nextcloud/passman
1
1
Fork 0
mirror of https://github.com/nextcloud/passman.git synced 2025-02-24 15:34:11 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'fix/642/hash_equals'

Browse source
This commit is contained in:
Marcos Zuriaga 2022-05-08 21:47:13 +02:00
commit ad1e4b8d4a
No known key found for this signature in database
GPG key ID: 7D15585354D072FF
1 changed files with 6 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
lib/Service/EncryptService.php
View file

@ -152,14 +152,14 @@ class EncryptService {
list ($cipherKey, $macKey, $iv) = $this->getKeys($salt, $key);
if (!$this->hash_equals(hash_hmac('sha512', $enc, $macKey, true), $mac)) {
return false;
if (hash_equals(hash_hmac('sha512', $enc, $macKey, true), $mac)) {
$dec = openssl_decrypt($enc, $this->cipher, $cipherKey, true, $iv);
$data = $this->unpad($dec);
return $data;
}
$dec = openssl_decrypt($enc, $this->cipher, $cipherKey, true, $iv);
$data = $this->unpad($dec);
return $data;
return false;
}
/**
@ -206,15 +206,6 @@ class EncryptService {
return array($cipherKey, $macKey, $iv);
}
protected function hash_equals($a, $b) {
if (function_exists('random_bytes')) {
$key = random_bytes(128);
} else {
$key = openssl_random_pseudo_bytes(128);
}
return hash_hmac('sha512', $a, $key) === hash_hmac('sha512', $b, $key);
}
/**
* Stretch the key using the PBKDF2 algorithm
*