summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiguel Aranda <miguelaranda@google.com>2023-04-18 13:11:45 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2023-04-18 13:11:45 +0000
commit6ddfb1a15c5d7ded06c76bbb50b943955f29e873 (patch)
tree39be991fa9e225803cfa7afe5e139ae3afa38a29
parent68c2c479455aa9019e139d37c6566d4820045763 (diff)
parente899cb51ae961d7c9cceaff747edb5b308d04474 (diff)
downloadbouncycastle-6ddfb1a15c5d7ded06c76bbb50b943955f29e873.tar.gz
Merge "Reject BC keys without IV." am: 7ea8c17d1a am: e899cb51ae
Original change: https://android-review.googlesource.com/c/platform/external/bouncycastle/+/2193241 Change-Id: I8fc325812927cae2fff0a18f6c55f51d9227d387 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java48
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java48
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java48
3 files changed, 27 insertions, 117 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 8c678059..7dadfa7f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -957,56 +957,26 @@ public class BaseBlockCipher
{
byte[] iv = new byte[ivLength];
- // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+ // BEGIN Android-changed: Reject PBE keys with no IV
// These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
- // rejected outright in BC 1.54 (even if an IV was passed in params). We
- // want the eventual state to be that an IV can be passed in params, but the key
- // is rejected otherwise. For now, log that these will be rejected in a future
- // release. See b/27995180 for historical details.
- // ivRandom.nextBytes(iv);
+ // rejected outright in BC 1.54 (even if an IV was passed in params).
+ // See b/27995180 for historical details.
if (!isBCPBEKeyWithoutIV(key)) {
ivRandom.nextBytes(iv);
} else {
- // TODO(b/70275132): Change to rejecting these keys
- System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
- System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
- System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This");
- System.err.println(" * configuration is deprecated. The cipher will be initialized");
- System.err.println(" * with an all-zero IV, but in a future release this call will");
- System.err.println(" * throw an exception.");
- new InvalidAlgorithmParameterException("No IV set when using PBE key")
- .printStackTrace(System.err);
+ throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
}
- // END Android-changed: For PBE keys with no IV, log and use IV of 0
+ // END Android-changed: Reject PBE keys with no IV
param = new ParametersWithIV(param, iv);
ivParam = (ParametersWithIV)param;
}
else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
{
- // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+ // BEGIN Android-changed: Reject PBE keys with no IV
// These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
- // rejected outright in BC 1.54 (even if an IV was passed in params). We
- // want the eventual state to be that an IV can be passed in params, but the key
- // is rejected otherwise. For now, log that these will be rejected in a future
- // release. See b/27995180 for historical details.
- // throw new InvalidAlgorithmParameterException("no IV set when one expected");
- if (!isBCPBEKeyWithoutIV(key)) {
- throw new InvalidAlgorithmParameterException("no IV set when one expected");
- } else {
- // TODO(b/70275132): Change to rejecting these keys
- System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
- System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
- System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This");
- System.err.println(" * configuration is deprecated. The cipher will be initialized");
- System.err.println(" * with an all-zero IV, but in a future release this call will");
- System.err.println(" * throw an exception.");
- new InvalidAlgorithmParameterException("No IV set when using PBE key")
- .printStackTrace(System.err);
- // Mimic behaviour in 1.52 by using an IV of 0's
- param = new ParametersWithIV(param, new byte[ivLength]);
- ivParam = (ParametersWithIV)param;
- }
- // END Android-changed: For PBE keys with no IV, log and use IV of 0
+ // rejected outright in BC 1.54 (even if an IV was passed in params).
+ throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
+ // END Android-changed: Reject PBE keys with no IV
}
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 1eeb6e96..51310cb5 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -961,56 +961,26 @@ public class BaseBlockCipher
{
byte[] iv = new byte[ivLength];
- // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+ // BEGIN Android-changed: Reject PBE keys with no IV
// These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
- // rejected outright in BC 1.54 (even if an IV was passed in params). We
- // want the eventual state to be that an IV can be passed in params, but the key
- // is rejected otherwise. For now, log that these will be rejected in a future
- // release. See b/27995180 for historical details.
- // ivRandom.nextBytes(iv);
+ // rejected outright in BC 1.54 (even if an IV was passed in params).
