Vishal Nayak
510726494a
Fix panic when storage value is nil ( #5724 )
...
* Fix panic when storage value is nil
* Ensure the value is at least of expected length
* Format correction
* Address review feedback
2018-11-07 14:10:08 -08:00
Jeff Mitchell
a64fc7d7cb
Batch tokens ( #755 )
2018-10-15 12:56:24 -04:00
Jeff Mitchell
c9e2cd93e8
Move logic around a bit to avoid holding locks when not necessary ( #5277 )
...
Also, ensure we are error checking the rand call
2018-09-05 11:49:32 -04:00
Becca Petrin
7a8c116fb1
undo make fmt ( #5265 )
2018-09-04 09:29:18 -07:00
Becca Petrin
ed7639b0ec
run make fmt ( #5261 )
2018-09-04 09:12:59 -07:00
Calvin Leung Huang
9988ace85e
gofmt files ( #5233 )
2018-08-31 09:15:40 -07:00
Jeff Mitchell
75eb0f862e
Revert some of commit 050ab805a7565c5b0cadb0176023031ee5f0d17b. ( #4768 )
...
If we have a panic defer functions are run but unlocks aren't. Since we
can't really trust plugins and storage, this backs out the changes for
those parts of the request path.
2018-06-14 13:44:13 -04:00
Jeff Mitchell
0c2d2226c4
Remove a lot of deferred functions in the request path. ( #4733 )
...
* Remove a lot of deferred functions in the request path.
There is an interesting benchmark at https://www.reddit.com/r/golang/comments/3h21nk/simple_micro_benchmark_to_measure_the_overhead_of/
It shows that defer actually adds quite a lot of overhead -- maybe 100ns
per call but we defer a *lot* of functions in the request path. So this
removes some of the ones in request handling, ha, barrier, router, and
physical cache.
One meta-note: nearly every metrics function is in a defer which means
every metrics call we add could add a non-trivial amount of time, e.g.
for every 10 extra metrics statements we add 1ms to a request. I don't
know how to solve this right now without doing what I did in some of
these cases and putting that call into a simple function call that then
goes before each return.
* Simplify barrier defer cleanup
2018-06-14 09:49:10 -04:00
Becca Petrin
abb621752f
Clean up error string formatting ( #4304 )
2018-04-09 14:35:21 -04:00
Vishal Nayak
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
Jeff Mitchell
123e22cd7e
Fix compile
2018-01-19 05:31:55 -05:00
Brian Kassouf
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
Jeff Mitchell
548629e8ef
Port over some changes
2017-11-30 09:43:07 -05:00
Jeff Mitchell
c144f95be0
Sync over
2017-10-23 16:43:07 -04:00
Jeff Mitchell
f37b6492d1
More rep porting ( #2391 )
...
* More rep porting
* Add a bit more porting
2017-02-16 23:09:39 -05:00
Jeff Mitchell
69eb5066dd
Multi value test seal ( #2281 )
2017-01-17 15:43:10 -05:00
vishalnayak
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell
8d19b4fb53
Add keyring zeroize function and add some more memzero calls in
...
appropriate places. Known to be best-effort, but may help in some cases.
Fixes #1446
2016-05-27 20:47:40 +00:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Jeff Mitchell
c5ddfbc391
Bump AESGCM version; include path in the GCM tags.
2015-09-19 17:04:37 -04:00
Armon Dadgar
ef770e371a
vault: guard against potentially missing keyring
2015-07-13 18:18:22 +10:00
Armon Dadgar
7ecd8f05d1
nomad: fixing issue with keyring upgrade
2015-07-07 16:02:49 -06:00
Armon Dadgar
f6729b29f8
vault: adding ability to reload master key
2015-05-29 14:29:55 -07:00
Armon Dadgar
67ed0a3c16
vault: moving upgrade path into barrier
2015-05-28 16:42:32 -07:00
Armon Dadgar
796ae59a89
vault: support keyring reload
2015-05-28 16:09:15 -07:00
Armon Dadgar
2e86fa62d5
vault: adding barrier AddKey
2015-05-28 15:52:26 -07:00
Armon Dadgar
4e3f0cddcf
vault: Adding VerifyMaster to Barrier
2015-05-28 11:28:33 -07:00
Armon Dadgar
26cff2f42f
vault: expose information about keys
2015-05-27 17:25:36 -07:00
Armon Dadgar
b93feb8a6b
vault: first pass at rekey
2015-05-27 17:13:40 -07:00
Armon Dadgar
ead96e8c99
vault: first pass at key rotation
2015-05-27 17:05:02 -07:00
Armon Dadgar
3d800fe7be
vault: keyring api changes
2015-05-27 17:04:46 -07:00
Armon Dadgar
28560a612f
vault: test for backwards compatability
2015-05-27 16:42:42 -07:00
Armon Dadgar
e8e9103300
vault: share keyring persistence code
2015-05-27 16:29:59 -07:00
Armon Dadgar
0e9136d14c
vault: first pass at keyring integration
2015-05-27 16:01:25 -07:00
Armon Dadgar
70b3b37ffb
vault: rename key epoch to term for clarity
2015-05-27 14:37:39 -07:00
Armon Dadgar
a03268bc32
vault: Adding an epoch prefix to keys to support eventual online key rotation
2015-04-17 16:51:13 -07:00
Aaron Bedra
95c37c1c4d
Clarify Barrier encryption defaults.
...
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
Armon Dadgar
e6fd2f2ce5
vault: Default key size to 256bit.
2015-04-15 13:33:47 -07:00
Armon Dadgar
3ee434a783
vault: Allow AES key to be up to 256 bits. Fixes #7
2015-04-15 13:33:47 -07:00
Armon Dadgar
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
Armon Dadgar
3ed3e23d93
vault: Improve error when unseal key is wrong
2015-03-12 11:27:41 -07:00
Armon Dadgar
aa0ca02b8c
vault: sanity check key length
2015-03-12 11:20:38 -07:00
Armon Dadgar
ea7f4a45e6
vault: Structure the barrier init file
2015-03-05 13:57:45 -08:00
Armon Dadgar
e8abe8b0cd
vault: First pass at a barrier
2015-03-05 13:27:35 -08:00