90d771fa1619463a872c26152e3f35168eeb1790 |
|
27-Mar-2017 |
Adam Vartanian <flooey@google.com> |
Throw an exception if CipherOutputStream's cipher does. The upstream CipherOutputStream just suppresses outputting further bytes when it gets an exception from the underlying cipher during doFinal(), which means an invalid authentication tag will be silently ignored. Instead, have it throw an exception in that case. This could theoretically impact app compatibility, but it's unlikely because this only impacts the case where an AEAD cipher is being used and the tags don't actually verify, which should only happen in the case that someone has tampered with the ciphertext. We also consider it acceptable to break anyone relying on the behavior that invalid ciphertexts are silently accepted, since that's inappropriate behavior in the case of malicious tampering. Bug: 36636576 Test: cts -m CtsLibcoreTestCases (cherry picked from commit e5a6402f50561ef98d7d1fe55e4b8db67b247e69) Change-Id: I7c9b936cd4ff61e0e045eb862152810c7201635c
|
e5a6402f50561ef98d7d1fe55e4b8db67b247e69 |
|
27-Mar-2017 |
Adam Vartanian <flooey@google.com> |
Throw an exception if CipherOutputStream's cipher does. The upstream CipherOutputStream just suppresses outputting further bytes when it gets an exception from the underlying cipher during doFinal(), which means an invalid authentication tag will be silently ignored. Instead, have it throw an exception in that case. This could theoretically impact app compatibility, but it's unlikely because this only impacts the case where an AEAD cipher is being used and the tags don't actually verify, which should only happen in the case that someone has tampered with the ciphertext. We also consider it acceptable to break anyone relying on the behavior that invalid ciphertexts are silently accepted, since that's inappropriate behavior in the case of malicious tampering. Bug: 36636576 Test: cts -m CtsLibcoreTestCases Change-Id: Ic087015ca3bef8683f23b86ee34b4ecd391e3bdb
|