Throw exception if decryption fails

For #11868

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

lib/private/Security/Crypto.php

@@ -108,15 +108,16 @@ public function encrypt(string $plaintext, string $password = ''): string {
  * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  * @return string plaintext
  * @throws \Exception If the HMAC does not match
+ * @throws \Exception If the decryption failed
  */
  public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
- if($password === '') {
+ if ($password === '') {
  $password = $this->config->getSystemValue('secret');
  }
  $this->cipher->setPassword($password);
 
  $parts = explode('|', $authenticatedCiphertext);
- if(\count($parts) !== 3) {
+ if (\count($parts) !== 3) {
  throw new \Exception('Authenticated ciphertext could not be decoded.');
  }
 
@@ -126,11 +127,16 @@ public function decrypt(string $authenticatedCiphertext, string $password = ''):
 
  $this->cipher->setIV($iv);
 
- if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
+ if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
  throw new \Exception('HMAC does not match.');
  }
 
- return $this->cipher->decrypt($ciphertext);
+ $result = $this->cipher->decrypt($ciphertext);
+ if ($result === false) {
+ throw new \Exception('Decryption failed');
+ }
+
+ return $result;
  }
 
 }

lib/public/Security/ICrypto.php

@@ -60,6 +60,7 @@ public function encrypt(string $plaintext, string $password = ''): string;
  * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
  * @return string plaintext
  * @throws \Exception If the HMAC does not match
+ * @throws \Exception If the decryption failed
  * @since 8.0.0
  */
  public function decrypt(string $authenticatedCiphertext, string $password = ''): string;