Throw exception if decryption fails

For #11868

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

lib/private/Security/Crypto.php

@@ -108,15 +108,16 @@ class Crypto implements ICrypto {
 	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
 	 * @return string plaintext
 	 * @throws \Exception If the HMAC does not match
+	 * @throws \Exception If the decryption failed
 	 */
 	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if($password === '') {
+		if ($password === '') {
 			$password = $this->config->getSystemValue('secret');
 		}
 		$this->cipher->setPassword($password);
 
 		$parts = explode('|', $authenticatedCiphertext);
-		if(\count($parts) !== 3) {
+		if (\count($parts) !== 3) {
 			throw new \Exception('Authenticated ciphertext could not be decoded.');
 		}
 
@@ -126,11 +127,16 @@ class Crypto implements ICrypto {
 
 		$this->cipher->setIV($iv);
 
-		if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
+		if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
 			throw new \Exception('HMAC does not match.');
 		}
 
-		return $this->cipher->decrypt($ciphertext);
+		$result = $this->cipher->decrypt($ciphertext);
+		if ($result === false) {
+			throw new \Exception('Decryption failed');
+		}
+
+		return $result;
 	}
 
 }

lib/public/Security/ICrypto.php

@@ -60,6 +60,7 @@ interface ICrypto {
 	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
 	 * @return string plaintext
 	 * @throws \Exception If the HMAC does not match
+	 * @throws \Exception If the decryption failed
 	 * @since 8.0.0
 	 */
 	public function decrypt(string $authenticatedCiphertext, string $password = ''): string;