From c7ac2e449a91f483f505910a3438655a69ef54ff Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 22 Jan 2019 17:44:13 -0500 Subject: [PATCH] Sync up code --- vault/seal_autoseal.go | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/vault/seal_autoseal.go b/vault/seal_autoseal.go index b9de77c41..524e47e7d 100644 --- a/vault/seal_autoseal.go +++ b/vault/seal_autoseal.go @@ -365,28 +365,12 @@ func (d *autoSeal) VerifyRecoveryKey(ctx context.Context, key []byte) error { blobInfo := &physical.EncryptedBlobInfo{} if err := proto.Unmarshal(pe.Value, blobInfo); err != nil { - return errwrap.Wrapf("failed to proto decode stored keys: {{err}}", err) + return errwrap.Wrapf("failed to proto decode recovery keys: {{err}}", err) } pt, err := d.Decrypt(ctx, blobInfo) if err != nil { - return errwrap.Wrapf("failed to decrypt encrypted stored keys: {{err}}", err) - } - - // Check if provided key is same as the decrypted key - if subtle.ConstantTimeCompare(key, pt) != 1 { - // We may need to upgrade if the key is barrier-wrapped, so check - barrierDec, err := d.core.BarrierEncryptorAccess().Decrypt(ctx, recoveryKeyPath, pt) - if err == nil { - // If we hit this, it got barrier-wrapped, so we need to re-set the - // recovery key after unwrapping - err := d.SetRecoveryKey(ctx, barrierDec) - if err != nil { - return err - } - } - // Set pt to barrierDec for re-checking - pt = barrierDec + return errwrap.Wrapf("failed to decrypt encrypted recovery keys: {{err}}", err) } if subtle.ConstantTimeCompare(key, pt) != 1 {