summaryrefslogtreecommitdiff
path: root/app/src/main/java/de/blinkt
diff options
context:
space:
mode:
authorcyberta <cyberta@riseup.net>2022-12-26 14:12:10 +0000
committercyberta <cyberta@riseup.net>2022-12-26 14:12:10 +0000
commit9d64ea1f6274ca66c4e44f7bd24698a1f64c3ffe (patch)
tree1bf433d5363a437d388851e7368ee143a226f6b7 /app/src/main/java/de/blinkt
parent6334225050f02901119812b807c29a4a07ebe182 (diff)
parent35bd57e5399e8bec5102338c7f0900fbc18970b2 (diff)
Merge branch 'rc_fixes' into 'master'
Rc fixes See merge request leap/bitmask_android!235
Diffstat (limited to 'app/src/main/java/de/blinkt')
-rw-r--r--app/src/main/java/de/blinkt/openvpn/VpnProfile.java40
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java2
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java29
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/NetworkUtils.java68
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java38
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java19
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java15
7 files changed, 35 insertions, 176 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 7dd75432..83cde85e 100644
--- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -473,9 +473,6 @@ public class VpnProfile implements Serializable, Cloneable {
cfg.append("management-external-key nopadding\n");
} else {
cfg.append(context.getString(R.string.keychain_access)).append("\n");
- if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN)
- if (!mAlias.matches("^[a-zA-Z0-9]$"))
- cfg.append(context.getString(R.string.jelly_keystore_alphanumeric_bug)).append("\n");
}
}
break;
@@ -932,11 +929,6 @@ public class VpnProfile implements Serializable, Cloneable {
VpnStatus.logError(R.string.keyChainAccessError, e.getLocalizedMessage());
VpnStatus.logError(R.string.keychain_access);
- if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) {
- if (!mAlias.matches("^[a-zA-Z0-9]$")) {
- VpnStatus.logError(R.string.jelly_keystore_alphanumeric_bug);
- }
- }
return null;
} catch (AssertionError e) {
@@ -1196,12 +1188,6 @@ public class VpnProfile implements Serializable, Cloneable {
private byte[] getKeyChainSignedData(byte[] data, boolean pkcs1padding) {
PrivateKey privkey = getKeystoreKey();
- // The Jelly Bean *evil* Hack
- // 4.2 implements the RSA/ECB/PKCS1PADDING in the OpenSSLprovider
- if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) {
- return processSignJellyBeans(privkey, data);
- }
-
try {
@SuppressLint("GetInstance")
@@ -1238,32 +1224,6 @@ public class VpnProfile implements Serializable, Cloneable {
}
}
- private byte[] processSignJellyBeans(PrivateKey privkey, byte[] data) {
- try {
- Method getKey = privkey.getClass().getSuperclass().getDeclaredMethod("getOpenSSLKey");
- getKey.setAccessible(true);
-
- // Real object type is OpenSSLKey
- Object opensslkey = getKey.invoke(privkey);
-
- getKey.setAccessible(false);
-
- Method getPkeyContext = opensslkey.getClass().getDeclaredMethod("getPkeyContext");
-
- // integer pointer to EVP_pkey
- getPkeyContext.setAccessible(true);
- int pkey = (Integer) getPkeyContext.invoke(opensslkey);
- getPkeyContext.setAccessible(false);
-
- // 112 with TLS 1.2 (172 back with 4.3), 36 with TLS 1.0
- return NativeUtils.rsasign(data, pkey);
-
- } catch (NoSuchMethodException | InvalidKeyException | InvocationTargetException | IllegalAccessException | IllegalArgumentException e) {
- VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage());
- return null;
- }
- }
-
private boolean usesExtraProxyOptions() {
if (mUseCustomConfig && mCustomConfigOptions != null && mCustomConfigOptions.contains("http-proxy-option "))
return true;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java
index 5a1757ac..f769b38e 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java
@@ -38,8 +38,6 @@ public class NativeUtils {
static {
if (!isRoboUnitTest() && !isUnitTest()) {
System.loadLibrary("ovpnutil");
- if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN)
- System.loadLibrary("jbcrypto");
}
}
diff --git a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java
index 860897db..457ae971 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java
@@ -336,35 +336,6 @@ public class NetworkSpace {
ips.add(ia);
}
- if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
- // Include postive routes from the original set under < 4.4 since these might overrule the local
- // network but only if no smaller negative route exists
- for (IpAddress origIp : mIpAddresses) {
- if (!origIp.included)
- continue;
-
- // The netspace exists
- if (ipsSorted.contains(origIp))
- continue;
-
- boolean skipIp = false;
- // If there is any smaller net that is excluded we may not add the positive route back
-
- for (IpAddress calculatedIp : ipsSorted) {
- if (!calculatedIp.included && origIp.containsNet(calculatedIp)) {