+ // See b/27995180 for historical details.
if (!isBCPBEKeyWithoutIV(key)) {
ivRandom.nextBytes(iv);
} else {
- // TODO(b/70275132): Change to rejecting these keys
- System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
- System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
- System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This");
- System.err.println(" * configuration is deprecated. The cipher will be initialized");
- System.err.println(" * with an all-zero IV, but in a future release this call will");
- System.err.println(" * throw an exception.");
- new InvalidAlgorithmParameterException("No IV set when using PBE key")
- .printStackTrace(System.err);
+ throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
}
- // END Android-changed: For PBE keys with no IV, log and use IV of 0
+ // END Android-changed: Reject PBE keys with no IV
param = new ParametersWithIV(param, iv);
ivParam = (ParametersWithIV)param;
}
else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
{
- // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+ // BEGIN Android-changed: Reject PBE keys with no IV
// These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
- // rejected outright in BC 1.54 (even if an IV was passed in params). We
- // want the eventual state to be that an IV can be passed in params, but the key
- // is rejected otherwise. For now, log that these will be rejected in a future
- // release. See b/27995180 for historical details.
- // throw new InvalidAlgorithmParameterException("no IV set when one expected");
- if (!isBCPBEKeyWithoutIV(key)) {
- throw new InvalidAlgorithmParameterException("no IV set when one expected");
- } else {
- // TODO(b/70275132): Change to rejecting these keys
- System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
- System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
- System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This");
- System.err.println(" * configuration is deprecated. The cipher will be initialized");
- System.err.println(" * with an all-zero IV, but in a future release this call will");
- System.err.println(" * throw an exception.");
- new InvalidAlgorithmParameterException("No IV set when using PBE key")
- .printStackTrace(System.err);
- // Mimic behaviour in 1.52 by using an IV of 0's
- param = new ParametersWithIV(param, new byte[ivLength]);
- ivParam = (ParametersWithIV)param;
- }
- // END Android-changed: For PBE keys with no IV, log and use IV of 0
+ // rejected outright in BC 1.54 (even if an IV was passed in params).
+ throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
+ // END Android-changed: Reject PBE keys with no IV
}
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 7eaf8ac8..50417c7a 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -961,56 +961,26 @@ public class BaseBlockCipher
{
byte[] iv = new byte[ivLength];
- // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+ // BEGIN Android-changed: Reject PBE keys with no IV
// These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
- // rejected outright in BC 1.54 (even if an IV was passed in params). We
- // want the eventual state to be that an IV can be passed in params, but the key
- // is rejected otherwise. For now, log that these will be rejected in a future
- // release. See b/27995180 for historical details.
- // ivRandom.nextBytes(iv);
+ // rejected outright in BC 1.54 (even if an IV was passed in params).
+ // See b/27995180 for historical details.
if (!isBCPBEKeyWithoutIV(key)) {
ivRandom.nextBytes(iv);
} else {
- // TODO(b/70275132): Change to rejecting these keys
- System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
- System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
- System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This");
- System.err.println(" * configuration is deprecated. The cipher will be initialized");
- System.err.println(" * with an all-zero IV, but in a future release this call will");
- System.err.println(" * throw an exception.");
- new InvalidAlgorithmParameterException("No IV set when using PBE key")
- .printStackTrace(System.err);
+ throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
}
- // END Android-changed: For PBE keys with no IV, log and use IV of 0
+ // END Android-changed: Reject PBE keys with no IV
param = new ParametersWithIV(param, iv);
ivParam = (ParametersWithIV)param;
}
else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
{
- // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+ // BEGIN Android-changed: Reject PBE keys with no IV
// These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
- // rejected outright in BC 1.54 (even if an IV was passed in params). We
- // want the eventual state to be that an IV can be passed in params, but the key
- // is rejected otherwise. For now, log that these will be rejected in a future
- // release. See b/27995180 for historical details.
- // throw new InvalidAlgorithmParameterException("no IV set when one expected");
- if (!isBCPBEKeyWithoutIV(key)) {
- throw new InvalidAlgorithmParameterException("no IV set when one expected");
- } else {
- // TODO(b/70275132): Change to rejecting these keys
- System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
- System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
- System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This");
- System.err.println(" * configuration is deprecated. The cipher will be initialized");
- System.err.println(" * with an all-zero IV, but in a future release this call will");
- System.err.println(" * throw an exception.");
- new InvalidAlgorithmParameterException("No IV set when using PBE key")
- .printStackTrace(System.err);
- // Mimic behaviour in 1.52 by using an IV of 0's
- param = new ParametersWithIV(param, new byte[ivLength]);
- ivParam = (ParametersWithIV)param;
- }
- // END Android-changed: For PBE keys with no IV, log and use IV of 0
+ // rejected outright in BC 1.54 (even if an IV was passed in params).
+ throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
+ // END Android-changed: Reject PBE keys with no IV
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 16:12:43 +0000