diff options
-rw-r--r-- | main/src/main/cpp/jbcrypto/jbcrypto.cpp | 10 | ||||
-rw-r--r-- | main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 6 | ||||
-rw-r--r-- | main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java | 2 |
3 files changed, 10 insertions, 8 deletions
diff --git a/main/src/main/cpp/jbcrypto/jbcrypto.cpp b/main/src/main/cpp/jbcrypto/jbcrypto.cpp index 93a17d95..2ac52120 100644 --- a/main/src/main/cpp/jbcrypto/jbcrypto.cpp +++ b/main/src/main/cpp/jbcrypto/jbcrypto.cpp @@ -28,10 +28,11 @@ struct EVP_PKEY } pkey; }; -# define RSA_PKCS1_PADDING 1 +#define RSA_PKCS1_PADDING 1 +#define RSA_NO_PADDING 3 extern "C" { - jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign(JNIEnv* env, jclass, jbyteArray from, jint pkeyRef); + jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign(JNIEnv* env, jclass, jbyteArray from, jint pkeyRef, jboolean pkcs1padding); int jniThrowException(JNIEnv* env, const char* className, const char* msg); int (*RSA_size_dyn)(const RSA *); @@ -65,7 +66,7 @@ int jniThrowException(JNIEnv* env, const char* className, const char* msg) { } static char opensslerr[1024]; -jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, jbyteArray from, jint pkeyRef) { +jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, jbyteArray from, jint pkeyRef, jboolean pkcs1padding) { // EVP_MD_CTX* ctx = reinterpret_cast<EVP_MD_CTX*>(ctxRef); @@ -96,7 +97,8 @@ jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, sigret, &siglen, pkey->pkey.rsa) <= 0 ) */ RSA_private_encrypt_dyn=(int (*)(int, const unsigned char *, unsigned char *, RSA *, int)) dlsym(RTLD_DEFAULT, "RSA_private_encrypt"); - siglen = RSA_private_encrypt_dyn(datalen,(unsigned char*) data,sigret,pkey->pkey.rsa,RSA_PKCS1_PADDING); + int paddding = pkcs1padding ? RSA_PKCS1_PADDING : RSA_NO_PADDING; + siglen = RSA_private_encrypt_dyn(datalen,(unsigned char*) data,sigret,pkey->pkey.rsa, paddding); if (siglen < 0) { diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index f5ba358b..bf1b995b 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -1165,7 +1165,7 @@ public class VpnProfile implements Serializable, Cloneable { // The Jelly Bean *evil* Hack // 4.2 implements the RSA/ECB/PKCS1PADDING in the OpenSSLprovider if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) { - return processSignJellyBeans(privkey, data); + return processSignJellyBeans(privkey, data, pkcs1padding); } @@ -1204,7 +1204,7 @@ public class VpnProfile implements Serializable, Cloneable { } } - private byte[] processSignJellyBeans(PrivateKey privkey, byte[] data) { + private byte[] processSignJellyBeans(PrivateKey privkey, byte[] data, boolean pkcs1padding) { try { Method getKey = privkey.getClass().getSuperclass().getDeclaredMethod("getOpenSSLKey"); getKey.setAccessible(true); @@ -1222,7 +1222,7 @@ public class VpnProfile implements Serializable, Cloneable { getPkeyContext.setAccessible(false); // 112 with TLS 1.2 (172 back with 4.3), 36 with TLS 1.0 - return NativeUtils.rsasign(data, pkey); + return NativeUtils.rsasign(data, pkey, pkcs1padding); } catch (NoSuchMethodException | InvalidKeyException | InvocationTargetException | IllegalAccessException | IllegalArgumentException e) { VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage()); diff --git a/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java b/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java index ecf27ef5..d6c1cdb9 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java +++ b/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java @@ -11,7 +11,7 @@ import de.blinkt.openvpn.BuildConfig; import java.security.InvalidKeyException; public class NativeUtils { - public static native byte[] rsasign(byte[] input, int pkey) throws InvalidKeyException; + public static native byte[] rsasign(byte[] input, int pkey, boolean pkcs1padding) throws InvalidKeyException; public static native String[] getIfconfig() throws IllegalArgumentException; |