1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00

v4.22-9634-beta

This commit is contained in:
dnobori 2016-11-27 17:43:14 +09:00
parent 0978e1a016
commit 4df2eb4f9c
122 changed files with 1265 additions and 562 deletions

View File

@ -67,6 +67,57 @@ CONTRIBUTORS on GitHub:
- ygrek
https://github.com/ygrek
- ajee cai
https://github.com/ajeecai
- NOKUBI Takatsugu
https://github.com/knok
- Den Lesnov
https://github.com/Leden
- Ilya Shipitsin
https://github.com/chipitsine
- Matt Lewandowsky
https://github.com/lewellyn
- Raymond Tau
https://github.com/rtau
- Luiz Eduardo Gava
https://github.com/LegDog
- Charles Surett
https://github.com/scj643
- Jeff Tang
https://github.com/mrjefftang
- Victor Salgado
https://github.com/mcsalgado
- micsell
https://github.com/micsell
- yehorov
https://github.com/yehorov
- dglushenok
https://github.com/dglushenok
- NoNameA 774
https://github.com/nna774
- Alexandre De Oliveira
https://github.com/yodresh
- Bernhard Rosenkraenzer
https://github.com/berolinux
- Sacha Bernstein
https://github.com/sacha
JOIN THE SOFTETHER VPN DEVELOPMENT
----------------------------------

View File

@ -100,4 +100,3 @@ fi
* Tue Jan 21 2014 Dexter Ang <thepoch@gmail.com>
- Initial release

1
configure vendored
View File

@ -110,4 +110,3 @@ esac
cp src/makefiles/${OS}_${CPU}.mak Makefile
echo "The Makefile is generated. Run 'make' to build SoftEther VPN."

3
debian/rules vendored
View File

@ -21,6 +21,7 @@ configure_config:
if [ $(shell uname -m) = 'x86_64' ]; then echo -e "1\n2\n" | ./configure; fi
if [ $(shell uname -m) = 'i686' ]; then echo -e "1\n1\n" | ./configure; fi
if [ $(shell uname -m) = 'armv6l' ]; then echo -e "1\n1\n" | ./configure; fi
if [ $(shell uname -m) = 'armv7l' ]; then echo -e "1\n1\n" | ./configure; fi
if [ $(shell uname -m) = 'armv5tel' ]; then echo -e "1\n1\n" | ./configure; fi
if [ $(shell uname -m) = 'aarch64' ]; then echo -e "1\n2\n" | ./configure; fi
if [ $(shell uname -m) = 'armv7l' ]; then echo -e "1\n1\n" | ./configure; fi

View File

@ -1,3 +1,4 @@
#! /bin/sh
### BEGIN INIT INFO

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -430,7 +430,7 @@ namespace BuildUtil
{
// Windows
public static readonly OS Windows = new OS("windows", "Windows",
"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2",
"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016",
new Cpu[]
{
CpuList.intel,
@ -438,7 +438,7 @@ namespace BuildUtil
// Linux
public static readonly OS Linux = new OS("linux", "Linux",
"Linux Kernel 2.4 / 2.6 / 3.x",
"Linux Kernel 2.4 / 2.6 / 3.x / 4.x",
new Cpu[]
{
CpuList.x86,

View File

@ -1166,7 +1166,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
name = NewName(cn, cn, cn, L"US", NULL, NULL);
dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, MAX(GetDaysUntil2038(), SERVER_DEFAULT_CERT_DAYS), NULL);
dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, GetDaysUntil2038Ex(), NULL);
FreeName(name);

View File

@ -274,6 +274,15 @@ bool IsSupportedWinVer(RPC_WINVER *v)
return true;
}
}
else
{
// Windows Server 2016
if (v->ServicePack <= 0)
{
// SP0 only
return true;
}
}
}
return false;
@ -1750,7 +1759,7 @@ CEDAR *NewCedar(X *server_x, K *server_k)
c->TrafficDiffList = NewList(NULL);
SetCedarCipherList(c, "RC4-MD5");
SetCedarCipherList(c, SERVER_DEFAULT_CIPHER_NAME);
c->ClientId = _II("CLIENT_ID");
@ -1803,8 +1812,6 @@ CEDAR *NewCedar(X *server_x, K *server_k)
c->BuildInfo = CopyStr(tmp);
c->DisableSslVersions = SSL_OPT_DEFAULT;
return c;
}

View File

@ -135,10 +135,10 @@
// Version number
#define CEDAR_VER 421
#define CEDAR_VER 422
// Build Number
#define CEDAR_BUILD 9613
#define CEDAR_BUILD 9634
// Beta number
//#define BETA_NUMBER 3
@ -158,11 +158,11 @@
// Specifies the build date
#define BUILD_DATE_Y 2016
#define BUILD_DATE_M 4
#define BUILD_DATE_D 24
#define BUILD_DATE_HO 15
#define BUILD_DATE_MI 39
#define BUILD_DATE_SE 17
#define BUILD_DATE_M 11
#define BUILD_DATE_D 27
#define BUILD_DATE_HO 14
#define BUILD_DATE_MI 33
#define BUILD_DATE_SE 59
// Tolerable time difference
#define ALLOW_TIMESTAMP_DIFF (UINT64)(3 * 24 * 60 * 60 * 1000)
@ -404,22 +404,7 @@
#define KEEP_ALIVE_MAGIC 0xffffffff
#define MAX_KEEPALIVE_SIZE 512
// SSL/TLS Versions
#define SSL_VERSION_SSL_V2 0x01 // SSLv2
#define SSL_VERSION_SSL_V3 0x02 // SSLv3
#define SSL_VERSION_TLS_V1_0 0x04 // TLS v1.0
#define SSL_VERSION_TLS_V1_1 0x08 // TLS v1.1
#define SSL_VERSION_TLS_V1_2 0x10 // TLS v1.2
// SSL/TLS Version Names
#define NAME_SSL_VERSION_SSL_V2 "SSL_V2" // SSLv2
#define NAME_SSL_VERSION_SSL_V3 "SSL_V3" // SSLv3
#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_0" // TLS v1.0
#define NAME_SSL_VERSION_TLS_V1_1 "TLS_V1_1" // TLS v1.1
#define NAME_SSL_VERSION_TLS_V1_2 "TLS_V1_2" // TLS v1.2
// OpenSSL SSL Context Option Flags default
#define SSL_OPT_DEFAULT 0x0
//////////////////////////////////////////////////////////////////////
//
@ -685,7 +670,7 @@
#define ARP_ENTRY_EXPIRES (30 * 1000) // ARP table expiration date
#define ARP_ENTRY_POLLING_TIME (1 * 1000) // ARP table cleaning timer
#define ARP_REQUEST_TIMEOUT (200) // ARP request time-out period
#define ARP_REQUEST_TIMEOUT (1000) // ARP request time-out period
#define ARP_REQUEST_GIVEUP (5 * 1000) // Time to give up sending the ARP request
#define IP_WAIT_FOR_ARP_TIMEOUT (5 * 1000) // Total time that an IP packet waiting for ARP table
#define IP_COMBINE_TIMEOUT (10 * 1000) // Time-out of IP packet combining
@ -1067,8 +1052,7 @@ typedef struct CEDAR
UINT QueueBudget; // Queue budget
LOCK *FifoBudgetLock; // Fifo budget lock
UINT FifoBudget; // Fifo budget
bool AcceptOnlyTls; // Accept only TLS (Disable SSL)
UINT DisableSslVersions; // Bitmap of SSL Version to disable
SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String
} CEDAR;

View File

@ -46,7 +46,7 @@
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);WinPcap"
PreprocessorDefinitions="WIN32;_DEBUG;_LIB;_USE_32BIT_TIME_T"
PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
MinimalRebuild="true"
ExceptionHandling="0"
BasicRuntimeChecks="3"
@ -188,7 +188,7 @@
EnableIntrinsicFunctions="false"
FavorSizeOrSpeed="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);WinPcap"
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;_USE_32BIT_TIME_T;VPN_SPEED"
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;VPN_SPEED"
StringPooling="false"
ExceptionHandling="0"
RuntimeLibrary="0"

View File

@ -2182,12 +2182,13 @@ BUF *CiAccountToCfg(RPC_CLIENT_CREATE_ACCOUNT *t)
PACK *CiRpcDispatch(RPC *rpc, char *name, PACK *p)
{
PACK *ret;
CLIENT *c;
// Validate arguments
if (rpc == NULL || name == NULL || p == NULL)
{
return NULL;
}
CLIENT *c = rpc->Param;
c = rpc->Param;
ret = NewPack();
@ -6033,8 +6034,9 @@ L_TRY:
if (ret != NULL)
{
ret->Rpc = rpc;
RPC_CLIENT_VERSION t;
ret->Rpc = rpc;
Zero(&t, sizeof(t));
CcGetClientVersion(ret, &t);
ret->OsType = t.OsType;
@ -6487,7 +6489,7 @@ bool Win32CiSecureSign(SECURE_SIGN *sign)
// Success
ret = true;
sign->ClientCert = batch[0].OutputX;
Copy(sign->Signature, batch[1].OutputSign, 128);
Copy(sign->Signature, batch[1].OutputSign, MIN(sizeof(sign->Signature),sizeof(batch[1].OutputSign)));
}
}

View File

@ -1245,6 +1245,7 @@ void TtsWorkerThread(THREAD *thread, void *param)
if (ret != 0 && ret != SOCK_LATER)
{
ts->State = 5;
ts->LastCommTime = now;
}
break;
@ -1255,6 +1256,8 @@ void TtsWorkerThread(THREAD *thread, void *param)
{
UCHAR c;
ts->LastCommTime = now;
// Direction of the data is in the first byte that is received
c = recv_buf_data[0];
@ -1276,6 +1279,8 @@ void TtsWorkerThread(THREAD *thread, void *param)
// Span
ts->Span = READ_UINT64(recv_buf_data + sizeof(UINT64) + 1);
ts->GiveupSpan = ts->Span * 3ULL + 180000ULL;
}
}
break;
@ -1289,6 +1294,8 @@ void TtsWorkerThread(THREAD *thread, void *param)
// Checking the first byte of received
UCHAR c = recv_buf_data[0];
ts->LastCommTime = now;
if (ts->FirstRecvTick == 0)
{
// Record the time at which the data has been received for the first
@ -1326,10 +1333,20 @@ void TtsWorkerThread(THREAD *thread, void *param)
if (ts->NoMoreSendData == false)
{
ret = Send(ts->Sock, send_buf_data, buf_size, false);
if (ret != 0 && ret != SOCK_LATER)
{
ts->LastCommTime = now;
}
}
else
{
ret = Recv(ts->Sock, recv_buf_data, buf_size, false);
if (ret != 0 && ret != SOCK_LATER)
{
ts->LastCommTime = now;
}
}
if (ts->FirstSendTick == 0)
@ -1364,6 +1381,11 @@ void TtsWorkerThread(THREAD *thread, void *param)
{
ret = Send(ts->Sock, &tmp64, sizeof(tmp64), false);
if (ret != 0 && ret != SOCK_LATER)
{
ts->LastCommTime = now;
}
if (ret != SOCK_LATER)
{
UINT j;
@ -1390,6 +1412,12 @@ void TtsWorkerThread(THREAD *thread, void *param)
break;
}
if (now > (ts->LastCommTime + ts->GiveupSpan))
{
// Timeout: disconnect orphan sessions
ret = 0;
}
if (ret == 0)
{
// Mark as deleting the socket because it is disconnected
@ -1514,7 +1542,7 @@ void TtsAcceptProc(TTS *tts, SOCK *listen_socket)
else
{
// Connected from the client
AcceptInit(s);
AcceptInitEx(s, true);
tts->NewSocketArrived = true;
LockList(tts->TtsSockList);
{
@ -1523,6 +1551,9 @@ void TtsAcceptProc(TTS *tts, SOCK *listen_socket)
ts->Id = (++tts->IdSeed);
ts->Sock = s;
ts->GiveupSpan = (UINT64)(10 * 60 * 1000);
ts->LastCommTime = Tick64();
UniFormat(tmp, sizeof(tmp), _UU("TTS_ACCEPTED"), ts->Id,
s->RemoteHostname, s->RemotePort);
TtPrint(tts->Param, tts->Print, tmp);
@ -8079,7 +8110,7 @@ UINT PsServerCipherGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
RPC_STR t;
TOKEN_LIST *ciphers;
UINT i;
wchar_t tmp[MAX_SIZE];
wchar_t tmp[4096];
o = ParseCommandList(c, cmd_name, str, NULL, 0);
if (o == NULL)
@ -10039,7 +10070,11 @@ UINT PsLogFileGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
return ERR_INVALID_PARAMETER;
}
filename = GetParamStr(o, "SAVE");
if (IsEmptyStr(filename))
{
filename = GetParamStr(o, "SAVEPATH");
}
c->Write(c, _UU("CMD_LogFileGet_START"));

