From 0a649719fa0c37d86078bef6f8a7f6942e6f29ff Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 4 May 2022 12:59:09 +0200 Subject: Remove API support for API < 19 (Kitkat) The newest NDK only support API 19 and higher. Remove support for lower APIs from this app. --- main/build.gradle.kts | 4 +- main/src/main/cpp/CMakeLists.txt | 5 - main/src/main/cpp/jbcrypto/jbcrypto.cpp | 126 --------------------- .../java/de/blinkt/openvpn/core/LocaleHelper.java | 5 +- .../java/de/blinkt/openvpn/core/NativeUtils.java | 4 - .../java/de/blinkt/openvpn/core/NetworkSpace.java | 29 ----- .../de/blinkt/openvpn/core/OpenVPNService.java | 27 +---- .../blinkt/openvpn/core/OpenVPNStatusService.java | 5 +- main/src/main/res/values/strings.xml | 2 - .../de/blinkt/openvpn/fragments/FaqFragment.java | 2 - 10 files changed, 8 insertions(+), 201 deletions(-) delete mode 100644 main/src/main/cpp/jbcrypto/jbcrypto.cpp diff --git a/main/build.gradle.kts b/main/build.gradle.kts index 6cc4141c..181cf84c 100644 --- a/main/build.gradle.kts +++ b/main/build.gradle.kts @@ -15,10 +15,10 @@ plugins { android { compileSdk = 32 - //ndkVersion = "23.0.7599858" + ndkVersion = "24.0.8215888" defaultConfig { - minSdk = 16 + minSdk = 19 targetSdk = 32 versionCode = 189 versionName = "0.7.34" diff --git a/main/src/main/cpp/CMakeLists.txt b/main/src/main/cpp/CMakeLists.txt index e9721e33..72425792 100644 --- a/main/src/main/cpp/CMakeLists.txt +++ b/main/src/main/cpp/CMakeLists.txt @@ -114,11 +114,6 @@ else () message("Not budiling SSLSpeedTest for output dir ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}") endif () -# The magic Jellybean keystore signing hack. Beware dragons and dlsyms magic ahead -add_library(jbcrypto SHARED jbcrypto/jbcrypto.cpp) -target_link_libraries(jbcrypto log dl) -target_compile_options(jbcrypto PRIVATE) - set(openvpn_srcs src/compat/compat-basename.c src/compat/compat-daemon.c diff --git a/main/src/main/cpp/jbcrypto/jbcrypto.cpp b/main/src/main/cpp/jbcrypto/jbcrypto.cpp deleted file mode 100644 index 2ac52120..00000000 --- a/main/src/main/cpp/jbcrypto/jbcrypto.cpp +++ /dev/null @@ -1,126 +0,0 @@ -// -// JBCyrpto.cpp -// xcopenvpn -// -// Created by Arne Schwabe on 12.07.12. -// Copyright (c) 2012 Universität Paderborn. All rights reserved. -// - -#include - -#include -#include -#include -#include - -// Minimal defines for openssl 1.0.x -typedef void *RSA; - -struct EVP_PKEY -{ - int type; - int save_type; - int references; - void *ameth; - void *engine; - union { - RSA *rsa; - } pkey; -}; - -#define RSA_PKCS1_PADDING 1 -#define RSA_NO_PADDING 3 - -extern "C" { - jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign(JNIEnv* env, jclass, jbyteArray from, jint pkeyRef, jboolean pkcs1padding); - int jniThrowException(JNIEnv* env, const char* className, const char* msg); - - int (*RSA_size_dyn)(const RSA *); - int (*RSA_private_encrypt_dyn)(int, const unsigned char *, unsigned char *, RSA *, int); - - unsigned long (*ERR_get_error_dyn)(); - void (*ERR_error_string_n_dyn)(unsigned long, char *, size_t); - - void (*ERR_print_errors_fp_dyn)(FILE *); - -} - -int jniThrowException(JNIEnv* env, const char* className, const char* msg) { - - jclass exceptionClass = env->FindClass(className); - - if (exceptionClass == NULL) { - __android_log_print(ANDROID_LOG_DEBUG,"openvpn","Unable to find exception class %s", className); - /* ClassNotFoundException now pending */ - return -1; - } - - if (env->ThrowNew( exceptionClass, msg) != JNI_OK) { - __android_log_print(ANDROID_LOG_DEBUG,"openvpn","Failed throwing '%s' '%s'", className, msg); - /* an exception, most likely OOM, will now be pending */ - return -1; - } - - env->DeleteLocalRef(exceptionClass); - return 0; -} - -static char opensslerr[1024]; -jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, jbyteArray from, jint pkeyRef, jboolean pkcs1padding) { - - - // EVP_MD_CTX* ctx = reinterpret_cast(ctxRef); - EVP_PKEY* pkey = reinterpret_cast(pkeyRef); - - - if (pkey == NULL || from == NULL) { - jniThrowException(env, "java/lang/NullPointerException", "EVP_KEY is null"); - return NULL; - } - - jbyte* data = env-> GetByteArrayElements (from, NULL); - int datalen = env-> GetArrayLength(from); - - if(data==NULL ) - jniThrowException(env, "java/lang/NullPointerException", "data is null"); - - int siglen; - RSA_size_dyn= (int (*) (const RSA *)) dlsym(RTLD_DEFAULT, "RSA_size"); - unsigned char* sigret = (unsigned char*)malloc(RSA_size_dyn(pkey->pkey.rsa)); - - - //int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - // unsigned char *sigret, unsigned int *siglen, RSA *rsa); - - // adapted from s3_clnt.c - /* if (RSA_sign(NID_md5_sha1, (unsigned char*) data, datalen, - sigret, &siglen, pkey->pkey.rsa) <= 0 ) */ - - RSA_private_encrypt_dyn=(int (*)(int, const unsigned char *, unsigned char *, RSA *, int)) dlsym(RTLD_DEFAULT, "RSA_private_encrypt"); - int paddding = pkcs1padding ? RSA_PKCS1_PADDING : RSA_NO_PADDING; - siglen = RSA_private_encrypt_dyn(datalen,(unsigned char*) data,sigret,pkey->pkey.rsa, paddding); - - if (siglen < 0) - { - ERR_get_error_dyn = (unsigned long (*)()) dlsym(RTLD_DEFAULT, "ERR_get_error"); - ERR_error_string_n_dyn = (void (*)(unsigned long, char *, size_t)) dlsym(RTLD_DEFAULT, "ERR_error_string_n"); - - ERR_error_string_n_dyn(ERR_get_error_dyn(), opensslerr ,1024); - jniThrowException(env, "java/security/InvalidKeyException", opensslerr); - - ERR_print_errors_fp_dyn = (void (*)(FILE *)) dlsym(RTLD_DEFAULT, "ERR_print_errors_fp"); - ERR_print_errors_fp_dyn(stderr); - return NULL; - - } - - - jbyteArray jb; - - jb =env->NewByteArray(siglen); - - env->SetByteArrayRegion(jb, 0, siglen, (jbyte *) sigret); - free(sigret); - return jb; - -} diff --git a/main/src/main/java/de/blinkt/openvpn/core/LocaleHelper.java b/main/src/main/java/de/blinkt/openvpn/core/LocaleHelper.java index 2b0c1975..516e025d 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/LocaleHelper.java +++ b/main/src/main/java/de/blinkt/openvpn/core/LocaleHelper.java @@ -62,10 +62,7 @@ public class LocaleHelper { Configuration config = new Configuration(res.getConfiguration()); - if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) - config.setLocale(desiredLocale); - else - config.locale = desiredLocale; + config.setLocale(desiredLocale); res.updateConfiguration(config, res.getDisplayMetrics()); } diff --git a/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java b/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java index 470ec6d6..72b2b784 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java +++ b/main/src/main/java/de/blinkt/openvpn/core/NativeUtils.java @@ -53,10 +53,6 @@ public class NativeUtils { static { if (!isRoboUnitTest()) { System.loadLibrary("ovpnutil"); - if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) - System.loadLibrary("jbcrypto"); - - if (!BuildConfig.FLAVOR.equals("skeleton")) { System.loadLibrary("osslspeedtest"); } diff --git a/main/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java b/main/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java index 2ad80bc3..5876ead5 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java +++ b/main/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java @@ -336,35 +336,6 @@ public class NetworkSpace { ips.add(ia); } - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) { - // Include postive routes from the original set under < 4.4 since these might overrule the local - // network but only if no smaller negative route exists - for (IpAddress origIp : mIpAddresses) { - if (!origIp.included) - continue; - - // The netspace exists - if (ipsSorted.contains(origIp)) - continue; - - boolean skipIp = false; - // If there is any smaller net that is excluded we may not add the positive route back - - for (IpAddress calculatedIp : ipsSorted) { - if (!calculatedIp.included && origIp.containsNet(calculatedIp)) { - skipIp = true; - break; - } - } - if (skipIp) - continue; - - // It is safe to include the IP - ips.add(origIp); - } - - } - return ips; } diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index 284b55a2..f1f2edb7 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -276,10 +276,8 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac // Try to set the priority available since API 16 (Jellybean) - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) { - jbNotificationExtras(priority, nbuilder); - addVpnActionsToNotification(nbuilder); - } + jbNotificationExtras(priority, nbuilder); + addVpnActionsToNotification(nbuilder); if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) lpNotificationExtras(nbuilder, Notification.CATEGORY_SERVICE); @@ -360,7 +358,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } } - @TargetApi(Build.VERSION_CODES.JELLY_BEAN) private void jbNotificationExtras(int priority, android.app.Notification.Builder nbuilder) { try { @@ -381,7 +378,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } - @RequiresApi(api = Build.VERSION_CODES.JELLY_BEAN) private void addVpnActionsToNotification(Notification.Builder nbuilder) { Intent disconnectVPN = new Intent(this, DisconnectVPN.class); disconnectVPN.setAction(DISCONNECT_VPN); @@ -442,9 +438,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac registerReceiver(mDeviceStateReceiver, filter); VpnStatus.addByteCountListener(mDeviceStateReceiver); - - /*if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) - addLollipopCMListener(); */ } synchronized void unregisterDeviceStateReceiver(DeviceStateReceiver deviceStateReceiver) { @@ -458,9 +451,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac // Ignore for now ... iae.printStackTrace(); } - /*if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) - removeLollipopCMListener();*/ - } public void userPause(boolean shouldBePaused) { @@ -943,9 +933,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } catch (Exception e) { VpnStatus.logError(R.string.tun_open_error); VpnStatus.logError(getString(R.string.error) + e.getLocalizedMessage()); - if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.JELLY_BEAN_MR1) { - VpnStatus.logError(R.string.tun_error_helpful); - } return null; } @@ -983,10 +970,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac if (ipAddr.equals(mLocalIP.mIp)) continue; - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT && !mProfile.mAllowLocalLAN) { - mRoutes.addIPSplit(new CIDRIP(ipAddr, netMask), true); - - } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && mProfile.mAllowLocalLAN) + if(mProfile.mAllowLocalLAN) mRoutes.addIP(new CIDRIP(ipAddr, netMask), false); } @@ -1377,10 +1361,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.updateStateString("USER_INPUT", "waiting for user input", reason, LEVEL_WAITING_FOR_USER_INPUT, intent); nbuilder.setContentIntent(pIntent); - - // Try to set the priority available since API 16 (Jellybean) - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) - jbNotificationExtras(PRIORITY_MAX, nbuilder); + jbNotificationExtras(PRIORITY_MAX, nbuilder); if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) lpNotificationExtras(nbuilder, Notification.CATEGORY_STATUS); diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNStatusService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNStatusService.java index faae9327..ad9b07d5 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNStatusService.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNStatusService.java @@ -101,10 +101,7 @@ public class OpenVPNStatusService extends Service implements VpnStatus.LogListen return pipe[0]; } catch (IOException e) { e.printStackTrace(); - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH_MR1) { - throw new RemoteException(e.getMessage()); - } - return null; + throw new RemoteException(e.getMessage()); } } diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index fe5a7a06..b02c2259 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -358,7 +358,6 @@ Tethering works while the VPN is active. The tethered connection will NOT use the VPN. Early KitKat version set the wrong MSS value on TCP connections (#61948). Try to enable the mssfix option to workaround this bug. Android will keep using your proxy settings specified for the mobile/Wi-Fi connection when no DNS servers are set. OpenVPN for Android will warn you about this in the log.

When a VPN sets a DNS server Android will not use a proxy. There is no API to set a proxy for a VPN connection.

 - VPN apps may stop working when uninstalled and reinstalled again. For details see #80074 The configured client IP and the IPs in its network mask are not routed to the VPN. OpenVPN works around this bug by explicitly adding a route that corrosponds to the client IP and its netmask Opening a tun device while another tun device is active, which is used for persist-tun support, crashes the VPNServices on the device. A reboot is required to make VPN work again. OpenVPN for Android tries to avoid reopening the tun device and if really needed first closes the current TUN before opening the new TUN device to avoid to crash. This may lead to a short window where packets are sent over the non-VPN connection. Even with this workaround the VPNServices sometimes crashes and requires a reboot of the device. VPN does not work at all for secondary users. @@ -366,7 +365,6 @@ Only destination can be reached over the VPN that are reachable without VPN. IPv6 VPNs does not work at all. Non CIDR Routes Proxy behaviour for VPNs - Reinstalling VPN apps %s and earlier Copy of %s Route to the configured IP address diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/FaqFragment.java b/main/src/ui/java/de/blinkt/openvpn/fragments/FaqFragment.java index 326f6408..dcdfd5e3 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/FaqFragment.java +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/FaqFragment.java @@ -127,8 +127,6 @@ public class FaqFragment extends Fragment { new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.faq_androids_clients_title, R.string.faq_android_clients), - new FAQEntry(Build.VERSION_CODES.LOLLIPOP, Build.VERSION_CODES.LOLLIPOP_MR1, R.string.ab_lollipop_reinstall_title, R.string.ab_lollipop_reinstall), - new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, Build.VERSION_CODES.JELLY_BEAN_MR2, R.string.vpn_tethering_title, R.string.faq_tethering), new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, Build.VERSION_CODES.JELLY_BEAN_MR2, R.string.broken_images, R.string.broken_images_faq), -- cgit v1.2.3