diff options
author | Adam Vartanian <flooey@google.com> | 2017-05-22 15:37:27 +0100 |
---|---|---|
committer | Adam Vartanian <flooey@google.com> | 2017-05-24 09:51:31 +0000 |
commit | 92e41bf2bd80bb2fad14b31cf7f48c4eb0c12ec9 (patch) | |
tree | 14bbcdd784d44c9bd80fee049311c84aacdf26c9 | |
parent | 8395576a314bb9e81038199355dd78d577845882 (diff) | |
download | bouncycastle-92e41bf2bd80bb2fad14b31cf7f48c4eb0c12ec9.tar.gz |
Don't use algorithm parameters if missing salt or iteration count.android-vts-8.0_r2android-vts-8.0_r1oreo-dev
The PBEKeySpec constructor doesn't allow an empty salt or iteration count,
and throws an exception if it sees one.
Bug: 38161557
Test: cts -m CtsLibcoreTestCases
(cherry picked from commit 65832e311cb5fda062d79599b149232b47294fea)
Change-Id: I69d05471af364f69793e83268c826d24ac82052e
Merged-In: I23fa5d10003637584f856738940f54bddb0657dc
Merged-In: I585d00f30e8848563d74d3f244f073d91d5db268
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 59b715ad..63d7b351 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -642,14 +642,17 @@ public class BaseBlockCipher { pbeSpec = (PBEParameterSpec)params; // BEGIN android-added - // At this point, k.getParam() == null, so the key hasn't been generated. Recreate - // the BCPBEKey with specs from algorithm parameters as to generate the key. - k = new BCPBEKey(k.getAlgorithm(), k.getOID(), k.getType(), k.getDigest(), - k.getKeySize(), k.getIvSize(), - new PBEKeySpec( - k.getPassword(), pbeSpec.getSalt(), pbeSpec.getIterationCount(), - k.getKeySize()), - null /* CipherParameters */); + // At this point, k.getParam() == null, so the key hasn't been generated. If + // the parameters have non-default values, recreate the BCPBEKey from algorithm + // parameters as to generate the key. + if ((pbeSpec.getSalt().length != 0) && (pbeSpec.getIterationCount() > 0)) { + k = new BCPBEKey(k.getAlgorithm(), k.getOID(), k.getType(), k.getDigest(), + k.getKeySize(), k.getIvSize(), + new PBEKeySpec( + k.getPassword(), pbeSpec.getSalt(), pbeSpec.getIterationCount(), + k.getKeySize()), + null /* CipherParameters */); + } // END android-added param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName()); } |