- skipIp = true;
- break;
- }
- }
- if (skipIp)
- continue;
-
- // It is safe to include the IP
- ips.add(origIp);
- }
-
- }
-
return ips;
}
diff --git a/app/src/main/java/de/blinkt/openvpn/core/NetworkUtils.java b/app/src/main/java/de/blinkt/openvpn/core/NetworkUtils.java
index 5b11c0a0..25af6121 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/NetworkUtils.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/NetworkUtils.java
@@ -24,63 +24,35 @@ public class NetworkUtils {
public static Vector<String> getLocalNetworks(Context c, boolean ipv6) {
Vector<String> nets = new Vector<>();
ConnectivityManager conn = (ConnectivityManager) c.getSystemService(Context.CONNECTIVITY_SERVICE);
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
- Network[] networks = conn.getAllNetworks();
- for (Network network : networks) {
- try {
- NetworkInfo ni = conn.getNetworkInfo(network);
- LinkProperties li = conn.getLinkProperties(network);
+ Network[] networks = conn.getAllNetworks();
+ for (Network network : networks) {
+ try {
+ NetworkInfo ni = conn.getNetworkInfo(network);
+ LinkProperties li = conn.getLinkProperties(network);
- NetworkCapabilities nc = conn.getNetworkCapabilities(network);
+ NetworkCapabilities nc = conn.getNetworkCapabilities(network);
- if (nc == null) {
- continue;
- }
-
- // Skip VPN networks like ourselves
- if (nc.hasTransport(NetworkCapabilities.TRANSPORT_VPN))
- continue;
-
- // Also skip mobile networks
- if (nc.hasTransport(NetworkCapabilities.TRANSPORT_CELLULAR))
- continue;
-
-
- for (LinkAddress la : li.getLinkAddresses()) {
- if ((la.getAddress() instanceof Inet4Address && !ipv6) ||
- (la.getAddress() instanceof Inet6Address && ipv6))
- nets.add(la.toString());
- }
- } catch (SecurityException se) {
- se.printStackTrace();
+ if (nc == null) {
+ continue;
}
- }
- } else {
- // Old Android Version, use native utils via ifconfig instead
- // Add local network interfaces
- if (ipv6)
- return nets;
- String[] localRoutes = NativeUtils.getIfconfig();
-
- // The format of mLocalRoutes is kind of broken because I don't really like JNI
- for (int i = 0; i < localRoutes.length; i += 3) {
- String intf = localRoutes[i];
- String ipAddr = localRoutes[i + 1];
- String netMask = localRoutes[i + 2];
-
- if (intf == null || intf.equals("lo") ||
- intf.startsWith("tun") || intf.startsWith("rmnet"))
+ // Skip VPN networks like ourselves
+ if (nc.hasTransport(NetworkCapabilities.TRANSPORT_VPN))
continue;
- if (ipAddr == null || netMask == null) {
- VpnStatus.logError("Local routes are broken?! (Report to author) " + TextUtils.join("|", localRoutes));
+ // Also skip mobile networks
+ if (nc.hasTransport(NetworkCapabilities.TRANSPORT_CELLULAR))
continue;
- }
- nets.add(ipAddr + "/" + CIDRIP.calculateLenFromMask(netMask));
- }
+ for (LinkAddress la : li.getLinkAddresses()) {
+ if ((la.getAddress() instanceof Inet4Address && !ipv6) ||
+ (la.getAddress() instanceof Inet6Address && ipv6))
+ nets.add(la.toString());
+ }
+ } catch (SecurityException se) {
+ se.printStackTrace();
+ }
}
return nets;
}
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index 88a85de3..0ae7639e 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -589,7 +589,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
VpnStatus.logInfo(R.string.last_openvpn_tun_config);
- boolean allowUnsetAF = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && !mProfile.mBlockUnusedAddressFamilies;
+ boolean allowUnsetAF = !mProfile.mBlockUnusedAddressFamilies;
if (allowUnsetAF) {
allowAllAFFamilies(builder);
}
@@ -631,20 +631,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
}
}
- String release = Build.VERSION.RELEASE;
- if ((Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT && !release.startsWith("4.4.3")
- && !release.startsWith("4.4.4") && !release.startsWith("4.4.5") && !release.startsWith("4.4.6"))
- && mMtu < 1280) {
- VpnStatus.logInfo(String.format(Locale.US, "Forcing MTU to 1280 instead of %d to workaround Android Bug #70916", mMtu));
- builder.setMtu(1280);
- } else {
- builder.setMtu(mMtu);
- }
+ builder.setMtu(mMtu);
Collection<IpAddress> positiveIPv4Routes = mRoutes.getPositiveIPList();
Collection<IpAddress> positiveIPv6Routes = mRoutesv6.getPositiveIPList();
- if ("samsung".equals(Build.BRAND) && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && mDnslist.size() >= 1) {
+ if ("samsung".equals(Build.BRAND) && mDnslist.size() >= 1) {
// Check if the first DNS Server is in the VPN range
try {
IpAddress dnsServer = new IpAddress(new CIDRIP(mDnslist.get(0), 32), true);
@@ -725,9 +717,8 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
VpnStatus.logInfo(R.string.routes_info_incl, TextUtils.join(", ", mRoutes.getNetworks(true)), TextUtils.join(", ", mRoutesv6.getNetworks(true)));
VpnStatus.logInfo(R.string.routes_info_excl, TextUtils.join(", ", mRoutes.getNetworks(false)), TextUtils.join(", ", mRoutesv6.getNetworks(false)));
