diff options
author | Parménides GV <parmegv@sdf.org> | 2014-12-12 11:49:24 +0100 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-12-12 11:49:24 +0100 |
commit | 0e7e4005460964cf8dac080e3d99e1df2a1bdc4d (patch) | |
tree | 63fdba4f03bf47b0faa62b9d24cdff9a5a79a8b7 /app | |
parent | 61dc26ab57ad4e2dba341998cabec3f411865e46 (diff) |
Updated ics-openvpn to rev924.
Diffstat (limited to 'app')
-rw-r--r-- | app/openvpn/config-version.h | 2 | ||||
-rw-r--r-- | app/openvpn/src/openvpn/crypto_backend.h | 6 | ||||
-rw-r--r-- | app/openvpn/src/openvpn/crypto_openssl.c | 4 | ||||
-rw-r--r-- | app/openvpn/src/openvpn/crypto_polarssl.c | 4 | ||||
-rw-r--r-- | app/openvpn/src/openvpn/ssl.c | 12 | ||||
-rw-r--r-- | app/src/main/java/de/blinkt/openvpn/VpnProfile.java | 38 | ||||
-rw-r--r-- | app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java | 8 | ||||
-rw-r--r-- | app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java | 1 | ||||
-rw-r--r-- | app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java | 7 | ||||
-rw-r--r-- | app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java | 151 | ||||
-rw-r--r-- | app/src/main/res/menu/logmenu.xml | 10 | ||||
-rw-r--r-- | app/src/main/res/values-v21/styles.xml | 15 | ||||
-rw-r--r-- | app/src/main/res/values/styles.xml | 6 | ||||
-rw-r--r-- | app/src/main/res/values/untranslatable.xml | 20 |
14 files changed, 185 insertions, 99 deletions
diff --git a/app/openvpn/config-version.h b/app/openvpn/config-version.h index 6e78aeaf..1fca2b7a 100644 --- a/app/openvpn/config-version.h +++ b/app/openvpn/config-version.h @@ -1,2 +1,2 @@ -#define CONFIGURE_GIT_REVISION "icsopenvpn_620-df00abd6979b7376" +#define CONFIGURE_GIT_REVISION "icsopenvpn_621-b603913ee5d54ab8" #define CONFIGURE_GIT_FLAGS "" diff --git a/app/openvpn/src/openvpn/crypto_backend.h b/app/openvpn/src/openvpn/crypto_backend.h index bc067a7d..87498785 100644 --- a/app/openvpn/src/openvpn/crypto_backend.h +++ b/app/openvpn/src/openvpn/crypto_backend.h @@ -223,7 +223,7 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt); /** * Returns the mode that the cipher runs in. * - * @param cipher_kt Static cipher parameters + * @param cipher_kt Static cipher parameters. May not be NULL. * * @return Cipher mode, either \c OPENVPN_MODE_CBC, \c * OPENVPN_MODE_OFB or \c OPENVPN_MODE_CFB @@ -233,7 +233,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt); /** * Check if the supplied cipher is a supported CBC mode cipher. * - * @param cipher Static cipher parameters. May not be NULL. + * @param cipher Static cipher parameters. * * @return true iff the cipher is a CBC mode cipher. */ @@ -243,7 +243,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) /** * Check if the supplied cipher is a supported OFB or CFB mode cipher. * - * @param cipher Static cipher parameters. May not be NULL. + * @param cipher Static cipher parameters. * * @return true iff the cipher is a OFB or CFB mode cipher. */ diff --git a/app/openvpn/src/openvpn/crypto_openssl.c b/app/openvpn/src/openvpn/crypto_openssl.c index 0ac89a19..f7a491d6 100644 --- a/app/openvpn/src/openvpn/crypto_openssl.c +++ b/app/openvpn/src/openvpn/crypto_openssl.c @@ -492,7 +492,7 @@ cipher_kt_mode (const EVP_CIPHER *cipher_kt) bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) { - return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC + return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC #ifdef EVP_CIPH_FLAG_AEAD_CIPHER /* Exclude AEAD cipher modes, they require a different API */ && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) @@ -503,7 +503,7 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher) bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) { - return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || + return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB) #ifdef EVP_CIPH_FLAG_AEAD_CIPHER /* Exclude AEAD cipher modes, they require a different API */ diff --git a/app/openvpn/src/openvpn/crypto_polarssl.c b/app/openvpn/src/openvpn/crypto_polarssl.c index 1a986dbd..e083398f 100644 --- a/app/openvpn/src/openvpn/crypto_polarssl.c +++ b/app/openvpn/src/openvpn/crypto_polarssl.c @@ -419,13 +419,13 @@ cipher_kt_mode (const cipher_info_t *cipher_kt) bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) { - return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC; + return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC; } bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) { - return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || + return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB); } diff --git a/app/openvpn/src/openvpn/ssl.c b/app/openvpn/src/openvpn/ssl.c index 94b7b6d9..f79f42d9 100644 --- a/app/openvpn/src/openvpn/ssl.c +++ b/app/openvpn/src/openvpn/ssl.c @@ -2826,7 +2826,17 @@ tls_pre_decrypt (struct tls_multi *multi, opt->flags &= multi->opt.crypto_flags_and; opt->flags |= multi->opt.crypto_flags_or; - ASSERT (buf_advance (buf, (op == P_DATA_V2) ? 4 : 1)); + ASSERT (buf_advance (buf, 1)); + if (op == P_DATA_V2) + { + if (buf->len < 4) + { + msg (D_TLS_ERRORS, "Protocol error: received P_DATA_V2 from %s but length is < 4", + print_link_socket_actual (from, &gc)); + goto error; + } + ASSERT (buf_advance (buf, 3)); + } ++ks->n_packets; ks->n_bytes += buf->len; diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index 65214c4f..fb2ba90d 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -45,7 +45,6 @@ import java.util.Collection; import java.util.Locale; import java.util.UUID; import java.util.Vector; -import java.util.concurrent.Future; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -54,6 +53,7 @@ import javax.crypto.NoSuchPaddingException; import de.blinkt.openvpn.core.NativeUtils; import de.blinkt.openvpn.core.OpenVPNService; +import de.blinkt.openvpn.core.VPNLaunchHelper; import de.blinkt.openvpn.core.VpnStatus; import de.blinkt.openvpn.core.X509Utils; @@ -68,11 +68,8 @@ public class VpnProfile implements Serializable { public static final String EXTRA_PROFILEUUID = "de.blinkt.openvpn.profileUUID"; public static final String INLINE_TAG = "[[INLINE]]"; public static final String DISPLAYNAME_TAG = "[[NAME]]"; - private static final String MININONPIEVPN = "nopievpn"; - private static final String MINIPIEVPN = "pievpn"; private static final long serialVersionUID = 7085688938959334563L; - private static final String OVPNCONFIGFILE = "android.conf"; public static final int MAXLOGLEVEL = 4; public static final int CURRENT_PROFILE_VERSION = 2; public static final int DEFAULT_MSSFIX_SIZE = 1450; @@ -164,20 +161,6 @@ public class VpnProfile implements Serializable { mProfileVersion = CURRENT_PROFILE_VERSION; } - public static String getMiniVPNExecutableName() - { - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) - return VpnProfile.MINIPIEVPN; - else - return VpnProfile.MININONPIEVPN; - } - - public static String[] replacePieWithNoPie(String[] mArgv) - { - mArgv[0] = mArgv[0].replace(MINIPIEVPN, MININONPIEVPN); - return mArgv; - } - public static String openVpnEscape(String unescaped) { if (unescaped == null) return null; @@ -576,19 +559,6 @@ public class VpnProfile implements Serializable { return parts[0] + " " + netmask; } - private String[] buildOpenvpnArgv(File cacheDir) { - Vector<String> args = new Vector<String>(); - - // Add fixed paramenters - //args.add("/data/data/de.blinkt.openvpn/lib/openvpn"); - args.add(cacheDir.getAbsolutePath() + "/" + getMiniVPNExecutableName()); - - args.add("--config"); - args.add(cacheDir.getAbsolutePath() + "/" + OVPNCONFIGFILE); - - - return args.toArray(new String[args.size()]); - } @@ -603,7 +573,7 @@ public class VpnProfile implements Serializable { try { - FileWriter cfg = new FileWriter(context.getCacheDir().getAbsolutePath() + "/" + OVPNCONFIGFILE); + FileWriter cfg = new