tls: Stop using elliptic.Marshal

It's been deprecated in go 1.21: https://pkg.go.dev/crypto/elliptic#Marshal > Deprecated: for ECDH, use the crypto/ecdh package. This function > returns an encoding equivalent to that of PublicKey.Bytes in > crypto/ecdh. This fixes a `make lint` failure.
crc-org · May 23, 2024 · 95bf3f4 · 95bf3f4
1 parent 0a73631
commit 95bf3f4
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/pkg/crc/tls/tls.go b/pkg/crc/tls/tls.go
@@ -3,7 +3,6 @@ package tls
 import (
 	"crypto"
 	"crypto/ecdsa"
-	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
@@ -133,7 +132,7 @@ func SignedCertificate(
 	return x509.ParseCertificate(certBytes)
 }
 
-// generateSubjectKeyID generates a SHA-1 hash of the subject public key.
+// generateSubjectKeyID generates a SHA-256 hash of the subject public key.
 func generateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) {
 	var publicKeyBytes []byte
 	var err error
@@ -145,7 +144,11 @@ func generateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) {
 			return nil, errors.Wrap(err, "failed to Marshal ans1 public key")
 		}
 	case *ecdsa.PublicKey:
-		publicKeyBytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
+		ecdhPubKey, err := pub.ECDH()
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to get ECDH public key")
+		}
+		publicKeyBytes = ecdhPubKey.Bytes()
 	default:
 		return nil, errors.New("only RSA and ECDSA public keys supported")
 	}