_test.go b/cmd/ceremony/key_test.go index 5a1768c491d..c57cf760d1c 100644 --- a/cmd/ceremony/key_test.go +++ b/cmd/ceremony/key_test.go @@ -46,7 +46,7 @@ func TestGenerateKeyRSA(t *testing.T) { tmp := t.TempDir() ctx := setupCtx() - rsaPriv, err := rsa.GenerateKey(rand.Reader, 1024) + rsaPriv, err := rsa.GenerateKey(nil, 1024) test.AssertNotError(t, err, "Failed to generate a test RSA key") ctx.GetAttributeValueFunc = func(pkcs11.SessionHandle, pkcs11.ObjectHandle, []*pkcs11.Attribute) ([]*pkcs11.Attribute, error) { return []*pkcs11.Attribute{ @@ -74,7 +74,7 @@ func TestGenerateKeyRSA(t *testing.T) { } func setECGenerateFuncs(ctx *pkcs11helpers.MockCtx) { - ecPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + ecPriv, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { panic(err) } diff --git a/cmd/ceremony/main_test.go b/cmd/ceremony/main_test.go index 899cb2909cc..ae2ff6396c5 100644 --- a/cmd/ceremony/main_test.go +++ b/cmd/ceremony/main_test.go @@ -22,7 +22,7 @@ import ( func TestLoadPubKey(t *testing.T) { tmp := t.TempDir() - key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, _ := ecdsa.GenerateKey(elliptic.P256(), nil) _, _, err := loadPubKey(path.Join(tmp, "does", "not", "exist")) test.AssertError(t, err, "should fail on non-existent file") @@ -1295,7 +1295,7 @@ func TestPostIssuanceLinting(t *testing.T) { err := postIssuanceLinting(nil, nil) test.AssertError(t, err, "should have failed because no certificate was provided") - testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "unable to generate ECDSA private key") template := &x509.Certificate{ NotAfter: clk.Now().Add(1 * time.Hour), diff --git a/cmd/ceremony/rsa_test.go b/cmd/ceremony/rsa_test.go index 40eb9d5df90..6a6773e7c4f 100644 --- a/cmd/ceremony/rsa_test.go +++ b/cmd/ceremony/rsa_test.go @@ -44,7 +44,7 @@ func TestRSAGenerate(t *testing.T) { return []byte{1, 2, 3}, nil } - priv, err := rsa.GenerateKey(rand.Reader, 1024) + priv, err := rsa.GenerateKey(nil, 1024) test.AssertNotError(t, err, "Failed to generate a RSA test key") // Test rsaGenerate fails when GenerateKeyPair fails diff --git a/cmd/cert-checker/main_test.go b/cmd/cert-checker/main_test.go index 156bef5bbaf..7b649e71257 100644 --- a/cmd/cert-checker/main_test.go +++ b/cmd/cert-checker/main_test.go @@ -74,7 +74,7 @@ func init() { func BenchmarkCheckCert(b *testing.B) { checker := newChecker(nil, clock.New(), pa, kp, time.Hour, testValidityDurations, nil, blog.NewMock()) - testKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, _ := ecdsa.GenerateKey(elliptic.P256(), nil) expiry := time.Now().AddDate(0, 0, 1) serial := big.NewInt(1337) rawCert := x509.Certificate{ @@ -107,7 +107,7 @@ func TestCheckWildcardCert(t *testing.T) { saCleanup() }() - testKey, _ := rsa.GenerateKey(rand.Reader, 2048) + testKey, _ := rsa.GenerateKey(nil, 2048) fc := clock.NewFake() checker := newChecker(saDbMap, fc, pa, kp, time.Hour, testValidityDurations, nil, blog.NewMock()) issued := checker.clock.Now().Add(-time.Minute) @@ -189,13 +189,13 @@ type keyGen interface { type ecP256Generator struct{} func (*ecP256Generator) genKey() (crypto.Signer, error) { - return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + return ecdsa.GenerateKey(elliptic.P256(), nil) } type rsa2048Generator struct{} func (*rsa2048Generator) genKey() (crypto.Signer, error) { - return rsa.GenerateKey(rand.Reader, 2048) + return rsa.GenerateKey(nil, 2048) } func TestCheckCert(t *testing.T) { @@ -353,7 +353,7 @@ func TestGetAndProcessCerts(t *testing.T) { saCleanUp() }() - testKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, _ := ecdsa.GenerateKey(elliptic.P256(), nil) // Problems // Expiry period is too long rawCert := x509.Certificate{ @@ -564,7 +564,7 @@ func TestIgnoredLint(t *testing.T) { err = loglist.InitLintList("../../test/ct-test-srv/log_list.json", false) test.AssertNotError(t, err, "failed to load ct log list") - testKey, _ := rsa.GenerateKey(rand.Reader, 2048) + testKey, _ := rsa.GenerateKey(nil, 2048) checker := newChecker(saDbMap, clock.NewFake(), pa, kp, time.Hour, testValidityDurations, nil, blog.NewMock()) serial := big.NewInt(1337) @@ -651,7 +651,7 @@ func TestPrecertCorrespond(t *testing.T) { checker.getPrecert = func(_ context.Context, _ string) ([]byte, error) { return []byte("hello"), nil } - testKey, _ := rsa.GenerateKey(rand.Reader, 2048) + testKey, _ := rsa.GenerateKey(nil, 2048) expiry := time.Now().AddDate(0, 0, 1) serial := big.NewInt(1337) rawCert := x509.Certificate{ diff --git a/cmd/config_test.go b/cmd/config_test.go index 2935889b507..a1f7047673f 100644 --- a/cmd/config_test.go +++ b/cmd/config_test.go @@ -67,7 +67,7 @@ func TestTLSConfigLoad(t *testing.T) { key := path.Join(tmp, "TestTLSConfigLoad.key.pem") caCert := path.Join(tmp, "TestTLSConfigLoad.cacert.pem") - rootKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + rootKey, err := ecdsa.GenerateKey(elliptic.P224(), nil) test.AssertNotError(t, err, "creating test root key") rootTemplate := &x509.Certificate{ Subject: pkix.Name{CommonName: "test root"}, @@ -81,7 +81,7 @@ func TestTLSConfigLoad(t *testing.T) { err = os.WriteFile(caCert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCert}), os.ModeAppend) test.AssertNotError(t, err, "writing test root cert to disk") - intKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + intKey, err := ecdsa.GenerateKey(elliptic.P224(), nil) test.AssertNotError(t, err, "creating test intermediate key") intKeyBytes, err := x509.MarshalECPrivateKey(intKey) test.AssertNotError(t, err, "marshalling test intermediate key") diff --git a/crl/storer/storer_test.go b/crl/storer/storer_test.go index 6285370b52b..18f2dab89cf 100644 --- a/crl/storer/storer_test.go +++ b/crl/storer/storer_test.go @@ -212,7 +212,7 @@ func TestUploadCRLInvalidSignature(t *testing.T) { }, }, } - fakeSigner, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + fakeSigner, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating throwaway signer") crlBytes, err := x509.CreateRevocationList( rand.Reader, diff --git a/csr/csr_test.go b/csr/csr_test.go index 6f1936449a1..d2e3b98c056 100644 --- a/csr/csr_test.go +++ b/csr/csr_test.go @@ -45,7 +45,7 @@ func (pa *mockPA) CheckAuthzChallenges(a *core.Authorization) error { } func TestVerifyCSR(t *testing.T) { - private, err := rsa.GenerateKey(rand.Reader, 2048) + private, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "error generating test key") signedReqBytes, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{PublicKey: private.PublicKey, SignatureAlgorithm: x509.SHA256WithRSA}, private) test.AssertNotError(t, err, "error generating test CSR") @@ -257,7 +257,7 @@ func TestSHA1Deprecation(t *testing.T) { keyPolicy, err := goodkey.NewPolicy(nil, nil) test.AssertNotError(t, err, "creating test keypolicy") - private, err := rsa.GenerateKey(rand.Reader, 2048) + private, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "error generating test key") makeAndVerifyCsr := func(alg x509.SignatureAlgorithm) error { @@ -283,7 +283,7 @@ func TestSHA1Deprecation(t *testing.T) { } func TestDuplicateExtensionRejection(t *testing.T) { - private, err := rsa.GenerateKey(rand.Reader, 2048) + private, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "error generating test key") csrBytes, err := x509.CreateCertificateRequest(rand.Reader, diff --git a/goodkey/good_key_test.go b/goodkey/good_key_test.go index 133b6ac11ef..7841d51f445 100644 --- a/goodkey/good_key_test.go +++ b/goodkey/good_key_test.go @@ -4,7 +4,6 @@ import ( "context" "crypto/ecdsa" "crypto/elliptic" - "crypto/rand" "crypto/rsa" "fmt" "math/big" @@ -123,14 +122,14 @@ func TestROCA(t *testing.T) { } func TestGoodKey(t *testing.T) { - private, err := rsa.GenerateKey(rand.Reader, 2048) + private, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "Error generating key") test.AssertNotError(t, testingPolicy.GoodKey(context.Background(), &private.PublicKey), "Should have accepted good key") } func TestECDSABadCurve(t *testing.T) { for _, curve := range invalidCurves { - private, err := ecdsa.GenerateKey(curve, rand.Reader) + private, err := ecdsa.GenerateKey(curve, nil) test.AssertNotError(t, err, "Error generating key") err = testingPolicy.GoodKey(context.Background(), &private.PublicKey) test.AssertError(t, err, "Should have rejected key with unsupported curve") @@ -150,7 +149,7 @@ var validCurves = []elliptic.Curve{ func TestECDSAGoodKey(t *testing.T) { for _, curve := range validCurves { - private, err := ecdsa.GenerateKey(curve, rand.Reader) + private, err := ecdsa.GenerateKey(curve, nil) test.AssertNotError(t, err, "Error generating key") test.AssertNotError(t, testingPolicy.GoodKey(context.Background(), &private.PublicKey), "Should have accepted good key") } @@ -159,7 +158,7 @@ func TestECDSAGoodKey(t *testing.T) { func TestECDSANotOnCurveX(t *testing.T) { for _, curve := range validCurves { // Change a public key so that it is no longer on the