summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2018-11-14 12:47:35 +0100
committerRoeland Jago Douma <roeland@famdouma.nl>2018-11-14 12:47:35 +0100
commitbe5c050acc9f9dffa6a28f04822f5f1fd7e73127 (patch)
tree084209d3749416be5212e39ae3854631cf44dcfa /lib/private/Security
parentfef51895c2689275805bc166bc3f5be95a836b35 (diff)
downloadnextcloud-server-be5c050acc9f9dffa6a28f04822f5f1fd7e73127.tar.gz
nextcloud-server-be5c050acc9f9dffa6a28f04822f5f1fd7e73127.zip
Throw exception if decryption fails
For #11868 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/Security')
-rw-r--r--lib/private/Security/Crypto.php14
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
index 04d618bf373..876f159950c 100644
--- a/lib/private/Security/Crypto.php
+++ b/lib/private/Security/Crypto.php
@@ -108,15 +108,16 @@ class Crypto implements ICrypto {
* @param string $password Password to encrypt, if not specified the secret from config.php will be taken
* @return string plaintext
* @throws \Exception If the HMAC does not match
+ * @throws \Exception If the decryption failed
*/
public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
- if($password === '') {
+ if ($password === '') {
$password = $this->config->getSystemValue('secret');
}
$this->cipher->setPassword($password);
$parts = explode('|', $authenticatedCiphertext);
- if(\count($parts) !== 3) {
+ if (\count($parts) !== 3) {
throw new \Exception('Authenticated ciphertext could not be decoded.');
}
@@ -126,11 +127,16 @@ class Crypto implements ICrypto {
$this->cipher->setIV($iv);
- if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
+ if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
throw new \Exception('HMAC does not match.');
}
- return $this->cipher->decrypt($ciphertext);
+ $result = $this->cipher->decrypt($ciphertext);
+ if ($result === false) {
+ throw new \Exception('Decryption failed');
+ }
+
+ return $result;
}
}