View File

@ -204,6 +204,8 @@ struct TTS_SOCK
UINT64 FirstRecvTick; // Time which the data has been received last
UINT64 FirstSendTick; // Time which the data has been sent last
UINT64 Span; // Period
UINT64 GiveupSpan;
UINT64 LastCommTime;
};
// Traffic test server

View File

@ -3137,8 +3137,7 @@ void ConnectionAccept(CONNECTION *c)
// Start the SSL communication
Debug("StartSSL()\n");
s->DisableSslVersions = c->Cedar->DisableSslVersions;
Copy(&s->SslAcceptSettings, &c->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
if (StartSSL(s, x, k) == false)
{
// Failed

View File

@ -144,7 +144,7 @@ struct SECURE_SIGN
char SecurePrivateKeyName[MAX_SECURE_DEVICE_FILE_LEN + 1]; // Secure device secret key name
X *ClientCert; // Client certificate
UCHAR Random[SHA1_SIZE]; // Random value for signature
UCHAR Signature[128]; // Signed data
UCHAR Signature[4096 / 8]; // Signed data
UINT UseSecureDeviceId;
UINT BitmapId; // Bitmap ID
};

View File

@ -670,9 +670,12 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
if (ret == NULL)
{
Debug("WpcCall: %s\n", url3);
ret = WpcCallEx(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
NULL, NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), NULL, DDNS_RPC_MAX_RECV_SIZE,
add_header_name, add_header_value);
ret = WpcCallEx2(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
NULL, NULL, ((cert_hash != NULL && ((cert_hash->Size % SHA1_SIZE) == 0)) ? cert_hash->Buf : NULL),
(cert_hash != NULL ? cert_hash->Size / SHA1_SIZE : 0),
NULL, DDNS_RPC_MAX_RECV_SIZE,
add_header_name, add_header_value,
DDNS_SNI_VER_STRING);
Debug("WpcCall Ret: %u\n", ret);
}
@ -874,8 +877,11 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
}
recv = HttpRequest(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL,
NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL));
StrCpy(data.SniString, sizeof(data.SniString), DDNS_SNI_VER_STRING);
recv = HttpRequestEx3(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL,
NULL, ((cert_hash != NULL && (cert_hash->Size % SHA1_SIZE) == 0) ? cert_hash->Buf : NULL),
(cert_hash != NULL ? cert_hash->Size / SHA1_SIZE : 0), NULL, 0, NULL, NULL);
FreeBuf(cert_hash);

View File

@ -115,7 +115,14 @@
#define DDNS_H
// Certificate hash
#define DDNS_CERT_HASH "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3"
#define DDNS_CERT_HASH "78BF0499A99396907C9F49DD13571C81FE26E6F5" \
"439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \
"EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" \
"74DF99D4B1B5F0488A388B50D347D26013DC67A5" \
"6EBB39AFCA8C900635CFC11218CF293A612457E4"
#define DDNS_SNI_VER_STRING "DDNS"
// Destination URL
#define DDNS_URL_V4_GLOBAL "https://x%c.x%c.servers.ddns.softether-network.net/ddns/ddns.aspx"

View File

@ -214,7 +214,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
if (GetIP(&ip, radius_servers_list->Token[i]))
{
eap = NewEapClient(&ip, radius_port, radius_secret, radius_retry_interval,
RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username);
RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username, hubname);
if (eap != NULL)
{

View File

@ -438,9 +438,9 @@ struct HUB
UINT RadiusRetryInterval; // Radius retry interval
BUF *RadiusSecret; // Radius shared key
char RadiusSuffixFilter[MAX_SIZE]; // Radius suffix filter
char RadiusRealm[MAX_SIZE]; // Radius realm (optional)
bool RadiusConvertAllMsChapv2AuthRequestToEap; // Convert all MS-CHAPv2 auth request to EAP
bool RadiusUsePeapInsteadOfEap; // Use PEAP instead of EAP
char RadiusRealm[MAX_SIZE]; // Radius realm (optional)
volatile bool Halt; // Halting flag
bool Offline; // Offline
bool BeingOffline; // Be Doing Offline

View File

@ -4723,11 +4723,13 @@ bool GetBestTransformSettingForIPsecSa(IKE_SERVER *ike, IKE_PACKET *pr, IPSEC_SA
if (transform_payload != NULL)
{
IKE_PACKET_TRANSFORM_PAYLOAD *transform = &transform_payload->Payload.Transform;
IPSEC_SA_TRANSFORM_SETTING *set = NULL;
IPSEC_SA_TRANSFORM_SETTING set;
if (TransformPayloadToTransformSettingForIPsecSa(ike, transform, set, server_ip))
Zero(&set, sizeof(set));
if (TransformPayloadToTransformSettingForIPsecSa(ike, transform, &set, server_ip))
{
Copy(setting, set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
Copy(setting, &set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
setting->SpiServerToClient = READ_UINT(proposal->Spi->Buf);
@ -4735,11 +4737,11 @@ bool GetBestTransformSettingForIPsecSa(IKE_SERVER *ike, IKE_PACKET *pr, IPSEC_SA
}
else
{
if (set != NULL && set->OnlyCapsuleModeIsInvalid)
if (set.OnlyCapsuleModeIsInvalid)
{
if (ocmii_flag == false)
{
Copy(setting, set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
Copy(setting, &set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
ocmii_flag = true;
}
}

View File

@ -426,7 +426,6 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
// Upload the authentication data
p = PackLoginWithPlainPassword(hubname, username, password);
PackAddInt64(p, "timestamp", SystemTime64());
PackAddStr(p, "hello", client_name);
PackAddInt(p, "client_ver", cedar->Version);
PackAddInt(p, "client_build", cedar->Build);
@ -690,7 +689,7 @@ void IPCDhcpSetConditionalUserClass(IPC *ipc, DHCP_OPTION_LIST *req)
return;
}
if (hub->Option && hub->Option->UseHubNameAsDhcpUserClassOption == true)
if (hub->Option && hub->Option->UseHubNameAsDhcpUserClassOption)
{
StrCpy(req->UserClass, sizeof(req->UserClass), ipc->HubName);
}

View File

@ -2114,8 +2114,8 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
if (r->Exists)
{
Format(l3_options, sizeof(l3_options),
",route %r %r %r",
&r->Network, &r->SubnetMask, &r->Gateway);
",route %r %r vpn_gateway",
&r->Network, &r->SubnetMask);
StrCat(option_str, sizeof(option_str), l3_options);
}

View File

@ -540,6 +540,12 @@ void L3KnownArp(L3IF *f, UINT ip, UCHAR *mac)
return;
}
if (!((f->IpAddress & f->SubnetMask) == (ip & f->SubnetMask)))
{
// Outside the subnet
return;
}
// Delete an ARP query entry to this IP address
Zero(&t, sizeof(t));
t.IpAddress = ip;

View File

@ -1396,13 +1396,15 @@ char *BuildHttpLogStr(HTTPLOG *h)
b = NewBuf();
if (StartWith(h->Path, "http://"))
if (StartWith(h->Path, "http://") || StartWith(h->Path, "https://"))
{
StrCpy(url, sizeof(url), h->Path);
}
else
{
// URL generation
if (h->IsSsl == false)
{
if (h->Port == 80)
{
Format(url, sizeof(url), "http://%s%s",
@ -1414,6 +1416,20 @@ char *BuildHttpLogStr(HTTPLOG *h)
h->Hostname, h->Port, h->Path);
}
}
else
{
if (h->Port == 443)
{
Format(url, sizeof(url), "https://%s/",
h->Hostname);
}
else
{
Format(url, sizeof(url), "https://%s:%u/",
h->Hostname, h->Port);
}
}
}
AddLogBufToStr(b, "HttpMethod", h->Method);
AddLogBufToStr(b, "HttpUrl", url);

View File

@ -690,8 +690,11 @@ void UpdateClientThreadMain(UPDATE_CLIENT *c)
cert_hash = StrToBin(UPDATE_SERVER_CERT_HASH);
recv = HttpRequestEx2(&data, NULL, UPDATE_CONNECT_TIMEOUT, UPDATE_COMM_TIMEOUT, &ret, false, NULL, NULL,
NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL),
StrCpy(data.SniString, sizeof(data.SniString), DDNS_SNI_VER_STRING);
recv = HttpRequestEx3(&data, NULL, UPDATE_CONNECT_TIMEOUT, UPDATE_COMM_TIMEOUT, &ret, false, NULL, NULL,
NULL, ((cert_hash != NULL && (cert_hash->Size % SHA1_SIZE) == 0) ? cert_hash->Buf : NULL),
(cert_hash != NULL ? (cert_hash->Size / SHA1_SIZE) : 0),
(bool *)&c->HaltFlag, 0, NULL, NULL);
FreeBuf(cert_hash);
@ -1312,7 +1315,6 @@ bool ServerAccept(CONNECTION *c)
FARM_MEMBER *f = NULL;
SERVER *server = NULL;
POLICY ticketed_policy;
UINT64 timestamp;
UCHAR unique[SHA1_SIZE], unique2[SHA1_SIZE];
CEDAR *cedar;
RPC_WINVER winver;
@ -1450,31 +1452,6 @@ bool ServerAccept(CONNECTION *c)
}
}
// Time inspection
timestamp = PackGetInt64(p, "timestamp");
if (timestamp != 0)
{
UINT64 now = SystemTime64();
UINT64 abs;
if (now >= timestamp)
{
abs = now - timestamp;
}
else
{
abs = timestamp - now;
}
if (abs > ALLOW_TIMESTAMP_DIFF)
{
// Time difference is too large
FreePack(p);
c->Err = ERR_BAD_CLOCK;
error_detail = "ERR_BAD_CLOCK";
goto CLEANUP;
}
}
// Get the client version
PackGetStr(p, "client_str", c->ClientStr, sizeof(c->ClientStr));
c->ClientVer = PackGetInt(p, "client_ver");
@ -1655,7 +1632,7 @@ bool ServerAccept(CONNECTION *c)
{
radius_login_opt.In_CheckVLanId = hub->Option->AssignVLanIdByRadiusAttribute;
radius_login_opt.In_DenyNoVlanId = hub->Option->DenyAllRadiusLoginWithNoVlanAssign;
if (hub->Option->UseHubNameAsRadiusNasId == true)
if (hub->Option->UseHubNameAsRadiusNasId)
{
StrCpy(radius_login_opt.NasId, sizeof(radius_login_opt.NasId), hubname);
}
@ -4578,7 +4555,7 @@ bool ClientSecureSign(CONNECTION *c, UCHAR *sign, UCHAR *random, X **x)
if (ret)
{
Copy(sign, ss->Signature, 128);
Copy(sign, ss->Signature, sizeof(ss->Signature));
*x = ss->ClientCert;
}
@ -5857,7 +5834,7 @@ bool ClientUploadAuth(CONNECTION *c)
// Authentication by secure device
if (ClientSecureSign(c, sign, c->Random, &x))
{
p = PackLoginWithCert(o->HubName, a->Username, x, sign, 128);
p = PackLoginWithCert(o->HubName, a->Username, x, sign, x->bits / 8);
c->ClientX = CloneX(x);
FreeX(x);
}
@ -5880,9 +5857,6 @@ bool ClientUploadAuth(CONNECTION *c)
PackAddData(p, "ticket", c->Ticket, SHA1_SIZE);
}
// Current time
PackAddInt64(p, "timestamp", SystemTime64());
if (p == NULL)
{
// Error
@ -6073,9 +6047,8 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
SOCK *s;
UINT num = 0, max = 19;
SERVER *server;
char hostname[64];
char *vpn_http_target = HTTP_VPN_TARGET2;
bool check_hostname = true;
bool check_hostname = false;
// Validate arguments
if (c == NULL)
{
@ -6083,7 +6056,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
}
strcpy(hostname, "");
server = c->Cedar->Server;
s = c->FirstSock;
@ -6113,6 +6086,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
if (check_hostname && (StrCmpi(h->Version, "HTTP/1.1") == 0 || StrCmpi(h->Version, "HTTP/1.2") == 0))
{
HTTP_VALUE *v;
char hostname[64];
Zero(hostname, sizeof(hostname));
@ -6347,12 +6321,6 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
}
}
if ((b == false) && (StartWith(h->Target, "/wiki")))
{
HttpSendRedirect(s, h->Target, hostname);
b = true;
}
if (b == false)
{
// Not Found

View File

@ -180,7 +180,7 @@ struct UPDATE_CLIENT
#define UPDATE_FAMILY_NAME _SS("PRODUCT_FAMILY_NAME")
// Software update server certificate hash
#define UPDATE_SERVER_CERT_HASH "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3"
#define UPDATE_SERVER_CERT_HASH DDNS_CERT_HASH
// URL
#define UPDATE_SERVER_URL_GLOBAL "https://update-check.softether-network.net/update/update.aspx?family=%s&software=%s&mybuild=%u&lang=%s"

