diff options
author | Daulet Zhanguzin <dauletz@google.com> | 2020-02-10 17:04:57 +0000 |
---|---|---|
committer | Daulet Zhanguzin <dauletz@google.com> | 2020-02-10 17:04:57 +0000 |
commit | 14ceec126e49f2f4748f0d540be820515cc725a6 (patch) | |
tree | 16b30287d1aae0c26e4e761a023136f1ee8fb2ff | |
parent | 7f368592677d262880b2016bddc3ce29f9c459cf (diff) | |
download | bouncycastle-14ceec126e49f2f4748f0d540be820515cc725a6.tar.gz |
Only match on exactly GCM mode
In Conscrypt, we're adding AES/GCM-SIV/NoPadding as a cipher, which is
a different cipher than AES/GCM/NoPadding. Bouncy Castle previously
treated any mode that started with "GCM" as being GCM, which now means
it will supply the (incorrectly functioning) GCM mode when GCM-SIV is
requested. Make the match more strict to keep that from happening.
Bug: 148517383
Test: atest CtsLibcoreTestCases
Cherry pick of aosp/1094130
Change-Id: I52dbd3b82ce527df7e4905c1fbe0f66f4d67f86d
2 files changed, 4 insertions, 2 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index db2f66ce..d3d04db4 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -454,7 +454,8 @@ public class BaseBlockCipher } */ // END Android-removed: Unsupported modes - else if (modeName.startsWith("GCM")) + // Android-changed: Use equals instead of startsWith to not catch GCM-SIV + else if (modeName.equalsIgnoreCase("GCM")) { ivLength = baseEngine.getBlockSize(); // BEGIN Android-removed: Unsupported algorithms diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 5c29faed..13514775 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -458,7 +458,8 @@ public class BaseBlockCipher } */ // END Android-removed: Unsupported modes - else if (modeName.startsWith("GCM")) + // Android-changed: Use equals instead of startsWith to not catch GCM-SIV + else if (modeName.equalsIgnoreCase("GCM")) { ivLength = baseEngine.getBlockSize(); // BEGIN Android-removed: Unsupported algorithms |