diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:00:02 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:00:02 +0000 |
commit | c9eea6775a0c8d82a679e10550dd5c91aa2119c1 (patch) | |
tree | 39be991fa9e225803cfa7afe5e139ae3afa38a29 /repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java | |
parent | 946e39ce0ba8a5180418168888dc5a997ff54732 (diff) | |
parent | 7133133ed9e493acc9bd3b7a656d90599e663851 (diff) | |
download | bouncycastle-e673ff6ae67ac093cacf2504382781c8c0fbd5b2.tar.gz |
Snap for 10453563 from 7133133ed9e493acc9bd3b7a656d90599e663851 to mainline-os-statsd-releaseaml_sta_341710000aml_sta_341615000aml_sta_341511040aml_sta_341410000aml_sta_341311010aml_sta_341114000aml_sta_341111000aml_sta_341010020aml_sta_340912000aml_sta_340911000aml_net_341111030android14-mainline-os-statsd-release
Change-Id: I365eb0905204141d634f0793d2068520cb7c75a1
Diffstat (limited to 'repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java')
-rw-r--r-- | repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java | 48 |
1 files changed, 9 insertions, 39 deletions
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 7eaf8ac8..50417c7a 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -961,56 +961,26 @@ public class BaseBlockCipher { byte[] iv = new byte[ivLength]; - // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0 + // BEGIN Android-changed: Reject PBE keys with no IV // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but - // rejected outright in BC 1.54 (even if an IV was passed in params). We - // want the eventual state to be that an IV can be passed in params, but the key - // is rejected otherwise. For now, log that these will be rejected in a future - // release. See b/27995180 for historical details. - // ivRandom.nextBytes(iv); + // rejected outright in BC 1.54 (even if an IV was passed in params). + // See b/27995180 for historical details. if (!isBCPBEKeyWithoutIV(key)) { ivRandom.nextBytes(iv); } else { - // TODO(b/70275132): Change to rejecting these keys - System.err.println(" ******** DEPRECATED FUNCTIONALITY ********"); - System.err.println(" * You have initialized a cipher with a PBE key with no IV and"); - System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This"); - System.err.println(" * configuration is deprecated. The cipher will be initialized"); - System.err.println(" * with an all-zero IV, but in a future release this call will"); - System.err.println(" * throw an exception."); - new InvalidAlgorithmParameterException("No IV set when using PBE key") - .printStackTrace(System.err); + throw new InvalidAlgorithmParameterException("No IV set when using PBE key"); } - // END Android-changed: For PBE keys with no IV, log and use IV of 0 + // END Android-changed: Reject PBE keys with no IV param = new ParametersWithIV(param, iv); ivParam = (ParametersWithIV)param; } else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) { - // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0 + // BEGIN Android-changed: Reject PBE keys with no IV // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but - // rejected outright in BC 1.54 (even if an IV was passed in params). We - // want the eventual state to be that an IV can be passed in params, but the key - // is rejected otherwise. For now, log that these will be rejected in a future - // release. See b/27995180 for historical details. - // throw new InvalidAlgorithmParameterException("no IV set when one expected"); - if (!isBCPBEKeyWithoutIV(key)) { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } else { - // TODO(b/70275132): Change to rejecting these keys - System.err.println(" ******** DEPRECATED FUNCTIONALITY ********"); - System.err.println(" * You have initialized a cipher with a PBE key with no IV and"); - System.err.println(" * have not provided an IV in the AlgorithmParameterSpec. This"); - System.err.println(" * configuration is deprecated. The cipher will be initialized"); - System.err.println(" * with an all-zero IV, but in a future release this call will"); - System.err.println(" * throw an exception."); - new InvalidAlgorithmParameterException("No IV set when using PBE key") - .printStackTrace(System.err); - // Mimic behaviour in 1.52 by using an IV of 0's - param = new ParametersWithIV(param, new byte[ivLength]); - ivParam = (ParametersWithIV)param; - } - // END Android-changed: For PBE keys with no IV, log and use IV of 0 + // rejected outright in BC 1.54 (even if an IV was passed in params). + throw new InvalidAlgorithmParameterException("No IV set when using PBE key"); + // END Android-changed: Reject PBE keys with no IV } } |