You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/08/25 17:19:53 UTC
[couchdb] branch aegis-sensitive-false created (now 340f3e9)
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a change to branch aegis-sensitive-false
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
at 340f3e9 Clear sensitive flag at end of public api functions
This branch includes the following new commits:
new 340f3e9 Clear sensitive flag at end of public api functions
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb] 01/01: Clear sensitive flag at end of public api functions
Posted by rn...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch aegis-sensitive-false
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 340f3e9c714f3e15a00af038d81963e3e47bb45e
Author: Robert Newson <rn...@apache.org>
AuthorDate: Tue Aug 25 18:18:45 2020 +0100
Clear sensitive flag at end of public api functions
---
src/aegis/src/aegis_server.erl | 50 ++++++++++++++++++++++++++----------------
1 file changed, 31 insertions(+), 19 deletions(-)
diff --git a/src/aegis/src/aegis_server.erl b/src/aegis/src/aegis_server.erl
index 2193262..eb635eb 100644
--- a/src/aegis/src/aegis_server.erl
+++ b/src/aegis/src/aegis_server.erl
@@ -60,25 +60,31 @@ start_link() ->
-spec init_db(Db :: #{}, Options :: list()) -> boolean().
init_db(#{uuid := UUID} = Db, Options) ->
process_flag(sensitive, true),
-
- case ?AEGIS_KEY_MANAGER:init_db(Db, Options) of
- {ok, DbKey} ->
- gen_server:call(?MODULE, {insert_key, UUID, DbKey}),
- true;
- false ->
- false
+ try
+ case ?AEGIS_KEY_MANAGER:init_db(Db, Options) of
+ {ok, DbKey} ->
+ gen_server:call(?MODULE, {insert_key, UUID, DbKey}),
+ true;
+ false ->
+ false
+ end
+ after
+ process_flag(sensitive, false)
end.
-spec open_db(Db :: #{}) -> boolean().
open_db(#{} = Db) ->
process_flag(sensitive, true),
-
- case do_open_db(Db) of
- {ok, _DbKey} ->
- true;
- false ->
- false
+ try
+ case do_open_db(Db) of
+ {ok, _DbKey} ->
+ true;
+ false ->
+ false
+ end
+ after
+ process_flag(sensitive, false)
end.
@@ -101,9 +107,12 @@ encrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) ->
end;
false ->
process_flag(sensitive, true),
-
- {ok, DbKey} = do_open_db(Db),
- do_encrypt(DbKey, Db, Key, Value)
+ try
+ {ok, DbKey} = do_open_db(Db),
+ do_encrypt(DbKey, Db, Key, Value)
+ after
+ process_flag(sensitive, false)
+ end
end.
@@ -126,9 +135,12 @@ decrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) ->
end;
false ->
process_flag(sensitive, true),
-
- {ok, DbKey} = do_open_db(Db),
- do_decrypt(DbKey, Db, Key, Value)
+ try
+ {ok, DbKey} = do_open_db(Db),
+ do_decrypt(DbKey, Db, Key, Value)
+ after
+ process_flag(sensitive, false)
+ end
end.