From 36cfdd320bd766798930dc09acea74b27f58d95c Mon Sep 17 00:00:00 2001
From: Julius Härtl <jus@bitgrid.net>
Date: Wed, 22 Jul 2020 10:05:51 +0200
Subject: Harden key generation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There might be cases where multiple requests trigger the key generation
at the same time and the instance ends up with a non-fitting
public/private key pair. Therefore the whole key generation should be
locked. Other than that this makes sure that user key generation return
values are properly validated.

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 apps/encryption/lib/Users/Setup.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apps/encryption/lib/Users/Setup.php')

diff --git a/apps/encryption/lib/Users/Setup.php b/apps/encryption/lib/Users/Setup.php
index 5406c4e51cc..e80435ac698 100644
--- a/apps/encryption/lib/Users/Setup.php
+++ b/apps/encryption/lib/Users/Setup.php
@@ -73,8 +73,8 @@ class Setup {
 	 */
 	public function setupUser($uid, $password) {
 		if (!$this->keyManager->userHasKeys($uid)) {
-			return $this->keyManager->storeKeyPair($uid, $password,
-				$this->crypt->createKeyPair());
+			$keyPair = $this->crypt->createKeyPair();
+			return is_array($keyPair) ? $this->keyManager->storeKeyPair($uid, $password, $keyPair) : false;
 		}
 		return true;
 	}
-- 
cgit v1.2.3