View File

@ -686,6 +686,11 @@ void EapSetRadiusGeneralAttributes(RADIUS_PACKET *r, EAP_CLIENT *e)
ui = Endian32(5);
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_NAS_PORT_TYPE, 0, 0, &ui, sizeof(UINT)));
if (IsEmptyStr(e->CalledStationStr) == false)
{
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_CALLED_STATION_ID, 0, 0, e->CalledStationStr, StrLen(e->CalledStationStr)));
}
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_CALLING_STATION_ID, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr)));
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_TUNNEL_CLIENT_ENDPOINT, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr)));
@ -1237,7 +1242,7 @@ bool EapSendPacket(EAP_CLIENT *e, RADIUS_PACKET *r)
}
// New EAP client
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username)
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username, char *hubname)
{
EAP_CLIENT *e;
if (server_ip == NULL)
@ -1266,6 +1271,7 @@ EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, U
e->GiveupTimeout = giveup_timeout;
StrCpy(e->SharedSecret, sizeof(e->SharedSecret), shared_secret);
StrCpy(e->CalledStationStr, sizeof(e->CalledStationStr), hubname);
StrCpy(e->ClientIpStr, sizeof(e->ClientIpStr), client_ip_str);
StrCpy(e->Username, sizeof(e->Username), username);
e->LastRecvEapId = 0;
@ -1702,8 +1708,8 @@ LABEL_ERROR:
////////// Classical implementation
// Attempts Radius authentication (with specifying retry interval and multiple server)
bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt)
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt, char *hubname)
{
UCHAR random[MD5_SIZE];
UCHAR id;
@ -1835,7 +1841,7 @@ bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *s
BUF *user_password = (is_mschap ? NULL : RadiusCreateUserPassword(encrypted_password->Buf, encrypted_password->Size));
BUF *nas_id;
if (IsEmptyStr(opt->NasId) == true)
if (IsEmptyStr(opt->NasId))
{
nas_id = RadiusCreateNasId(CEDAR_SERVER_STR);
}
@ -1890,8 +1896,11 @@ bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *s
ui = Endian32(1);
RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui));
// Called-Station-Id
// Called-Station-ID - VPN Hub Name
if (IsEmptyStr(hubname) == false)
{
RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname));
}
// Calling-Station-Id
RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str));
@ -1943,8 +1952,11 @@ bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *s
ui = Endian32(1);
RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui));
// Called-Station-Id
// Called-Station-ID - VPN Hub Name
if (IsEmptyStr(hubname) == false)
{
RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname));
}
// Calling-Station-Id
RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str));

View File

@ -311,6 +311,7 @@ struct EAP_CLIENT
UINT ServerPort;
char SharedSecret[MAX_SIZE];
char ClientIpStr[256];
char CalledStationStr[256];
char Username[MAX_USERNAME_LEN + 1];
UINT ResendTimeout;
UINT GiveupTimeout;
@ -346,7 +347,7 @@ RADIUS_AVP *GetRadiusAvp(RADIUS_PACKET *p, UCHAR type);
void RadiusTest();
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username);
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username, char *hubname);
void ReleaseEapClient(EAP_CLIENT *e);
void CleanupEapClient(EAP_CLIENT *e);
bool EapClientSendMsChapv2AuthRequest(EAP_CLIENT *e);
@ -376,8 +377,8 @@ struct RADIUS_LOGIN_OPTION
};
// Function prototype
bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt);
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt, char *hubname);
BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
BUF *RadiusCreateUserName(wchar_t *username);
BUF *RadiusCreateUserPassword(void *data, UINT size);

View File

@ -876,12 +876,14 @@ static UINT SmDdnsGetKey(char *key, SM_DDNS *d){
UINT err;
BUF *buf;
FOLDER *root, *ddnsfolder;
RPC *rpc;
// Validate arguments
if(d == NULL || d->s == NULL || key == NULL){
return ERR_INTERNAL_ERROR;
}
RPC *rpc = d->s->Rpc;
rpc = d->s->Rpc;
Zero(&config, sizeof(config));
err = ScGetConfig(d->s->Rpc, &config);
@ -17011,6 +17013,7 @@ void SmSslDlgInit(HWND hWnd, SM_SSL *s)
// Set the encryption algorithm list
cipher_list = GetCipherList();
SetFont(hWnd, C_CIPHER, GetFont("Tahoma", 8, false, false, false, false));
CbSetHeight(hWnd, C_CIPHER, 18);
for (i = 0;i < cipher_list->NumTokens;i++)
{

View File

@ -214,9 +214,9 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
if( IsEmptyStr(h->RadiusRealm) == false )
{
char name_and_realm[MAX_SIZE];
StrCpy(name_and_realm, MAX_SIZE, username);
StrCat(name_and_realm, (MAX_SIZE - StrLen(name_and_realm)), "@");
StrCat(name_and_realm, (MAX_SIZE - StrLen(name_and_realm)), h->RadiusRealm);
StrCpy(name_and_realm, sizeof(name_and_realm), username);
StrCat(name_and_realm, sizeof(name_and_realm), "@");
StrCat(name_and_realm, sizeof(name_and_realm), h->RadiusRealm);
name = CopyStrToUni(name_and_realm);
}
else
@ -276,9 +276,9 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
if (UniIsEmptyStr(suffix_filter_w) || UniEndWith(name, suffix_filter_w))
{
// Attempt to login
b = RadiusLogin(c, hub->Name, radius_server_addr, radius_server_port,
b = RadiusLogin(c, radius_server_addr, radius_server_port,
radius_secret, StrLen(radius_secret),
name, password, interval, mschap_v2_server_response_20, opt);
name, password, interval, mschap_v2_server_response_20, opt, hub->Name);
if (b)
{

View File

@ -2152,7 +2152,7 @@ void SiGenerateDefaultCertEx(X **server_x, K **server_k, char *common_name)
name = NewName(cn, cn, cn,
L"US", NULL, NULL);
x = NewRootX(public_key, private_key, name, MAX(GetDaysUntil2038(), SERVER_DEFAULT_CERT_DAYS), NULL);
x = NewRootX(public_key, private_key, name, GetDaysUntil2038Ex(), NULL);
*server_x = x;
*server_k = private_key;
@ -2578,7 +2578,7 @@ void SiLoadInitialConfiguration(SERVER *s)
}
// Default to TLS only; mitigates CVE-2016-0800
s->Cedar->AcceptOnlyTls = true;
s->Cedar->SslAcceptSettings.AcceptOnlyTls = true;
// Auto saving interval related
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
@ -2765,9 +2765,6 @@ void SiInitConfiguration(SERVER *s)
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
s->BackupConfigOnlyWhenModified = true;
// Default to TLS only; mitigates CVE-2016-0800
s->Cedar->AcceptOnlyTls = true;
// IPsec server
if (s->Cedar->Bridge == false)
{
@ -5019,10 +5016,10 @@ void SiWriteHubCfg(FOLDER *f, HUB *h)
CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort);
CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval);
CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter);
CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
CfgAddBool(f, "RadiusConvertAllMsChapv2AuthRequestToEap", h->RadiusConvertAllMsChapv2AuthRequestToEap);
CfgAddBool(f, "RadiusUsePeapInsteadOfEap", h->RadiusUsePeapInsteadOfEap);
CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
}
Unlock(h->RadiusOptionLock);
@ -6170,47 +6167,16 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// AcceptOnlyTls
if (CfgIsItem(f, "AcceptOnlyTls"))
{
c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
c->SslAcceptSettings.AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
}
else
{
c->AcceptOnlyTls = true;
}
if (c->AcceptOnlyTls) {
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
}
if (CfgGetStr(f, "DisableSslVersions", tmp, sizeof(tmp))) {
TOKEN_LIST *sslVersions= ParseToken(tmp, ", ");
UINT i;
for (i = 0;i < sslVersions->NumTokens;i++)
{
char *sslVersion=sslVersions->Token[i];
if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V2)==0) {
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
continue;
}
if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V3)==0) {
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
continue;
}
if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_0)==0) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_0;
continue;
}
if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_1)==0) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_1;
continue;
}
if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_2)==0) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_2;
continue;
}
}
FreeToken(sslVersions);
// Default to TLS only; mitigates CVE-2016-0800
c->SslAcceptSettings.AcceptOnlyTls = true;
}
c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0");
c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1");
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
}
Unlock(c->lock);
@ -6519,42 +6485,10 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp);
CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix);
CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls);
{
char tmp[MAX_SIZE];
tmp[0] = 0;
if (c->DisableSslVersions & SSL_VERSION_SSL_V2) {
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V2);
StrCat(tmp, sizeof(tmp), ",");
}
if (c->DisableSslVersions & SSL_VERSION_SSL_V3) {
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V3);
StrCat(tmp, sizeof(tmp), ",");
}
if (c->DisableSslVersions & SSL_VERSION_TLS_V1_0) {
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_0);
StrCat(tmp, sizeof(tmp), ",");
}
if (c->DisableSslVersions & SSL_VERSION_TLS_V1_1) {
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_1);
StrCat(tmp, sizeof(tmp), ",");
}
if (c->DisableSslVersions & SSL_VERSION_TLS_V1_2) {
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_2);
StrCat(tmp, sizeof(tmp), ",");
}
if (StrLen(tmp) >= 1)
{
if (tmp[StrLen(tmp) - 1] == ',')
{
tmp[StrLen(tmp) - 1] = 0;
}
}
CfgAddStr(f, "DisableSslVersions", tmp);
}
CfgAddBool(f, "AcceptOnlyTls", c->SslAcceptSettings.AcceptOnlyTls);
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);
// Disable session reconnect
CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));

View File

@ -118,12 +118,14 @@ void UdpAccelPoll(UDP_ACCEL *a)
{
IP nat_t_ip;
UINT num_ignore_errors = 0;
UCHAR *tmp;
// Validate arguments
if (a == NULL)
{
return;
}
UCHAR *tmp = a->TmpBuf;
tmp = a->TmpBuf;
Lock(a->NatT_Lock);
{

View File

@ -2393,12 +2393,14 @@ bool NnTestConnectivity(NATIVE_STACK *a, TUBE *halt_tube)
IP my_priv_ip;
UINT num_send_dns = 0;
IP using_dns;
UINT src_port = 0;
// Validate arguments
if (a == NULL)
{
return false;
}
UINT src_port = NnGenSrcPort(a->IsIpRawMode);
src_port = NnGenSrcPort(a->IsIpRawMode);
Copy(&using_dns, &a->DnsServerIP, sizeof(IP));
@ -3999,12 +4001,14 @@ bool NatTransactIcmp(VH *v, NAT_ENTRY *n)
BLOCK *block;
IP dest_ip;
UINT num_ignore_errors = 0;
UINT dest_port = 0;
// Validate arguments
if (v == NULL || n == NULL)
{
return true;
}
UINT dest_port = n->DestPort;
dest_port = n->DestPort;
if (n->DisconnectNow)
{
@ -4202,12 +4206,14 @@ bool NatTransactUdp(VH *v, NAT_ENTRY *n)
BLOCK *block;
IP dest_ip;
UINT num_ignore_errors;
UINT dest_port = 0;
// Validate arguments
if (v == NULL || n == NULL)
{
return true;
}
UINT dest_port = n->DestPort;
dest_port = n->DestPort;
if (n->DisconnectNow)
{

View File

@ -1725,12 +1725,14 @@ static wchar_t *WuUniReadFile(char *filename)
static void WuUniReplace(wchar_t **buf, wchar_t *from, wchar_t *to)
{
UINT dstsize;
wchar_t *oldbuf;
if(buf == NULL || from == NULL || to == NULL)
{
return;
}
wchar_t *oldbuf = *buf;
oldbuf = *buf;
dstsize = (UniCalcReplaceStrEx(*buf, from, to, true) + 1) * sizeof(wchar_t);
*buf = (wchar_t*)Malloc(dstsize);

View File

@ -204,7 +204,7 @@ typedef struct WINUI_SECURE_BATCH
X *OutputX; // Output certificate
K *InputK; // Input secret key
LIST *EnumList; // Enumerated list
UCHAR OutputSign[128]; // Output signature
UCHAR OutputSign[4096 / 8]; // Output signature
bool Succeed; // Success flag
} WINUI_SECURE_BATCH;

