Summary
certificate_generator.go uses crypto/sha1 to compute the X.509 SubjectKeyId extension
value from the RSA public key modulus. SHA-1 is deprecated for all uses by NIST (SP 800-131A Rev 2),
disallowed under FIPS 140-2/3 general-purpose hashing requirements.
Affected code
File: types/certificate_generator.go
import "crypto/sha1" // line 13
func (cfg CertificateGenerator) bigIntHash(n *big.Int) []byte {
h := sha1.New() // line 64 ← SHA-1 here
h.Write(n.Bytes())
return h.Sum(nil)
}
certTemplate.SubjectKeyId = cfg.bigIntHash(privateKey.N) // line 97
Summary
certificate_generator.gousescrypto/sha1to compute the X.509SubjectKeyIdextensionvalue from the RSA public key modulus. SHA-1 is deprecated for all uses by NIST (SP 800-131A Rev 2),
disallowed under FIPS 140-2/3 general-purpose hashing requirements.
Affected code
File:
types/certificate_generator.go