diff options
author | Adam Vartanian <flooey@google.com> | 2019-07-31 10:35:42 +0100 |
---|---|---|
committer | Adam Vartanian <flooey@google.com> | 2019-07-31 10:35:42 +0100 |
commit | 3bbf9b5a36bfc4a491631b033417e3cb0d19bf6b (patch) | |
tree | 4c48cfe21ad8d18b89787bf1a30529bd0c6f76d7 /repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric | |
parent | c65e37c89a98692e518282a6621a1259026f35b8 (diff) | |
download | bouncycastle-3bbf9b5a36bfc4a491631b033417e3cb0d19bf6b.tar.gz |
Only match on exactly GCM mode
In Conscrypt, we're adding AES/GCM-SIV/NoPadding as a cipher, which is
a different cipher than AES/GCM/NoPadding. Bouncy Castle previously
treated any mode that started with "GCM" as being GCM, which now means
it will supply the (incorrectly functioning) GCM mode when GCM-SIV is
requested. Make the match more strict to keep that from happening.
We could consider doing the same for other modes that aren't defined
to take a block size suffix, like CCM and CTR, but for now we might as
well avoid too much diff from upstream.
Test: cts -m CtsLibcoreTestCases
Change-Id: I1430fd7678679b1ed23d9c511bc8a1211a7f8c91
Diffstat (limited to 'repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric')
-rw-r--r-- | repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 5c29faed..13514775 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -458,7 +458,8 @@ public class BaseBlockCipher } */ // END Android-removed: Unsupported modes - else if (modeName.startsWith("GCM")) + // Android-changed: Use equals instead of startsWith to not catch GCM-SIV + else if (modeName.equalsIgnoreCase("GCM")) { ivLength = baseEngine.getBlockSize(); // BEGIN Android-removed: Unsupported algorithms |