1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Merge branch 'master' into add-sha2

This commit is contained in:
Daiyuu Nobori 2017-10-18 16:57:26 +09:00 committed by GitHub
commit 056c322601
7 changed files with 62 additions and 10 deletions

14
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,14 @@
Changes proposed in this pull request:
-
-
-
Your great patch is much appreciated. We are considering to apply your patch into the SoftEther VPN main tree.
SoftEther VPN Patch Acceptance Policy:
http://www.softether.org/5-download/src/9.patch
You have two options which are described on the above policy.
Could you please choose either option 1 or 2, and specify it clearly on the reply?
-

View File

@ -1,4 +1,3 @@
#! /bin/sh #! /bin/sh
### BEGIN INIT INFO ### BEGIN INIT INFO

View File

@ -6663,7 +6663,7 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
CiSetError(c, ERR_ACCOUNT_ACTIVE); CiSetError(c, ERR_ACCOUNT_ACTIVE);
} }
else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_SECURE && else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_SECURE &&
client->UseSecureDeviceId == 0) c->UseSecureDeviceId == 0)
{ {
// Secure device is not specified // Secure device is not specified
CiSetError(c, ERR_NO_SECURE_DEVICE_SPECIFIED); CiSetError(c, ERR_NO_SECURE_DEVICE_SPECIFIED);

View File

@ -2560,6 +2560,8 @@ IKE_ENGINE *NewIkeEngine()
IKE_CRYPTO *des, *des3, *aes; IKE_CRYPTO *des, *des3, *aes;
IKE_HASH *sha1, *md5, *sha2_256, *sha2_384, *sha2_512; IKE_HASH *sha1, *md5, *sha2_256, *sha2_384, *sha2_512;
IKE_DH *dh1, *dh2, *dh5; IKE_DH *dh1, *dh2, *dh5;
IKE_HASH *sha1, *md5;
IKE_DH *dh1, *dh2, *dh5, *dh2048, *dh3072, *dh4096;
UINT des_key_sizes[] = UINT des_key_sizes[] =
{ {
8, 8,
@ -2609,6 +2611,9 @@ IKE_ENGINE *NewIkeEngine()
dh1 = NewIkeDh(e, IKE_DH_1_ID, IKE_DH_1_STRING, 96); dh1 = NewIkeDh(e, IKE_DH_1_ID, IKE_DH_1_STRING, 96);
dh2 = NewIkeDh(e, IKE_DH_2_ID, IKE_DH_2_STRING, 128); dh2 = NewIkeDh(e, IKE_DH_2_ID, IKE_DH_2_STRING, 128);
dh5 = NewIkeDh(e, IKE_DH_5_ID, IKE_DH_5_STRING, 192); dh5 = NewIkeDh(e, IKE_DH_5_ID, IKE_DH_5_STRING, 192);
dh2048 = NewIkeDh(e, IKE_DH_2048_ID, IKE_DH_2048_STRING, 256);
dh3072 = NewIkeDh(e, IKE_DH_3072_ID, IKE_DH_3072_STRING, 384);
dh4096 = NewIkeDh(e, IKE_DH_4096_ID, IKE_DH_4096_STRING, 512);
// Define the IKE algorithm // Define the IKE algorithm
e->IkeCryptos[IKE_P1_CRYPTO_DES_CBC] = des; e->IkeCryptos[IKE_P1_CRYPTO_DES_CBC] = des;
@ -2632,6 +2637,9 @@ IKE_ENGINE *NewIkeEngine()
e->IkeDhs[IKE_P1_DH_GROUP_768_MODP] = e->EspDhs[IKE_P2_DH_GROUP_768_MODP] = dh1; e->IkeDhs[IKE_P1_DH_GROUP_768_MODP] = e->EspDhs[IKE_P2_DH_GROUP_768_MODP] = dh1;
e->IkeDhs[IKE_P1_DH_GROUP_1024_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1024_MODP] = dh2; e->IkeDhs[IKE_P1_DH_GROUP_1024_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1024_MODP] = dh2;
e->IkeDhs[IKE_P1_DH_GROUP_1536_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1536_MODP] = dh5; e->IkeDhs[IKE_P1_DH_GROUP_1536_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1536_MODP] = dh5;
e->IkeDhs[IKE_P1_DH_GROUP_2048_MODP] = e->EspDhs[IKE_P2_DH_GROUP_2048_MODP] = dh2048;
e->IkeDhs[IKE_P1_DH_GROUP_3072_MODP] = e->EspDhs[IKE_P2_DH_GROUP_3072_MODP] = dh3072;
e->IkeDhs[IKE_P1_DH_GROUP_4096_MODP] = e->EspDhs[IKE_P2_DH_GROUP_4096_MODP] = dh4096;
return e; return e;
} }
@ -3183,6 +3191,15 @@ DH_CTX *IkeDhNewCtx(IKE_DH *d)
case IKE_DH_5_ID: case IKE_DH_5_ID:
return DhNewGroup5(); return DhNewGroup5();
case IKE_DH_2048_ID:
return DhNew2048();
case IKE_DH_3072_ID:
return DhNew3072();
case IKE_DH_4096_ID:
return DhNew4096();
} }
return NULL; return NULL;

