Google Git
Sign in
android / platform / libcore / e5a6402f50561ef98d7d1fe55e4b8db67b247e69
commite5a6402f50561ef98d7d1fe55e4b8db67b247e69[log] [tgz]
authorAdam Vartanian <flooey@google.com>Mon Mar 27 13:34:45 2017 +0100
committerAdam Vartanian <flooey@google.com>Mon Mar 27 14:55:34 2017 +0100
tree9ba927db93d5468ae288257568f7c93fa3ddf8bf
parenta467f5aba0d9b474cfab48c722a025de29673030 [diff]
Throw an exception if CipherOutputStream's cipher does.

The upstream CipherOutputStream just suppresses outputting further
bytes when it gets an exception from the underlying cipher during
doFinal(), which means an invalid authentication tag will be silently
ignored.  Instead, have it throw an exception in that case.

This could theoretically impact app compatibility, but it's unlikely
because this only impacts the case where an AEAD cipher is being
used and the tags don't actually verify, which should only happen in
the case that someone has tampered with the ciphertext.  We also
consider it acceptable to break anyone relying on the behavior that
invalid ciphertexts are silently accepted, since that's inappropriate
behavior in the case of malicious tampering.

Bug: 36636576
Test: cts -m CtsLibcoreTestCases
Change-Id: Ic087015ca3bef8683f23b86ee34b4ecd391e3bdb
2 files changed
tree: 9ba927db93d5468ae288257568f7c93fa3ddf8bf
  1. benchmarks/
  2. dalvik/
  3. dom/
  4. expectations/
  5. harmony-tests/
  6. include/
  7. json/
  8. jsr166-tests/
  9. libart/
  10. luni/
  11. ojluni/
  12. support/
  13. test-rules/
  14. tools/
  15. tzdata/
  16. xml/
  17. Android.mk
  18. check-ojluni-files
  19. CleanSpec.mk
  20. Docs.mk
  21. java_tests_blacklist
  22. JavaLibrary.mk
  23. known_oj_tags.txt
  24. LICENSE
  25. NativeCode.mk
  26. non_openjdk_java_files.mk
  27. NOTICE
  28. openjdk_java_files.mk
  29. run-libcore-tests