summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2016-01-04 23:06:23 +0100
committerLukas Reschke <lukas@owncloud.com>2016-02-09 23:43:24 +0100
commit59ebad0b538ae173f9781cec0f524c8ca407a181 (patch)
tree96115ea877b16a6f510ad4ed8fc3c44b4d2d1d58
parentd25b8dacb36dd251bd7002930a9ce6ba6a50b7a6 (diff)
downloadnextcloud-server-59ebad0b538ae173f9781cec0f524c8ca407a181.tar.gz
nextcloud-server-59ebad0b538ae173f9781cec0f524c8ca407a181.zip
Use an actual 16 byte long IV
The previous IV was actually 12 byte extended to 16 byte using base64. As the encrypted file should be fine with containing binary data as well we can simply remove the encoding like that here.
-rw-r--r--apps/encryption/lib/crypto/crypt.php19
1 files changed, 2 insertions, 17 deletions
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php
index 4bed565d027..ffb64d640dc 100644
--- a/apps/encryption/lib/crypto/crypt.php
+++ b/apps/encryption/lib/crypto/crypt.php
@@ -156,7 +156,7 @@ class Crypt {
* @param string $plainContent
* @param string $passPhrase
* @return false|string
- * @throws GenericEncryptionException
+ * @throws EncryptionFailedException
*/
public function symmetricEncryptFileContent($plainContent, $passPhrase) {
@@ -512,22 +512,7 @@ class Crypt {
* @throws GenericEncryptionException
*/
private function generateIv() {
- $random = openssl_random_pseudo_bytes(12, $strong);
- if ($random) {
- if (!$strong) {
- // If OpenSSL indicates randomness is insecure log error
- $this->logger->error('Encryption Library: Insecure symmetric key was generated using openssl_random_psudo_bytes()',
- ['app' => 'encryption']);
- }
-
- /*
- * We encode the iv purely for string manipulation
- * purposes -it gets decoded before use
- */
- return base64_encode($random);
- }
- // If we ever get here we've failed anyway no need for an else
- throw new GenericEncryptionException('Generating IV Failed');
+ return random_bytes(16);
}
/**