mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 04:16:31 +02:00
Code Issues Projects Releases Wiki Activity

rekey: added check to ensure that length of PGP keys and the shares are matching

Browse Source
This commit is contained in:
vishalnayak 2017-01-05 13:02:30 -05:00
parent 3754d68d44
commit 42cff07157
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vault/rekey.go
View File

@ -350,6 +350,11 @@ func (c *Core) BarrierRekeyUpdate(key []byte, nonce string) (*RekeyResult, error
}
if len(c.barrierRekeyConfig.PGPKeys) > 0 {
if len(results.SecretShares) != len(c.barrierRekeyConfig.PGPKeys) {
c.logger.Error(fmt.Sprintf("core: mismatch between the number of PGP keys %q and the number of shares %q", len(c.barrierRekeyConfig.PGPKeys), len(results.SecretShares)))
return nil, fmt.Errorf("mismatch between the number of PGP keys %q and the number of shares %q", len(c.barrierRekeyConfig.PGPKeys), len(results.SecretShares))
}
hexEncodedShares := make([][]byte, len(results.SecretShares))
for i, _ := range results.SecretShares {
hexEncodedShares[i] = []byte(hex.EncodeToString(results.SecretShares[i]))