FileWriter(VPNLaunchHelper.getConfigFilePath(context)); cfg.write(getConfigFile(context, false)); cfg.flush(); cfg.close(); @@ -618,7 +588,7 @@ public class VpnProfile implements Serializable { String prefix = context.getPackageName(); Intent intent = new Intent(context, OpenVPNService.class); - intent.putExtra(prefix + ".ARGV", buildOpenvpnArgv(context.getCacheDir())); + intent.putExtra(prefix + ".ARGV", VPNLaunchHelper.buildOpenvpnArgv(context)); intent.putExtra(prefix + ".profileUUID", mUuid.toString()); ApplicationInfo info = context.getApplicationInfo(); @@ -648,7 +618,7 @@ public class VpnProfile implements Serializable { public static boolean isEmbedded(String data) { if (data==null) return false; - if(data.startsWith(INLINE_TAG) || data.startsWith(DISPLAYNAME_TAG)) + if (data.startsWith(INLINE_TAG) || data.startsWith(DISPLAYNAME_TAG)) return true; else return false; diff --git a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java index e6b73a48..4940d5d6 100644 --- a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java +++ b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java @@ -17,7 +17,7 @@ import de.blinkt.openvpn.core.ProfileManager; /** * Created by arne on 13.10.13. */ -public class DisconnectVPN extends Activity implements DialogInterface.OnClickListener{ +public class DisconnectVPN extends Activity implements DialogInterface.OnClickListener, DialogInterface.OnCancelListener { protected OpenVPNService mService; private ServiceConnection mConnection = new ServiceConnection() { @@ -71,6 +71,7 @@ public class DisconnectVPN extends Activity implements DialogInterface.OnClickLi builder.setMessage(R.string.cancel_connection_query); builder.setNegativeButton(android.R.string.no, this); builder.setPositiveButton(android.R.string.yes,this); + builder.setOnCancelListener(this); builder.show(); } @@ -84,4 +85,9 @@ public class DisconnectVPN extends Activity implements DialogInterface.OnClickLi } finish(); } + + @Override + public void onCancel(DialogInterface dialog) { + finish(); + } } diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index ada065ba..d9830955 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -719,6 +719,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac public void updateState(String state, String logmessage, int resid, ConnectionStatus level) { // If the process is not running, ignore any state, // Notification should be invisible in this state + doSendBroadcast(state, level); if (mProcessThread == null && !mNotificationAlwaysVisible) return; diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java index e3c60854..e36a5b8a 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java @@ -5,6 +5,7 @@ package de.blinkt.openvpn.core; +import android.annotation.SuppressLint; import android.util.Log; import java.io.BufferedReader; @@ -30,6 +31,7 @@ import de.blinkt.openvpn.core.VpnStatus.LogItem; public class OpenVPNThread implements Runnable { private static final String DUMP_PATH_STRING = "Dump path: "; + @SuppressLint("SdCardPath") private static final String BROKEN_PIE_SUPPORT = "/data/data/de.blinkt.openvpn/cache/pievpn[1]: syntax error:"; private static final String TAG = "OpenVPN"; public static final int M_FATAL = (1 << 4); @@ -78,7 +80,8 @@ public class OpenVPNThread implements Runnable { if( exitvalue != 0) { VpnStatus.logError("Process exited with exit value " + exitvalue); if (mBrokenPie) { - String[] noPieArgv = VpnProfile.replacePieWithNoPie(mArgv); + /* This will probably fail since the NoPIE binary is probably not written */ + String[] noPieArgv = VPNLaunchHelper.replacePieWithNoPie(mArgv); // We are already noPIE, nothing to gain if (!noPieArgv.equals(mArgv)) { @@ -190,7 +193,7 @@ public class OpenVPNThread implements Runnable { private String genLibraryPath(String[] argv, ProcessBuilder pb) { // Hack until I find a good way to get the real library path - String applibpath = argv[0].replace("/cache/" + VpnProfile.getMiniVPNExecutableName() , "/lib"); + String applibpath = argv[0].replaceFirst("/cache/.