X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fpassword%2FEncryptedPassword.php;h=d1774ba8af0149aa688d9d793c1426d2188c4e92;hb=3074a4521a18e78e52ba44cc7c185bac7af4a866;hp=7b3d9f9cf75f3e031b1699097b99d4cad895ec05;hpb=c340c41b37b5079ba90489f6b212bb8e4642031a;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/password/EncryptedPassword.php b/includes/password/EncryptedPassword.php
index 7b3d9f9cf7..d1774ba8af 100644
--- a/includes/password/EncryptedPassword.php
+++ b/includes/password/EncryptedPassword.php
@@ -41,20 +41,33 @@ class EncryptedPassword extends ParameterizedPassword {
 	public function crypt( $password ) {
 		$secret = $this->config['secrets'][$this->params['secret']];
 
+		// Clear error string
+		while ( openssl_error_string() !== false );
+
 		if ( $this->hash ) {
-			$underlyingPassword = $this->factory->newFromCiphertext( openssl_decrypt(
-					base64_decode( $this->hash ), $this->params['cipher'],
-					$secret, 0, base64_decode( $this->args[0] )
-				) );
+			$decrypted = openssl_decrypt(
+					$this->hash, $this->params['cipher'],
+					$secret, 0, base64_decode( $this->args[0] ) );
+			if ( $decrypted === false ) {
+				throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
+			}
+			$underlyingPassword = $this->factory->newFromCiphertext( $decrypted );
 		} else {
 			$underlyingPassword = $this->factory->newFromType( $this->config['underlying'] );
 		}
 
 		$underlyingPassword->crypt( $password );
-		$iv = MWCryptRand::generate( openssl_cipher_iv_length( $this->params['cipher'] ), true );
+		if ( count( $this->args ) ) {
+			$iv = base64_decode( $this->args[0] );
+		} else {
+			$iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
+		}
 
 		$this->hash = openssl_encrypt(
 			$underlyingPassword->toString(), $this->params['cipher'], $secret, 0, $iv );
+		if ( $this->hash === false ) {
+			throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
+		}
 		$this->args = [ base64_encode( $iv ) ];
 	}
 
@@ -65,32 +78,42 @@ class EncryptedPassword extends ParameterizedPassword {
 	 * @return bool True if the password was updated
 	 */
 	public function update() {
-		if ( count( $this->args ) != 2 || $this->params == $this->getDefaultParams() ) {
+		if ( count( $this->args ) != 1 || $this->params == $this->getDefaultParams() ) {
 			// Hash does not need updating
 			return false;
 		}
 
+		// Clear error string
+		while ( openssl_error_string() !== false );
+
 		// Decrypt the underlying hash
 		$underlyingHash = openssl_decrypt(
-			base64_decode( $this->args[1] ),
+			$this->hash,
 			$this->params['cipher'],
 			$this->config['secrets'][$this->params['secret']],
 			0,
 			base64_decode( $this->args[0] )
 		);
+		if ( $underlyingHash === false ) {
+			throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
+		}
 
 		// Reset the params
 		$this->params = $this->getDefaultParams();
 
 		// Check the key size with the new params
-		$iv = MWCryptRand::generate( openssl_cipher_iv_length( $this->params['cipher'] ), true );
-		$this->hash = base64_encode( openssl_encrypt(
+		$iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
+		$this->hash = openssl_encrypt(
 				$underlyingHash,
 				$this->params['cipher'],
 				$this->config['secrets'][$this->params['secret']],
 				0,
 				$iv
-			) );
+			);
+		if ( $this->hash === false ) {
+			throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
+		}
+
 		$this->args = [ base64_encode( $iv ) ];
 
 		return true;