curve. - private, err := ecdsa.GenerateKey(curve, rand.Reader) + private, err := ecdsa.GenerateKey(curve, nil) test.AssertNotError(t, err, "Error generating key") private.X.Add(private.X, big.NewInt(1)) @@ -172,7 +171,7 @@ func TestECDSANotOnCurveX(t *testing.T) { func TestECDSANotOnCurveY(t *testing.T) { for _, curve := range validCurves { // Again with Y. - private, err := ecdsa.GenerateKey(curve, rand.Reader) + private, err := ecdsa.GenerateKey(curve, nil) test.AssertNotError(t, err, "Error generating key") // Change the public key so that it is no longer on the curve. @@ -186,7 +185,7 @@ func TestECDSANotOnCurveY(t *testing.T) { func TestECDSANegative(t *testing.T) { for _, curve := range validCurves { // Check that negative X is not accepted. - private, err := ecdsa.GenerateKey(curve, rand.Reader) + private, err := ecdsa.GenerateKey(curve, nil) test.AssertNotError(t, err, "Error generating key") private.X.Neg(private.X) @@ -206,7 +205,7 @@ func TestECDSANegative(t *testing.T) { func TestECDSAXOutsideField(t *testing.T) { for _, curve := range validCurves { // Check that X outside [0, p-1] is not accepted. - private, err := ecdsa.GenerateKey(curve, rand.Reader) + private, err := ecdsa.GenerateKey(curve, nil) test.AssertNotError(t, err, "Error generating key") private.X.Mul(private.X, private.Curve.Params().P) @@ -219,7 +218,7 @@ func TestECDSAXOutsideField(t *testing.T) { func TestECDSAYOutsideField(t *testing.T) { for _, curve := range validCurves { // Check that Y outside [0, p-1] is not accepted. - private, err := ecdsa.GenerateKey(curve, rand.Reader) + private, err := ecdsa.GenerateKey(curve, nil) test.AssertNotError(t, err, "Error generating key") private.X.Mul(private.Y, private.Curve.Params().P) @@ -245,7 +244,7 @@ func TestECDSAIdentity(t *testing.T) { } func TestNonRefKey(t *testing.T) { - private, err := rsa.GenerateKey(rand.Reader, 2048) + private, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "Error generating key") test.AssertError(t, testingPolicy.GoodKey(context.Background(), private.PublicKey), "Accepted non-reference key") } @@ -260,7 +259,7 @@ func TestDBBlocklistAccept(t *testing.T) { policy, err := NewPolicy(nil, testCheck) test.AssertNotError(t, err, "NewKeyPolicy failed") - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "ecdsa.GenerateKey failed") err = policy.GoodKey(context.Background(), k.Public()) test.AssertNotError(t, err, "GoodKey failed with a non-blocked key") @@ -275,7 +274,7 @@ func TestDBBlocklistReject(t *testing.T) { policy, err := NewPolicy(nil, testCheck) test.AssertNotError(t, err, "NewKeyPolicy failed") - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "ecdsa.GenerateKey failed") err = policy.GoodKey(context.Background(), k.Public()) test.AssertError(t, err, "GoodKey didn't fail with a blocked key") diff --git a/goodkey/sagoodkey/good_key_test.go b/goodkey/sagoodkey/good_key_test.go index 814804d3d16..5d7d99a29a5 100644 --- a/goodkey/sagoodkey/good_key_test.go +++ b/goodkey/sagoodkey/good_key_test.go @@ -4,7 +4,6 @@ import ( "context" "crypto/ecdsa" "crypto/elliptic" - "crypto/rand" "testing" "google.golang.org/grpc" @@ -24,7 +23,7 @@ func TestDBBlocklistAccept(t *testing.T) { policy, err := NewPolicy(&goodkey.Config{}, testCheck) test.AssertNotError(t, err, "NewKeyPolicy failed") - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "ecdsa.GenerateKey failed") err = policy.GoodKey(context.Background(), k.Public()) test.AssertNotError(t, err, "GoodKey failed with a non-blocked key") @@ -39,7 +38,7 @@ func TestDBBlocklistReject(t *testing.T) { policy, err := NewPolicy(&goodkey.Config{}, testCheck) test.AssertNotError(t, err, "NewKeyPolicy failed") - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "ecdsa.GenerateKey failed") err = policy.GoodKey(context.Background(), k.Public()) test.AssertError(t, err, "GoodKey didn't fail with a blocked key") diff --git a/grpc/creds/creds_test.go b/grpc/creds/creds_test.go index d8bc7ce15c4..88eb5892245 100644 --- a/grpc/creds/creds_test.go +++ b/grpc/creds/creds_test.go @@ -80,7 +80,7 @@ func TestServerTransportCredentials(t *testing.T) { } func TestClientTransportCredentials(t *testing.T) { - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + priv, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") temp := &x509.Certificate{ diff --git a/issuance/cert_test.go b/issuance/cert_test.go index 4e986290d39..e6b89c65104 100644 --- a/issuance/cert_test.go +++ b/issuance/cert_test.go @@ -337,14 +337,14 @@ func TestIssue(t *testing.T) { { name: "RSA", generateFunc: func() (crypto.Signer, error) { - return rsa.GenerateKey(rand.Reader, 2048) + return rsa.GenerateKey(nil, 2048) }, ku: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, }, { name: "ECDSA", generateFunc: func() (crypto.Signer, error) { - return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + return ecdsa.GenerateKey(elliptic.P256(), nil) }, ku: x509.KeyUsageDigitalSignature, }, @@ -401,7 +401,7 @@ func TestIssueDNSNamesOnly(t *testing.T) { if err != nil { t.Fatalf("newIssuer: %s", err) } - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("ecdsa.GenerateKey: %s", err) } @@ -440,7 +440,7 @@ func TestIssueIPAddressesOnly(t *testing.T) { if err != nil { t.Fatalf("newIssuer: %s", err) } - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("ecdsa.GenerateKey: %s", err) } @@ -482,7 +482,7 @@ func TestIssueWithCRLDP(t *testing.T) { if err != nil { t.Fatalf("newIssuer: %s", err) } - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("ecdsa.GenerateKey: %s", err) } @@ -524,7 +524,7 @@ func TestIssueCommonName(t *testing.T) { test.AssertNotError(t, err, "NewProfile failed") signer, err := newIssuer(defaultIssuerConfig(), issuerCert, issuerSigner, fc) test.AssertNotError(t, err, "NewIssuer failed") - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") ir := &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, @@ -591,7 +591,7 @@ func TestIssueOmissions(t *testing.T) { signer, err := newIssuer(defaultIssuerConfig(), issuerCert, issuerSigner, fc) test.AssertNotError(t, err, "NewIssuer failed") - pk, err := rsa.GenerateKey(rand.Reader, 2048) + pk, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "failed to generate test key") _, issuanceToken, err := signer.Prepare(prof, &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, @@ -620,7 +620,7 @@ func TestIssueCTPoison(t *testing.T) { fc.Set(time.Now()) signer, err := newIssuer(defaultIssuerConfig(), issuerCert, issuerSigner, fc) test.AssertNotError(t, err, "NewIssuer failed") - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") _, issuanceToken, err := signer.Prepare(defaultProfile(), &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, @@ -668,7 +668,7 @@ func TestIssueSCTList(t *testing.T) { test.AssertNotError(t, err, "NewProfile failed") signer, err := newIssuer(defaultIssuerConfig(), issuerCert, issuerSigner, fc) test.AssertNotError(t, err, "NewIssuer failed") - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") _, issuanceToken, err := signer.Prepare(enforceSCTsProfile, &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, @@ -736,7 +736,7 @@ func TestIssueBadLint(t *testing.T) { test.AssertNotError(t, err, "NewProfile failed") signer, err := newIssuer(defaultIssuerConfig(), issuerCert, issuerSigner, fc) test.AssertNotError(t, err, "NewIssuer failed") - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") _, _, err = signer.Prepare(noSkipLintsProfile, &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, @@ -765,7 +765,7 @@ func TestIssuanceToken(t *testing.T) { _, err = signer.Issue(nil) test.AssertError(t, err, "expected issuance with a nil token to fail") - pk, err := rsa.GenerateKey(rand.Reader, 2048) + pk, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "failed to generate test key") _, issuanceToken, err := signer.Prepare(defaultProfile(), &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, @@ -812,7 +812,7 @@ func TestInvalidProfile(t *testing.T) { signer, err := newIssuer(defaultIssuerConfig(), issuerCert, issuerSigner, fc) test.AssertNotError(t, err, "NewIssuer failed") - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") _, _, err = signer.Prepare(defaultProfile(), &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, @@ -861,7 +861,7 @@ func TestMismatchedProfiles(t *testing.T) { cnProfile, err := NewProfile(pc) test.AssertNotError(t, err, "NewProfile failed") - pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + pk, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate test key") _, issuanceToken, err := issuer1.Prepare(cnProfile, &IssuanceRequest{ PublicKey: MarshalablePublicKey{pk.Public()}, diff --git a/issuance/issuer_test.go b/issuance/issuer_test.go index aa9911c4e57..81cba9f275c 100644 --- a/issuance/issuer_test.go +++ b/issuance/issuer_test.go @@ -50,7 +50,7 @@ var issuerCert *Certificate var issuerSigner *ecdsa.PrivateKey func TestMain(m *testing.M) { - tk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + tk, err := ecdsa.GenerateKey(elliptic.P256(), nil) cmd.FailOnError(err, "failed to generate test key") issuerSigner = tk template := &x509.Certificate{ @@ -106,7 +106,7 @@ func TestLoadSigner(t *testing.T) { // We're using this for its pubkey. This definitely doesn't match the private // key loaded in any of the tests below, but that's okay because it still gets // us through all the logic in loadSigner. - fakeKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + fakeKey, err := ecdsa.GenerateKey(elliptic.P224(), nil) test.AssertNotError(t, err, "generating test key") tests := []struct { diff --git a/observer/probers/aia/aia_test.go b/observer/probers/aia/aia_test.go index 1a4f1f1feaa..12755953137 100644 --- a/observer/probers/aia/aia_test.go +++ b/observer/probers/aia/aia_test.go @@ -21,7 +21,7 @@ import ( // TestAIAProbe_Probe tests the Probe method of AIAProbe func TestAIAProbe_Probe(t *testing.T) { // Create a test CA certificate - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "generating private key") template := x509.Certificate{ diff --git a/pkcs11helpers/helpers_test.go b/pkcs11helpers/helpers_test.go index f7a252bdb0c..a1bdfa9b880 100644 --- a/pkcs11helpers/helpers_test.go +++ b/pkcs11helpers/helpers_test.go @@ -249,7 +249,7 @@ func TestX509Signer(t *testing.T) { ctx.SignInitFunc = func(pkcs11.SessionHandle, []*pkcs11.Mechanism, pkcs11.ObjectHandle) error { return nil } - tk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + tk, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Failed to generate test key") ctx.SignFunc = func(_ pkcs11.SessionHandle, digest []byte) ([]byte, error) { r, s, err := ecdsa.Sign(rand.Reader, tk, digest[:]) @@ -275,7 +275,7 @@ func TestX509Signer(t *testing.T) { digest := sha256.Sum256([]byte("hello")) s := &Session{ctx, 0} signer := &x509Signer{session: s, keyType: ECDSAKey, pub: tk.Public()} - signature, err := signer.Sign(nil, digest[:], crypto.SHA256) + signature, err := signer.Sign(rand.Reader, digest[:], crypto.SHA256) test.AssertNotError(t, err, "x509Signer.Sign failed") var rfcFormat struct { diff --git a/precert/corr_test.go b/precert/corr_test.go index 8d29ee077e4..d8bce5f20bf 100644 --- a/precert/corr_test.go +++ b/precert/corr_test.go @@ -102,19 +102,19 @@ func derFromPEMFile(filename string) ([]byte, error) { func TestMismatches(t *testing.T) { now := time.Now() - issuerKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + issuerKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatal(err) } // A separate issuer key, used for signing the final certificate, but // using the same simulated issuer certificate. - untrustedIssuerKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + untrustedIssuerKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatal(err) } - subscriberKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + subscriberKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatal(err) } diff --git a/privatekey/privatekey_test.go b/privatekey/privatekey_test.go index bcc2ecf3873..14b736c9811 100644 --- a/privatekey/privatekey_test.go +++ b/privatekey/privatekey_test.go @@ -3,7 +3,6 @@ package privatekey import ( "crypto/ecdsa" "crypto/elliptic" - "crypto/rand" "crypto/rsa" "testing" @@ -11,13 +10,13 @@ import ( ) func TestVerifyRSAKeyPair(t *testing.T) { - privKey1, err := rsa.GenerateKey(rand.Reader, 2048) + privKey1, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "Failed while generating test key 1") _, _, err = verify(privKey1) test.AssertNotError(t, err, "Failed to verify valid key") - privKey2, err := rsa.GenerateKey(rand.Reader, 2048) + privKey2, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "Failed while generating test key 2") verifyHash, err := makeVerifyHash() @@ -28,13 +27,13 @@ func TestVerifyRSAKeyPair(t *testing.T) { } func TestVerifyECDSAKeyPair(t *testing.T) { - privKey1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + privKey1, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Failed while generating test key 1") _, _, err = verify(privKey1) test.AssertNotError(t, err, "Failed to verify valid key") - privKey2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + privKey2, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Failed while generating test key 2") verifyHash, err := makeVerifyHash() diff --git a/publisher/publisher_test.go b/publisher/publisher_test.go index 6cb0c2f118b..d79b01bf7ed 100644 --- a/publisher/publisher_test.go +++ b/publisher/publisher_test.go @@ -149,7 +149,7 @@ func setup(t *testing.T) (*Impl, *x509.Certificate, *ecdsa.PrivateKey) { leaf, err := core.LoadCert("../test/hierarchy/ee-r3.cert.pem") test.AssertNotError(t, err, "unable to load leaf certificate.") - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Couldn't generate test key") return pub, leaf, k @@ -275,14 +275,14 @@ func TestLogCache(t *testing.T) { test.AssertError(t, err, "AddLog() with an invalid log URI didn't error") // Create one keypair & base 64 public key - k1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k1, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "ecdsa.GenerateKey() failed for k1") der1, err := x509.MarshalPKIXPublicKey(&k1.PublicKey) test.AssertNotError(t, err, "x509.MarshalPKIXPublicKey(der1) failed") k1b64 := base64.StdEncoding.EncodeToString(der1) // Create a second keypair & base64 public key - k2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k2, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "ecdsa.GenerateKey() failed for k2") der2, err := x509.MarshalPKIXPublicKey(&k2.PublicKey) test.AssertNotError(t, err, "x509.MarshalPKIXPublicKey(der2) failed") diff --git a/ra/ra_test.go b/ra/ra_test.go index 2b6828047e1..d1249b257db 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -2362,7 +2362,7 @@ func TestFinalizeOrder(t *testing.T) { authzIDA := createFinalizedAuthorization(t, sa, registration.Id, identifier.NewDNS("not-example.com"), exp, core.ChallengeTypeHTTP01, ra.clk.Now()) authzIDB := createFinalizedAuthorization(t, sa, registration.Id, identifier.NewDNS("www.not-example.com"), exp, core.ChallengeTypeHTTP01, ra.clk.Now()) - testKey, err := rsa.GenerateKey(rand.Reader, 2048) + testKey, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "error generating test key") policyForbidCSR, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ @@ -2671,7 +2671,7 @@ func TestFinalizeOrderWithMixedSANAndCN(t *testing.T) { }, }) test.AssertNotError(t, err, "Could not add test order with finalized authz IDs") - testKey, err := rsa.GenerateKey(rand.Reader, 2048) + testKey, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "error generating test key") mixedCSR, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ PublicKey: testKey.PublicKey, @@ -2717,7 +2717,7 @@ func TestFinalizeOrderWildcard(t *testing.T) { now := ra.clk.Now() exp := now.Add(365 * 24 * time.Hour) - testKey, err := rsa.GenerateKey(rand.Reader, 2048) + testKey, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "Error creating test RSA key") wildcardCSR, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ PublicKey: testKey.PublicKey, @@ -2832,7 +2832,7 @@ func TestFinalizeOrderDisabledChallenge(t *testing.T) { test.AssertEquals(t, order.V2Authorizations[0], authzID) // Create a CSR for this order - testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "generating test key") csr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ PublicKey: testKey.PublicKey, @@ -2896,7 +2896,7 @@ func TestFinalizeWithMustStaple(t *testing.T) { test.AssertNotError(t, err, "creating test order") test.AssertEquals(t, order.V2Authorizations[0], authzID) - testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "generating test key") csr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ @@ -2966,7 +2966,7 @@ func TestIssueCertificateAuditLog(t *testing.T) { test.AssertNotError(t, err, "Could not add test order with finalized authz IDs") // Generate a CSR covering the order names with a random RSA key - testKey, err := rsa.GenerateKey(rand.Reader, 2048) + testKey, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "error generating test key") csr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ PublicKey: testKey.PublicKey, @@ -3096,7 +3096,7 @@ func TestIssueCertificateCAACheckLog(t *testing.T) { test.AssertNotError(t, err, "Could not add test order with finalized authz IDs") // Generate a CSR covering the order names with a random RSA key. - testKey, err := rsa.GenerateKey(rand.Reader, 2048) + testKey, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "error generating test key") csr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{ PublicKey: testKey.PublicKey, @@ -3273,7 +3273,7 @@ func TestIssueCertificateOuter(t *testing.T) { ra.SA = &mockSAWithFinalize{} // Create a CSR to submit and a certificate for the fake CA to return. - testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "generating test