From fba9704078ff9ef321131669e9677eb400eb05fb Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 7 Jul 2014 20:51:08 +0200 Subject: Add annotation that ECB mode is fine in this particular case --- main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 12 ++++++++---- main/src/main/res/layout/basic_settings.xml | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 35bfc551..7e25e79a 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -1,5 +1,6 @@ package de.blinkt.openvpn; +import android.annotation.SuppressLint; import android.content.Context; import android.content.Intent; import android.content.SharedPreferences; @@ -890,12 +891,15 @@ public class VpnProfile implements Serializable { try { + /* ECB is perfectly fine in this special case, since we are using it for + the public/private part in the TLS exchange + */ + @SuppressLint(GetInstance) + Cipher rsaSigner = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); - Cipher rsasinger = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); + rsaSigner.init(Cipher.ENCRYPT_MODE, privkey); - rsasinger.init(Cipher.ENCRYPT_MODE, privkey); - - byte[] signed_bytes = rsasinger.doFinal(data); + byte[] signed_bytes = rsaSigner.doFinal(data); return Base64.encodeToString(signed_bytes, Base64.NO_WRAP); } catch (NoSuchAlgorithmException e) { diff --git a/main/src/main/res/layout/basic_settings.xml b/main/src/main/res/layout/basic_settings.xml index c6192dc2..86e0640e 100644 --- a/main/src/main/res/layout/basic_settings.xml +++ b/main/src/main/res/layout/basic_settings.xml @@ -1,6 +1,6 @@ -- cgit v1.2.3