View File

@ -163,6 +163,14 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t
PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
char *additional_header_name, char *additional_header_value)
{
return WpcCallEx2(url, setting, timeout_connect, timeout_comm, function_name, pack,
cert, key, sha1_cert_hash, (sha1_cert_hash == NULL ? 0 : 1),
cancel, max_recv_size, additional_header_name, additional_header_value, NULL);
}
PACK *WpcCallEx2(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, UINT num_hashes, bool *cancel, UINT max_recv_size,
char *additional_header_name, char *additional_header_value, char *sni_string)
{
URL_DATA data;
BUF *b, *recv;
@ -197,8 +205,14 @@ PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT
StrCpy(data.AdditionalHeaderValue, sizeof(data.AdditionalHeaderValue), additional_header_value);
}
recv = HttpRequestEx(&data, setting, timeout_connect, timeout_comm, &error,
false, b->Buf, NULL, NULL, sha1_cert_hash, cancel, max_recv_size);
if (sni_string != NULL && IsEmptyStr(sni_string) == false)
{
StrCpy(data.SniString, sizeof(data.SniString), sni_string);
}
recv = HttpRequestEx3(&data, setting, timeout_connect, timeout_comm, &error,
false, b->Buf, NULL, NULL, sha1_cert_hash, num_hashes, cancel, max_recv_size,
NULL, NULL);
FreeBuf(b);
@ -693,6 +707,16 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
UINT *error_code, bool check_ssl_trust, char *post_data,
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash,
bool *cancel, UINT max_recv_size, char *header_name, char *header_value)
{
return HttpRequestEx3(data, setting, timeout_connect, timeout_comm, error_code, check_ssl_trust,
post_data, recv_callback, recv_callback_param, sha1_cert_hash, (sha1_cert_hash == NULL ? 0 : 1),
cancel, max_recv_size, header_name, header_value);
}
BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
UINT timeout_connect, UINT timeout_comm,
UINT *error_code, bool check_ssl_trust, char *post_data,
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, UINT num_hashes,
bool *cancel, UINT max_recv_size, char *header_name, char *header_value)
{
WPC_CONNECT con;
SOCK *s;
@ -728,6 +752,14 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
{
timeout_comm = WPC_TIMEOUT;
}
if (sha1_cert_hash == NULL)
{
num_hashes = 0;
}
if (num_hashes == 0)
{
sha1_cert_hash = NULL;
}
// Connection
Zero(&con, sizeof(con));
@ -773,7 +805,7 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
if (data->Secure)
{
// Start the SSL communication
if (StartSSLEx(s, NULL, NULL, true, 0, NULL) == false)
if (StartSSLEx(s, NULL, NULL, true, 0, (IsEmptyStr(data->SniString) ? NULL : data->SniString)) == false)
{
// SSL connection failed
*error_code = ERR_PROTOCOL_ERROR;
@ -782,13 +814,28 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
return NULL;
}
if (sha1_cert_hash != NULL)
if (sha1_cert_hash != NULL && num_hashes >= 1)
{
UCHAR hash[SHA1_SIZE];
UINT i;
bool ok = false;
Zero(hash, sizeof(hash));
GetXDigest(s->RemoteX, hash, true);
if (Cmp(hash, sha1_cert_hash, SHA1_SIZE) != 0)
for (i = 0;i < num_hashes;i++)
{
UCHAR *a = (UCHAR *)sha1_cert_hash;
a += (SHA1_SIZE * i);
if (Cmp(hash, a, SHA1_SIZE) == 0)
{
ok = true;
break;
}
}
if (ok == false)
{
// Destination certificate hash mismatch
*error_code = ERR_CERT_NOT_TRUSTED;

View File

@ -159,6 +159,7 @@ struct URL_DATA
char Referer[MAX_SIZE * 3]; // Referer
char AdditionalHeaderName[128]; // Additional header name
char AdditionalHeaderValue[MAX_SIZE]; // Additional header value
char SniString[MAX_SIZE]; // SNI String
};
// WPC entry
@ -204,6 +205,11 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
UINT *error_code, bool check_ssl_trust, char *post_data,
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash,
bool *cancel, UINT max_recv_size, char *header_name, char *header_value);
BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
UINT timeout_connect, UINT timeout_comm,
UINT *error_code, bool check_ssl_trust, char *post_data,
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, UINT num_hashes,
bool *cancel, UINT max_recv_size, char *header_name, char *header_value);
SOCK *WpcSockConnect(WPC_CONNECT *param, UINT *error_code, UINT timeout);
SOCK *WpcSockConnectEx(WPC_CONNECT *param, UINT *error_code, UINT timeout, bool *cancel);
SOCK *WpcSockConnect2(char *hostname, UINT port, INTERNET_SETTING *t, UINT *error_code, UINT timeout);
@ -223,6 +229,9 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t
PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
char *additional_header_name, char *additional_header_value);
PACK *WpcCallEx2(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, UINT num_hashes, bool *cancel, UINT max_recv_size,
char *additional_header_name, char *additional_header_value, char *sni_string);
bool IsProxyPrivateIp(INTERNET_SETTING *s);
#endif // WPC_H

View File

@ -1,4 +1,4 @@
BUILD_NUMBER 9613
VERSION 421
BUILD_NUMBER 9634
VERSION 422
BUILD_NAME beta
BUILD_DATE 20160424_153917
BUILD_DATE 20161127_143359

View File

@ -46,7 +46,7 @@
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);$(SolutionDir)Mayaqua"
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;_USE_32BIT_TIME_T"
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
MinimalRebuild="true"
ExceptionHandling="0"
BasicRuntimeChecks="3"
@ -232,7 +232,7 @@
EnableIntrinsicFunctions="false"
FavorSizeOrSpeed="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);$(SolutionDir)Mayaqua"
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;_USE_32BIT_TIME_T;VPN_SPEED"
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;VPN_SPEED"
StringPooling="false"
ExceptionHandling="0"
RuntimeLibrary="0"

View File

@ -385,6 +385,34 @@ bool FileCopyExW(wchar_t *src, wchar_t *dst, bool read_lock)
return ret;
}
bool FileCopyExWithEofW(wchar_t *src, wchar_t *dst, bool read_lock)
{
BUF *b;
bool ret = false;
// Validate arguments
if (src == NULL || dst == NULL)
{
return false;
}
b = ReadDumpExW(src, false);
if (b == NULL)
{
return false;
}
SeekBuf(b, b->Size, 0);
WriteBufChar(b, 0x1A);
SeekBuf(b, 0, 0);
ret = DumpBufW(b, dst);
FreeBuf(b);
return ret;
}
// Save the settings to a file
void CfgSave(FOLDER *f, char *name)
@ -459,7 +487,8 @@ bool CfgSaveExW3(CFG_RW *rw, FOLDER *f, wchar_t *name, UINT *written_size, bool
// Generate a temporary file name
UniFormat(tmp, sizeof(tmp), L"%s.log", name);
// Copy the file that currently exist to a temporary file
FileCopyW(name, tmp);
// with appending the EOF
FileCopyExWithEofW(name, tmp, true);
// Save the new file
o = FileCreateW(name);
@ -481,6 +510,7 @@ bool CfgSaveExW3(CFG_RW *rw, FOLDER *f, wchar_t *name, UINT *written_size, bool
{
// Successful saving file
FileClose(o);
// Delete the temporary file
FileDeleteW(tmp);
}
@ -528,6 +558,7 @@ FOLDER *CfgReadW(wchar_t *name)
bool binary_file = false;
bool invalid_file = false;
UCHAR header[8];
bool has_eof = false;
// Validate arguments
if (name == NULL)
{
@ -543,8 +574,31 @@ FOLDER *CfgReadW(wchar_t *name)
o = FileOpenW(newfile, false);
if (o == NULL)
{
UINT size;
// Read the temporary file
o = FileOpenW(tmp, false);
if (o != NULL)
{
// Check the EOF
size = FileSize(o);
if (size >= 2)
{
char c;
if (FileSeek(o, FILE_BEGIN, size - 1) && FileRead(o, &c, 1) && c == 0x1A && FileSeek(o, FILE_BEGIN, 0))
{
// EOF ok
has_eof = true;
}
else
{
// No EOF: file is corrupted
FileClose(o);
o = NULL;
}
}
}
}
else
{
@ -577,6 +631,11 @@ FOLDER *CfgReadW(wchar_t *name)
// Read into the buffer
size = FileSize(o);
if (has_eof)
{
// Ignore EOF
size -= 1;
}
buf = Malloc(size);
FileRead(o, buf, size);
b = NewBuf();

View File

@ -1818,6 +1818,40 @@ UINT GetDaysUntil2038()
return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24));
}
}
UINT GetDaysUntil2038Ex()
{
SYSTEMTIME now;
Zero(&now, sizeof(now));
SystemTime(&now);
if (now.wYear >= 2030)
{
UINT64 now = SystemTime64();
UINT64 target;
SYSTEMTIME st;
Zero(&st, sizeof(st));
st.wYear = 2049;
st.wMonth = 12;
st.wDay = 30;
target = SystemToUINT64(&st);
if (now >= target)
{
return 0;
}
else
{
return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24));
}
}
else
{
return GetDaysUntil2038();
}
}
// Issue an X509 certificate
X *NewX(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
@ -4885,6 +4919,22 @@ bool DhCompute(DH_CTX *dh, void *dst_priv_key, void *src_pub_key, UINT key_size)
return ret;
}
// Creating a DH 2048bit
DH_CTX *DhNew2048()
{
return DhNew(DH_SET_2048, 2);
}
// Creating a DH 3072bit
DH_CTX *DhNew3072()
{
return DhNew(DH_SET_3072, 2);
}
// Creating a DH 4096bit
DH_CTX *DhNew4096()
{
return DhNew(DH_SET_4096, 2);
}
// Creating a DH GROUP1
DH_CTX *DhNewGroup1()
{

View File

@ -170,6 +170,61 @@ void RAND_Free_For_SoftEther();
#define DH_SIMPLE_160 "AEE7561459353C95DDA966AE1FD25D95CD46E935"
#define DH_SET_2048 \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AACAA68FFFFFFFFFFFFFFFF"
#define DH_SET_3072 \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"\
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"\
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"\
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"\
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"\
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"\
"83655D23DCA3AD961C62F356208552BB9ED529077096966D"\
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"\
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"\
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"\
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"\
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"\
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"\
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"\
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"\
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
#define DH_SET_4096 \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
"FFFFFFFFFFFFFFFF"
// Macro
#define HASHED_DATA(p) (((UCHAR *)p) + 15)
@ -376,6 +431,7 @@ X *NewRootX(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial);
X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial);
X *NewX(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial);
UINT GetDaysUntil2038();
UINT GetDaysUntil2038Ex();
X_SERIAL *NewXSerial(void *data, UINT size);
void FreeXSerial(X_SERIAL *serial);
char *ByteToStr(BYTE *src, UINT src_size);
@ -465,6 +521,9 @@ DH_CTX *DhNewGroup1();
DH_CTX *DhNewGroup2();
DH_CTX *DhNewGroup5();
DH_CTX *DhNewSimple160();
DH_CTX *DhNew2048();
DH_CTX *DhNew3072();
DH_CTX *DhNew4096();
DH_CTX *DhNew(char *prime, UINT g);
void DhFree(DH_CTX *dh);
BUF *DhToBuf(DH_CTX *dh);

View File

@ -381,12 +381,15 @@ void ZipAddFileStart(ZIP_PACKER *p, char *name, UINT size, UINT64 dt, UINT attri
UINT ZipAddFileData(ZIP_PACKER *p, void *data, UINT pos, UINT len)
{
UINT ret;
UINT total_size;
// Validate arguments
if (p == NULL)
{
return 0;
}
UINT total_size = p->CurrentFile->CurrentSize + len;
total_size = p->CurrentFile->CurrentSize + len;
if (total_size > p->CurrentFile->Size)
{
return 0;