*$" , "/lib"); String lbpath = pb.environment().get("LD_LIBRARY_PATH"); if(lbpath==null) diff --git a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java index 40f9742b..208aa359 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java +++ b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java @@ -5,70 +5,122 @@ package de.blinkt.openvpn.core; +import android.annotation.TargetApi; import android.content.Context; import android.content.Intent; +import android.content.pm.ApplicationInfo; import android.os.Build; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.util.Vector; import se.leap.bitmaskclient.R; import de.blinkt.openvpn.VpnProfile; public class VPNLaunchHelper { - static private boolean writeMiniVPN(Context context) { - File mvpnout = new File(context.getCacheDir(),VpnProfile.getMiniVPNExecutableName()); - if (mvpnout.exists() && mvpnout.canExecute()) - return true; - - IOException e2 = null; - - try { - InputStream mvpn; - - try { - mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI); - } - catch (IOException errabi) { - VpnStatus.logInfo("Failed getting assets for archicture " + Build.CPU_ABI); - e2=errabi; - mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI2); - - } - - - FileOutputStream fout = new FileOutputStream(mvpnout); - - byte buf[]= new byte[4096]; - - int lenread = mvpn.read(buf); - while(lenread> 0) { - fout.write(buf, 0, lenread); - lenread = mvpn.read(buf); - } - fout.close(); - - if(!mvpnout.setExecutable(true)) { - VpnStatus.logError("Failed to make OpenVPN executable"); - return false; - } - - - return true; - } catch (IOException e) { - if(e2!=null) - VpnStatus.logException(e2); - VpnStatus.logException(e); - - return false; - } + private static final String MININONPIEVPN = "nopievpn"; + private static final String MINIPIEVPN = "pievpn"; + private static final String OVPNCONFIGFILE = "android.conf"; + + + + static private String writeMiniVPN(Context context) { + String[] abis; + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) + abis = getSupportedAbisLollipop(); + else + abis = new String[]{Build.CPU_ABI, Build.CPU_ABI2}; + + for (String abi: abis) { + + File mvpnout = new File(context.getCacheDir(), getMiniVPNExecutableName() + "." + abi); + if ((mvpnout.exists() && mvpnout.canExecute()) || writeMiniVPNBinary(context, abi, mvpnout)) { + return mvpnout.getPath(); + } + } + + return null; } + + @TargetApi(Build.VERSION_CODES.LOLLIPOP) + private static String[] getSupportedAbisLollipop() { + return Build.SUPPORTED_ABIS; + } + + private static String getMiniVPNExecutableName() + { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) + return MINIPIEVPN; + else + return MININONPIEVPN; + } + + + public static String[] replacePieWithNoPie(String[] mArgv) + { + mArgv[0] = mArgv[0].replace(MINIPIEVPN, MININONPIEVPN); + return mArgv; + } + + + public static String[] buildOpenvpnArgv(Context c) { + Vector<String> args = new Vector<String>(); + + // Add fixed paramenters + //args.add("/data/data/de.blinkt.openvpn/lib/openvpn"); + args.add(writeMiniVPN(c)); + + args.add("--config"); + args.add(c.getCacheDir().getAbsolutePath() + "/" + OVPNCONFIGFILE); + + + return args.toArray(new String[args.size()]); + } + + private static boolean writeMiniVPNBinary(Context context, String abi, File mvpnout) { + try { + InputStream mvpn; + + try { + mvpn = context.getAssets().open(getMiniVPNExecutableName() + "." + abi); + } + catch (IOException errabi) { + VpnStatus.logInfo("Failed getting assets for archicture " + abi); + return false; + } + + + FileOutputStream fout = new FileOutputStream(mvpnout); + + byte buf[]= new byte[4096]; + + int lenread = mvpn.read(buf); + while(lenread> 0) { + fout.write(buf, 0, lenread); + lenread = mvpn.read(buf); + } + fout.close(); + + if(!mvpnout.setExecutable(true)) { + VpnStatus.logError("Failed