From 2f137c89d76808d537d3694975518df30475bd90 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 30 Oct 2021 23:00:54 +0200 Subject: Update OpenVPN 2.x and OpenVPN 3.x Signed-off-by: Arne Schwabe --- main/src/main/cpp/openvpn | 2 +- main/src/main/cpp/openvpn3 | 2 +- main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 4 ++-- main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java | 10 +++++++++- .../src/main/java/de/blinkt/openvpn/core/OpenVPNService.java | 12 +++++++++++- main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java | 2 ++ 6 files changed, 26 insertions(+), 6 deletions(-) diff --git a/main/src/main/cpp/openvpn b/main/src/main/cpp/openvpn index 65ad05d7..e3831a62 160000 --- a/main/src/main/cpp/openvpn +++ b/main/src/main/cpp/openvpn @@ -1 +1 @@ -Subproject commit 65ad05d7092dc5e2b65dfd709b0b8848810cbe34 +Subproject commit e3831a62798d0324eb1e1badc1f199269a5baca7 diff --git a/main/src/main/cpp/openvpn3 b/main/src/main/cpp/openvpn3 index eb4ee857..d0727096 160000 --- a/main/src/main/cpp/openvpn3 +++ b/main/src/main/cpp/openvpn3 @@ -1 +1 @@ -Subproject commit eb4ee857333d58ef23ad83bc22eb0687951938aa +Subproject commit d07270962a013844c0f031b73fc5f1b439476d16 diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 4a5b2b4c..bac5939d 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -384,7 +384,7 @@ public class VpnProfile implements Serializable, Cloneable { cfg.append(String.format("setenv IV_PLAT_VER %s\n", openVpnEscape(versionString))); if (mUseLegacyProvider) - cfg.append("provider legacy:default\n"); + cfg.append("provider legacy default\n"); if (!TextUtils.isEmpty(mTlSCertProfile) && mAuthenticationType != TYPE_STATICKEYS) cfg.append(String.format("tls-cert-profile %s\n", mTlSCertProfile)); @@ -1067,7 +1067,7 @@ public class VpnProfile implements Serializable, Cloneable { if (!mUseLegacyProvider && (dataciphers.contains("BF-CBC") - || ((mCompatMode > 0 && mCompatMode < 20500) || useOpenVPN3) + || (mCompatMode > 0 && mCompatMode < 20500) && cipher.equals("BF-CBC"))) { return R.string.bf_cbc_requires_legacy; diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index db530320..026586d5 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -564,12 +564,20 @@ public class ConfigParser { } } - Vector provider = getOption("provider", 1, 1); + Vector provider = getOption("provider", 1, 9); if (provider != null) { String providers = provider.get(1).toLowerCase(Locale.ROOT); if (providers.equals("legacy:default") || providers.equals("default:legacy")) np.mUseLegacyProvider = true; + + for (String prov:provider) + { + if ("legacy".equals(prov.toLowerCase(Locale.ROOT))) + { + np.mUseLegacyProvider = true; + } + } } diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index 09730245..f7b65151 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -536,7 +536,11 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac if (profile == null) return; ShortcutManager shortcutManager = getSystemService(ShortcutManager.class); - shortcutManager.reportShortcutUsed(profile.getUUIDString()); + if (shortcutManager!=null) { + /* This should never been null but I do not trust Android ROMs to do the right thing + * anymore and neither seems Coverity */ + shortcutManager.reportShortcutUsed(profile.getUUIDString()); + } } private VpnProfile fetchVPNProfile(Intent intent) @@ -752,6 +756,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.logInfo(R.string.last_openvpn_tun_config); + if (mProfile == null) + { + VpnStatus.logError("OpenVPN tries to open a VPN descriptor with mProfile==null, please report this bug with log!"); + return null; + } + boolean allowUnsetAF = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && !mProfile.mBlockUnusedAddressFamilies; if (allowUnsetAF) { allowAllAFFamilies(builder); diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java index f10011c9..b9ed9822 100644 --- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java +++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java @@ -185,6 +185,8 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable boolean retryOnAuthFailed = mVp.mAuthRetry == AUTH_RETRY_NOINTERACT; config.setRetryOnAuthFailed(retryOnAuthFailed); config.setEnableLegacyAlgorithms(mVp.mUseLegacyProvider); + if (mVp.mCompatMode > 0 && mVp.mCompatMode < 20500) + config.setEnableNonPreferredDCOAlgorithms(true); if (!TextUtils.isEmpty(mVp.mTlSCertProfile)) config.setTlsCertProfileOverride(mVp.mTlSCertProfile); -- cgit v1.2.3