luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Ensure upgrades have a valid HMAC key

This commit is contained in:
Jeff Mitchell 2016-09-21 11:10:57 -04:00
parent 0ff76e16d2
commit 676e7e0f07
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
builtin/logical/transit/policy.go
View File

@ -345,6 +345,10 @@ func (p *policy) needsUpgrade() bool {
return true
}
if p.Keys[p.LatestVersion].HMACKey == nil || len(p.Keys[p.LatestVersion].HMACKey) == 0 {
return true
}
return false
}
@ -380,6 +384,17 @@ func (p *policy) upgrade(storage logical.Storage) error {
persistNeeded = true
}
if p.Keys[p.LatestVersion].HMACKey == nil || len(p.Keys[p.LatestVersion].HMACKey) == 0 {
entry := p.Keys[p.LatestVersion]
hmacKey, err := uuid.GenerateRandomBytes(32)
if err != nil {
return err
}
entry.HMACKey = hmacKey
p.Keys[p.LatestVersion] = entry
persistNeeded = true
}
if persistNeeded {
err := p.Persist(storage)
if err != nil {