to make OpenVPN executable"); + return false; + } + + + return true; + } catch (IOException e) { + VpnStatus.logException(e); + return false; + } + + } public static void startOpenVpn(VpnProfile startprofile, Context context) { - if(!writeMiniVPN(context)) { + if(writeMiniVPN(context)==null) { VpnStatus.logError("Error writing minivpn binary"); return; } @@ -80,4 +132,9 @@ public class VPNLaunchHelper { context.startService(startVPN); } + + public static String getConfigFilePath(Context context) { + return context.getCacheDir().getAbsolutePath() + "/" + OVPNCONFIGFILE; + } + } diff --git a/app/src/main/res/menu/logmenu.xml b/app/src/main/res/menu/logmenu.xml index a1d2a7b5..52ba4b7d 100644 --- a/app/src/main/res/menu/logmenu.xml +++ b/app/src/main/res/menu/logmenu.xml @@ -10,33 +10,33 @@ <item android:id="@+id/toggle_time" android:alphabeticShortcut="t" - android:icon="@android:drawable/ic_menu_view" + android:icon="@drawable/ic_menu_view" android:showAsAction="withText|ifRoom" android:title="@string/logview_options" /> <item android:id="@+id/clearlog" - android:icon="@android:drawable/ic_menu_delete" + android:icon="@drawable/ic_menu_delete" android:showAsAction="ifRoom|withText" android:title="@string/clear_log" android:titleCondensed="@string/clear"/> <item android:id="@+id/send" - android:icon="@android:drawable/ic_menu_share" + android:icon="@drawable/ic_menu_share" android:showAsAction="ifRoom|withText" android:title="@string/send_logfile" android:titleCondensed="@string/send"/> <item android:id="@+id/cancel" - android:icon="@android:drawable/ic_menu_close_clear_cancel" + android:icon="@drawable/ic_menu_close_clear_cancel" android:showAsAction="ifRoom|withText" android:title="@string/cancel_connection_long" android:titleCondensed="@string/cancel_connection"/> <item android:id="@+id/edit_vpn" android:alphabeticShortcut="e" - android:icon="@android:drawable/ic_menu_edit" + android:icon="@drawable/ic_menu_edit" android:showAsAction="withText|ifRoom" android:title="@string/edit_vpn" android:visible="false"/> diff --git a/app/src/main/res/values-v21/styles.xml b/app/src/main/res/values-v21/styles.xml new file mode 100644 index 00000000..892b6cb0 --- /dev/null +++ b/app/src/main/res/values-v21/styles.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + ~ Copyright (c) 2012-2014 Arne Schwabe + ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + --> + +<resources> + + <!-- http://www.google.de/design/spec/style/color.html#color-color-palette --> + <style name="appstyle" parent="android:Theme.Material.Light.DarkActionBar"> + <item name="android:colorPrimary">@color/primary</item> + <item name="android:colorPrimaryDark">@color/primary_dark</item> + <item name="android:colorAccent">@color/accent</item> + </style> +</resources> diff --git a/app/src/main/res/values/styles.xml b/app/src/main/res/values/styles.xml index 7b26a4a7..a60e29b8 100644 --- a/app/src/main/res/values/styles.xml +++ b/app/src/main/res/values/styles.xml @@ -5,6 +5,10 @@ --> <resources> + <style name="appstyle" parent="android:Theme.DeviceDefault.Light"> + + </style> + <style name="item"> <item name="android:layout_width">match_parent</item> @@ -23,7 +27,7 @@ <item name="android:paddingTop">10sp</item> <item name="android:layout_width">match_parent</item> <item name="android:layout_height">wrap_content</item> - <item name="android:textAppearance">?android:attr/textAppearanceMedium</item> + <item name="android:textAppearance">?android:attr/textAppearanceLarge</item> <!-- <item name="android:singleLine">true</item> --> </style> diff --git a/app/src/main/res/values/untranslatable.xml b/app/src/main/res/values/untranslatable.xml index 619a550f..7257bf3a 100644 --- a/app/src/main/res/values/untranslatable.xml +++ b/app/src/main/res/values/untranslatable.xml @@ -2470,4 +2470,24 @@ + + + + + + + + + + + + + + + + + + + + </resources>
\ No newline at end of file |