View File

@ -172,6 +172,109 @@ static LOCALE current_locale;
LOCK *tick_manual_lock = NULL;
UINT g_zero = 0;
#define MONSPERYEAR 12
#define DAYSPERNYEAR 365
#define DAYSPERLYEAR 366
#define SECSPERMIN 60
#define SECSPERHOUR (60*60)
#define SECSPERDAY (24*60*60)
#define DAYSPERWEEK 7
#define TM_SUNDAY 0
#define TM_MONDAY 1
#define TM_TUESDAY 2
#define TM_WEDNESDAY 3
#define TM_THURSDAY 4
#define TM_FRIDAY 5
#define TM_SATURDAY 6
#define TM_YEAR_BASE 1900
#define EPOCH_YEAR 1970
#define EPOCH_WDAY TM_THURSDAY
#define isleap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
static const int mon_lengths[2][MONSPERYEAR] = {
{ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 },
{ 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }
};
static const int year_lengths[2] = {
DAYSPERNYEAR, DAYSPERLYEAR
};
/*
* Taken from FreeBSD src / lib / libc / stdtime / localtime.c 1.43 revision.
* localtime.c 7.78.
* tzfile.h 1.8
* adapted to be replacement gmtime_r.
*/
static void
c_timesub(timep, offset, tmp)
const time_64t * const timep;
const long offset;
struct tm * const tmp;
{
INT64 days;
INT64 rem;
INT64 y;
int yleap;
const int * ip;
days = *timep / SECSPERDAY;
rem = *timep % SECSPERDAY;
rem += (offset);
while (rem < 0) {
rem += SECSPERDAY;
--days;
}
while (rem >= SECSPERDAY) {
rem -= SECSPERDAY;
++days;
}
tmp->tm_hour = (int) (rem / SECSPERHOUR);
rem = rem % SECSPERHOUR;
tmp->tm_min = (int) (rem / SECSPERMIN);
/*
** A positive leap second requires a special
** representation. This uses "... ??:59:60" et seq.
*/
tmp->tm_sec = (int) (rem % SECSPERMIN) ;
tmp->tm_wday = (int) ((EPOCH_WDAY + days) % DAYSPERWEEK);
if (tmp->tm_wday < 0)
tmp->tm_wday += DAYSPERWEEK;
y = EPOCH_YEAR;
#define LEAPS_THRU_END_OF(y) ((y) / 4 - (y) / 100 + (y) / 400)
while (days < 0 || days >= (long) year_lengths[yleap = isleap(y)]) {
INT64 newy;
newy = y + days / DAYSPERNYEAR;
if (days < 0)
--newy;
days -= (newy - y) * DAYSPERNYEAR +
LEAPS_THRU_END_OF(newy - 1) -
LEAPS_THRU_END_OF(y - 1);
y = newy;
}
tmp->tm_year = (int)(y - TM_YEAR_BASE);
tmp->tm_yday = (int) days;
ip = mon_lengths[yleap];
for (tmp->tm_mon = 0; days >= (INT64) ip[tmp->tm_mon]; ++(tmp->tm_mon))
days = days - (INT64) ip[tmp->tm_mon];
tmp->tm_mday = (int) (days + 1);
tmp->tm_isdst = 0;
}
/*
* Re-entrant version of gmtime.
*/
struct tm * c_gmtime_r(const time_64t* timep, struct tm *tm)
{
c_timesub(timep, 0L, tm);
return tm;
}
// Get the real-time system timer
UINT TickRealtime()
{
@ -219,7 +322,14 @@ UINT64 TickGetRealtimeTickValue64()
gettimeofday(&tv, &tz);
if (sizeof(tv.tv_sec) != 4)
{
ret = (UINT64)tv.tv_sec * 1000ULL + (UINT64)tv.tv_usec / 1000ULL;
}
else
{
ret = (UINT64)((UINT64)((UINT32)tv.tv_sec)) * 1000ULL + (UINT64)tv.tv_usec / 1000ULL;
}
return ret;
}
@ -815,7 +925,7 @@ void GetTimeStr64(char *str, UINT size, UINT64 sec64)
// Convert to a time to be used safely in the current POSIX implementation
UINT64 SafeTime64(UINT64 sec64)
{
return MAKESURE(sec64, 0, 2115947647000ULL);
return MAKESURE(sec64, 0, 4102243323123ULL);
}
// Thread pool
@ -1694,7 +1804,7 @@ void TmToSystem(SYSTEMTIME *st, struct tm *t)
NormalizeTm(&tmp);
Zero(st, sizeof(SYSTEMTIME));
st->wYear = MAKESURE(tmp.tm_year + 1900, 1970, 2037);
st->wYear = MAKESURE(tmp.tm_year + 1900, 1970, 2099);
st->wMonth = MAKESURE(tmp.tm_mon + 1, 1, 12);
st->wDay = MAKESURE(tmp.tm_mday, 1, 31);
st->wDayOfWeek = MAKESURE(tmp.tm_wday, 0, 6);
@ -1714,7 +1824,7 @@ void SystemToTm(struct tm *t, SYSTEMTIME *st)
}
Zero(t, sizeof(struct tm));
t->tm_year = MAKESURE(st->wYear, 1970, 2037) - 1900;
t->tm_year = MAKESURE(st->wYear, 1970, 2099) - 1900;
t->tm_mon = MAKESURE(st->wMonth, 1, 12) - 1;
t->tm_mday = MAKESURE(st->wDay, 1, 31);
t->tm_hour = MAKESURE(st->wHour, 0, 23);
@ -1726,7 +1836,7 @@ void SystemToTm(struct tm *t, SYSTEMTIME *st)
}
// Convert the time_t to SYSTEMTIME
void TimeToSystem(SYSTEMTIME *st, time_t t)
void TimeToSystem(SYSTEMTIME *st, time_64t t)
{
struct tm tmp;
// Validate arguments
@ -1740,7 +1850,7 @@ void TimeToSystem(SYSTEMTIME *st, time_t t)
}
// Convert the time_t to 64-bit SYSTEMTIME
UINT64 TimeToSystem64(time_t t)
UINT64 TimeToSystem64(time_64t t)
{
SYSTEMTIME st;
@ -1750,7 +1860,7 @@ UINT64 TimeToSystem64(time_t t)
}
// Convert the SYSTEMTIME to time_t
time_t SystemToTime(SYSTEMTIME *st)
time_64t SystemToTime(SYSTEMTIME *st)
{
struct tm t;
// Validate arguments
@ -1764,7 +1874,7 @@ time_t SystemToTime(SYSTEMTIME *st)
}
// Convert a 64-bit SYSTEMTIME to a time_t
time_t System64ToTime(UINT64 i)
time_64t System64ToTime(UINT64 i)
{
SYSTEMTIME st;
@ -1774,9 +1884,9 @@ time_t System64ToTime(UINT64 i)
}
// Convert the tm to time_t
time_t TmToTime(struct tm *t)
time_64t TmToTime(struct tm *t)
{
time_t tmp;
time_64t tmp;
// Validate arguments
if (t == NULL)
{
@ -1784,7 +1894,7 @@ time_t TmToTime(struct tm *t)
}
tmp = c_mkgmtime(t);
if (tmp == (time_t)-1)
if (tmp == (time_64t)-1)
{
return 0;
}
@ -1792,42 +1902,22 @@ time_t TmToTime(struct tm *t)
}
// Convert time_t to tm
void TimeToTm(struct tm *t, time_t time)
void TimeToTm(struct tm *t, time_64t time)
{
struct tm *ret;
// Validate arguments
if (t == NULL)
{
return;
}
#ifndef OS_UNIX
ret = gmtime(&time);
#else // OS_UNIX
ret = malloc(sizeof(struct tm));
memset(ret, 0, sizeof(struct tm));
gmtime_r(&time, ret);
#endif // OS_UNIX
if (ret == NULL)
{
Zero(t, sizeof(struct tm));
}
else
{
Copy(t, ret, sizeof(struct tm));
}
#ifdef OS_UNIX
free(ret);
#endif // OS_UNIX
c_gmtime_r(&time, t);
}
// Normalize the tm
void NormalizeTm(struct tm *t)
{
struct tm *ret;
time_t tmp;
time_64t tmp;
// Validate arguments
if (t == NULL)
{
@ -1835,31 +1925,12 @@ void NormalizeTm(struct tm *t)
}
tmp = c_mkgmtime(t);
if (tmp == (time_t)-1)
if (tmp == (time_64t)-1)
{
return;
}
#ifndef OS_UNIX
ret = gmtime(&tmp);
#else // OS_UNIX
ret = malloc(sizeof(struct tm));
memset(ret, 0, sizeof(struct tm));
gmtime_r(&tmp, ret);
#endif // OS_UNIX
if (ret == NULL)
{
Zero(t, sizeof(struct tm));
}
else
{
Copy(t, ret, sizeof(struct tm));
}
#ifdef OS_UNIX
free(ret);
#endif // OS_UNIX
c_gmtime_r(&tmp, t);
}
// Normalize the SYSTEMTIME
@ -1934,10 +2005,19 @@ INT64 GetTimeDiffEx(SYSTEMTIME *basetime, bool local_time)
Copy(&snow, basetime, sizeof(SYSTEMTIME));
if (sizeof(time_t) == 4)
{
if (snow.wYear >= 2038)
{
// For old systems: avoid the 2038-year problem
snow.wYear = 2037;
}
}
SystemToTm(&now, &snow);
if (local_time == false)
{
tmp = c_mkgmtime(&now);
tmp = (time_t)c_mkgmtime(&now);
}
else
{
@ -1965,54 +2045,12 @@ INT64 GetTimeDiffEx(SYSTEMTIME *basetime, bool local_time)
return ret;
}
// Get the time difference between the local time and system time
INT64 GetTimeDiff()
{
time_t tmp;
struct tm t1, t2;
SYSTEMTIME snow;
struct tm now;
SYSTEMTIME s1, s2;
INT64 ret;
static INT64 cache = INFINITE;
if (cache != INFINITE)
{
// Returns the cache data after measured once
return cache;
}
SystemTime(&snow);
SystemToTm(&now, &snow);
tmp = c_mkgmtime(&now);
if (tmp == (time_t)-1)
{
return 0;
}
#ifndef OS_UNIX
Copy(&t1, localtime(&tmp), sizeof(struct tm));
Copy(&t2, gmtime(&tmp), sizeof(struct tm));
#else // OS_UNIX
localtime_r(&tmp, &t1);
gmtime_r(&tmp, &t2);
#endif // OS_UNIX
TmToSystem(&s1, &t1);
TmToSystem(&s2, &t2);
cache = ret = (INT)SystemToUINT64(&s1) - (INT)SystemToUINT64(&s2);
return ret;
}
// Convert UINT64 to the SYSTEMTIME
void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64)
{
UINT64 tmp64;
UINT sec, millisec;
time_t time;
time_64t time;
// Validate arguments
if (st == NULL)
{
@ -2023,7 +2061,7 @@ void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64)
tmp64 = sec64 / (UINT64)1000;
millisec = (UINT)(sec64 - tmp64 * (UINT64)1000);
sec = (UINT)tmp64;
time = (time_t)sec;
time = (time_64t)sec;
TimeToSystem(st, time);
st->wMilliseconds = (WORD)millisec;
}
@ -2032,7 +2070,7 @@ void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64)
UINT64 SystemToUINT64(SYSTEMTIME *st)
{
UINT64 sec64;
time_t time;
time_64t time;
// Validate arguments
if (st == NULL)
{
@ -2091,7 +2129,7 @@ void SystemTime(SYSTEMTIME *st)
KS_INC(KS_GETTIME_COUNT);
}
time_t c_mkgmtime(struct tm *tm)
time_64t c_mkgmtime(struct tm *tm)
{
int years, months, days, hours, minutes, seconds;
@ -2142,7 +2180,7 @@ time_t c_mkgmtime(struct tm *tm)
tm->tm_isdst = 0;
if (years < 1970)
return (time_t)-1;
return (time_64t)-1;
#if (defined(TM_YEAR_MAX) && defined(TM_MON_MAX) && defined(TM_MDAY_MAX))
#if (defined(TM_HOUR_MAX) && defined(TM_MIN_MAX) && defined(TM_SEC_MAX))
@ -2156,11 +2194,11 @@ time_t c_mkgmtime(struct tm *tm)
(hours == TM_HOUR_MAX &&
(minutes > TM_MIN_MAX ||
(minutes == TM_MIN_MAX && seconds > TM_SEC_MAX) )))))))
return (time_t)-1;
return (time_64t)-1;
#endif
#endif
return (time_t)(86400L * (unsigned long)(unsigned)days +
return (time_64t)(86400L * (unsigned long)(unsigned)days +
3600L * (unsigned long)hours +
(unsigned long)(60 * minutes + seconds));
}

View File

@ -194,15 +194,16 @@ void FreeThreading();
void ThreadPoolProc(THREAD *t, void *param);
void SetThreadName(UINT thread_id, char *name, void *param);
time_t c_mkgmtime(struct tm *tm);
time_t System64ToTime(UINT64 i);
struct tm * c_gmtime_r(const time_64t* timep, struct tm *tm);
time_64t c_mkgmtime(struct tm *tm);
time_64t System64ToTime(UINT64 i);
void TmToSystem(SYSTEMTIME *st, struct tm *t);
void SystemToTm(struct tm *t, SYSTEMTIME *st);
void TimeToSystem(SYSTEMTIME *st, time_t t);
UINT64 TimeToSystem64(time_t t);
time_t SystemToTime(SYSTEMTIME *st);
time_t TmToTime(struct tm *t);
void TimeToTm(struct tm *t, time_t time);
void TimeToSystem(SYSTEMTIME *st, time_64t t);
UINT64 TimeToSystem64(time_64t t);
time_64t SystemToTime(SYSTEMTIME *st);
time_64t TmToTime(struct tm *t);
void TimeToTm(struct tm *t, time_64t time);
void NormalizeTm(struct tm *t);
void NormalizeSystem(SYSTEMTIME *st);
void LocalToSystem(SYSTEMTIME *system, SYSTEMTIME *local);

