Fix TLS 1.2 and Android 4.1

3 files changed, 19 insertions, 7 deletions

diff --git a/jni/jbcrypto.cpp b/jni/jbcrypto.cpp
index 7413a313..2fd1262a 100644
--- a/jni/jbcrypto.cpp
+++ b/jni/jbcrypto.cpp
@@ -40,7 +40,7 @@ int jniThrowException(JNIEnv* env, const char* className, const char* msg) {
     return 0;
 }
 
-
+static char opensslerr[1024];
 jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, jbyteArray from, jint pkeyRef) {
 
 	//	EVP_MD_CTX* ctx = reinterpret_cast<EVP_MD_CTX*>(ctxRef);
@@ -58,7 +58,7 @@ jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass,
 	if(data==NULL )
 		jniThrowException(env, "java/lang/NullPointerException", "data is null");
 
-	unsigned int siglen;
+    int siglen;
 	unsigned char* sigret = (unsigned char*)malloc(RSA_size(pkey->pkey.rsa));
 
 
@@ -66,11 +66,16 @@ jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass,
 	//           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 
 	// adapted from s3_clnt.c
-	if (RSA_sign(NID_md5_sha1, (unsigned char*) data, datalen,
-			sigret, &siglen, pkey->pkey.rsa) <= 0 )
+    /*	if (RSA_sign(NID_md5_sha1, (unsigned char*) data, datalen,
+        sigret, &siglen, pkey->pkey.rsa) <= 0 ) */
+
+    siglen = RSA_private_encrypt(datalen,(unsigned char*) data,sigret,pkey->pkey.rsa,RSA_PKCS1_PADDING);
+
+    if (siglen < 0)
 	{
 
-		jniThrowException(env, "java/security/InvalidKeyException", "rsa_sign went wrong, see logcat");
+        ERR_error_string_n(ERR_get_error(), opensslerr ,1024);
+		jniThrowException(env, "java/security/InvalidKeyException", opensslerr);
 
 		ERR_print_errors_fp(stderr);
 		return NULL;
diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index a8c6825f..3a2f2bbf 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -838,6 +838,7 @@ public class VpnProfile implements Serializable {
             int pkey = (Integer) getPkeyContext.invoke(opensslkey);
             getPkeyContext.setAccessible(false);
 
+            // 112 with TLS 1.2 (172 back with 4.3), 36 with TLS 1.0
             byte[] signed_bytes = NativeUtils.rsasign(data, pkey);
             return Base64.encodeToString(signed_bytes, Base64.NO_WRAP);
 
diff --git a/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java
index 7e436f79..9497f18b 100644
--- a/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java
+++ b/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java
@@ -504,9 +504,15 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement {
 	private void processSignCommand(String b64data) {

 

 		String signed_string = mProfile.getSignedData(b64data);

-		managmentCommand("rsa-sig\n");

+        if(signed_string==null) {

+            managmentCommand("rsa-sig\n");

+            managmentCommand("\nEND\n");

+            stopOpenVPN();

+            return;

+        }

+        managmentCommand("rsa-sig\n");

 		managmentCommand(signed_string);

-		managmentCommand("\nEND\n");

+        managmentCommand("\nEND\n");

 	}

 

 	@Override