key") csrDER, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{DNSNames: []string{"example.com"}}, testKey) test.AssertNotError(t, err, "creating test csr") @@ -3480,7 +3480,7 @@ func (msar *mockSARevocation) GetCertificate(_ context.Context, req *sapb.Serial _, _ = rand.Read(serialBytes[:]) serial := big.NewInt(0).SetBytes(serialBytes[:]) - key, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P224(), nil) if err != nil { return nil, err } diff --git a/sa/model_test.go b/sa/model_test.go index 50901aeaae1..66872b480e4 100644 --- a/sa/model_test.go +++ b/sa/model_test.go @@ -373,7 +373,7 @@ func insertCertificate(ctx context.Context, dbMap *db.WrappedMap, fc clock.FakeC SerialNumber: serialBigInt, } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { return fmt.Errorf("generating test key: %w", err) } diff --git a/sa/sa_test.go b/sa/sa_test.go index 3c19459ce1a..55ab37dd3d0 100644 --- a/sa/sa_test.go +++ b/sa/sa_test.go @@ -124,7 +124,7 @@ func initSA(t testing.TB) (*SQLStorageAuthority, clock.FakeClock) { // CreateWorkingTestRegistration inserts a new, correct Registration into the // given SA. func createWorkingRegistration(t testing.TB, sa *SQLStorageAuthority) *corepb.Registration { - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("Failed to generate ECDSA key: %s", err) } @@ -4358,7 +4358,7 @@ func TestGetPausedIdentifiersOnlyUnpausesOneAccount(t *testing.T) { } func newAcctKey(t *testing.T) []byte { - key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, _ := ecdsa.GenerateKey(elliptic.P256(), nil) jwk := &jose.JSONWebKey{Key: key.Public()} acctKey, err := jwk.MarshalJSON() test.AssertNotError(t, err, "failed to marshal account key") diff --git a/test/certs.go b/test/certs.go index add38e4d1b3..e4c4ab222be 100644 --- a/test/certs.go +++ b/test/certs.go @@ -37,7 +37,7 @@ func ThrowAwayCert(t *testing.T, clk clock.Clock) (string, *x509.Certificate) { _, _ = rand.Read(serialBytes[:]) serial := big.NewInt(0).SetBytes(serialBytes[:]) - key, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P224(), nil) AssertNotError(t, err, "rsa.GenerateKey failed") template := &x509.Certificate{ diff --git a/test/integration/account_test.go b/test/integration/account_test.go index cf92764fce7..987e77fc1f4 100644 --- a/test/integration/account_test.go +++ b/test/integration/account_test.go @@ -54,7 +54,7 @@ func TestNewAccount(t *testing.T) { }, } { t.Run(tc.name, func(t *testing.T) { - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("failed to generate account key: %s", err) } @@ -90,7 +90,7 @@ func TestNewAccount_DuplicateKey(t *testing.T) { t.Fatalf("failed to connect to acme directory: %s", err) } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("failed to generate account key: %s", err) } @@ -149,7 +149,7 @@ func TestAccountDeactivate(t *testing.T) { t.Fatalf("failed to connect to acme directory: %s", err) } - acctKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + acctKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("failed to generate account key: %s", err) } diff --git a/test/integration/ari_test.go b/test/integration/ari_test.go index 88fe833d95e..8e14be62297 100644 --- a/test/integration/ari_test.go +++ b/test/integration/ari_test.go @@ -20,7 +20,7 @@ func TestARIAndReplacement(t *testing.T) { // Setup client, err := makeClient("mailto:example@letsencrypt.org") test.AssertNotError(t, err, "creating acme client") - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Issue a cert, request ARI, and check that both the suggested window and @@ -68,7 +68,7 @@ func TestARIShortLived(t *testing.T) { // Setup client, err := makeClient("mailto:example@letsencrypt.org") test.AssertNotError(t, err, "creating acme client") - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Issue a short-lived cert, request ARI, and check that both the suggested @@ -94,7 +94,7 @@ func TestARIRevoked(t *testing.T) { // Setup client, err := makeClient("mailto:example@letsencrypt.org") test.AssertNotError(t, err, "creating acme client") - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Issue a cert, revoke it, request ARI, and check that the suggested window @@ -118,7 +118,7 @@ func TestARIForPrecert(t *testing.T) { // Setup client, err := makeClient("mailto:example@letsencrypt.org") test.AssertNotError(t, err, "creating acme client") - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Try to make a new cert for a new domain, but sabotage the CT logs so diff --git a/test/integration/cert_storage_failed_test.go b/test/integration/cert_storage_failed_test.go index c6839f338f3..54c04ed3d1d 100644 --- a/test/integration/cert_storage_failed_test.go +++ b/test/integration/cert_storage_failed_test.go @@ -118,7 +118,7 @@ func TestIssuanceCertStorageFailed(t *testing.T) { defer db.ExecContext(ctx, `DROP TRIGGER IF EXISTS fail_ready`) } - certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + certKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // ---- Test revocation by serial ---- diff --git a/test/integration/common_test.go b/test/integration/common_test.go index 557bc8f907d..eba5cd218a6 100644 --- a/test/integration/common_test.go +++ b/test/integration/common_test.go @@ -49,7 +49,7 @@ func makeClient(contacts ...string) (*client, error) { if err != nil { return nil, fmt.Errorf("Error connecting to acme directory: %v", err) } - privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + privKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { return nil, fmt.Errorf("error creating private key: %v", err) } @@ -161,7 +161,7 @@ func authAndIssueFetchAllChains(c *client, csrKey *ecdsa.PrivateKey, idents []ac func makeCSR(k *ecdsa.PrivateKey, idents []acme.Identifier, cn bool) (*x509.CertificateRequest, error) { var err error if k == nil { - k, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err = ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { return nil, fmt.Errorf("generating certificate key: %s", err) } diff --git a/test/integration/email_exporter_test.go b/test/integration/email_exporter_test.go index 64ebe191dd3..0975ef9e534 100644 --- a/test/integration/email_exporter_test.go +++ b/test/integration/email_exporter_test.go @@ -154,7 +154,7 @@ func TestContactsSentForNewAccount(t *testing.T) { t.Fatalf("failed to connect to acme directory: %s", err) } - acctKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + acctKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("failed to generate account key: %s", err) } diff --git a/test/integration/errors_test.go b/test/integration/errors_test.go index 83eab5f71a4..4d71d3d4f3e 100644 --- a/test/integration/errors_test.go +++ b/test/integration/errors_test.go @@ -264,7 +264,7 @@ func TestOrderFinalizeEarly(t *testing.T) { if err != nil { t.Fatalf("creating order: %s", err) } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("generating key: %s", err) } diff --git a/test/integration/issuance_test.go b/test/integration/issuance_test.go index f931c0236b4..3266ebfbdba 100644 --- a/test/integration/issuance_test.go +++ b/test/integration/issuance_test.go @@ -29,7 +29,7 @@ func TestCommonNameInCSR(t *testing.T) { test.AssertNotError(t, err, "creating acme client") // Create a private key. - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Put together some names. @@ -66,7 +66,7 @@ func TestFirstCSRSANHoistedToCN(t *testing.T) { test.AssertNotError(t, err, "creating acme client") // Create a private key. - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Create some names that we can sort. @@ -100,7 +100,7 @@ func TestCommonNameSANsTooLong(t *testing.T) { test.AssertNotError(t, err, "creating acme client") // Create a private key. - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Put together some names. @@ -142,7 +142,7 @@ func TestIssuanceProfiles(t *testing.T) { } // Create a private key. - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Create a set of identifiers to request. @@ -184,7 +184,7 @@ func TestIssuanceMTC(t *testing.T) { t.Fatalf("creating acme client: %s", err) } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("generating keypair: %s", err) } @@ -211,7 +211,7 @@ func TestIPShortLived(t *testing.T) { } // Create a private key. - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("creating random cert key: %s", err) } @@ -298,7 +298,7 @@ func TestIPCNRejected(t *testing.T) { t.Fatalf("updating challenge: %s", err) } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("creating random cert key: %s", err) } diff --git a/test/integration/key_rollover_test.go b/test/integration/key_rollover_test.go index 1873864e309..8088a3bab12 100644 --- a/test/integration/key_rollover_test.go +++ b/test/integration/key_rollover_test.go @@ -25,20 +25,20 @@ func TestAccountKeyChange(t *testing.T) { // and P-384) supported by go-jose and goodkey, but doing so results in a very // slow integration test. Instead, just test rollover once in each direction, // ECDSA->RSA and vice