View File

@ -145,7 +145,7 @@ typedef struct x509_crl_st X509_CRL;
#define BUF_SIZE 512
// Support Windows OS list
#define SUPPORTED_WINDOWS_LIST "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2"
#define SUPPORTED_WINDOWS_LIST "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016"
// Infinite
#ifndef WINDOWS_H
@ -299,6 +299,8 @@ typedef signed char CHAR;
typedef unsigned long long UINT64;
typedef signed long long INT64;
typedef signed long long time_64t;
#ifdef OS_UNIX
// Avoiding compile error
#define __cdecl
@ -523,6 +525,7 @@ typedef struct SAFE_BLOCK SAFE_BLOCK;
typedef struct SAFE_REQUEST_LOG SAFE_REQUEST_LOG;
typedef struct DYN_VALUE DYN_VALUE;
typedef struct RELAY_PARAMETER RELAY_PARAMETER;
typedef struct SSL_ACCEPT_SETTINGS SSL_ACCEPT_SETTINGS;
// Tick64.h
typedef struct ADJUST_TIME ADJUST_TIME;

View File

@ -46,7 +46,7 @@
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
PreprocessorDefinitions="WIN32;_DEBUG;_LIB;_USE_32BIT_TIME_T"
PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
MinimalRebuild="true"
ExceptionHandling="0"
BasicRuntimeChecks="3"
@ -188,7 +188,7 @@
EnableIntrinsicFunctions="false"
FavorSizeOrSpeed="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;_USE_32BIT_TIME_T;VPN_SPEED"
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;VPN_SPEED"
StringPooling="false"
ExceptionHandling="0"
RuntimeLibrary="0"

View File

@ -204,6 +204,7 @@ static SERVICE_FUNCTION *g_start, *g_stop;
static bool exiting = false;
static bool wnd_end;
static bool is_usermode = false;
static bool wts_is_locked_flag = false;
static HICON tray_icon;
static NOTIFYICONDATA nid;
static NOTIFYICONDATAW nid_nt;
@ -9194,6 +9195,11 @@ bool MsCloseWarningWindow(NO_WARNING *nw, UINT thread_id)
{
HWND hWnd;
if (nw->Halt)
{
break;
}
if (MsIsVista() == false)
{
hWnd = LIST_DATA(o, i);
@ -12341,6 +12347,175 @@ bool MsIsPasswordEmpty(wchar_t *username)
return false;
}
// Determine if the workstation is locked by using WTS API
bool MsDetermineIsLockedByWtsApi()
{
return wts_is_locked_flag;
}
// IsLocked Window Proc
LRESULT CALLBACK MsIsLockedWindowHandlerWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
MS_ISLOCKED *d = NULL;
CREATESTRUCT *cs;
// Validate arguments
if (hWnd == NULL)
{
return 0;
}
d = (MS_ISLOCKED *)GetWindowLongPtrA(hWnd, GWLP_USERDATA);
if (d == NULL && msg != WM_CREATE)
{
goto LABEL_END;
}
switch (msg)
{
case WM_CREATE:
cs = (CREATESTRUCT *)lParam;
d = (MS_ISLOCKED *)cs->lpCreateParams;
SetWindowLongPtrA(hWnd, GWLP_USERDATA, (LONG_PTR)d);
ms->nt->WTSRegisterSessionNotification(hWnd, NOTIFY_FOR_THIS_SESSION);
wts_is_locked_flag = false;
break;
case WM_WTSSESSION_CHANGE:
{
char tmp[MAX_SIZE];
GetDateTimeStr64(tmp, sizeof(tmp), LocalTime64());
switch (wParam)
{
case WTS_SESSION_LOCK:
Debug("%s: Enter Lock\n", tmp);
d->IsLockedFlag = true;
wts_is_locked_flag = true;
break;
case WTS_SESSION_UNLOCK:
Debug("%s: Enter Unlock\n", tmp);
d->IsLockedFlag = false;
wts_is_locked_flag = false;
break;
}
}
break;
case WM_DESTROY:
Debug("Unregister\n");
ms->nt->WTSUnRegisterSessionNotification(hWnd);
PostQuitMessage(0);
break;
}
LABEL_END:
return DefWindowProc(hWnd, msg, wParam, lParam);
}
// IsLocked thread proc
void MsIsLockedThreadProc(THREAD *thread, void *param)
{
MS_ISLOCKED *d = (MS_ISLOCKED *)param;
char wndclass_name[MAX_PATH];
WNDCLASS wc;
HWND hWnd;
MSG msg;
// Validate arguments
if (d == NULL || thread == NULL)
{
return;
}
Format(wndclass_name, sizeof(wndclass_name), "WNDCLASS_%X", Rand32());
Zero(&wc, sizeof(wc));
wc.hbrBackground = (HBRUSH)GetStockObject(WHITE_BRUSH);
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hIcon = NULL;
wc.hInstance = ms->hInst;
wc.lpfnWndProc = MsIsLockedWindowHandlerWindowProc;
wc.lpszClassName = wndclass_name;
if (RegisterClassA(&wc) == 0)
{
NoticeThreadInit(thread);
return;
}
hWnd = CreateWindowA(wndclass_name, wndclass_name, WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT,
NULL, NULL, ms->hInst, d);
d->hWnd = hWnd;
NoticeThreadInit(thread);
if (hWnd == NULL)
{
UnregisterClassA(wndclass_name, ms->hInst);
return;
}
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
DestroyWindow(hWnd);
UnregisterClassA(wndclass_name, ms->hInst);
}
// Create new IsLocked thread
MS_ISLOCKED *MsNewIsLocked()
{
MS_ISLOCKED *d;
THREAD *t;
SleepThread(5000);
if (IsNt() == false || ms->nt->WTSRegisterSessionNotification == NULL ||
ms->nt->WTSUnRegisterSessionNotification == NULL)
{
return NULL;
}
d = ZeroMalloc(sizeof(MS_ISLOCKED));
t = NewThread(MsIsLockedThreadProc, d);
WaitThreadInit(t);
d->Thread = t;
return d;
}
// Stop and free the IsLocked thread
void MsFreeIsLocked(MS_ISLOCKED *d)
{
if (d == NULL)
{
return;
}
if (d->hWnd != NULL)
{
PostMessageA(d->hWnd, WM_CLOSE, 0, 0);
}
WaitThread(d->Thread, INFINITE);
ReleaseThread(d->Thread);
Free(d);
}
// Execution of shutdown (NT)
bool MsShutdownEx(bool reboot, bool force, UINT time_limit, char *message)
{
@ -12689,6 +12864,12 @@ NT_API *MsLoadNtApiFunctions()
nt->WTSEnumerateSessionsA =
(BOOL (__stdcall *)(HANDLE,DWORD,DWORD,PWTS_SESSION_INFOA *,DWORD *))
GetProcAddress(nt->hWtsApi32, "WTSEnumerateSessionsA");
nt->WTSRegisterSessionNotification =
(BOOL (__stdcall *)(HWND,DWORD))
GetProcAddress(nt->hWtsApi32, "WTSRegisterSessionNotification");
nt->WTSUnRegisterSessionNotification =
(BOOL (__stdcall *)(HWND))
GetProcAddress(nt->hWtsApi32, "WTSUnRegisterSessionNotification");
}
// Service related API

View File

@ -431,6 +431,8 @@ typedef struct NT_API
void (WINAPI *WTSFreeMemory)(void *);
BOOL (WINAPI *WTSDisconnectSession)(HANDLE, DWORD, BOOL);
BOOL (WINAPI *WTSEnumerateSessions)(HANDLE, DWORD, DWORD, PWTS_SESSION_INFO *, DWORD *);
BOOL (WINAPI *WTSRegisterSessionNotification)(HWND, DWORD);
BOOL (WINAPI *WTSUnRegisterSessionNotification)(HWND);
SC_HANDLE (WINAPI *OpenSCManager)(LPCTSTR, LPCTSTR, DWORD);
SC_HANDLE (WINAPI *CreateServiceA)(SC_HANDLE, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR);
SC_HANDLE (WINAPI *CreateServiceW)(SC_HANDLE, LPCWSTR, LPCWSTR, DWORD, DWORD, DWORD, DWORD, LPCWSTR, LPCWSTR, LPDWORD, LPCWSTR, LPCWSTR, LPCWSTR);
@ -590,6 +592,13 @@ typedef struct MS_ADAPTER_LIST
MS_ADAPTER **Adapters; // Content
} MS_ADAPTER_LIST;
typedef struct MS_ISLOCKED
{
HWND hWnd;
THREAD *Thread;
volatile bool IsLockedFlag;
} MS_ISLOCKED;
// TCP setting
typedef struct MS_TCP
{
@ -741,6 +750,14 @@ char *MsGetExeFileName();
char *MsGetExeDirName();
wchar_t *MsGetExeDirNameW();
void MsIsLockedThreadProc(THREAD *thread, void *param);
MS_ISLOCKED *MsNewIsLocked();
void MsFreeIsLocked(MS_ISLOCKED *d);
void MsStartIsLockedThread();
void MsStopIsLockedThread();
bool MsDetermineIsLockedByWtsApi();
bool MsShutdown(bool reboot, bool force);
bool MsShutdownEx(bool reboot, bool force, UINT time_limit, char *message);
bool MsCheckLogon(wchar_t *username, char *password);

