Mirrors/sshj
1
0
Fork 0
mirror of https://github.com/hierynomus/sshj.git synced 2025-12-06 15:20:54 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve Android compatibility (#636)

Browse Source 
* Loop through security providers to check for BC

Instead of only counting BouncyCastle as being registered if it
is set as the explicit security provider used by SSHJ, count it as
registered if it is available as a provider.

This commit improves Android compatibility, which requires not
specifying an explicit provider.

* Generify BC-specific curve specifiers

The ECNamendCurveGenParameterSpec is a BC-specific workaround for
missing curve tables in Java 1.4 and earlier. For the sake of Android
compatibility, where Conscrypt can't deal with this custom spec class,
replace it with the standard ECGenParameterSpec and update the curve
names to the standard identifiers.
This commit is contained in:
Fabian Henneke
2020-10-20 09:57:51 +02:00
committed by GitHub
parent d124607225
commit 2edaf07e71
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/net/schmizz/sshj/common/SecurityUtils.java
View File

@@ -249,7 +249,14 @@ public class SecurityUtils {
*/ */
public static synchronized boolean isBouncyCastleRegistered() { public static synchronized boolean isBouncyCastleRegistered() {
register(); register();
return BOUNCY_CASTLE.equals(securityProvider) || SPONGY_CASTLE.equals(securityProvider); Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
String name = provider.getName();
if (BOUNCY_CASTLE.equals(name) || SPONGY_CASTLE.equals(name)) {
return true;
}
}
return false;
} }
public static synchronized void setRegisterBouncyCastle(boolean registerBouncyCastle) { public static synchronized void setRegisterBouncyCastle(boolean registerBouncyCastle) {

10
src/main/java/net/schmizz/sshj/transport/kex/ECDHNistP.java
View File

@@ -19,9 +19,9 @@ import net.schmizz.sshj.transport.digest.Digest;
import net.schmizz.sshj.transport.digest.SHA256; import net.schmizz.sshj.transport.digest.SHA256;
import net.schmizz.sshj.transport.digest.SHA384; import net.schmizz.sshj.transport.digest.SHA384;
import net.schmizz.sshj.transport.digest.SHA512; import net.schmizz.sshj.transport.digest.SHA512;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.spec.ECGenParameterSpec;
public class ECDHNistP extends AbstractDHG { public class ECDHNistP extends AbstractDHG {
@@ -33,7 +33,7 @@ public class ECDHNistP extends AbstractDHG {
@Override @Override
public KeyExchange create() { public KeyExchange create() {
return new ECDHNistP("P-521", new SHA512()); return new ECDHNistP("secp521r1", new SHA512());
} }
@Override @Override
@@ -48,7 +48,7 @@ public class ECDHNistP extends AbstractDHG {
@Override @Override
public KeyExchange create() { public KeyExchange create() {
return new ECDHNistP("P-384", new SHA384()); return new ECDHNistP("secp384r1", new SHA384());
} }
@Override @Override
@@ -63,7 +63,7 @@ public class ECDHNistP extends AbstractDHG {
@Override @Override
public KeyExchange create() { public KeyExchange create() {
return new ECDHNistP("P-256", new SHA256()); return new ECDHNistP("secp256r1", new SHA256());
} }
@Override @Override
@@ -79,7 +79,7 @@ public class ECDHNistP extends AbstractDHG {
@Override @Override
protected void initDH(DHBase dh) throws GeneralSecurityException { protected void initDH(DHBase dh) throws GeneralSecurityException {
dh.init(new ECNamedCurveGenParameterSpec(curve), trans.getConfig().getRandomFactory()); dh.init(new ECGenParameterSpec(curve), trans.getConfig().getRandomFactory());
} }
} }