From 3166e5229ce512c2424beed9514ab8d76dde2204 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Wed, 6 Oct 2021 16:25:09 +0200
Subject: Add option to allow loading the legacy provider

---
 main/src/main/java/de/blinkt/openvpn/VpnProfile.java  | 19 ++++++++++++++++---
 main/src/main/res/values/strings.xml                  |  3 ++-
 .../de/blinkt/openvpn/activities/ConfigConverter.kt   | 12 ++++++++----
 .../de/blinkt/openvpn/fragments/Settings_Basic.java   |  3 +++
 main/src/ui/res/layout/basic_settings.xml             |  5 +++++
 5 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 1561b1cc..af548740 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -66,7 +66,7 @@ public class VpnProfile implements Serializable, Cloneable {
     public static final String INLINE_TAG = "[[INLINE]]";
     public static final String DISPLAYNAME_TAG = "[[NAME]]";
     public static final int MAXLOGLEVEL = 4;
-    public static final int CURRENT_PROFILE_VERSION = 9;
+    public static final int CURRENT_PROFILE_VERSION = 10;
     public static final int DEFAULT_MSSFIX_SIZE = 1280;
     public static final int TYPE_CERTIFICATES = 0;
     public static final int TYPE_PKCS12 = 1;
@@ -169,6 +169,7 @@ public class VpnProfile implements Serializable, Cloneable {
     public boolean mCheckPeerFingerprint = false;
     public String mPeerFingerPrints = "";
     public int mCompatMode = 0;
+    public boolean mUseLegacyProvider = false;
 
     private transient PrivateKey mPrivateKey;
     // Public attributes, since I got mad with getter/setter
@@ -331,6 +332,12 @@ public class VpnProfile implements Serializable, Cloneable {
                 if (!TextUtils.isEmpty(mCipher) && !mCipher.equals("AES-256-GCM") && !mCipher.equals("AES-128-GCM")) {
                     mDataCiphers = "AES-256-GCM:AES-128-GCM:" + mCipher;
                 }
+            case 9:
+                if (!TextUtils.isEmpty(mDataCiphers) &&
+                        mDataCiphers.toUpperCase(Locale.ROOT).contains("BF-CBC"))
+                {
+                    mUseLegacyProvider = true;
+                }
             default:
         }
 
@@ -657,6 +664,8 @@ public class VpnProfile implements Serializable, Cloneable {
         if (!TextUtils.isEmpty(mDataCiphers)) {
             cfg.append("data-ciphers ").append(mDataCiphers).append("\n");
         }
+        if (mUseLegacyProvider)
+            cfg.append("provider legacy:default\n");
 
         if (mCompatMode > 0)
         {
@@ -1049,8 +1058,12 @@ public class VpnProfile implements Serializable, Cloneable {
             }
         }
 
-        if (mAuthenticationType != TYPE_STATICKEYS && !mCheckPeerFingerprint && TextUtils.isEmpty(mCaFilename)) {
-            return R.string.need_fingerprint_or_ca;
+
+        if (mAuthenticationType == TYPE_STATICKEYS || mAuthenticationType == TYPE_CERTIFICATES
+                || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) {
+            if (!mCheckPeerFingerprint && TextUtils.isEmpty(mCaFilename)) {
+                return R.string.need_fingerprint_or_ca;
+            }
         }
         // Everything okay
         return R.string.no_error_found;
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index 4ae7a804..01b1842e 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -510,7 +510,8 @@
     <string name="import_from_access_server">OpenVPN Access Server</string>
     <string name="import_from_URL">URL</string>
     <string name="compatmode">Compatibility Mode</string>
-    <string name="compat_mode_label">Compatibility mode</string>
     <string name="need_fingerprint_or_ca">An OpenVPN profile needs a CA certificate or peer fingerprint</string>
+    <string name="compat_mode_label">Compatibility mode</string>
+    <string name="loadossllegacy">Load OpenSSL legacy provider</string>
 
 </resources>
diff --git a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
index 5426f669..73a3f75e 100644
--- a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
@@ -37,7 +37,6 @@ import de.blinkt.openvpn.views.FileSelectLayout
 import de.blinkt.openvpn.views.FileSelectLayout.FileSelectCallback
 import java.io.*
 import java.net.URLDecoder
-import java.nio.charset.StandardCharsets
 import java.util.*
 
 class ConfigConverter : BaseActivity(), FileSelectCallback, View.OnClickListener {
@@ -127,11 +126,16 @@ class ConfigConverter : BaseActivity(), FileSelectCallback, View.OnClickListener
         }
 
         mResult!!.mCompatMode = Utils.mapCompatMode(mCompatmode.selectedItemPosition)
+        /* If you need compability with such an old version there is a high chance that
+           the legacy provider is needed as well
+         */
+        if (mResult!!.mCompatMode <= 20400)
+            mResult!!.mUseLegacyProvider = true;
 
-        val `in` = installPKCS12()
+        val intent = installPKCS12()
 
-        if (`in` != null)
-            startActivityForResult(`in`, RESULT_INSTALLPKCS12)
+        if (intent != null)
+            startActivityForResult(intent, RESULT_INSTALLPKCS12)
         else
             saveProfile()
 
diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Basic.java b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Basic.java
index 0899dd13..d4ea3d92 100644
--- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Basic.java
+++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Basic.java
@@ -26,6 +26,7 @@ public class Settings_Basic extends KeyChainSettingsFragment implements OnItemSe
     private FileSelectLayout mCaCert;
     private FileSelectLayout mClientKey;
     private CheckBox mUseLzo;
+    private CheckBox mUseLegacyProvider;
     private Spinner mType;
     private Spinner mCompatMode;
     private FileSelectLayout mpkcs12;
@@ -68,6 +69,7 @@ public class Settings_Basic extends KeyChainSettingsFragment implements OnItemSe
         mpkcs12 = mView.findViewById(id.pkcs12select);
         mCrlFile = mView.findViewById(id.crlfile);
         mUseLzo = mView.findViewById(id.lzo);
+        mUseLegacyProvider = mView.findViewById(R.id.legacyprovider);
         mType = mView.findViewById(id.type);
         mCompatMode = mView.findViewById(id.compatmode);
         mPKCS12Password = mView.findViewById(id.pkcs12password);
@@ -191,6 +193,7 @@ public class Settings_Basic extends KeyChainSettingsFragment implements OnItemSe
         mCrlFile.setData(mProfile.mCrlFilename, getActivity());
 
         mUseLzo.setChecked(mProfile.mUseLzo);
+        mUseLegacyProvider.setChecked(mProfile.mUseLegacyProvider);
         mType.setSelection(mProfile.mAuthenticationType);
         mCompatMode.setSelection(Utils.mapCompatVer(mProfile.mCompatMode));
         mpkcs12.setData(mProfile.mPKCS12Filename, getActivity());
diff --git a/main/src/ui/res/layout/basic_settings.xml b/main/src/ui/res/layout/basic_settings.xml
index dd2ed25e..8aa4c811 100644
--- a/main/src/ui/res/layout/basic_settings.xml
+++ b/main/src/ui/res/layout/basic_settings.xml
@@ -39,6 +39,11 @@
                 android:entries="@array/compat_mode"
             />
 
+        <CheckBox
+                android:id="@+id/legacyprovider"
+                style="@style/item"
+                android:text="@string/loadossllegacy" />
+
         <CheckBox
             android:id="@+id/lzo"
             style="@style/item"
-- 
cgit v1.2.3