diff options
author | Daulet Zhanguzin <dauletz@google.com> | 2020-01-30 15:39:45 +0000 |
---|---|---|
committer | Daulet Zhanguzin <dauletz@google.com> | 2020-01-30 15:39:45 +0000 |
commit | d8b28eb10bb59d1a538d0a91b7a2a08aa4cf3819 (patch) | |
tree | 7e894aa1eb2652a1fbe2c3a85d06876e2d4e2b40 /bcprov/src/main/java/org/bouncycastle/jcajce/provider | |
parent | 53833bc1ebd9adc3b552d224e3328f8199d69b88 (diff) | |
download | bouncycastle-d8b28eb10bb59d1a538d0a91b7a2a08aa4cf3819.tar.gz |
Match ciphers by exact mode name
Ensure that ciphers are picked by exact mode name match instead of by
prefix. Also the mode names are case insensitive [1], hence use
equalsIgnoreCase
[1]
https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html
Bug: 148376475
Test: atest CtsLibcoreTestCases
Change-Id: I23d25d072f7b1f53f2697a3c8a1fb8444ff87cab
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jcajce/provider')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index d3d04db4..269edf67 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -300,18 +300,23 @@ public class BaseBlockCipher { modeName = Strings.toUpperCase(mode); - if (modeName.equals("ECB")) + // Android-changed: Ignore case since modes are case insensitive + // https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html + if (modeName.equalsIgnoreCase("ECB")) { ivLength = 0; cipher = new BufferedGenericBlockCipher(baseEngine); } - else if (modeName.equals("CBC")) + // Android-changed: Ignore case since modes are case insensitive + // https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html + else if (modeName.equalsIgnoreCase("CBC")) { ivLength = baseEngine.getBlockSize(); cipher = new BufferedGenericBlockCipher( new CBCBlockCipher(baseEngine)); } - else if (modeName.startsWith("OFB")) + // Android-changed: Use equals instead of startsWith to avoid unintentional matches + else if (modeName.equalsIgnoreCase("OFB")) { ivLength = baseEngine.getBlockSize(); if (modeName.length() != 3) @@ -327,7 +332,8 @@ public class BaseBlockCipher new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); } } - else if (modeName.startsWith("CFB")) + // Android-changed: Use equals instead of startsWith to avoid unintentional matches + else if (modeName.equalsIgnoreCase("CFB")) { ivLength = baseEngine.getBlockSize(); if (modeName.length() != 3) @@ -372,7 +378,8 @@ public class BaseBlockCipher } */ // END Android-removed: Unsupported modes - else if (modeName.startsWith("CTR")) + // Android-changed: Use equals instead of startsWith to avoid unintentional matches + else if (modeName.equalsIgnoreCase("CTR")) { ivLength = baseEngine.getBlockSize(); fixedIv = false; @@ -408,12 +415,14 @@ public class BaseBlockCipher } */ // END Android-removed: Unsupported modes - else if (modeName.startsWith("CTS")) + // Android-changed: Use equals instead of startsWith to avoid unintentional matches + else if (modeName.equalsIgnoreCase("CTS")) { ivLength = baseEngine.getBlockSize(); cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(new CBCBlockCipher(baseEngine))); } - else if (modeName.startsWith("CCM")) + // Android-changed: Use equals instead of startsWith to avoid unintentional matches + else if (modeName.equalsIgnoreCase("CCM")) { ivLength = 12; // CCM nonce 7..13 bytes // BEGIN Android-removed: Unsupported algorithms |