From 04463a10484360e4bfdd46b469ab167dfa68ad8b Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Sat, 7 May 2022 15:39:09 +0200
Subject: Remove jelly bean signing code

---
 .../main/java/de/blinkt/openvpn/VpnProfile.java    | 38 ----------------------
 1 file changed, 38 deletions(-)

diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 00a53565..3163bf27 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -1259,12 +1259,6 @@ public class VpnProfile implements Serializable, Cloneable {
             if (needDigest || keyalgorithm.equals("EC")) {
                 return doDigestSign(privkey, data, padding, hashalg, saltlen);
             } else {
-                // The Jelly Bean *evil* Hack
-                // 4.2 implements the RSA/ECB/PKCS1PADDING in the OpenSSLprovider
-                if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) {
-                    return processSignJellyBeans(privkey, data, padding);
-                }
-
              /* ECB is perfectly fine in this special case, since we are using it for
                 the public/private part in the TLS exchange */
                 Cipher signer = null;
@@ -1376,38 +1370,6 @@ public class VpnProfile implements Serializable, Cloneable {
         return sig.sign();
     }
 
-    private byte[] processSignJellyBeans(PrivateKey privkey, byte[] data, OpenVPNManagement.SignaturePadding padding) {
-        try {
-            boolean pkcs1padding = false;
-            if (padding == OpenVPNManagement.SignaturePadding.RSA_PKCS1_PADDING)
-                pkcs1padding = true;
-            else if (padding != OpenVPNManagement.SignaturePadding.NO_PADDING)
-                throw new IllegalAccessException("Unsuppoirted padding for jelly bean native signing");
-
-            Method getKey = privkey.getClass().getSuperclass().getDeclaredMethod("getOpenSSLKey");
-            getKey.setAccessible(true);
-
-            // Real object type is OpenSSLKey
-            Object opensslkey = getKey.invoke(privkey);
-
-            getKey.setAccessible(false);
-
-            Method getPkeyContext = opensslkey.getClass().getDeclaredMethod("getPkeyContext");
-
-            // integer pointer to EVP_pkey
-            getPkeyContext.setAccessible(true);
-            int pkey = (Integer) getPkeyContext.invoke(opensslkey);
-            getPkeyContext.setAccessible(false);
-
-            // 112 with TLS 1.2 (172 back with 4.3), 36 with TLS 1.0
-            return NativeUtils.rsasign(data, pkey, pkcs1padding);
-
-        } catch (NoSuchMethodException | InvalidKeyException | InvocationTargetException | IllegalAccessException | IllegalArgumentException e) {
-            VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage());
-            return null;
-        }
-    }
-
     private boolean usesExtraProxyOptions() {
         if (mUseCustomConfig && mCustomConfigOptions != null && mCustomConfigOptions.contains("http-proxy-option "))
             return true;
-- 
cgit v1.2.3