From 1da6fdb5143f341aa39d19a6970b14c9d3b3808b Mon Sep 17 00:00:00 2001 From: Andrew Nagy Date: Mon, 14 Mar 2022 11:07:51 -0700 Subject: [PATCH 1/3] Throw if tag is passed but is not supported --- src/Illuminate/Encryption/Encrypter.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php index 460ebf1cbfb2..ed6859f204cc 100755 --- a/src/Illuminate/Encryption/Encrypter.php +++ b/src/Illuminate/Encryption/Encrypter.php @@ -164,6 +164,10 @@ public function decrypt($payload, $unserialize = true) if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) { throw new DecryptException('Could not decrypt the data.'); } + + if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && is_string($tag)) { + throw new DecryptException('The tag cannot be used because the cipher algorithm does not support AEAD'); + } // Here we will decrypt the value. If we are able to successfully decrypt it // we will then unserialize it and return it out to the caller. If we are From c692495cbc45a35f6223bdd63181ef60e0e18fd9 Mon Sep 17 00:00:00 2001 From: Andrew Nagy Date: Mon, 14 Mar 2022 11:09:36 -0700 Subject: [PATCH 2/3] Fix Styling --- src/Illuminate/Encryption/Encrypter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php index ed6859f204cc..f583c8263b6b 100755 --- a/src/Illuminate/Encryption/Encrypter.php +++ b/src/Illuminate/Encryption/Encrypter.php @@ -164,7 +164,7 @@ public function decrypt($payload, $unserialize = true) if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) { throw new DecryptException('Could not decrypt the data.'); } - + if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && is_string($tag)) { throw new DecryptException('The tag cannot be used because the cipher algorithm does not support AEAD'); } From cf661f59ea7b6c4a62ce31d3ea320be3206aa9d7 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Mon, 14 Mar 2022 13:43:47 -0500 Subject: [PATCH 3/3] formatting --- src/Illuminate/Encryption/Encrypter.php | 29 +++++++++++++++++-------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php index f583c8263b6b..9c2a71446576 100755 --- a/src/Illuminate/Encryption/Encrypter.php +++ b/src/Illuminate/Encryption/Encrypter.php @@ -159,15 +159,9 @@ public function decrypt($payload, $unserialize = true) $iv = base64_decode($payload['iv']); - $tag = empty($payload['tag']) ? null : base64_decode($payload['tag']); - - if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) { - throw new DecryptException('Could not decrypt the data.'); - } - - if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && is_string($tag)) { - throw new DecryptException('The tag cannot be used because the cipher algorithm does not support AEAD'); - } + $this->ensureTagIsValid( + $tag = empty($payload['tag']) ? null : base64_decode($payload['tag']) + ); // Here we will decrypt the value. If we are able to successfully decrypt it // we will then unserialize it and return it out to the caller. If we are @@ -259,6 +253,23 @@ protected function validMac(array $payload) ); } + /** + * Ensure the given tag is a valid tag given the selected cipher. + * + * @param string $tag + * @return void + */ + protected function ensureTagIsValid($tag) + { + if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) { + throw new DecryptException('Could not decrypt the data.'); + } + + if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && is_string($tag)) { + throw new DecryptException('Unable to use tag because the cipher algorithm does not support AEAD.'); + } + } + /** * Get the encryption key. *