From 4f5a3249a9a961bfd94dff245b503f7214ce7f73 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Mon, 1 Jun 2015 12:10:55 -0700 Subject: Register DSA OID for KeyFactory not just Signature X.509 certificates made with DSA signatures have the X9 DSA with SHA1 OID typically, so we need Bouncycastle to register this OID as an alias for the DSA KeyFactory. We also need to remove a manual OID alias added for Signatures which probably indicates how this slipped through the cracks. (cherry picked from commit 75fc34101f063fe3534de7340beb13c87786e6e1) Bug: 21209493 Change-Id: I12a88ead61c626343d96a9c335bdf40e615894bd --- .../jcajce/provider/asymmetric/DSA.java | 6 ++- .../jcajce/provider/asymmetric/dsa/DSAUtil.java | 3 ++ patches/bcprov.patch | 48 ++++++++++++++-------- 3 files changed, 39 insertions(+), 18 deletions(-) diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java index 2bede7e..7c402f3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java @@ -63,10 +63,12 @@ public class DSA provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); - - provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); // END android-changed + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); + // END android-removed + AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); for (int i = 0; i != DSAUtil.dsaOids.length; i++) diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java index 5e940ec..c7e2aa9 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java @@ -23,6 +23,9 @@ public class DSAUtil public static final ASN1ObjectIdentifier[] dsaOids = { X9ObjectIdentifiers.id_dsa, + // BEGIN android-added + X9ObjectIdentifiers.id_dsa_with_sha1, + // END android-added OIWObjectIdentifiers.dsaWithSHA1 }; diff --git a/patches/bcprov.patch b/patches/bcprov.patch index b8e7783..2d1560c 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -1182,9 +1182,9 @@ diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/D registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi()); registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi()); diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java ---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-03-01 12:03:02.000000000 +0000 -+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-12-16 16:39:58.000000000 +0000 -@@ -27,40 +27,53 @@ +--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-03-01 20:03:02.000000000 +0000 ++++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-06-01 19:10:55.000000000 +0000 +@@ -27,40 +27,55 @@ provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); @@ -1215,6 +1215,18 @@ diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/D addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); - addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); - addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); +- +- provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA"); +- provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA"); +- +- provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); + // BEGIN android-removed + // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); + // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); @@ -1233,20 +1245,11 @@ diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/D + provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); - -- provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA"); -- provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA"); -- -- provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); -+ provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); + // END android-changed ++ ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); ++ // END android-removed AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); @@ -1994,6 +1997,19 @@ diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/d static public class noneDSA extends DSASigner +diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java +--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java 2015-03-01 20:03:02.000000000 +0000 ++++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java 2015-06-01 19:10:55.000000000 +0000 +@@ -23,6 +23,9 @@ + public static final ASN1ObjectIdentifier[] dsaOids = + { + X9ObjectIdentifiers.id_dsa, ++ // BEGIN android-added ++ X9ObjectIdentifiers.id_dsa_with_sha1, ++ // END android-added + OIWObjectIdentifiers.dsaWithSHA1 + }; + diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java --- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2015-03-01 12:03:02.000000000 +0000 +++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2014-07-28 19:51:54.000000000 +0000 -- cgit v1.2.3