From cb7894ef9f73fdfb2f3b44b4d3c6afb6133a70ba Mon Sep 17 00:00:00 2001
From: cyBerta <cyberta@riseup.net>
Date: Mon, 11 Jan 2021 01:44:31 +0100
Subject: add missing data-cipher flags to VpnProfile and ConfigParser, fixes
 cipher negotiation issues

---
 .../main/java/de/blinkt/openvpn/VpnProfile.java    |  7 +++++++
 .../java/de/blinkt/openvpn/core/ConfigParser.java  | 23 ++++++++++++++++++++++
 2 files changed, 30 insertions(+)

(limited to 'app')

diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 3792d092..41b5ddb5 100644
--- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -145,6 +145,7 @@ public class VpnProfile implements Serializable, Cloneable {
     public String mCustomConfigOptions = "";
     public String mVerb = "1";  //ignored
     public String mCipher = "";
+    public String mDataCiphers = "";
     public boolean mNobind = true;
     public boolean mUseDefaultRoutev6 = true;
     public String mCustomRoutesv6 = "";
@@ -630,6 +631,12 @@ public class VpnProfile implements Serializable, Cloneable {
                 cfg.append("remote-cert-tls server\n");
         }
 
+
+        if (!TextUtils.isEmpty(mDataCiphers))
+        {
+            cfg.append("data-ciphers ").append(mDataCiphers).append("\n");
+        }
+
         if (!TextUtils.isEmpty(mCipher)) {
             cfg.append("cipher ").append(mCipher).append("\n");
         }
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index c6240bd0..5b4ab361 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -537,10 +537,33 @@ public class ConfigParser {
             np.mUseLzo = Boolean.valueOf(useLzo.get(1));
         }
 
+        Vector<String> ncp_ciphers = getOption("ncp-ciphers", 1, 1);
+        Vector<String> data_ciphers = getOption("data-ciphers", 1, 1);
         Vector<String> cipher = getOption("cipher", 1, 1);
+
         if (cipher != null)
             np.mCipher = cipher.get(1);
 
+        if (data_ciphers == null)
+        {
+            data_ciphers = ncp_ciphers;
+        }
+
+        /* The world is not yet ready to only use data-ciphers, add --cipher to data-ciphers
+         * for now on import */
+        if (data_ciphers != null)
+        {
+            np.mDataCiphers = data_ciphers.get(1);
+
+            if (!TextUtils.isEmpty(np.mCipher) && !np.mDataCiphers.contains(np.mCipher))
+            {
+                np.mDataCiphers += ":" + np.mCipher;
+            }
+        } else if (!TextUtils.isEmpty(np.mCipher) && !np.mCipher.equals("AES-128-GCM") && !np.mCipher.equals("AES-256"))
+        {
+            np.mDataCiphers += "AES-256-GCM:AES-128-GCM:" + np.mCipher;
+        }
+
         Vector<String> auth = getOption("auth", 1, 1);
         if (auth != null)
             np.mAuth = auth.get(1);
-- 
cgit v1.2.3