summaryrefslogtreecommitdiffstats
path: root/apps/encryption/lib/Crypto/Crypt.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/encryption/lib/Crypto/Crypt.php')
-rw-r--r--apps/encryption/lib/Crypto/Crypt.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/apps/encryption/lib/Crypto/Crypt.php b/apps/encryption/lib/Crypto/Crypt.php
index 70c99f808ba..b2fdec513d2 100644
--- a/apps/encryption/lib/Crypto/Crypt.php
+++ b/apps/encryption/lib/Crypto/Crypt.php
@@ -482,9 +482,15 @@ class Crypt {
* @throws GenericEncryptionException
*/
private function checkSignature($data, $passPhrase, $expectedSignature) {
+ $enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false);
+
$signature = $this->createSignature($data, $passPhrase);
- if (!hash_equals($expectedSignature, $signature)) {
+ $isCorrectHash = hash_equals($expectedSignature, $signature);
+
+ if (!$isCorrectHash && $enforceSignature) {
throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
+ } else if (!$isCorrectHash && !$enforceSignature) {
+ $this->logger->info("Signature check skipped", ['app' => 'encryption']);
}
}
@@ -557,11 +563,13 @@ class Crypt {
* @throws GenericEncryptionException
*/
private function hasSignature($catFile, $cipher) {
+ $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);
+
$meta = substr($catFile, -93);
$signaturePosition = strpos($meta, '00sig00');
// enforce signature for the new 'CTR' ciphers
- if ($signaturePosition === false && stripos($cipher, 'ctr') !== false) {
+ if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
}