Update OpenVPN 2.x and OpenVPN 3.x

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
author: Arne Schwabe <arne@rfc2549.org> 2021-10-30 23:00:54 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2021-12-17 11:36:32 +0100
commit: 2f137c89d76808d537d3694975518df30475bd90 (patch)
tree: f86d169cd3770725636781618b7764a7ca23e8d0
parent: 1e40ded48b1dfbb9edcd13a4f6d4f69abfb7ffb2 (diff)
6 files changed, 24 insertions, 4 deletions
diff --git a/main/src/main/cpp/openvpn b/main/src/main/cpp/openvpn
-Subproject 65ad05d7092dc5e2b65dfd709b0b8848810cbe3
+Subproject e3831a62798d0324eb1e1badc1f199269a5baca
diff --git a/main/src/main/cpp/openvpn3 b/main/src/main/cpp/openvpn3
-Subproject eb4ee857333d58ef23ad83bc22eb0687951938a
+Subproject d07270962a013844c0f031b73fc5f1b439476d1
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 4a5b2b4c..bac5939d 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -384,7 +384,7 @@ public class VpnProfile implements Serializable, Cloneable {
             cfg.append(String.format("setenv IV_PLAT_VER %s\n", openVpnEscape(versionString)));
 
             if (mUseLegacyProvider)
-                cfg.append("provider legacy:default\n");
+                cfg.append("provider legacy default\n");
 
             if (!TextUtils.isEmpty(mTlSCertProfile) && mAuthenticationType != TYPE_STATICKEYS)
                 cfg.append(String.format("tls-cert-profile %s\n", mTlSCertProfile));
@@ -1067,7 +1067,7 @@ public class VpnProfile implements Serializable, Cloneable {
 
         if (!mUseLegacyProvider &&
                 (dataciphers.contains("BF-CBC")
-                || ((mCompatMode > 0 && mCompatMode < 20500) || useOpenVPN3)
+                || (mCompatMode > 0 && mCompatMode < 20500)
                 && cipher.equals("BF-CBC")))
         {
             return R.string.bf_cbc_requires_legacy;
diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index db530320..026586d5 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -564,12 +564,20 @@ public class ConfigParser {
             }
         }
 
-        Vector<String> provider = getOption("provider", 1, 1);
+        Vector<String> provider = getOption("provider", 1, 9);
         if (provider != null)
         {
             String providers = provider.get(1).toLowerCase(Locale.ROOT);
             if (providers.equals("legacy:default") || providers.equals("default:legacy"))
                 np.mUseLegacyProvider = true;
+
+            for (String prov:provider)
+            {
+                if ("legacy".equals(prov.toLowerCase(Locale.ROOT)))
+                {
+                    np.mUseLegacyProvider = true;
+                }
+            }
         }
 
 
diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index 09730245..f7b65151 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -536,7 +536,11 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
         if (profile == null)
             return;
         ShortcutManager shortcutManager = getSystemService(ShortcutManager.class);
-        shortcutManager.reportShortcutUsed(profile.getUUIDString());
+        if (shortcutManager!=null) {
+            /* This should never been null but I do not trust Android ROMs to do the right thing
+             * anymore and neither seems Coverity */
+            shortcutManager.reportShortcutUsed(profile.getUUIDString());
+        }
     }
 
     private VpnProfile fetchVPNProfile(Intent intent)
@@ -752,6 +756,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
 
         VpnStatus.logInfo(R.string.last_openvpn_tun_config);
 
+        if (mProfile == null)
+        {
+            VpnStatus.logError("OpenVPN tries to open a VPN descriptor with mProfile==null, please report this bug with log!");
+            return null;
+        }
+
         boolean allowUnsetAF = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && !mProfile.mBlockUnusedAddressFamilies;
         if (allowUnsetAF) {
             allowAllAFFamilies(builder);
diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
index f10011c9..b9ed9822 100644
--- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
+++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
@@ -185,6 +185,8 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
         boolean retryOnAuthFailed = mVp.mAuthRetry == AUTH_RETRY_NOINTERACT;
         config.setRetryOnAuthFailed(retryOnAuthFailed);
         config.setEnableLegacyAlgorithms(mVp.mUseLegacyProvider);
+        if (mVp.mCompatMode > 0 && mVp.mCompatMode < 20500)
+            config.setEnableNonPreferredDCOAlgorithms(true);
         if (!TextUtils.isEmpty(mVp.mTlSCertProfile))
             config.setTlsCertProfileOverride(mVp.mTlSCertProfile);
author	Arne Schwabe <arne@rfc2549.org>	2021-10-30 23:00:54 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2021-12-17 11:36:32 +0100
commit	2f137c89d76808d537d3694975518df30475bd90 (patch)
tree	f86d169cd3770725636781618b7764a7ca23e8d0
parent	1e40ded48b1dfbb9edcd13a4f6d4f69abfb7ffb2 (diff)