scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Return status for rekey/root generation at init time. This mitigates a

Browse Source 
(very unlikely) potential timing attack between init-ing and fetching
status.

Fixes #1054
This commit is contained in:
Jeff Mitchell
2016-02-12 14:24:36 -05:00
parent 180212c1ac
commit 58a2c4d9a0
8 changed files with 103 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
command/generate-root.go
View File

@@ -140,16 +140,11 @@ func (c *GenerateRootCommand) Run(args []string) int {
// Start the root generation process if not started
if !rootGenerationStatus.Started {
err = client.Sys().GenerateRootInit(otp, pgpKey)
rootGenerationStatus, err = client.Sys().GenerateRootInit(otp, pgpKey)
if err != nil {
c.Ui.Error(fmt.Sprintf("Error initializing root generation: %s", err))
return 1
}
rootGenerationStatus, err = client.Sys().GenerateRootStatus()
if err != nil {
c.Ui.Error(fmt.Sprintf("Error reading root generation status: %s", err))
return 1
}
c.Nonce = rootGenerationStatus.Nonce
}
@@ -229,14 +224,15 @@ func (c *GenerateRootCommand) decode(encodedVal, otp string) int {
// initGenerateRoot is used to start the generation process
func (c *GenerateRootCommand) initGenerateRoot(client *api.Client, otp string, pgpKey string) int {
// Start the rekey
err := client.Sys().GenerateRootInit(otp, pgpKey)
status, err := client.Sys().GenerateRootInit(otp, pgpKey)
if err != nil {
c.Ui.Error(fmt.Sprintf("Error initializing root generation: %s", err))
return 1
}
// Provide the current status
return c.rootGenerationStatus(client)
c.dumpStatus(status)
return 0
}
// cancelGenerateRoot is used to abort the generation process