View File

@ -155,7 +155,6 @@
#ifdef UNIX_MACOS
#include <sys/event.h>
#endif // UNIX_MACOS
#include <Cedar/Cedar.h>
#ifdef OS_WIN32
NETWORK_WIN32_FUNCTIONS *w32net;
@ -188,8 +187,6 @@ struct ROUTE_CHANGE_DATA
// HTTP constant
//static char http_301_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>301 Moved Permanently</TITLE>\r\n</HEAD><BODY>\r\n<H1>Moved</H1>\r\nThis páge has moved to <A HREF=\"https://$HOST$:4443$TARGET$\">new address</A>.<P>\r\n<HR>\r\n</BODY></HTML>\r\n";
static char http_301_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>301 Moved Permanently</TITLE>\r\n</HEAD><BODY>\r\n<H1>Moved</H1>\r\nThis páge has moved to <A HREF=\"https://$HOSTNAME$:4443$TARGET$\">new address</A>.<P>\r\n<HR>\r\n</BODY></HTML>\r\n";
static char http_404_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>404 Not Found</TITLE>\r\n</HEAD><BODY>\r\n<H1>Not Found</H1>\r\nThe requested URL $TARGET$ was not found on this server.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
static char http_403_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>403 Forbidden</TITLE>\r\n</HEAD><BODY>\r\n<H1>Forbidden</H1>\r\nYou don't have permission to access $TARGET$\r\non this server.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
static char http_500_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>500 Server Error</TITLE>\r\n</HEAD><BODY>\r\n<H1>Server Error</H1>\r\nServer Error<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
@ -236,7 +233,7 @@ static COUNTER *getip_thread_counter = NULL;
static UINT max_getip_thread = 0;
static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA";
static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES128-SHA256 AES256-GCM-SHA384 AES256-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384";
static LIST *ip_clients = NULL;
static LIST *local_mac_list = NULL;
@ -248,7 +245,7 @@ static UINT rand_port_numbers[256] = {0};
static bool g_use_privateip_file = false;
static bool g_source_ip_validation_force_disable = false;
static DH_CTX *dh_1024 = NULL;
static DH_CTX *dh_2048 = NULL;
typedef struct PRIVATE_IP_SUBNET
{
@ -5824,7 +5821,8 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
{
if (server_mode)
{
SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_server_method());
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
AddChainSslCertOnDirectory(ssl_ctx);
@ -5835,7 +5833,7 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
}
else
{
SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_client_method());
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
}
//SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cb_test);
@ -12773,7 +12771,7 @@ bool SendAll(SOCK *sock, void *data, UINT size, bool secure)
// Set the cipher algorithm name to want to use
void SetWantToUseCipher(SOCK *sock, char *name)
{
char tmp[254];
char tmp[1024];
// Validate arguments
if (sock == NULL || name == NULL)
{
@ -12913,7 +12911,7 @@ bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x)
// Start a TCP-SSL communication
bool StartSSL(SOCK *sock, X *x, K *priv)
{
return StartSSLEx(sock, x, priv, false, 0, NULL);
return StartSSLEx(sock, x, priv, true, 0, NULL);
}
bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, char *sni_hostname)
{
@ -12976,23 +12974,39 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
if (sock->ServerMode)
{
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
long ssl_opt_flags=0x0L;
if (sock->DisableSslVersions & SSL_VERSION_SSL_V2) {
ssl_opt_flags |= SSL_OP_NO_SSLv2;
#ifdef SSL_OP_NO_SSLv2
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
#endif // SSL_OP_NO_SSLv2
if (sock->SslAcceptSettings.AcceptOnlyTls)
{
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
}
if (sock->DisableSslVersions & SSL_VERSION_SSL_V3) {
ssl_opt_flags |= SSL_OP_NO_SSLv3;
if (sock->SslAcceptSettings.Tls_Disable1_0)
{
#ifdef SSL_OP_NO_TLSv1
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
#endif // SSL_OP_NO_TLSv1
}
if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_0) {
ssl_opt_flags |= SSL_OP_NO_TLSv1;
if (sock->SslAcceptSettings.Tls_Disable1_1)
{
#ifdef SSL_OP_NO_TLSv1_1
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
#endif // SSL_OP_NO_TLSv1_1
}
if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_1) {
ssl_opt_flags |= SSL_OP_NO_TLSv1_1;
if (sock->SslAcceptSettings.Tls_Disable1_2)
{
#ifdef SSL_OP_NO_TLSv1_2
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
#endif // SSL_OP_NO_TLSv1_2
}
if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_2) {
ssl_opt_flags |= SSL_OP_NO_TLSv1_2;
}
SSL_CTX_set_options(ssl_ctx, ssl_opt_flags);
Unlock(openssl_lock);
AddChainSslCertOnDirectory(ssl_ctx);
Lock(openssl_lock);
@ -13005,7 +13019,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
}
else
{
SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_client_method());
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
}
}
sock->ssl = SSL_new(ssl_ctx);
@ -13021,6 +13035,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
}
}
#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
}
Unlock(openssl_lock);
@ -13206,6 +13221,8 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
return true;
}
#ifdef ENABLE_SSL_LOGGING
// Enable SSL logging
@ -13838,6 +13855,10 @@ void DisableGetHostNameWhenAcceptInit()
// Initialize the connection acceptance
void AcceptInit(SOCK *s)
{
AcceptInitEx(s, false);
}
void AcceptInitEx(SOCK *s, bool no_lookup_hostname)
{
char tmp[MAX_SIZE];
// Validate arguments
@ -13848,7 +13869,7 @@ void AcceptInit(SOCK *s)
Zero(tmp, sizeof(tmp));
if (disable_gethostname_by_accept == false)
if (disable_gethostname_by_accept == false && no_lookup_hostname == false)
{
if (GetHostName(tmp, sizeof(tmp), &s->RemoteIP) == false ||
IsEmptyStr(tmp))
@ -17760,9 +17781,9 @@ DH *TmpDhCallback(SSL *ssl, int is_export, int keylength)
{
DH *ret = NULL;
if (dh_1024 != NULL)
if (dh_2048 != NULL)
{
ret = dh_1024->dh;
ret = dh_2048->dh;
}
return ret;
@ -17786,6 +17807,10 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
SSL_CTX_set_tmp_dh_callback(ctx, TmpDhCallback);
#ifdef SSL_CTX_set_ecdh_auto
SSL_CTX_set_ecdh_auto(ctx, 1);
#endif // SSL_CTX_set_ecdh_auto
return ctx;
}
@ -17879,7 +17904,7 @@ void InitNetwork()
disable_cache = false;
dh_1024 = DhNewGroup2();
dh_2048 = DhNew2048();
Zero(rand_port_numbers, sizeof(rand_port_numbers));
@ -18313,10 +18338,10 @@ void SetCurrentGlobalIP(IP *ip, bool ipv6)
void FreeNetwork()
{
if (dh_1024 != NULL)
if (dh_2048 != NULL)
{
DhFree(dh_1024);
dh_1024 = NULL;
DhFree(dh_2048);
dh_2048 = NULL;
}
// Release of thread-related
@ -21875,69 +21900,6 @@ bool HttpSendNotImplemented(SOCK *s, char *method, char *target, char *version)
return ret;
}
// Sending the 301 Moved Permanently: Redirect
bool HttpSendRedirect(SOCK *s, char *target, char *hostname)
{
HTTP_HEADER *h;
char *str;
//char *redirect_to_static="https://$HOSTNAME$:4443$TARGET$";
char *redirect_to_static="https://%s:4443%s";
char *redirect_to;
UINT redir_size;
UINT str_size;
bool ret;
char host[MAX_SIZE];
UINT port;
// Validate arguments
if (s == NULL || target == NULL || hostname == NULL)
{
return false;
}
// Get the host name
//GetMachineName(host, MAX_SIZE);
Zero(host, sizeof(host));
IPToStr(host, sizeof(host), &s->LocalIP);
// Creating a header
h = NewHttpHeader("HTTP/1.1", "301", "Moved Permanently");
redir_size = strlen(redirect_to_static) * 2 + StrLen(target) + StrLen(hostname);
redirect_to = Malloc(redir_size);
snprintf(redirect_to, redir_size, redirect_to_static, hostname, target);
//StrCpy(redirect_to, redir_size, redirect_to_static);
//ReplaceStri(redirect_to, redir_size, redirect_to, "$TARGET$", target);
//ReplaceStri(redirect_to, redir_size, redirect_to, "$HOSTNAME$", hostname);
AddHttpValue(h, NewHttpValue("Location", redirect_to));
AddHttpValue(h, NewHttpValue("Content-Type", HTTP_CONTENT_TYPE));
// Creating a Data
str_size = sizeof(http_301_str) * 2 + StrLen(target) + StrLen(hostname);
str = Malloc(str_size);
StrCpy(str, str_size, http_301_str);
// TARGET
ReplaceUnsafeCharInTarget(target);
ReplaceStri(str, str_size, str, "$TARGET$", target);
// HOST
//ReplaceStri(str, str_size, str, "$HOST$", host);
// HOSTNAME
ReplaceStri(str, str_size, str, "$HOSTNAME$", hostname);
// Transmission
ret = PostHttp(s, h, str, StrLen(str));
FreeHttpHeader(h);
Free(redirect_to);
Free(str);
return ret;
}
// Sending a 404 Not Found error
bool HttpSendNotFound(SOCK *s, char *target)
{
@ -22744,7 +22706,14 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
USHORT handshake_length;
// Validate arguments
if (packet_buf == NULL || packet_size == 0)
if (packet_buf == NULL || packet_size <= 11)
{
return false;
}
if (!(packet_buf[0] == 0x16 && packet_buf[1] >= 0x03 &&
packet_buf[5] == 0x01 && packet_buf[6] == 0x00 &&
packet_buf[9] >= 0x03))
{
return false;
}
@ -22758,7 +22727,7 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
version = Endian16(version);
handshake_length = Endian16(handshake_length);
if (version >= 0x0301)
if (content_type == 0x16 && version >= 0x0301)
{
UCHAR *handshake_data = Malloc(handshake_length);
@ -22874,11 +22843,14 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
name_buf = ZeroMalloc(name_len + 1);
if (ReadBuf(dbuf, name_buf, name_len) == name_len)
{
if (StrLen(name_buf) >= 1)
{
ret = true;
StrCpy(sni, sni_size, name_buf);
}
}
Free(name_buf);
}

View File

@ -246,6 +246,15 @@ struct SOCK_EVENT
#define SOCK_RUDP_LISTEN 5
#define SOCK_REVERSE_LISTEN 6
// SSL Accept Settings
struct SSL_ACCEPT_SETTINGS
{
bool AcceptOnlyTls;
bool Tls_Disable1_0;
bool Tls_Disable1_1;
bool Tls_Disable1_2;
};
// Socket
struct SOCK
{
@ -312,8 +321,7 @@ struct SOCK
IP Reverse_MyServerGlobalIp; // Self global IP address when using the reverse socket
UINT Reverse_MyServerPort; // Self port number when using the reverse socket
UCHAR Ssl_Init_Async_SendAlert[2]; // Initial state of SSL send_alert
bool AcceptOnlyTls; // Accept only TLS (disable SSLv3)
UINT DisableSslVersions; // Bitmap of SSL Version to disable
SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings
bool RawIP_HeaderIncludeFlag;
#ifdef ENABLE_SSL_LOGGING
@ -1044,7 +1052,6 @@ char *HttpHeaderToStr(HTTP_HEADER *header);
bool PostHttp(SOCK *s, HTTP_HEADER *header, void *post_data, UINT post_size);
UINT GetContentLength(HTTP_HEADER *header);
void GetHttpDateStr(char *str, UINT size, UINT64 t);
bool HttpSendRedirect(SOCK *s, char *target, char* hostname);
bool HttpSendForbidden(SOCK *s, char *target, char *server_id);
bool HttpSendNotFound(SOCK *s, char *target);
bool HttpSendNotImplemented(SOCK *s, char *method, char *target, char *version);
@ -1370,6 +1377,7 @@ bool GetDomainName(char *name, UINT size);
bool UnixGetDomainName(char *name, UINT size);
void RenewDhcp();
void AcceptInit(SOCK *s);
void AcceptInitEx(SOCK *s, bool no_lookup_hostname);
void DisableGetHostNameWhenAcceptInit();
bool CheckCipherListName(char *name);
TOKEN_LIST *GetCipherList();

View File

@ -424,12 +424,18 @@ bool SignSecByObject(SECURE *sec, SEC_OBJ *obj, void *dst, void *src, UINT size)
// Perform Signing
size = 128;
// First try with 1024 bit
ret = sec->Api->C_Sign(sec->SessionId, hash, sizeof(hash), dst, &size);
if (ret != CKR_OK || size != 128)
if (ret != CKR_OK && 128 < size && size <= 4096/8)
{
// Retry with expanded bits
ret = sec->Api->C_Sign(sec->SessionId, hash, sizeof(hash), dst, &size);
}
if (ret != CKR_OK || size == 0 || size > 4096/8)
{
// Failure
sec->Error = SEC_ERROR_HARDWARE_ERROR;
Debug("C_Sign Error: 0x%x\n", ret);
Debug("C_Sign Error: 0x%x size:%d\n", ret, size);
return false;
}
@ -782,6 +788,11 @@ bool WriteSecCert(SECURE *sec, bool private_obj, char *name, X *x)
b_private_obj = false;
}
// CryptoID PKCS#11 requires CKA_ID attiribute instead of CKA_LABEL.
if(sec->Dev->Id == 22) {
a[7].type = CKA_ID;
}
// Remove objects which have the same name
if (CheckSecObject(sec, name, SEC_X))
{
@ -2007,7 +2018,7 @@ void TestSecMain(SECURE *sec)
}
Print("Generating Key...\n");
if (RsaGen(&private_key, &public_key, 1024) == false)
if (RsaGen(&private_key, &public_key, 2048) == false)
{
Print("RsaGen() Failed.\n");
}
@ -2077,9 +2088,10 @@ void TestSecMain(SECURE *sec)
}
else
{
UCHAR sign_cpu[128];
UCHAR sign_sec[128];
UCHAR sign_cpu[512];
UCHAR sign_sec[512];
K *pub = GetKFromX(cert);
UINT keybtytes = (cert->bits)/8;
Print("Ok.\n");
Print("Signing Data by CPU...\n");
if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false)
@ -2090,7 +2102,7 @@ void TestSecMain(SECURE *sec)
{
Print("Ok.\n");
Print("sign_cpu: ");
PrintBin(sign_cpu, sizeof(sign_cpu));
PrintBin(sign_cpu, keybtytes);
Print("Signing Data by %s..\n", sec->Dev->DeviceName);
if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false)
{
@ -2100,14 +2112,14 @@ void TestSecMain(SECURE *sec)
{
Print("Ok.\n");
Print("sign_sec: ");
PrintBin(sign_sec, sizeof(sign_sec));
PrintBin(sign_sec, keybtytes);
Print("Compare...");
if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0)
if (Cmp(sign_sec, sign_cpu, keybtytes) == 0)
{
Print("Ok.\n");
Print("Verify...");
if (RsaVerify(test_str, StrLen(test_str),
sign_sec, pub) == false)
if (RsaVerifyEx(test_str, StrLen(test_str),
sign_sec, pub, cert->bits) == false)
{
Print("[FAILED]\n");
}

View File

@ -307,7 +307,8 @@ SECURE_DEVICE SupportedList[] =
{18, SECURE_IC_CARD, "Gemalto .NET", "Gemalto", "gtop11dotnet.dll"},
{19, SECURE_IC_CARD, "Gemalto .NET 64bit", "Gemalto", "gtop11dotnet64.dll"},
{20, SECURE_USB_TOKEN, "ePass 2003", "Feitian Technologies", "eps2003csp11.dll"},
{20, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"},
{21, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"},
{22, SECURE_USB_TOKEN, "CryptoID", "Longmai Technology", "cryptoida_pkcs11.dll"},
};
#ifdef OS_WIN32