View File

@ -262,6 +262,9 @@ struct IKE_TRANSFORM_VALUE
#define IKE_P1_DH_GROUP_768_MODP 1 #define IKE_P1_DH_GROUP_768_MODP 1
#define IKE_P1_DH_GROUP_1024_MODP 2 #define IKE_P1_DH_GROUP_1024_MODP 2
#define IKE_P1_DH_GROUP_1536_MODP 5 #define IKE_P1_DH_GROUP_1536_MODP 5
#define IKE_P1_DH_GROUP_2048_MODP 14
#define IKE_P1_DH_GROUP_3072_MODP 15
#define IKE_P1_DH_GROUP_4096_MODP 16
// Phase 1: The expiration date type in IKE transform value // Phase 1: The expiration date type in IKE transform value
#define IKE_P1_LIFE_TYPE_SECONDS 1 #define IKE_P1_LIFE_TYPE_SECONDS 1
@ -275,6 +278,9 @@ struct IKE_TRANSFORM_VALUE
#define IKE_P2_DH_GROUP_768_MODP 1 #define IKE_P2_DH_GROUP_768_MODP 1
#define IKE_P2_DH_GROUP_1024_MODP 2 #define IKE_P2_DH_GROUP_1024_MODP 2
#define IKE_P2_DH_GROUP_1536_MODP 5 #define IKE_P2_DH_GROUP_1536_MODP 5
#define IKE_P2_DH_GROUP_2048_MODP 14
#define IKE_P2_DH_GROUP_3072_MODP 15
#define IKE_P2_DH_GROUP_4096_MODP 16
// Phase 2: The encapsulation mode in IPsec transform value // Phase 2: The encapsulation mode in IPsec transform value
#define IKE_P2_CAPSULE_TUNNEL 1 #define IKE_P2_CAPSULE_TUNNEL 1
@ -552,6 +558,15 @@ struct IKE_P1_KEYSET
#define IKE_DH_5_ID 2 #define IKE_DH_5_ID 2
#define IKE_DH_5_STRING "MODP 1536 (Group 5)" #define IKE_DH_5_STRING "MODP 1536 (Group 5)"
#define IKE_DH_2048_ID 14
#define IKE_DH_2048_STRING "MODP 2048 (Group 14)"
#define IKE_DH_3072_ID 15
#define IKE_DH_3072_STRING "MODP 3072 (Group 15)"
#define IKE_DH_4096_ID 16
#define IKE_DH_4096_STRING "MODP 4096 (Group 16)"
// Encryption algorithm for IKE // Encryption algorithm for IKE
struct IKE_CRYPTO struct IKE_CRYPTO

View File

@ -1749,8 +1749,12 @@ PPP_PACKET *PPPRecvResponsePacket(PPP_SESSION *p, PPP_PACKET *req, USHORT expect
if (pp->IsControl && PPP_CODE_IS_REQUEST(pp->Protocol, pp->Lcp->Code)) if (pp->IsControl && PPP_CODE_IS_REQUEST(pp->Protocol, pp->Lcp->Code))
{ {
// Record current resend because next steps may take a while
UINT64 currentresend = next_resend - now;
// Process when the received packet is a request packet // Process when the received packet is a request packet
response = PPPProcessRequestPacket(p, pp); response = PPPProcessRequestPacket(p, pp);
// Increase next resend because this may have taken a while
next_resend = Tick64() + currentresend;
FreePPPPacket(pp); FreePPPPacket(pp);
if (response == NULL) if (response == NULL)

View File

@ -1154,9 +1154,12 @@ UINT OvsParseKeyMethod2(OPENVPN_KEY_METHOD_2 *ret, UCHAR *data, UINT size, bool
// String // String
if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) && if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) &&
OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) && OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) &&
OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password)) && OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password)))
OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo)))
{ {
if (!OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo)))
{
Zero(ret->PeerInfo, sizeof(ret->PeerInfo));
}
read_size = b->Current; read_size = b->Current;
} }
} }