Register DSA OID for KeyFactory not just Signature
X.509 certificates made with DSA signatures have the X9 DSA with SHA1
OID typically, so we need Bouncycastle to register this OID as an alias
for the DSA KeyFactory.
We also need to remove a manual OID alias added for Signatures which
probably indicates how this slipped through the cracks.
Bug: 21209493
Change-Id: I12a88ead61c626343d96a9c335bdf40e615894bd
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
index 2bede7e..7c402f3 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
@@ -63,10 +63,12 @@
provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-
- provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
// END android-changed
+ // BEGIN android-removed
+ // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
+ // END android-removed
+
AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
for (int i = 0; i != DSAUtil.dsaOids.length; i++)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
index 5e940ec..c7e2aa9 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
@@ -23,6 +23,9 @@
public static final ASN1ObjectIdentifier[] dsaOids =
{
X9ObjectIdentifiers.id_dsa,
+ // BEGIN android-added
+ X9ObjectIdentifiers.id_dsa_with_sha1,
+ // END android-added
OIWObjectIdentifiers.dsaWithSHA1
};
diff --git a/patches/bcprov.patch b/patches/bcprov.patch
index b8e7783..2d1560c 100644
--- a/patches/bcprov.patch
+++ b/patches/bcprov.patch
@@ -1182,9 +1182,9 @@
registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi());
registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi());
diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-12-16 16:39:58.000000000 +0000
-@@ -27,40 +27,53 @@
+--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-03-01 20:03:02.000000000 +0000
++++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-06-01 19:10:55.000000000 +0000
+@@ -27,40 +27,55 @@
provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi");
provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi");
@@ -1215,6 +1215,18 @@
addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
- addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
- addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
+-
+- provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA");
+- provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA");
+-
+- provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
+ // BEGIN android-removed
+ // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
+ // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
@@ -1233,20 +1245,11 @@
+ provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
+ provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
+ provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-
-- provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA");
-- provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA");
--
-- provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
-+ provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
+ // END android-changed
++
++ // BEGIN android-removed
++ // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
++ // END android-removed
AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
@@ -1994,6 +1997,19 @@
static public class noneDSA
extends DSASigner
+diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
+--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java 2015-03-01 20:03:02.000000000 +0000
++++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java 2015-06-01 19:10:55.000000000 +0000
+@@ -23,6 +23,9 @@
+ public static final ASN1ObjectIdentifier[] dsaOids =
+ {
+ X9ObjectIdentifiers.id_dsa,
++ // BEGIN android-added
++ X9ObjectIdentifiers.id_dsa_with_sha1,
++ // END android-added
+ OIWObjectIdentifiers.dsaWithSHA1
+ };
+
diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2015-03-01 12:03:02.000000000 +0000
+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2014-07-28 19:51:54.000000000 +0000
