1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-25 17:49:52 +03:00

Merge branch 'SoftEtherVPN:master' into nt-fix

This commit is contained in:
siddharth-narayan 2024-08-15 04:28:13 -04:00 committed by GitHub
commit 27d233a522
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 60 additions and 2 deletions

6
.gitmodules vendored
View File

@ -10,3 +10,9 @@
[submodule "src/libhamcore"]
path = src/libhamcore
url = https://github.com/SoftEtherVPN/libhamcore.git
[submodule "src/Mayaqua/3rdparty/oqs-provider"]
path = src/Mayaqua/3rdparty/oqs-provider
url = https://github.com/open-quantum-safe/oqs-provider.git
[submodule "src/Mayaqua/3rdparty/liboqs"]
path = src/Mayaqua/3rdparty/liboqs
url = https://github.com/open-quantum-safe/liboqs.git

View File

@ -1,4 +1,4 @@
cmake_minimum_required(VERSION 3.10)
cmake_minimum_required(VERSION 3.15)
set(BUILD_NUMBER CACHE STRING "The number of the current build.")

2
src/Mayaqua/3rdparty/Findliboqs.cmake vendored Normal file
View File

@ -0,0 +1,2 @@
set(oqs_FOUND TRUE)
add_library(OQS::oqs ALIAS oqs)

1
src/Mayaqua/3rdparty/liboqs vendored Submodule

@ -0,0 +1 @@
Subproject commit 51ddd33cc04d12bd47c8639c1254714879f4cdf3

1
src/Mayaqua/3rdparty/oqs-provider vendored Submodule

@ -0,0 +1 @@
Subproject commit 8f37521d5e27ab4d1e0d69a4b4a5bd17927b24b9

View File

@ -18,6 +18,22 @@ set_target_properties(mayaqua
find_package(OpenSSL REQUIRED)
if(OPENSSL_VERSION VERSION_LESS "3") # Disable oqsprovider when OpenSSL version < 3
add_definitions(-DSKIP_OQS_PROVIDER)
else()
set(OQS_BUILD_ONLY_LIB ON CACHE BOOL "Set liboqs to build only the library (no tests)")
set(BUILD_TESTING OFF CACHE BOOL "By setting this to OFF, no tests or examples will be compiled.")
set(OQS_PROVIDER_BUILD_STATIC ON CACHE BOOL "Build a static library instead of a shared library") # Build oqsprovider as a static library (defaults to shared)
list(PREPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/src/Mayaqua/3rdparty/")
add_subdirectory(3rdparty/liboqs)
add_subdirectory(3rdparty/oqs-provider)
target_include_directories(oqsprovider PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/3rdparty/liboqs/include)
set_property(TARGET oqsprovider PROPERTY POSITION_INDEPENDENT_CODE ON)
target_link_libraries(mayaqua PRIVATE oqsprovider)
endif()
include(CheckSymbolExists)
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})

View File

@ -42,6 +42,10 @@
#include <openssl/x509v3.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
// Static oqsprovider initialization function
#ifndef SKIP_OQS_PROVIDER
extern OSSL_provider_init_fn oqs_provider_init;
#endif
#endif
#ifdef _MSC_VER
@ -347,6 +351,11 @@ MD *NewMdEx(char *name, bool hmac)
#else
m->Ctx = EVP_MD_CTX_create();
#endif
if (m->Ctx == NULL)
{
return NULL;
}
if (EVP_DigestInit_ex(m->Ctx, m->Md, NULL) == false)
{
Debug("NewMdEx(): EVP_DigestInit_ex() failed with error: %s\n", OpenSSL_Error());
@ -4005,7 +4014,13 @@ void InitCryptLibrary()
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy");
ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default");
ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, "oqsprovider");
char *oqs_provider_name = "oqsprovider";
#ifndef SKIP_OQS_PROVIDER
// Registers "oqsprovider" as a provider -- necessary because oqsprovider is built in now.
OSSL_PROVIDER_add_builtin(NULL, oqs_provider_name, oqs_provider_init);
#endif
ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, oqs_provider_name);
#endif
ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);
@ -4594,6 +4609,11 @@ DH_CTX *DhNew(char *prime, UINT g)
dh = ZeroMalloc(sizeof(DH_CTX));
dh->dh = DH_new();
if (dh->dh == NULL)
{
return NULL;
}
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
dhp = BinToBigNum(buf->Buf, buf->Size);
dhg = BN_new();

View File

@ -11860,6 +11860,12 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
#endif
sock->ssl = SSL_new(ssl_ctx);
if (sock->ssl == NULL)
{
return false;
}
SSL_set_fd(sock->ssl, (int)sock->socket);
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
@ -16250,6 +16256,12 @@ UINT GetOSSecurityLevel()
UINT security_level_new = 0, security_level_set_ssl_version = 0;
struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
if (ctx == NULL)
{
return security_level_new;
}
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
security_level_new = SSL_CTX_get_security_level(ctx);
#endif