versa. - key1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key1, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating P-256 account key") acct1, err := c.NewAccount(key1, false, true) test.AssertNotError(t, err, "creating account") - key2, err := rsa.GenerateKey(rand.Reader, 2048) + key2, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "creating RSA 2048 account key") acct2, err := c.AccountKeyChange(acct1, key2) test.AssertNotError(t, err, "rolling over account key") test.AssertEquals(t, acct2.URL, acct1.URL) - key3, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + key3, err := ecdsa.GenerateKey(elliptic.P384(), nil) test.AssertNotError(t, err, "creating P-384 account key") acct3, err := c.AccountKeyChange(acct1, key3) diff --git a/test/integration/observer_test.go b/test/integration/observer_test.go index 94c2c82bb2d..4b533396276 100644 --- a/test/integration/observer_test.go +++ b/test/integration/observer_test.go @@ -75,7 +75,7 @@ func TestTLSProbe(t *testing.T) { t.Fatalf("creating test acme client: %s", err) } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("generating test key: %s", err) } diff --git a/test/integration/otel_test.go b/test/integration/otel_test.go index bed380e3166..bffe1d13157 100644 --- a/test/integration/otel_test.go +++ b/test/integration/otel_test.go @@ -283,7 +283,7 @@ func traceIssuingTestCert(t *testing.T) trace.TraceID { c, err := acme.NewClient("http://boulder.service.consul:4001/directory", option) test.AssertNotError(t, err, "acme.NewClient failed") - privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + privKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Generating ECDSA key failed") account, err := c.NewAccount(privKey, false, true) diff --git a/test/integration/revocation_test.go b/test/integration/revocation_test.go index 8ae4b0c495e..e0c325e7424 100644 --- a/test/integration/revocation_test.go +++ b/test/integration/revocation_test.go @@ -272,7 +272,7 @@ func TestRevocation(t *testing.T) { issueClient, err := makeClient() test.AssertNotError(t, err, "creating acme client") - certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + certKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") domain := random_domain() @@ -475,7 +475,7 @@ func TestReRevocation(t *testing.T) { issueClient, err := makeClient() test.AssertNotError(t, err, "creating acme client") - certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + certKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") // Try to issue a certificate for the name. @@ -578,7 +578,7 @@ func TestRevokeWithKeyCompromiseBlocksKey(t *testing.T) { c, err := makeClient("mailto:example@letsencrypt.org") test.AssertNotError(t, err, "creating acme client") - certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + certKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate cert key") res, err := authAndIssue(c, certKey, []acme.Identifier{{Type: "dns", Value: random_domain()}}, true, "") @@ -621,7 +621,7 @@ func TestBadKeyRevoker(t *testing.T) { neutralClient, err := makeClient() test.AssertNotError(t, err, "creating acme client") - certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + certKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate cert key") // Issue a cert from the revokee client, which we'll revoke soon @@ -662,7 +662,7 @@ func TestBadKeyRevokerByAccount(t *testing.T) { neutralClient, err := makeClient() test.AssertNotError(t, err, "creating acme client") - certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + certKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to generate cert key") // Issue a cert from the revoke client, which we'll revoke soon diff --git a/test/integration/subordinate_ca_chains_test.go b/test/integration/subordinate_ca_chains_test.go index f54069c4f1f..abf89e1eac4 100644 --- a/test/integration/subordinate_ca_chains_test.go +++ b/test/integration/subordinate_ca_chains_test.go @@ -20,7 +20,7 @@ func TestSubordinateCAChainsServedByWFE(t *testing.T) { client, err := makeClient("mailto:example@letsencrypt.org") test.AssertNotError(t, err, "creating acme client") - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating random cert key") chains, err := authAndIssueFetchAllChains(client, key, []acme.Identifier{{Type: "dns", Value: random_domain()}}, true) diff --git a/test/integration/validation_test.go b/test/integration/validation_test.go index 29e7a69c815..0b9c9516e32 100644 --- a/test/integration/validation_test.go +++ b/test/integration/validation_test.go @@ -326,7 +326,7 @@ func TestCAARechecking(t *testing.T) { // Try to finalize the order created above. Due to our db manipulation, this // should trigger a CAA recheck. And due to our challtestsrv manipulation, // that CAA recheck should fail. Therefore the whole finalize should fail. - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { t.Fatalf("generating cert key: %s", err) } diff --git a/test/load-generator/boulder-calls.go b/test/load-generator/boulder-calls.go index c395a6ee3d6..3e8b00dcbf3 100644 --- a/test/load-generator/boulder-calls.go +++ b/test/load-generator/boulder-calls.go @@ -88,7 +88,7 @@ func newAccount(s *State, c *acmeCache) error { } // Create a random signing key - signKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + signKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { return err } diff --git a/test/load-generator/state.go b/test/load-generator/state.go index 6d075740726..1dcc9f0dfa1 100644 --- a/test/load-generator/state.go +++ b/test/load-generator/state.go @@ -281,7 +281,7 @@ func New( operations []string, challStrat string, revokeChance float32) (*State, error) { - certKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + certKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { return nil, err } diff --git a/test_output.txt b/test_output.txt new file mode 100644 index 00000000000..077daa8f04f --- /dev/null +++ b/test_output.txt @@ -0,0 +1,208 @@ +ok github.com/letsencrypt/boulder/allowlist (cached) +# github.com/letsencrypt/boulder/blog +blog\logger.go:61:28: undefined: syslog.Dial +blog\logger.go:61:48: undefined: syslog.LOG_INFO +# github.com/letsencrypt/pkcs11key/v4 +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:70:25: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:71:29: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:72:28: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:72:58: undefined: pkcs11.Attribute +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:73:24: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:73:58: undefined: pkcs11.ObjectHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:74:30: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:74:54: undefined: pkcs11.ObjectHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:74:80: undefined: pkcs11.Attribute +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:76:36: undefined: pkcs11.TokenInfo +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:76:36: too many errors +# github.com/zmap/zcrypto/x509 +vendor\github.com\zmap\zcrypto\x509\root.go:27:32: undefined: loadSystemRoots +# github.com/letsencrypt/boulder/pkcs11helpers +pkcs11helpers\helpers.go:18:25: undefined: pkcs11.SessionHandle +pkcs11helpers\helpers.go:18:50: undefined: pkcs11.Mechanism +pkcs11helpers\helpers.go:18:71: undefined: pkcs11.Attribute +pkcs11helpers\helpers.go:18:111: undefined: pkcs11.ObjectHandle +pkcs11helpers\helpers.go:19:27: undefined: pkcs11.SessionHandle +pkcs11helpers\helpers.go:19:49: undefined: pkcs11.ObjectHandle +pkcs11helpers\helpers.go:19:73: undefined: pkcs11.Attribute +pkcs11helpers\helpers.go:20:18: undefined: pkcs11.SessionHandle +pkcs11helpers\helpers.go:20:43: undefined: pkcs11.Mechanism +pkcs11helpers\helpers.go:20:61: undefined: pkcs11.ObjectHandle +pkcs11helpers\helpers.go:20:61: too many errors +# github.com/letsencrypt/boulder/goodkey [github.com/letsencrypt/boulder/goodkey.test] +goodkey\good_key_test.go:7:2: "crypto/rand" imported and not used +# github.com/letsencrypt/boulder/goodkey/sagoodkey [github.com/letsencrypt/boulder/goodkey/sagoodkey.test] +goodkey\sagoodkey\good_key_test.go:7:2: "crypto/rand" imported and not used +# github.com/letsencrypt/boulder/privatekey [github.com/letsencrypt/boulder/privatekey.test] +privatekey\privatekey_test.go:6:2: "crypto/rand" imported and not used +FAIL github.com/letsencrypt/boulder/bdns [build failed] +FAIL github.com/letsencrypt/boulder/blog [build failed] +FAIL github.com/letsencrypt/boulder/blog/validator [build failed] +FAIL github.com/letsencrypt/boulder/ca [build failed] +? github.com/letsencrypt/boulder/ca/proto [no test files] +FAIL github.com/letsencrypt/boulder/cmd [build failed] +FAIL github.com/letsencrypt/boulder/cmd/admin [build failed] +FAIL github.com/letsencrypt/boulder/cmd/bad-key-revoker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-ca [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-mtpublisher [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-observer [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-publisher [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-ra [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-sa [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-va [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-wfe2 [build failed] +FAIL github.com/letsencrypt/boulder/cmd/ceremony [build failed] +FAIL github.com/letsencrypt/boulder/cmd/cert-checker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/crl-checker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/crl-storer [build failed] +FAIL github.com/letsencrypt/boulder/cmd/crl-updater [build failed] +FAIL github.com/letsencrypt/boulder/cmd/email-exporter [build failed] +FAIL github.com/letsencrypt/boulder/cmd/log-validator [build failed] +FAIL github.com/letsencrypt/boulder/cmd/nonce-service [build failed] +FAIL github.com/letsencrypt/boulder/cmd/remoteva [build failed] +FAIL github.com/letsencrypt/boulder/cmd/reversed-hostname-checker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/sfe [build failed] +? github.com/letsencrypt/boulder/config [no test files] +ok github.com/letsencrypt/boulder/core (cached) +? github.com/letsencrypt/boulder/core/proto [no test files] +FAIL github.com/letsencrypt/boulder/crl [build failed] +FAIL github.com/letsencrypt/boulder/crl/checker [build failed] +ok github.com/letsencrypt/boulder/crl/idp (cached) +FAIL github.com/letsencrypt/boulder/crl/storer [build failed] +? github.com/letsencrypt/boulder/crl/storer/proto [no test files] +FAIL github.com/letsencrypt/boulder/crl/updater [build failed] +ok github.com/letsencrypt/boulder/csr 1.178s +FAIL github.com/letsencrypt/boulder/ctpolicy [build failed] +? github.com/letsencrypt/boulder/ctpolicy/ctconfig [no test files] +ok github.com/letsencrypt/boulder/ctpolicy/loglist (cached) +--- FAIL: TestWrappedMap (0.01s) + map_test.go:299: unexpected error beginning transaction: failed to begin transaction: dial tcp: lookup unset DB_ADDR: no such host +panic: runtime error: invalid memory address or nil pointer dereference [recovered, repanicked] +[signal 0xc0000005 code=0x0 addr=0x10 pc=0x7ff773d65824] + +goroutine 47 [running]: +testing.tRunner.func1.2({0x7ff77409eb60, 0x7ff7745f6110}) + C:/Program Files/Go/src/testing/testing.go:1974 +0x239 +testing.tRunner.func1() + C:/Program Files/Go/src/testing/testing.go:1977 +0x349 +panic({0x7ff77409eb60?, 0x7ff7745f6110?}) + C:/Program Files/Go/src/runtime/panic.go:860 +0x13a +github.com/letsencrypt/borp.(*Transaction).Rollback(0x151b0e7503c0?) + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/vendor/github.com/letsencrypt/borp/transaction.go:194 +0x24 +github.com/letsencrypt/boulder/db.TestWrappedMap.func3() + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/db/map_test.go:298 +0x1c +runtime.Goexit() + C:/Program Files/Go/src/runtime/panic.go:694 +0x5e +testing.(*common).FailNow(0x151b0e782000) + C:/Program Files/Go/src/testing/testing.go:1022 +0x4a +testing.(*common).Fatalf(0x151b0e782000, {0x7ff77413cc0d?, 0x7ff7746635e0?}, {0x151b0e78de90?, 0x7ff774142ebb?, 0x11?}) + C:/Program Files/Go/src/testing/testing.go:1228 +0x59 +github.com/letsencrypt/boulder/test.AssertNotError(0x151b0e782000, {0x7ff774176220, 0x151b0e697aa0}, {0x7ff7741533ff, 0x26}) + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/test/asserts.go:73 +0xb7 +github.com/letsencrypt/boulder/db.TestWrappedMap(0x151b0e782000) + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/db/map_test.go:299 +0x10b +testing.tRunner(0x151b0e782000, 0x7ff77416da88) + C:/Program Files/Go/src/testing/testing.go:2036 +0xc3 +created by testing.(*T).Run in goroutine 1 + C:/Program Files/Go/src/testing/testing.go:2101 +0x4a9 +FAIL github.com/letsencrypt/boulder/db 0.970s +ok github.com/letsencrypt/boulder/errors (cached) +? github.com/letsencrypt/boulder/features [no test files] +FAIL github.com/letsencrypt/boulder/goodkey [build failed] +FAIL github.com/letsencrypt/boulder/goodkey/sagoodkey [build failed] +FAIL github.com/letsencrypt/boulder/grpc [build failed] +ok github.com/letsencrypt/boulder/grpc/creds 1.958s +? github.com/letsencrypt/boulder/grpc/internal/backoff [no test files] +? github.com/letsencrypt/boulder/grpc/internal/grpcrand [no test files] +ok github.com/letsencrypt/boulder/grpc/internal/leakcheck (cached) +FAIL github.com/letsencrypt/boulder/grpc/internal/resolver/dns [build failed] +? github.com/letsencrypt/boulder/grpc/internal/testutils [no test files] +ok github.com/letsencrypt/boulder/grpc/noncebalancer (cached) +ok github.com/letsencrypt/boulder/grpc/noncebalancerv1 (cached) +? github.com/letsencrypt/boulder/grpc/test_proto [no test files] +ok github.com/letsencrypt/boulder/iana 0.557s +ok github.com/letsencrypt/boulder/identifier (cached) +FAIL github.com/letsencrypt/boulder/issuance [build failed] +FAIL github.com/letsencrypt/boulder/linter [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/cabf_br [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/chrome [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/cpcps [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/rfc [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/test [build failed] +FAIL github.com/letsencrypt/boulder/linter/pkimetal [build failed] +? github.com/letsencrypt/boulder/metrics [no test files] +ok github.com/letsencrypt/boulder/metrics/measured_http 2.491s +FAIL github.com/letsencrypt/boulder/mocks [build failed] +? github.com/letsencrypt/boulder/mtca/proto [no test files] +FAIL github.com/letsencrypt/boulder/mtpublisher [build failed] +ok github.com/letsencrypt/boulder/must (cached) +ok github.com/letsencrypt/boulder/nonce (cached) +? github.com/letsencrypt/boulder/nonce/proto [no test files] +FAIL github.com/letsencrypt/boulder/observer [build failed] +? github.com/letsencrypt/boulder/observer/obsclient [no test files] +FAIL github.com/letsencrypt/boulder/observer/probers [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/aia [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/ccadb [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/crl [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/dns [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/http [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/mock [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/tls [build failed] +FAIL github.com/letsencrypt/boulder/pkcs11helpers [build failed] +FAIL github.com/letsencrypt/boulder/policy [build failed] +ok github.com/letsencrypt/boulder/precert 0.519s +FAIL github.com/letsencrypt/boulder/privatekey [build failed] +ok github.com/letsencrypt/boulder/probs (cached) +FAIL github.com/letsencrypt/boulder/publisher [build failed] +? github.com/letsencrypt/boulder/publisher/proto [no test files] +FAIL github.com/letsencrypt/boulder/ra [build failed] +? github.com/letsencrypt/boulder/ra/proto [no test files] +FAIL github.com/letsencrypt/boulder/ratelimits [build failed] +FAIL github.com/letsencrypt/boulder/redis [build failed] +? github.com/letsencrypt/boulder/revocation [no test files] +FAIL github.com/letsencrypt/boulder/sa [build failed] +? github.com/letsencrypt/boulder/sa/proto [no test files] +? github.com/letsencrypt/boulder/sa/satest [no test files] +FAIL github.com/letsencrypt/boulder/salesforce [build failed] +? github.com/letsencrypt/boulder/salesforce/email/proto [no test files] +FAIL github.com/letsencrypt/boulder/sfe [build failed] +ok github.com/letsencrypt/boulder/sfe/forms (cached) +ok github.com/letsencrypt/boulder/sfe/zendesk (cached) +ok github.com/letsencrypt/boulder/strictyaml (cached) +? github.com/letsencrypt/boulder/test [no test files] +FAIL github.com/letsencrypt/boulder/test/aia-test-srv [build failed] +FAIL github.com/letsencrypt/boulder/test/boulder-tools/flushredis [build failed] +FAIL github.com/letsencrypt/boulder/test/certs [build failed] +FAIL github.com/letsencrypt/boulder/test/chall-test-srv [build failed] +? github.com/letsencrypt/boulder/test/chall-test-srv-client [no test files] +? github.com/letsencrypt/boulder/test/checkari [no test files] +FAIL github.com/letsencrypt/boulder/test/ct-test-srv [build failed] +FAIL github.com/letsencrypt/boulder/test/health-checker [build failed] +? github.com/letsencrypt/boulder/test/inmem/nonce [no test files] +FAIL github.com/letsencrypt/boulder/test/inmem/ra [build failed] +FAIL github.com/letsencrypt/boulder/test/inmem/sa [build failed] +? github.com/letsencrypt/boulder/test/list-features [no test files] +FAIL github.com/letsencrypt/boulder/test/load-generator [build failed] +--- FAIL: TestNew (0.02s) + --- FAIL: TestNew/unreachable_directory_URL (0.01s) + directory_test.go:182: String [Get "http://localhost:1987": dial tcp [::1]:1987: connectex: No connection could be made because the target machine actively refused it.] does not contain [connect: connection refused] +FAIL +FAIL github.com/letsencrypt/boulder/test/load-generator/acme 