Cheers Nikolay - thanks for the quick update, I'll try your suggestion and see if that cures it.
Do you know if this has been reported on b.android.com - I've been checking it as normal but not noticed anything that sounds similar to this..? I presume bouncycastle implementation might go completely in a later release of Android..? [ But I haven't downloaded the Jelly Bean image yet as I need to upgrade adt and that is always a major headache - I might just have to mail an updated version to some users and ask them to check it works for me. ] On Thursday, 5 July 2012 13:45:53 UTC+1, Nikolay Elenkov wrote: > > On Thu, Jul 5, 2012 at 9:26 PM, H <[email protected]> wrote: > > Hi, been seeing some ACRA reports from users on Jelly Bean when my app > runs > > the LVL code. > > > > In the LicenseValidator.verify() method, I perform this twice: > > > > sig.verify(Base64.decode(signature)) > > > ... > > Caused by: java.lang.NullPointerException > > at > org.apache.harmony.xnet.provider.jsse.NativeCrypto.EVP_VerifyFinal(Native > > Method) > > at > > > org.apache.harmony.xnet.provider.jsse.OpenSSLSignature.engineVerify(OpenSSLSignature.java:240) > > > > ... 7 more > > > > Does anyone know if the implementation of Signature or the underlying > > classes has changed..? I'm guessing that since the first check works and > the > > second fails, can you now only perform one verify() on a signature and > after > > that, the object is no longer valid to be verified again()..? > > > > Yes, it has changed. In JB, the OpenSSL based provider has been > extended to support RSA > keys and RSA signatures (SHA1withRSA, etc.). Additionally, this is now > the default, so the > signature verification code that previously was using the Java crypto > provider (BouncyCastle) > is now calling the native one (Cf. NativeCrypto.EVP_VerifyFinal -- > that's a wrapper for an > OpenSSL function). This has presumably done for better performance, > but there seem to be > a few bugs, I've been getting crashes here and there too. Changing > > Signature.getInstance("SHA1withRSA") to > Signature.getInstance("SHA1withRSA", "BC") > > should make it work as before, but do some testing to be sure. > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
