Merge branch 'SoftEtherVPN:master' into nt-fix

2024-09-13 07:13:00 +03:00 · 2024-08-15 04:28:13 -04:00 · 2024-08-15 04:28:13 -04:00 · 27d233a522
commit 27d233a522
parent 128fefc63e 31fed5a28f
8 changed files with 60 additions and 2 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -10,3 +10,9 @@
 [submodule "src/libhamcore"]
 	path = src/libhamcore
 	url = https://github.com/SoftEtherVPN/libhamcore.git
+[submodule "src/Mayaqua/3rdparty/oqs-provider"]
+	path = src/Mayaqua/3rdparty/oqs-provider
+	url = https://github.com/open-quantum-safe/oqs-provider.git
+[submodule "src/Mayaqua/3rdparty/liboqs"]
+	path = src/Mayaqua/3rdparty/liboqs
+	url = https://github.com/open-quantum-safe/liboqs.git
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.10)
+cmake_minimum_required(VERSION 3.15)

 set(BUILD_NUMBER CACHE STRING "The number of the current build.")

--- a/src/Mayaqua/3rdparty/Findliboqs.cmake
+++ b/src/Mayaqua/3rdparty/Findliboqs.cmake
@ -0,0 +1,2 @@
+set(oqs_FOUND TRUE)
+add_library(OQS::oqs ALIAS oqs)
--- a/src/Mayaqua/3rdparty/liboqs
+++ b/src/Mayaqua/3rdparty/liboqs
@ -0,0 +1 @@
+Subproject commit 51ddd33cc04d12bd47c8639c1254714879f4cdf3
--- a/src/Mayaqua/3rdparty/oqs-provider
+++ b/src/Mayaqua/3rdparty/oqs-provider
@ -0,0 +1 @@
+Subproject commit 8f37521d5e27ab4d1e0d69a4b4a5bd17927b24b9
--- a/src/Mayaqua/CMakeLists.txt
+++ b/src/Mayaqua/CMakeLists.txt
@ -18,6 +18,22 @@ set_target_properties(mayaqua

 find_package(OpenSSL REQUIRED)

+if(OPENSSL_VERSION VERSION_LESS "3") # Disable oqsprovider when OpenSSL version < 3
+  add_definitions(-DSKIP_OQS_PROVIDER)
+else()
+  set(OQS_BUILD_ONLY_LIB ON CACHE BOOL "Set liboqs to build only the library (no tests)")
+  set(BUILD_TESTING OFF CACHE BOOL "By setting this to OFF, no tests or examples will be compiled.")
+  set(OQS_PROVIDER_BUILD_STATIC ON CACHE BOOL "Build a static library instead of a shared library") # Build oqsprovider as a static library (defaults to shared)
+  list(PREPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/src/Mayaqua/3rdparty/")
+
+  add_subdirectory(3rdparty/liboqs)
+  add_subdirectory(3rdparty/oqs-provider)
+
+  target_include_directories(oqsprovider PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/3rdparty/liboqs/include)
+  set_property(TARGET oqsprovider PROPERTY POSITION_INDEPENDENT_CODE ON)
+  target_link_libraries(mayaqua PRIVATE oqsprovider)
+endif()
+
 include(CheckSymbolExists)

 set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
--- a/src/Mayaqua/Encrypt.c
+++ b/src/Mayaqua/Encrypt.c
@ -42,6 +42,10 @@
 #include <openssl/x509v3.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
+// Static oqsprovider initialization function
+#ifndef SKIP_OQS_PROVIDER
+	extern OSSL_provider_init_fn oqs_provider_init;
+#endif
 #endif

 #ifdef _MSC_VER
@ -347,6 +351,11 @@ MD *NewMdEx(char *name, bool hmac)
 #else
 		m->Ctx = EVP_MD_CTX_create();
 #endif
+		if (m->Ctx == NULL)
+		{
+			return NULL;
+		}
+
 		if (EVP_DigestInit_ex(m->Ctx, m->Md, NULL) == false)
 		{
 			Debug("NewMdEx(): EVP_DigestInit_ex() failed with error: %s\n", OpenSSL_Error());
@ -4005,7 +4014,13 @@ void InitCryptLibrary()
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy");
 	ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default");
-	ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, "oqsprovider");
+
+	char *oqs_provider_name = "oqsprovider";
+	#ifndef SKIP_OQS_PROVIDER
+		// Registers "oqsprovider" as a provider -- necessary because oqsprovider is built in now.
+		OSSL_PROVIDER_add_builtin(NULL, oqs_provider_name, oqs_provider_init); 
+	#endif
+	ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, oqs_provider_name);
 #endif

 	ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);
@ -4594,6 +4609,11 @@ DH_CTX *DhNew(char *prime, UINT g)
 	dh = ZeroMalloc(sizeof(DH_CTX));

 	dh->dh = DH_new();
+	if (dh->dh == NULL)
+	{
+		return NULL;
+	}
+	
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	dhp = BinToBigNum(buf->Buf, buf->Size);
 	dhg = BN_new();
--- a/src/Mayaqua/Network.c
+++ b/src/Mayaqua/Network.c
@ -11860,6 +11860,12 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 #endif

 		sock->ssl = SSL_new(ssl_ctx);
+
+		if (sock->ssl == NULL)
+		{
+			return false;
+		}
+
 		SSL_set_fd(sock->ssl, (int)sock->socket);

 #ifdef	SSL_CTRL_SET_TLSEXT_HOSTNAME
@ -16250,6 +16256,12 @@ UINT GetOSSecurityLevel()
 	UINT security_level_new = 0, security_level_set_ssl_version = 0;
 	struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());

+	if (ctx == NULL)
+	{
+		return security_level_new;
+	}
+
+
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	security_level_new = SSL_CTX_get_security_level(ctx);
 #endif
				`@ -0,0 +1 @@`
				`Subproject commit 51ddd33cc04d12bd47c8639c1254714879f4cdf3`
				`@ -0,0 +1 @@`
				`Subproject commit 8f37521d5e27ab4d1e0d69a4b4a5bd17927b24b9`