2.319s +FAIL github.com/letsencrypt/boulder/test/s3-test-srv [build failed] +FAIL github.com/letsencrypt/boulder/test/salesforce-test-srv [build failed] +? github.com/letsencrypt/boulder/test/vars [no test files] +FAIL github.com/letsencrypt/boulder/test/zendesk-test-srv [build failed] +ok github.com/letsencrypt/boulder/test/zendeskfake (cached) +? github.com/letsencrypt/boulder/tools/crldps [no test files] +FAIL github.com/letsencrypt/boulder/tools/nameid [build failed] +? github.com/letsencrypt/boulder/tools/release/branch [no test files] +? github.com/letsencrypt/boulder/tools/release/tag [no test files] +ok github.com/letsencrypt/boulder/trees/cosigned 0.388s +FAIL github.com/letsencrypt/boulder/unpause [build failed] +FAIL github.com/letsencrypt/boulder/va [build failed] +FAIL github.com/letsencrypt/boulder/va/config [build failed] +? github.com/letsencrypt/boulder/va/proto [no test files] +FAIL github.com/letsencrypt/boulder/web [build failed] +FAIL github.com/letsencrypt/boulder/wfe2 [build failed] +FAIL diff --git a/test_output_2.txt b/test_output_2.txt new file mode 100644 index 00000000000..bf6a86e5b0e --- /dev/null +++ b/test_output_2.txt @@ -0,0 +1,202 @@ +ok github.com/letsencrypt/boulder/allowlist (cached) +# github.com/letsencrypt/boulder/blog +blog\logger.go:61:28: undefined: syslog.Dial +blog\logger.go:61:48: undefined: syslog.LOG_INFO +FAIL github.com/letsencrypt/boulder/bdns [build failed] +FAIL github.com/letsencrypt/boulder/blog [build failed] +# github.com/letsencrypt/pkcs11key/v4 +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:70:25: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:71:29: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:72:28: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:72:58: undefined: pkcs11.Attribute +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:73:24: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:73:58: undefined: pkcs11.ObjectHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:74:30: undefined: pkcs11.SessionHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:74:54: undefined: pkcs11.ObjectHandle +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:74:80: undefined: pkcs11.Attribute +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:76:36: undefined: pkcs11.TokenInfo +vendor\github.com\letsencrypt\pkcs11key\v4\key.go:76:36: too many errors +FAIL github.com/letsencrypt/boulder/blog/validator [build failed] +# github.com/zmap/zcrypto/x509 +vendor\github.com\zmap\zcrypto\x509\root.go:27:32: undefined: loadSystemRoots +# github.com/letsencrypt/boulder/pkcs11helpers +pkcs11helpers\helpers.go:18:25: undefined: pkcs11.SessionHandle +pkcs11helpers\helpers.go:18:50: undefined: pkcs11.Mechanism +pkcs11helpers\helpers.go:18:71: undefined: pkcs11.Attribute +pkcs11helpers\helpers.go:18:111: undefined: pkcs11.ObjectHandle +pkcs11helpers\helpers.go:19:27: undefined: pkcs11.SessionHandle +pkcs11helpers\helpers.go:19:49: undefined: pkcs11.ObjectHandle +pkcs11helpers\helpers.go:19:73: undefined: pkcs11.Attribute +pkcs11helpers\helpers.go:20:18: undefined: pkcs11.SessionHandle +pkcs11helpers\helpers.go:20:43: undefined: pkcs11.Mechanism +pkcs11helpers\helpers.go:20:61: undefined: pkcs11.ObjectHandle +pkcs11helpers\helpers.go:20:61: too many errors +FAIL github.com/letsencrypt/boulder/ca [build failed] +? github.com/letsencrypt/boulder/ca/proto [no test files] +FAIL github.com/letsencrypt/boulder/cmd [build failed] +FAIL github.com/letsencrypt/boulder/cmd/admin [build failed] +FAIL github.com/letsencrypt/boulder/cmd/bad-key-revoker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-ca [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-mtpublisher [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-observer [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-publisher [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-ra [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-sa [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-va [build failed] +FAIL github.com/letsencrypt/boulder/cmd/boulder-wfe2 [build failed] +FAIL github.com/letsencrypt/boulder/cmd/ceremony [build failed] +FAIL github.com/letsencrypt/boulder/cmd/cert-checker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/crl-checker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/crl-storer [build failed] +FAIL github.com/letsencrypt/boulder/cmd/crl-updater [build failed] +FAIL github.com/letsencrypt/boulder/cmd/email-exporter [build failed] +FAIL github.com/letsencrypt/boulder/cmd/log-validator [build failed] +FAIL github.com/letsencrypt/boulder/cmd/nonce-service [build failed] +FAIL github.com/letsencrypt/boulder/cmd/remoteva [build failed] +FAIL github.com/letsencrypt/boulder/cmd/reversed-hostname-checker [build failed] +FAIL github.com/letsencrypt/boulder/cmd/sfe [build failed] +? github.com/letsencrypt/boulder/config [no test files] +ok github.com/letsencrypt/boulder/core (cached) +? github.com/letsencrypt/boulder/core/proto [no test files] +FAIL github.com/letsencrypt/boulder/crl [build failed] +FAIL github.com/letsencrypt/boulder/crl/checker [build failed] +ok github.com/letsencrypt/boulder/crl/idp (cached) +FAIL github.com/letsencrypt/boulder/crl/storer [build failed] +? github.com/letsencrypt/boulder/crl/storer/proto [no test files] +FAIL github.com/letsencrypt/boulder/crl/updater [build failed] +ok github.com/letsencrypt/boulder/csr (cached) +FAIL github.com/letsencrypt/boulder/ctpolicy [build failed] +? github.com/letsencrypt/boulder/ctpolicy/ctconfig [no test files] +ok github.com/letsencrypt/boulder/ctpolicy/loglist (cached) +--- FAIL: TestWrappedMap (0.02s) + map_test.go:299: unexpected error beginning transaction: failed to begin transaction: dial tcp: lookup unset DB_ADDR: no such host +panic: runtime error: invalid memory address or nil pointer dereference [recovered, repanicked] +[signal 0xc0000005 code=0x0 addr=0x10 pc=0x7ff72bca5824] + +goroutine 46 [running]: +testing.tRunner.func1.2({0x7ff72bfdeb60, 0x7ff72c536110}) + C:/Program Files/Go/src/testing/testing.go:1974 +0x239 +testing.tRunner.func1() + C:/Program Files/Go/src/testing/testing.go:1977 +0x349 +panic({0x7ff72bfdeb60?, 0x7ff72c536110?}) + C:/Program Files/Go/src/runtime/panic.go:860 +0x13a +github.com/letsencrypt/borp.(*Transaction).Rollback(0x1e7b1d7881e0?) + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/vendor/github.com/letsencrypt/borp/transaction.go:194 +0x24 +github.com/letsencrypt/boulder/db.TestWrappedMap.func3() + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/db/map_test.go:298 +0x1c +runtime.Goexit() + C:/Program Files/Go/src/runtime/panic.go:694 +0x5e +testing.(*common).FailNow(0x1e7b1d7edc00) + C:/Program Files/Go/src/testing/testing.go:1022 +0x4a +testing.(*common).Fatalf(0x1e7b1d7edc00, {0x7ff72c07cc0d?, 0x7ff72c5a35e0?}, {0x1e7b1d7f9e90?, 0x7ff72c082ebb?, 0x11?}) + C:/Program Files/Go/src/testing/testing.go:1228 +0x59 +github.com/letsencrypt/boulder/test.AssertNotError(0x1e7b1d7edc00, {0x7ff72c0b6220, 0x1e7b1d7a59b0}, {0x7ff72c0933ff, 0x26}) + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/test/asserts.go:73 +0xb7 +github.com/letsencrypt/boulder/db.TestWrappedMap(0x1e7b1d7edc00) + C:/Users/mahin/Desktop/VS Projects/boulder/boulder/db/map_test.go:299 +0x10b +testing.tRunner(0x1e7b1d7edc00, 0x7ff72c0ada88) + C:/Program Files/Go/src/testing/testing.go:2036 +0xc3 +created by testing.(*T).Run in goroutine 1 + C:/Program Files/Go/src/testing/testing.go:2101 +0x4a9 +FAIL github.com/letsencrypt/boulder/db 1.169s +ok github.com/letsencrypt/boulder/errors (cached) +? github.com/letsencrypt/boulder/features [no test files] +ok github.com/letsencrypt/boulder/goodkey 1.099s +ok github.com/letsencrypt/boulder/goodkey/sagoodkey 1.239s +FAIL github.com/letsencrypt/boulder/grpc [build failed] +ok github.com/letsencrypt/boulder/grpc/creds (cached) +? github.com/letsencrypt/boulder/grpc/internal/backoff [no test files] +? github.com/letsencrypt/boulder/grpc/internal/grpcrand [no test files] +ok github.com/letsencrypt/boulder/grpc/internal/leakcheck (cached) +FAIL github.com/letsencrypt/boulder/grpc/internal/resolver/dns [build failed] +? github.com/letsencrypt/boulder/grpc/internal/testutils [no test files] +ok github.com/letsencrypt/boulder/grpc/noncebalancer (cached) +ok github.com/letsencrypt/boulder/grpc/noncebalancerv1 (cached) +? github.com/letsencrypt/boulder/grpc/test_proto [no test files] +ok github.com/letsencrypt/boulder/iana (cached) +ok github.com/letsencrypt/boulder/identifier (cached) +FAIL github.com/letsencrypt/boulder/issuance [build failed] +FAIL github.com/letsencrypt/boulder/linter [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/cabf_br [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/chrome [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/cpcps [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/rfc [build failed] +FAIL