Snap for 10453563 from 7133133ed9e493acc9bd3b7a656d90599e663851 to mainline-os-statsd-releaseaml_sta_341710000aml_sta_341615000aml_sta_341511040aml_sta_341410000aml_sta_341311010aml_sta_341114000aml_sta_341111000aml_sta_341010020aml_sta_340912000aml_sta_340911000aml_net_341111030android14-mainline-os-statsd-release

Change-Id: I365eb0905204141d634f0793d2068520cb7c75a1

1 files changed, 9 insertions, 39 deletions

diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 7eaf8ac8..50417c7a 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -961,56 +961,26 @@ public class BaseBlockCipher
             {
                 byte[] iv = new byte[ivLength];
 
-                // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+                // BEGIN Android-changed: Reject PBE keys with no IV
                 // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
-                // rejected outright in BC 1.54 (even if an IV was passed in params).  We
-                // want the eventual state to be that an IV can be passed in params, but the key
-                // is rejected otherwise.  For now, log that these will be rejected in a future
-                // release.  See b/27995180 for historical details.
-                // ivRandom.nextBytes(iv);
+                // rejected outright in BC 1.54 (even if an IV was passed in params).
+                // See b/27995180 for historical details.
                 if (!isBCPBEKeyWithoutIV(key)) {
                     ivRandom.nextBytes(iv);
                 } else {
-                    // TODO(b/70275132): Change to rejecting these keys
-                    System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
-                    System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
-                    System.err.println(" * have not provided an IV in the AlgorithmParameterSpec.  This");
-                    System.err.println(" * configuration is deprecated.  The cipher will be initialized");
-                    System.err.println(" * with an all-zero IV, but in a future release this call will");
-                    System.err.println(" * throw an exception.");
-                    new InvalidAlgorithmParameterException("No IV set when using PBE key")
-                            .printStackTrace(System.err);
+                    throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
                 }
-                // END Android-changed: For PBE keys with no IV, log and use IV of 0
+                // END Android-changed: Reject PBE keys with no IV
                 param = new ParametersWithIV(param, iv);
                 ivParam = (ParametersWithIV)param;
             }
             else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
             {
-                // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+                // BEGIN Android-changed: Reject PBE keys with no IV
                 // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
-                // rejected outright in BC 1.54 (even if an IV was passed in params).  We
-                // want the eventual state to be that an IV can be passed in params, but the key
-                // is rejected otherwise.  For now, log that these will be rejected in a future
-                // release.  See b/27995180 for historical details.
-                // throw new InvalidAlgorithmParameterException("no IV set when one expected");
-                if (!isBCPBEKeyWithoutIV(key)) {
-                    throw new InvalidAlgorithmParameterException("no IV set when one expected");
-                } else {
-                    // TODO(b/70275132): Change to rejecting these keys
-                    System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
-                    System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
-                    System.err.println(" * have not provided an IV in the AlgorithmParameterSpec.  This");
-                    System.err.println(" * configuration is deprecated.  The cipher will be initialized");
-                    System.err.println(" * with an all-zero IV, but in a future release this call will");
-                    System.err.println(" * throw an exception.");
-                    new InvalidAlgorithmParameterException("No IV set when using PBE key")
-                            .printStackTrace(System.err);
-                    // Mimic behaviour in 1.52 by using an IV of 0's
-                    param = new ParametersWithIV(param, new byte[ivLength]);
-                    ivParam = (ParametersWithIV)param;
-                }
-                // END Android-changed: For PBE keys with no IV, log and use IV of 0
+                // rejected outright in BC 1.54 (even if an IV was passed in params).
+                throw new InvalidAlgorithmParameterException("No IV set when using PBE key");
+                // END Android-changed: Reject PBE keys with no IV
             }
         }