You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/08/25 17:19:54 UTC
[couchdb] 01/01: Clear sensitive flag at end of public api functions
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch aegis-sensitive-false
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 340f3e9c714f3e15a00af038d81963e3e47bb45e
Author: Robert Newson <rn...@apache.org>
AuthorDate: Tue Aug 25 18:18:45 2020 +0100
Clear sensitive flag at end of public api functions
---
src/aegis/src/aegis_server.erl | 50 ++++++++++++++++++++++++++----------------
1 file changed, 31 insertions(+), 19 deletions(-)
diff --git a/src/aegis/src/aegis_server.erl b/src/aegis/src/aegis_server.erl
index 2193262..eb635eb 100644
--- a/src/aegis/src/aegis_server.erl
+++ b/src/aegis/src/aegis_server.erl
@@ -60,25 +60,31 @@ start_link() ->
-spec init_db(Db :: #{}, Options :: list()) -> boolean().
init_db(#{uuid := UUID} = Db, Options) ->
process_flag(sensitive, true),
-
- case ?AEGIS_KEY_MANAGER:init_db(Db, Options) of
- {ok, DbKey} ->
- gen_server:call(?MODULE, {insert_key, UUID, DbKey}),
- true;
- false ->
- false
+ try
+ case ?AEGIS_KEY_MANAGER:init_db(Db, Options) of
+ {ok, DbKey} ->
+ gen_server:call(?MODULE, {insert_key, UUID, DbKey}),
+ true;
+ false ->
+ false
+ end
+ after
+ process_flag(sensitive, false)
end.
-spec open_db(Db :: #{}) -> boolean().
open_db(#{} = Db) ->
process_flag(sensitive, true),
-
- case do_open_db(Db) of
- {ok, _DbKey} ->
- true;
- false ->
- false
+ try
+ case do_open_db(Db) of
+ {ok, _DbKey} ->
+ true;
+ false ->
+ false
+ end
+ after
+ process_flag(sensitive, false)
end.
@@ -101,9 +107,12 @@ encrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) ->
end;
false ->
process_flag(sensitive, true),
-
- {ok, DbKey} = do_open_db(Db),
- do_encrypt(DbKey, Db, Key, Value)
+ try
+ {ok, DbKey} = do_open_db(Db),
+ do_encrypt(DbKey, Db, Key, Value)
+ after
+ process_flag(sensitive, false)
+ end
end.
@@ -126,9 +135,12 @@ decrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) ->
end;
false ->
process_flag(sensitive, true),
-
- {ok, DbKey} = do_open_db(Db),
- do_decrypt(DbKey, Db, Key, Value)
+ try
+ {ok, DbKey} = do_open_db(Db),
+ do_decrypt(DbKey, Db, Key, Value)
+ after
+ process_flag(sensitive, false)
+ end
end.