[8.x] Throw if tag is passed but is not supported (#41479)

tm1000 · taylorotwell · web-flow · commit a5562634f0de · 2022-03-14T13:47:47.000-05:00
* Throw if tag is passed but is not supported

* Fix Styling

* formatting

Co-authored-by: Taylor Otwell &lt;taylor@laravel.com&gt;
diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php
@@ -159,11 +159,9 @@ public function decrypt($payload, $unserialize = true)
 
         $iv = base64_decode($payload['iv']);
 
-        $tag = empty($payload['tag']) ? null : base64_decode($payload['tag']);
-
-        if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) {
-            throw new DecryptException('Could not decrypt the data.');
-        }
+        $this->ensureTagIsValid(
+            $tag = empty($payload['tag']) ? null : base64_decode($payload['tag'])
+        );
 
         // Here we will decrypt the value. If we are able to successfully decrypt it
         // we will then unserialize it and return it out to the caller. If we are
@@ -255,6 +253,23 @@ protected function validMac(array $payload)
         );
     }
 
+    /**
+     * Ensure the given tag is a valid tag given the selected cipher.
+     *
+     * @param  string  $tag
+     * @return void
+     */
+    protected function ensureTagIsValid($tag)
+    {
+        if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) {
+            throw new DecryptException('Could not decrypt the data.');
+        }
+
+        if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && is_string($tag)) {
+            throw new DecryptException('Unable to use tag because the cipher algorithm does not support AEAD.');
+        }
+    }
+
     /**
      * Get the encryption key.
      *
