From 42cff07157e6676d553a1e9e8a382bdef58acccf Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Thu, 5 Jan 2017 13:02:30 -0500 Subject: [PATCH] rekey: added check to ensure that length of PGP keys and the shares are matching --- vault/rekey.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vault/rekey.go b/vault/rekey.go index 964abef4f0..744842ca66 100644 --- a/vault/rekey.go +++ b/vault/rekey.go @@ -350,6 +350,11 @@ func (c *Core) BarrierRekeyUpdate(key []byte, nonce string) (*RekeyResult, error } if len(c.barrierRekeyConfig.PGPKeys) > 0 { + if len(results.SecretShares) != len(c.barrierRekeyConfig.PGPKeys) { + c.logger.Error(fmt.Sprintf("core: mismatch between the number of PGP keys %q and the number of shares %q", len(c.barrierRekeyConfig.PGPKeys), len(results.SecretShares))) + return nil, fmt.Errorf("mismatch between the number of PGP keys %q and the number of shares %q", len(c.barrierRekeyConfig.PGPKeys), len(results.SecretShares)) + } + hexEncodedShares := make([][]byte, len(results.SecretShares)) for i, _ := range results.SecretShares { hexEncodedShares[i] = []byte(hex.EncodeToString(results.SecretShares[i]))