commit | 3bbf9b5a36bfc4a491631b033417e3cb0d19bf6b | [log] [tgz] |
---|---|---|
author | Adam Vartanian <flooey@google.com> | Wed Jul 31 10:35:42 2019 +0100 |
committer | Adam Vartanian <flooey@google.com> | Wed Jul 31 10:35:42 2019 +0100 |
tree | 4c48cfe21ad8d18b89787bf1a30529bd0c6f76d7 | |
parent | c65e37c89a98692e518282a6621a1259026f35b8 [diff] |
Only match on exactly GCM mode In Conscrypt, we're adding AES/GCM-SIV/NoPadding as a cipher, which is a different cipher than AES/GCM/NoPadding. Bouncy Castle previously treated any mode that started with "GCM" as being GCM, which now means it will supply the (incorrectly functioning) GCM mode when GCM-SIV is requested. Make the match more strict to keep that from happening. We could consider doing the same for other modes that aren't defined to take a block size suffix, like CCM and CTR, but for now we might as well avoid too much diff from upstream. Test: cts -m CtsLibcoreTestCases Change-Id: I1430fd7678679b1ed23d9c511bc8a1211a7f8c91
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index db2f66c..d3d04db 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -454,7 +454,8 @@ } */ // END Android-removed: Unsupported modes - else if (modeName.startsWith("GCM")) + // Android-changed: Use equals instead of startsWith to not catch GCM-SIV + else if (modeName.equalsIgnoreCase("GCM")) { ivLength = baseEngine.getBlockSize(); // BEGIN Android-removed: Unsupported algorithms
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 5c29fae..1351477 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -458,7 +458,8 @@ } */ // END Android-removed: Unsupported modes - else if (modeName.startsWith("GCM")) + // Android-changed: Use equals instead of startsWith to not catch GCM-SIV + else if (modeName.equalsIgnoreCase("GCM")) { ivLength = baseEngine.getBlockSize(); // BEGIN Android-removed: Unsupported algorithms