diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2022-05-07 15:39:09 +0200 |
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2022-05-07 15:39:09 +0200 |
| commit | 04463a10484360e4bfdd46b469ab167dfa68ad8b (patch) | |
| tree | 41d7518a7875f13d7afe00aeefb43eba087155f9 | |
| parent | b8067d4eda6d198db8a799c921310779253bbe11 (diff) | |
Remove jelly bean signing code
| -rw-r--r-- | main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 00a53565..3163bf27 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -1259,12 +1259,6 @@ public class VpnProfile implements Serializable, Cloneable { if (needDigest || keyalgorithm.equals("EC")) { return doDigestSign(privkey, data, padding, hashalg, saltlen); } else { - // The Jelly Bean *evil* Hack - // 4.2 implements the RSA/ECB/PKCS1PADDING in the OpenSSLprovider - if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) { - return processSignJellyBeans(privkey, data, padding); - } - /* ECB is perfectly fine in this special case, since we are using it for the public/private part in the TLS exchange */ Cipher signer = null; @@ -1376,38 +1370,6 @@ public class VpnProfile implements Serializable, Cloneable { return sig.sign(); } - private byte[] processSignJellyBeans(PrivateKey privkey, byte[] data, OpenVPNManagement.SignaturePadding padding) { - try { - boolean pkcs1padding = false; - if (padding == OpenVPNManagement.SignaturePadding.RSA_PKCS1_PADDING) - pkcs1padding = true; - else if (padding != OpenVPNManagement.SignaturePadding.NO_PADDING) - throw new IllegalAccessException("Unsuppoirted padding for jelly bean native signing"); - - Method getKey = privkey.getClass().getSuperclass().getDeclaredMethod("getOpenSSLKey"); - getKey.setAccessible(true); - - // Real object type is OpenSSLKey - Object opensslkey = getKey.invoke(privkey); - - getKey.setAccessible(false); - - Method getPkeyContext = opensslkey.getClass().getDeclaredMethod("getPkeyContext"); - - // integer pointer to EVP_pkey - getPkeyContext.setAccessible(true); - int pkey = (Integer) getPkeyContext.invoke(opensslkey); - getPkeyContext.setAccessible(false); - - // 112 with TLS 1.2 (172 back with 4.3), 36 with TLS 1.0 - return NativeUtils.rsasign(data, pkey, pkcs1padding); - - } catch (NoSuchMethodException | InvalidKeyException | InvocationTargetException | IllegalAccessException | IllegalArgumentException e) { - VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage()); - return null; - } - } - private boolean usesExtraProxyOptions() { if (mUseCustomConfig && mCustomConfigOptions != null && mCustomConfigOptions.contains("http-proxy-option ")) return true; |