forked from chef/chef
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[CHEF-3858] ensure invalid key always fails to decrypt
In Ci, we occasionally see test failures when decryption with an incorrect key does not raise an error, but instead returns garbage. This fixes that issue by adding an HMAC-SHA2-256 of the encrypted data to the version 1 format. For backwards compatibility, decryption will continue if the hmac is missing; therefore, this does not increase the security of encrypted data bag items.
- Loading branch information
1 parent
e0544ef
commit 5b9d52b
Showing
2 changed files
with
52 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters