c9e2cd93e8
Move logic around a bit to avoid holding locks when not necessary ( #5277 )
...
Also, ensure we are error checking the rand call
2018-09-05 11:49:32 -04:00
7a8c116fb1
undo make fmt ( #5265 )
2018-09-04 09:29:18 -07:00
ed7639b0ec
run make fmt ( #5261 )
2018-09-04 09:12:59 -07:00
9988ace85e
gofmt files ( #5233 )
2018-08-31 09:15:40 -07:00
75eb0f862e
Revert some of commit 050ab805a7565c5b0cadb0176023031ee5f0d17b. ( #4768 )
...
If we have a panic defer functions are run but unlocks aren't. Since we
can't really trust plugins and storage, this backs out the changes for
those parts of the request path.
2018-06-14 13:44:13 -04:00
0c2d2226c4
Remove a lot of deferred functions in the request path. ( #4733 )
...
* Remove a lot of deferred functions in the request path.
There is an interesting benchmark at https://www.reddit.com/r/golang/comments/3h21nk/simple_micro_benchmark_to_measure_the_overhead_of/
It shows that defer actually adds quite a lot of overhead -- maybe 100ns
per call but we defer a *lot* of functions in the request path. So this
removes some of the ones in request handling, ha, barrier, router, and
physical cache.
One meta-note: nearly every metrics function is in a defer which means
every metrics call we add could add a non-trivial amount of time, e.g.
for every 10 extra metrics statements we add 1ms to a request. I don't
know how to solve this right now without doing what I did in some of
these cases and putting that call into a simple function call that then
goes before each return.
* Simplify barrier defer cleanup
2018-06-14 09:49:10 -04:00
abb621752f
Clean up error string formatting ( #4304 )
2018-04-09 14:35:21 -04:00
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
123e22cd7e
Fix compile
2018-01-19 05:31:55 -05:00
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
548629e8ef
Port over some changes
2017-11-30 09:43:07 -05:00
c144f95be0
Sync over
2017-10-23 16:43:07 -04:00
f37b6492d1
More rep porting ( #2391 )
...
* More rep porting
* Add a bit more porting
2017-02-16 23:09:39 -05:00
69eb5066dd
Multi value test seal ( #2281 )
2017-01-17 15:43:10 -05:00
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
8d19b4fb53
Add keyring zeroize function and add some more memzero calls in
...
appropriate places. Known to be best-effort, but may help in some cases.
Fixes #1446
2016-05-27 20:47:40 +00:00
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
c5ddfbc391
Bump AESGCM version; include path in the GCM tags.
2015-09-19 17:04:37 -04:00
ef770e371a
vault: guard against potentially missing keyring
2015-07-13 18:18:22 +10:00
7ecd8f05d1
nomad: fixing issue with keyring upgrade
2015-07-07 16:02:49 -06:00
f6729b29f8
vault: adding ability to reload master key
2015-05-29 14:29:55 -07:00
67ed0a3c16
vault: moving upgrade path into barrier
2015-05-28 16:42:32 -07:00
796ae59a89
vault: support keyring reload
2015-05-28 16:09:15 -07:00
2e86fa62d5
vault: adding barrier AddKey
2015-05-28 15:52:26 -07:00
4e3f0cddcf
vault: Adding VerifyMaster to Barrier
2015-05-28 11:28:33 -07:00
26cff2f42f
vault: expose information about keys
2015-05-27 17:25:36 -07:00
b93feb8a6b
vault: first pass at rekey
2015-05-27 17:13:40 -07:00
ead96e8c99
vault: first pass at key rotation
2015-05-27 17:05:02 -07:00
3d800fe7be
vault: keyring api changes
2015-05-27 17:04:46 -07:00
28560a612f
vault: test for backwards compatability
2015-05-27 16:42:42 -07:00
e8e9103300
vault: share keyring persistence code
2015-05-27 16:29:59 -07:00
0e9136d14c
vault: first pass at keyring integration
2015-05-27 16:01:25 -07:00
70b3b37ffb
vault: rename key epoch to term for clarity
2015-05-27 14:37:39 -07:00
a03268bc32
vault: Adding an epoch prefix to keys to support eventual online key rotation
2015-04-17 16:51:13 -07:00
95c37c1c4d
Clarify Barrier encryption defaults.
...
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
e6fd2f2ce5
vault: Default key size to 256bit.
2015-04-15 13:33:47 -07:00
3ee434a783
vault: Allow AES key to be up to 256 bits. Fixes #7
2015-04-15 13:33:47 -07:00
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
3ed3e23d93
vault: Improve error when unseal key is wrong
2015-03-12 11:27:41 -07:00
aa0ca02b8c
vault: sanity check key length
2015-03-12 11:20:38 -07:00
ea7f4a45e6
vault: Structure the barrier init file
2015-03-05 13:57:45 -08:00
e8abe8b0cd
vault: First pass at a barrier
2015-03-05 13:27:35 -08:00
Jeff Mitchell