diff options
| author | Eric Avdey <eiri@eiri.ca> | 2020-04-24 10:47:57 -0300 |
|---|---|---|
| committer | Eric Avdey <eiri@eiri.ca> | 2020-04-24 10:47:57 -0300 |
| commit | b69263d72742b2e0d529db0917c269b4e44ae200 (patch) | |
| tree | a9f8459943469acb7d31d5e1e2ec9ffd4c71ac28 | |
| parent | 4f95f9e920f5e185a9c8ad402ee0299dad3d43de (diff) | |
| download | couchdb-b69263d72742b2e0d529db0917c269b4e44ae200.tar.gz | |
Pass encryption/decryption errors back to chttpd
| -rw-r--r-- | src/aegis/src/aegis_server.erl | 20 | ||||
| -rw-r--r-- | src/chttpd/src/chttpd.erl | 8 |
2 files changed, 26 insertions, 2 deletions
diff --git a/src/aegis/src/aegis_server.erl b/src/aegis/src/aegis_server.erl index 656449f52..fb0fb5162 100644 --- a/src/aegis/src/aegis_server.erl +++ b/src/aegis/src/aegis_server.erl @@ -86,7 +86,15 @@ encrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) -> case ets:member(?KEY_CHECK, UUID) of true -> - gen_server:call(?MODULE, {encrypt, Db, Key, Value}); + case gen_server:call(?MODULE, {encrypt, Db, Key, Value}) of + CipherText when is_binary(CipherText) -> + CipherText; + {error, {_Tag, {_C_FileName,_LineNumber}, _Desc} = Reason} -> + couch_log:error("aegis encryption failure: ~p ", [Reason]), + erlang:error(decryption_failed); + {error, Reason} -> + erlang:error(Reason) + end; false -> process_flag(sensitive, true), @@ -103,7 +111,15 @@ decrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) -> case ets:member(?KEY_CHECK, UUID) of true -> - gen_server:call(?MODULE, {decrypt, Db, Key, Value}); + case gen_server:call(?MODULE, {decrypt, Db, Key, Value}) of + PlainText when is_binary(PlainText) -> + PlainText; + {error, {_Tag, {_C_FileName,_LineNumber}, _Desc} = Reason} -> + couch_log:error("aegis decryption failure: ~p ", [Reason]), + erlang:error(decryption_failed); + {error, Reason} -> + erlang:error(Reason) + end; false -> process_flag(sensitive, true), diff --git a/src/chttpd/src/chttpd.erl b/src/chttpd/src/chttpd.erl index 2641007f7..04e2bc4a5 100644 --- a/src/chttpd/src/chttpd.erl +++ b/src/chttpd/src/chttpd.erl @@ -356,6 +356,10 @@ catch_error(HttpReq, throw, Error) -> send_error(HttpReq, Error); catch_error(HttpReq, error, database_does_not_exist) -> send_error(HttpReq, database_does_not_exist); +catch_error(HttpReq, error, decryption_failed) -> + send_error(HttpReq, decryption_failed); +catch_error(HttpReq, error, not_ciphertext) -> + send_error(HttpReq, not_ciphertext); catch_error(HttpReq, Tag, Error) -> Stack = erlang:get_stacktrace(), % TODO improve logging and metrics collection for client disconnects @@ -964,6 +968,10 @@ error_info(not_implemented) -> error_info(timeout) -> {500, <<"timeout">>, <<"The request could not be processed in a reasonable" " amount of time.">>}; +error_info(decryption_failed) -> + {500, <<"decryption_failed">>, <<"Decryption failed">>}; +error_info(not_ciphertext) -> + {500, <<"not_ciphertext">>, <<"Not Ciphertext">>}; error_info({service_unavailable, Reason}) -> {503, <<"service unavailable">>, Reason}; error_info({timeout, _Reason}) -> |