Skip to content

[stable34] fix(security): don't propagate ValueError from Crypto::decrypt() fallback #61105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
backportbot wants to merge 1 commit into
base: stable34
Choose a base branch
from
+28 −1
Open

[stable34] fix(security): don't propagate ValueError from Crypto::decrypt() fallback #61105

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion lib/private/Security/Crypto.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,13 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''):
} catch (Exception $e) {
if ($password === '') {
// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
return $this->decryptWithoutSecret($authenticatedCiphertext, '');
try {
return $this->decryptWithoutSecret($authenticatedCiphertext, '');
} catch (\Throwable) {
// Fallback failed (e.g. v3 ciphertext requires a non-empty key for hash_hkdf),
// rethrow the original exception
throw $e;
}
}
throw $e;
}
Expand Down
21 changes: 21 additions & 0 deletions tests/lib/Security/CryptoTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,27 @@ public function testOcVersion2CiphertextDecryptsToCorrectPlaintext(): void {
);
}

public function testDecryptWithWrongSecretThrowsHmacExceptionNotValueError(): void {
// Encrypt with 'secret-A'
$configA = $this->createMock(IConfig::class);
$configA->method('getSystemValue')->with('secret')->willReturn('secret-A');
$configA->method('getSystemValueString')->with('secret')->willReturn('secret-A');
$cryptoA = new Crypto($configA);
$ciphertext = $cryptoA->encrypt('plaintext');

// Decrypt with 'secret-B': first attempt fails (HMAC mismatch), fallback to empty
// string must not propagate a ValueError for v3 ciphertexts — it must rethrow the
// original HMAC exception instead.
$configB = $this->createMock(IConfig::class);
$configB->method('getSystemValue')->with('secret')->willReturn('secret-B');
$configB->method('getSystemValueString')->with('secret')->willReturn('secret-B');
$cryptoB = new Crypto($configB);

$this->expectException(\Exception::class);
$this->expectExceptionMessage('HMAC does not match.');
$cryptoB->decrypt($ciphertext);
}

public function testVersion3CiphertextDecryptsToCorrectPlaintext(): void {
$this->assertSame(
'Another plaintext value that will be encrypted with version 3. It addresses the related key issue. Old ciphertexts should be decrypted properly, but only use the better version for encryption.',
Expand Down
Loading