VpnStatus.logDebug(R.string.routes_debug, TextUtils.join(", ", positiveIPv4Routes), TextUtils.join(", ", positiveIPv6Routes));
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
- setAllowedVpnPackages(builder);
- }
+
+ setAllowedVpnPackages(builder);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP_MR1) {
// VPN always uses the default network
builder.setUnderlyingNetworks(null);
@@ -773,9 +764,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
} catch (Exception e) {
VpnStatus.logError(R.string.tun_open_error);
VpnStatus.logError(getString(R.string.error) + e.getLocalizedMessage());
- if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.JELLY_BEAN_MR1) {
- VpnStatus.logError(R.string.tun_error_helpful);
- }
return null;
}
@@ -790,7 +778,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
}
}
- @TargetApi(Build.VERSION_CODES.LOLLIPOP)
private void allowAllAFFamilies(Builder builder) {
builder.allowFamily(OsConstants.AF_INET);
builder.allowFamily(OsConstants.AF_INET6);
@@ -805,11 +792,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
if (ipAddr.equals(mLocalIP.mIp))
continue;
- if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT && !mProfile.mAllowLocalLAN) {
- mRoutes.addIPSplit(new CIDRIP(ipAddr, netMask), true);
-
- } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && mProfile.mAllowLocalLAN)
+ if (mProfile.mAllowLocalLAN) {
mRoutes.addIP(new CIDRIP(ipAddr, netMask), false);
+ }
}
// IPv6 is Lollipop+ only so we can skip the lower than KITKAT case
@@ -823,7 +808,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
}
- @TargetApi(Build.VERSION_CODES.LOLLIPOP)
private void setAllowedVpnPackages(Builder builder) {
boolean profileUsesOrBot = false;
@@ -1094,13 +1078,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
if (currentConfiguration.equals(mLastTunCfg)) {
return "NOACTION";
} else {
- String release = Build.VERSION.RELEASE;
- if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT && !release.startsWith("4.4.3")
- && !release.startsWith("4.4.4") && !release.startsWith("4.4.5") && !release.startsWith("4.4.6"))
- // There will be probably no 4.4.4 or 4.4.5 version, so don't waste effort to do parsing here
- return "OPEN_AFTER_CLOSE";
- else
- return "OPEN_BEFORE_CLOSE";
+ return "OPEN_BEFORE_CLOSE";
}
}
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
index 0edfeaeb..a02e7e27 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
@@ -242,12 +242,10 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement {
VpnStatus.logWarning("Could not protect VPN socket");
- //ParcelFileDescriptor pfd = ParcelFileDescriptor.fromFd(fdint);
- //pfd.close();
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
- fdCloseLollipop(fd);
- } else {
- NativeUtils.jniclose(fdint);
+ try {
+ Os.close(fd);
+ } catch (Exception e) {
+ VpnStatus.logException("Failed to close fd (" + fd + ")", e);
}
return;
} catch ( NoSuchMethodException | IllegalArgumentException | InvocationTargetException | IllegalAccessException | NullPointerException e) {
@@ -258,15 +256,6 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement {
}
- @RequiresApi(api = Build.VERSION_CODES.LOLLIPOP)
- private void fdCloseLollipop(FileDescriptor fd) {
- try {
- Os.close(fd);
- } catch (Exception e) {
- VpnStatus.logException("Failed to close fd (" + fd + ")", e);
- }
- }
-
private String processInput(String pendingInput) {
diff --git a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
index 540ca043..80427a03 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
@@ -30,11 +30,7 @@ public class VPNLaunchHelper {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P)
return new File(context.getApplicationInfo().nativeLibraryDir, "libovpnexec.so").getPath();
String[] abis;
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP)
- abis = getSupportedABIsLollipop();
- else
- //noinspection deprecation
- abis = new String[]{Build.CPU_ABI, Build.CPU_ABI2};
+ abis = getSupportedABIsLollipop();
if (!nativeAPI.equals(abis[0])) {
VpnStatus.logWarning(R.string.abi_mismatch, Arrays.toString(abis), nativeAPI);
@@ -49,22 +45,17 @@ public class VPNLaunchHelper {
}
}
- throw new RuntimeException("Cannot find any execulte for this device's ABIs " + abis.toString());
+ throw new RuntimeException("Cannot find any execute for this device's ABIs " + abis.toString());
}
- @TargetApi(Build.VERSION_CODES.LOLLIPOP)
private static String[] getSupportedABIsLollipop() {
return Build.SUPPORTED_ABIS;
}
private static String getMiniVPNExecutableName() {
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN)
- return MINIPIEVPN;
- else
- return MININONPIEVPN;
+ return MINIPIEVPN;
}
-
public static String[] replacePieWithNoPie(String[] mArgv) {
mArgv[0] = mArgv[0].replace(MINIPIEVPN, MININONPIEVPN);
return mArgv;