github.com/letsencrypt/boulder/linter/lints/test [build failed] +FAIL github.com/letsencrypt/boulder/linter/pkimetal [build failed] +? github.com/letsencrypt/boulder/metrics [no test files] +ok github.com/letsencrypt/boulder/metrics/measured_http (cached) +FAIL github.com/letsencrypt/boulder/mocks [build failed] +? github.com/letsencrypt/boulder/mtca/proto [no test files] +FAIL github.com/letsencrypt/boulder/mtpublisher [build failed] +ok github.com/letsencrypt/boulder/must (cached) +ok github.com/letsencrypt/boulder/nonce (cached) +? github.com/letsencrypt/boulder/nonce/proto [no test files] +FAIL github.com/letsencrypt/boulder/observer [build failed] +? github.com/letsencrypt/boulder/observer/obsclient [no test files] +FAIL github.com/letsencrypt/boulder/observer/probers [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/aia [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/ccadb [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/crl [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/dns [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/http [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/mock [build failed] +FAIL github.com/letsencrypt/boulder/observer/probers/tls [build failed] +FAIL github.com/letsencrypt/boulder/pkcs11helpers [build failed] +FAIL github.com/letsencrypt/boulder/policy [build failed] +ok github.com/letsencrypt/boulder/precert 0.497s +ok github.com/letsencrypt/boulder/privatekey 1.099s +ok github.com/letsencrypt/boulder/probs (cached) +FAIL github.com/letsencrypt/boulder/publisher [build failed] +? github.com/letsencrypt/boulder/publisher/proto [no test files] +FAIL github.com/letsencrypt/boulder/ra [build failed] +? github.com/letsencrypt/boulder/ra/proto [no test files] +FAIL github.com/letsencrypt/boulder/ratelimits [build failed] +FAIL github.com/letsencrypt/boulder/redis [build failed] +? github.com/letsencrypt/boulder/revocation [no test files] +FAIL github.com/letsencrypt/boulder/sa [build failed] +? github.com/letsencrypt/boulder/sa/proto [no test files] +? github.com/letsencrypt/boulder/sa/satest [no test files] +FAIL github.com/letsencrypt/boulder/salesforce [build failed] +? github.com/letsencrypt/boulder/salesforce/email/proto [no test files] +FAIL github.com/letsencrypt/boulder/sfe [build failed] +ok github.com/letsencrypt/boulder/sfe/forms (cached) +ok github.com/letsencrypt/boulder/sfe/zendesk (cached) +ok github.com/letsencrypt/boulder/strictyaml (cached) +? github.com/letsencrypt/boulder/test [no test files] +FAIL github.com/letsencrypt/boulder/test/aia-test-srv [build failed] +FAIL github.com/letsencrypt/boulder/test/boulder-tools/flushredis [build failed] +FAIL github.com/letsencrypt/boulder/test/certs [build failed] +FAIL github.com/letsencrypt/boulder/test/chall-test-srv [build failed] +? github.com/letsencrypt/boulder/test/chall-test-srv-client [no test files] +? github.com/letsencrypt/boulder/test/checkari [no test files] +FAIL github.com/letsencrypt/boulder/test/ct-test-srv [build failed] +FAIL github.com/letsencrypt/boulder/test/health-checker [build failed] +? github.com/letsencrypt/boulder/test/inmem/nonce [no test files] +FAIL github.com/letsencrypt/boulder/test/inmem/ra [build failed] +FAIL github.com/letsencrypt/boulder/test/inmem/sa [build failed] +? github.com/letsencrypt/boulder/test/list-features [no test files] +FAIL github.com/letsencrypt/boulder/test/load-generator [build failed] +--- FAIL: TestNew (0.03s) + --- FAIL: TestNew/unreachable_directory_URL (0.02s) + directory_test.go:182: String [Get "http://localhost:1987": dial tcp [::1]:1987: connectex: No connection could be made because the target machine actively refused it.] does not contain [connect: connection refused] +FAIL +FAIL github.com/letsencrypt/boulder/test/load-generator/acme 1.340s +FAIL github.com/letsencrypt/boulder/test/s3-test-srv [build failed] +FAIL github.com/letsencrypt/boulder/test/salesforce-test-srv [build failed] +? github.com/letsencrypt/boulder/test/vars [no test files] +FAIL github.com/letsencrypt/boulder/test/zendesk-test-srv [build failed] +ok github.com/letsencrypt/boulder/test/zendeskfake (cached) +? github.com/letsencrypt/boulder/tools/crldps [no test files] +FAIL github.com/letsencrypt/boulder/tools/nameid [build failed] +? github.com/letsencrypt/boulder/tools/release/branch [no test files] +? github.com/letsencrypt/boulder/tools/release/tag [no test files] +ok github.com/letsencrypt/boulder/trees/cosigned (cached) +FAIL github.com/letsencrypt/boulder/unpause [build failed] +FAIL github.com/letsencrypt/boulder/va [build failed] +FAIL github.com/letsencrypt/boulder/va/config [build failed] +? github.com/letsencrypt/boulder/va/proto [no test files] +FAIL github.com/letsencrypt/boulder/web [build failed] +FAIL github.com/letsencrypt/boulder/wfe2 [build failed] +FAIL diff --git a/va/tlsalpn_test.go b/va/tlsalpn_test.go index ec6af5cd8f8..c3c041e67ee 100644 --- a/va/tlsalpn_test.go +++ b/va/tlsalpn_test.go @@ -65,7 +65,7 @@ func testTLSCert(names []string, ips []net.IP, extensions []pkix.Extension) *tls IPAddresses: ips, ExtraExtensions: extensions, } - key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, _ := ecdsa.GenerateKey(elliptic.P256(), nil) certBytes, _ := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key) return &tls.Certificate{ @@ -338,7 +338,7 @@ func TestCertNames(t *testing.T) { // Round-trip the certificate through generation and parsing, to make sure // certAltNames can handle "real" certificates and not just templates. - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "Error creating test key") certBytes, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key) test.AssertNotError(t, err, "Error creating certificate") @@ -673,7 +673,7 @@ func TestTLSALPN01NotSelfSigned(t *testing.T) { ExtraExtensions: []pkix.Extension{testACMEExt}, } - eeKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + eeKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating test key") issuerCert := &x509.Certificate{ @@ -686,7 +686,7 @@ func TestTLSALPN01NotSelfSigned(t *testing.T) { BasicConstraintsValid: true, } - issuerKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + issuerKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating test key") // Test that a cert with mismatched subject and issuer fields is rejected, @@ -746,7 +746,7 @@ func TestTLSALPN01ExtraIdentifiers(t *testing.T) { ExtraExtensions: []pkix.Extension{testACMEExt}, } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + key, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "creating test key") certBytes, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key) test.AssertNotError(t, err, "failed to create acme-tls/1 cert") diff --git a/wfe2/wfe_test.go b/wfe2/wfe_test.go index 38501994122..4ce0c01d442 100644 --- a/wfe2/wfe_test.go +++ b/wfe2/wfe_test.go @@ -2407,7 +2407,7 @@ func (sa *mockSAWithNewCert) GetCertificate(_ context.Context, req *sapb.Serial, } issuerKey := loadKey(&testing.T{}, issuerKeyPem) - newKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + newKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) if err != nil { return nil, fmt.Errorf("failed to create test key: %w", err) } @@ -3124,7 +3124,7 @@ func TestKeyRollover(t *testing.T) { responseWriter := httptest.NewRecorder() wfe, _, signer := setupWFE(t) - existingKey, err := rsa.GenerateKey(rand.Reader, 2048) + existingKey, err := rsa.GenerateKey(nil, 2048) test.AssertNotError(t, err, "Error creating random 2048 RSA key") newKeyBytes, err := os.ReadFile("../test/test-key-5.der") @@ -3427,7 +3427,7 @@ func TestRevokeCertificateNotIssued(t *testing.T) { wfe.sa = newMockSAWithCert(t, wfe.sa) // Make a self-signed junk certificate - k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + k, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "unexpected error making random private key") // Use a known serial from the mockSAWithValidCert mock. // This ensures that any failures here are due to the certificate's issuer @@ -4080,7 +4080,7 @@ func TestOrderMatchesReplacement(t *testing.T) { expectExpiry := time.Now().AddDate(0, 0, 1) expectSerial := big.NewInt(1337) - testKey, _ := rsa.GenerateKey(rand.Reader, 1024) + testKey, _ := rsa.GenerateKey(nil, 1024) rawCert := x509.Certificate{ NotAfter: expectExpiry, DNSNames: []string{"example.com", "example-a.com"}, @@ -4241,7 +4241,7 @@ func TestCountNewOrderWithReplaces(t *testing.T) { issuer = v break } - testKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, _ := ecdsa.GenerateKey(elliptic.P256(), nil) expectSerial := big.NewInt(1337) expectCert := &x509.Certificate{ NotBefore: fc.Now(), @@ -4307,7 +4307,7 @@ func TestNewOrderRateLimits(t *testing.T) { issuer = v break } - testKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + testKey, err := ecdsa.GenerateKey(elliptic.P256(), nil) test.AssertNotError(t, err, "failed to create test key") extantCert := &x509.Certificate{ NotBefore: fc.Now(),