keystore: remove misleading error message from AES_gcm_decrypt()
Since there's now a case where AES_gcm_decrypt() is expected to fail
(trying to use HKDF-derived key to decrypt an old super key that's
encrypted by an PBKDF2-derived key, before falling back to PBKDF2),
remove the corresponding error message from the C++ function. The error
message is misleading in this case. In other cases, the error message
does not provide useful information since it seems to be the only way
that AES_gcm_decrypt() can actually fail (seeing as the length mismatch
should never happen), and the caller uses the boolean return value to
create the real Rust error which is then logged/handled appropriately.
Bug: 296464083
Bug: 314391626
Test: Verified that on device that has old super keys, the
"Failed to decrypt blob" message is no longer logged.
Change-Id: I1a85572626d90b74aa3ccd31bd112d7b06fbe028
This commit is contained in:
Eric Biggers
parent
6e5ccd7f4a
commit
b9c88c9c9e
1 changed files with 2 additions and 1 deletions
|
|
@ -141,7 +141,8 @@ bool AES_gcm_decrypt(const uint8_t* in, uint8_t* out, size_t len, const uint8_t*
|
|||
EVP_DecryptUpdate(ctx.get(), out_pos, &out_len, in, len);
|
||||
out_pos += out_len;
|
||||
if (!EVP_DecryptFinal_ex(ctx.get(), out_pos, &out_len)) {
|
||||
ALOGE("Failed to decrypt blob; ciphertext or tag is likely corrupted");
|
||||
// No error log here; this is expected when trying two different keys to see which one
|
||||
// works. The callers handle the error appropriately.
|
||||
return false;
|
||||
}
|
||||
out_pos += out_len;
|
||||
|
|
|
|||
Loading…
Reference in a new issue