From f481f5508518f172a39c81829264df8686fe7872 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Fri, 23 Aug 2013 12:35:11 +0200 Subject: Fix TLS 1.2 and Android 4.1 --- jni/jbcrypto.cpp | 15 ++++++++++----- src/de/blinkt/openvpn/VpnProfile.java | 1 + src/de/blinkt/openvpn/core/OpenVpnManagementThread.java | 10 ++++++++-- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/jni/jbcrypto.cpp b/jni/jbcrypto.cpp index 7413a313..2fd1262a 100644 --- a/jni/jbcrypto.cpp +++ b/jni/jbcrypto.cpp @@ -40,7 +40,7 @@ int jniThrowException(JNIEnv* env, const char* className, const char* msg) { return 0; } - +static char opensslerr[1024]; jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, jbyteArray from, jint pkeyRef) { // EVP_MD_CTX* ctx = reinterpret_cast(ctxRef); @@ -58,7 +58,7 @@ jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, if(data==NULL ) jniThrowException(env, "java/lang/NullPointerException", "data is null"); - unsigned int siglen; + int siglen; unsigned char* sigret = (unsigned char*)malloc(RSA_size(pkey->pkey.rsa)); @@ -66,11 +66,16 @@ jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsasign (JNIEnv* env, jclass, // unsigned char *sigret, unsigned int *siglen, RSA *rsa); // adapted from s3_clnt.c - if (RSA_sign(NID_md5_sha1, (unsigned char*) data, datalen, - sigret, &siglen, pkey->pkey.rsa) <= 0 ) + /* if (RSA_sign(NID_md5_sha1, (unsigned char*) data, datalen, + sigret, &siglen, pkey->pkey.rsa) <= 0 ) */ + + siglen = RSA_private_encrypt(datalen,(unsigned char*) data,sigret,pkey->pkey.rsa,RSA_PKCS1_PADDING); + + if (siglen < 0) { - jniThrowException(env, "java/security/InvalidKeyException", "rsa_sign went wrong, see logcat"); + ERR_error_string_n(ERR_get_error(), opensslerr ,1024); + jniThrowException(env, "java/security/InvalidKeyException", opensslerr); ERR_print_errors_fp(stderr); return NULL; diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java index a8c6825f..3a2f2bbf 100644 --- a/src/de/blinkt/openvpn/VpnProfile.java +++ b/src/de/blinkt/openvpn/VpnProfile.java @@ -838,6 +838,7 @@ public class VpnProfile implements Serializable { int pkey = (Integer) getPkeyContext.invoke(opensslkey); getPkeyContext.setAccessible(false); + // 112 with TLS 1.2 (172 back with 4.3), 36 with TLS 1.0 byte[] signed_bytes = NativeUtils.rsasign(data, pkey); return Base64.encodeToString(signed_bytes, Base64.NO_WRAP); diff --git a/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java index 7e436f79..9497f18b 100644 --- a/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/src/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -504,9 +504,15 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { private void processSignCommand(String b64data) { String signed_string = mProfile.getSignedData(b64data); - managmentCommand("rsa-sig\n"); + if(signed_string==null) { + managmentCommand("rsa-sig\n"); + managmentCommand("\nEND\n"); + stopOpenVPN(); + return; + } + managmentCommand("rsa-sig\n"); managmentCommand(signed_string); - managmentCommand("\nEND\n"); + managmentCommand("\nEND\n"); } @Override -- cgit v1.2.3