View File

@ -1829,20 +1829,27 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b
{
USHORT port_raw = Endian16(80);
USHORT port_raw2 = Endian16(8080);
USHORT port_raw3 = Endian16(443);
// Analyze if the packet is a part of HTTP
if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP)
{
TCP_HEADER *tcp = p->L4.TCPHeader;
if (tcp != NULL && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
{
if (tcp->DstPort == port_raw || tcp->DstPort == port_raw2)
if (tcp != NULL && (tcp->DstPort == port_raw || tcp->DstPort == port_raw2) &&
(!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
{
if (p->PayloadSize >= 1)
{
p->HttpLog = ParseHttpAccessLog(p);
}
}
if (tcp != NULL && tcp->DstPort == port_raw3 &&
(!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
{
if (p->PayloadSize >= 1)
{
p->HttpLog = ParseHttpsAccessLog(p);
}
}
}
}
@ -2014,6 +2021,33 @@ void CorrectChecksum(PKT *p)
}
// Parse the HTTPS access log
HTTPLOG *ParseHttpsAccessLog(PKT *pkt)
{
HTTPLOG h;
char sni[MAX_PATH];
// Validate arguments
if (pkt == NULL)
{
return NULL;
}
if (GetSniNameFromSslPacket(pkt->Payload, pkt->PayloadSize, sni, sizeof(sni)) == false)
{
return NULL;
}
Zero(&h, sizeof(h));
StrCpy(h.Method, sizeof(h.Method), "SSL_Connect");
StrCpy(h.Hostname, sizeof(h.Hostname), sni);
h.Port = Endian16(pkt->L4.TCPHeader->DstPort);
StrCpy(h.Path, sizeof(h.Path), "/");
h.IsSsl = true;
return Clone(&h, sizeof(h));
}
// Parse the HTTP access log
HTTPLOG *ParseHttpAccessLog(PKT *pkt)
{

View File

@ -651,6 +651,7 @@ struct HTTPLOG
char Protocol[64]; // Protocol
char UserAgent[MAX_SIZE]; // User Agent value
char Referer[MAX_SIZE]; // Referer
bool IsSsl; // Is SSL
};
// Packet
@ -919,6 +920,7 @@ void FreeDhcpOptions(LIST *o);
LIST *ParseDhcpOptions(void *data, UINT size);
BUF *BuildDhcpOptionsBuf(LIST *o);
HTTPLOG *ParseHttpAccessLog(PKT *pkt);
HTTPLOG *ParseHttpsAccessLog(PKT *pkt);
BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size);
BUF *DhcpModifyIPv4(DHCP_MODIFY_OPTION *m, void *data, UINT size);

View File

@ -2031,6 +2031,7 @@ void UnixInc32(UINT *value)
void UnixGetSystemTime(SYSTEMTIME *system_time)
{
time_t now = 0;
time_64t now2 = 0;
struct tm tm;
struct timeval tv;
struct timezone tz;
@ -2048,7 +2049,16 @@ void UnixGetSystemTime(SYSTEMTIME *system_time)
time(&now);
gmtime_r(&now, &tm);
if (sizeof(time_t) == 4)
{
now2 = (time_64t)((UINT64)((UINT32)now));
}
else
{
now2 = now;
}
c_gmtime_r(&now2, &tm);
TmToSystem(system_time, &tm);
@ -2087,7 +2097,7 @@ UINT64 UnixGetTick64()
#endif // CLOCK_MONOTONIC
#endif // CLOCK_HIGHRES
ret = (UINT64)t.tv_sec * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
ret = ((UINT64)((UINT32)t.tv_sec)) * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
if (akirame == false && ret == 0)
{
@ -2106,7 +2116,7 @@ UINT64 UnixGetTick64()
host_get_clock_service(mach_host_self(), SYSTEM_CLOCK, &clock_serv);
}
clock_get_time(clock_serv, &t);
ret = (UINT64)t.tv_sec * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
ret = ((UINT64)((UINT32)t.tv_sec)) * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
return ret;
#else
return TickRealtimeManual();

View File

@ -1,4 +1,4 @@
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*

View File

@ -291,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags);
* BIO_CB_RETURN flag indicates if it is after the call
*/
# define BIO_CB_RETURN 0x80
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
/* BIO_s_accept_socket() */
/* BIO_s_accept() */
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
/* BIO_s_accept() and BIO_s_connect() */
# define BIO_do_connect(b) BIO_do_handshake(b)
# define BIO_do_accept(b) BIO_do_handshake(b)
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
/* BIO_s_file() */
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
/* BIO_s_fd() and BIO_s_file() */
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
@ -555,11 +559,11 @@ int BIO_read_filename(BIO *b, const char *name);
# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
# define BIO_set_ssl_renegotiate_bytes(b,num) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
# define BIO_get_num_renegotiates(b) \
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
/* defined in evp.h */
/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
@ -685,7 +689,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
long argl, long ret);
BIO_METHOD *BIO_s_mem(void);
BIO *BIO_new_mem_buf(void *buf, int len);
BIO *BIO_new_mem_buf(const void *buf, int len);
BIO_METHOD *BIO_s_socket(void);
BIO_METHOD *BIO_s_connect(void);
BIO_METHOD *BIO_s_accept(void);

View File

@ -125,6 +125,7 @@
#ifndef HEADER_BN_H
# define HEADER_BN_H
# include <limits.h>
# include <openssl/e_os2.h>
# ifndef OPENSSL_NO_FP_API
# include <stdio.h> /* FILE */
@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void);
/* library internal functions */
# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
# define bn_expand(a,bits) \
( \
bits > (INT_MAX - BN_BITS2 + 1) ? \
NULL \
: \
(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
(a) \
: \
bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
)
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);
# ifndef OPENSSL_NO_DEPRECATED
@ -779,6 +789,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
* wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
/* Debug only - safe to ignore error return */ \
RAND_pseudo_bytes(&_tmp_char, 1); \
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
@ -831,6 +842,8 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
if (*(ftl--)) break; \
(a)->top = tmp_top; \
} \
if ((a)->top == 0) \
(a)->neg = 0; \
bn_pollute(a); \
}
@ -892,6 +905,7 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
# define BN_F_BN_GF2M_MOD_SQR 136
# define BN_F_BN_GF2M_MOD_SQRT 137
# define BN_F_BN_LSHIFT 145
# define BN_F_BN_MOD_EXP2_MONT 118
# define BN_F_BN_MOD_EXP_MONT 109
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
@ -907,12 +921,14 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_NEW 113
# define BN_F_BN_RAND 114
# define BN_F_BN_RAND_RANGE 122
# define BN_F_BN_RSHIFT 146
# define BN_F_BN_USUB 115
/* Reason codes. */
# define BN_R_ARG2_LT_ARG3 100
# define BN_R_BAD_RECIPROCAL 101
# define BN_R_BIGNUM_TOO_LONG 114
# define BN_R_BITS_TOO_SMALL 118
# define BN_R_CALLED_WITH_EVEN_MODULUS 102
# define BN_R_DIV_BY_ZERO 103
# define BN_R_ENCODING_ERROR 104
@ -920,6 +936,7 @@ void ERR_load_BN_strings(void);
# define BN_R_INPUT_NOT_REDUCED 110
# define BN_R_INVALID_LENGTH 106
# define BN_R_INVALID_RANGE 115
# define BN_R_INVALID_SHIFT 119
# define BN_R_NOT_A_SQUARE 111
# define BN_R_NOT_INITIALIZED 107
# define BN_R_NO_INVERSE 108

View File

@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len);
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
size_t BUF_strnlen(const char *str, size_t maxlen);
char *BUF_strdup(const char *str);
/*
* Like strndup, but in addition, explicitly guarantees to never read past the
* first |siz| bytes of |str|.
*/
char *BUF_strndup(const char *str, size_t siz);
void *BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);

View File

@ -1,4 +1,4 @@
/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/camellia/camellia.h */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*

View File

@ -4,13 +4,17 @@
# include <openssl/crypto.h>
# ifdef OPENSSL_NO_COMP
# error COMP is disabled.
# endif
#ifdef __cplusplus
extern "C" {
#endif
typedef struct comp_ctx_st COMP_CTX;
typedef struct comp_method_st {
struct comp_method_st {
int type; /* NID for compression library */
const char *name; /* A text string to identify the library */
int (*init) (COMP_CTX *ctx);
@ -26,7 +30,7 @@ typedef struct comp_method_st {
*/
long (*ctrl) (void);
long (*callback_ctrl) (void);
} COMP_METHOD;
};
struct comp_ctx_st {
COMP_METHOD *meth;

View File

@ -628,7 +628,7 @@ void OPENSSL_init(void);
* into a defined order as the return value when a != b is undefined, other
* than to be non-zero.
*/
int CRYPTO_memcmp(const void *a, const void *b, size_t len);
int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len);
/* BEGIN ERROR CODES */
/*

View File

@ -1,4 +1,4 @@
/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/des/des_old.h */
/*-
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

View File

@ -142,7 +142,7 @@ struct dh_st {
BIGNUM *p;
BIGNUM *g;
long length; /* optional */
BIGNUM *pub_key; /* g^x */
BIGNUM *pub_key; /* g^x % p */
BIGNUM *priv_key; /* x */
int flags;
BN_MONT_CTX *method_mont_p;
@ -174,6 +174,7 @@ struct dh_st {
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
# define DH_CHECK_PUBKEY_INVALID 0x04
/*
* primes p where (p-1)/2 is prime too are called "safe"; we define this for

View File

@ -1,4 +1,4 @@
/* dso.h -*- mode:C; c-file-style: "eay" -*- */
/* dso.h */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.

View File

@ -109,6 +109,12 @@ extern "C" {
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WIN32
# endif
# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
# undef OPENSSL_SYS_UNIX
# if !defined(OPENSSL_SYS_WIN64)
# define OPENSSL_SYS_WIN64
# endif
# endif
# if defined(OPENSSL_SYSNAME_WINNT)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINNT
@ -121,7 +127,7 @@ extern "C" {
# endif
/* Anything that tries to look like Microsoft is "Windows" */
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINDOWS
# ifndef OPENSSL_SYS_MSDOS
@ -325,4 +331,3 @@ extern "C" {
#undef OPENSSL_SYS_WIN32
#undef OPENSSL_SYS_WINDOWS
#endif // _MSC_VER

View File

@ -106,7 +106,7 @@ typedef enum {
/** the point is encoded as z||x, where the octet z specifies
* which solution of the quadratic equation y is */
POINT_CONVERSION_COMPRESSED = 2,
/** the point is encoded as z||x||y, where z is the octet 0x02 */
/** the point is encoded as z||x||y, where z is the octet 0x04 */
POINT_CONVERSION_UNCOMPRESSED = 4,
/** the point is encoded as z||x||y, where the octet z specifies
* which solution of the quadratic equation y is */
@ -1097,6 +1097,12 @@ void ERR_load_EC_strings(void);
# define EC_F_ECPARAMETERS_PRINT_FP 148
# define EC_F_ECPKPARAMETERS_PRINT 149
# define EC_F_ECPKPARAMETERS_PRINT_FP 150
# define EC_F_ECP_NISTZ256_GET_AFFINE 240
# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243
# define EC_F_ECP_NISTZ256_POINTS_MUL 241
# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244
# define EC_F_ECP_NISTZ256_SET_WORDS 245
# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242
# define EC_F_ECP_NIST_MOD_192 203
# define EC_F_ECP_NIST_MOD_224 204
# define EC_F_ECP_NIST_MOD_256 205
@ -1208,11 +1214,6 @@ void ERR_load_EC_strings(void);
# define EC_F_NISTP224_PRE_COMP_NEW 227
# define EC_F_NISTP256_PRE_COMP_NEW 236
# define EC_F_NISTP521_PRE_COMP_NEW 237
# define EC_F_ECP_NISTZ256_GET_AFFINE 240
# define EC_F_ECP_NISTZ256_POINTS_MUL 241
# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242
# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243
# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244
# define EC_F_O2I_ECPUBLICKEY 152
# define EC_F_OLD_EC_PRIV_DECODE 222
# define EC_F_PKEY_EC_CTRL 197

View File

@ -233,7 +233,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx);
* \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
*/
ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method);
ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method);
/** frees a ECDSA_METHOD structure
* \param ecdsa_method pointer to the ECDSA_METHOD structure

View File

@ -103,7 +103,6 @@
# define EVP_PKS_RSA 0x0100
# define EVP_PKS_DSA 0x0200
# define EVP_PKS_EC 0x0400
# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
# define EVP_PKEY_NONE NID_undef
# define EVP_PKEY_RSA NID_rsaEncryption
@ -424,6 +423,9 @@ struct evp_cipher_st {
# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b
# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c
/* RFC 5246 defines additional data to be 13 bytes in length */
# define EVP_AEAD_TLS1_AAD_LEN 13
typedef struct {
unsigned char *out;
const unsigned char *inp;
@ -1121,6 +1123,19 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
long arg1, void *arg2));
void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
int (*item_verify) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
void *asn,
X509_ALGOR *a,
ASN1_BIT_STRING *sig,
EVP_PKEY *pkey),
int (*item_sign) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
void *asn,
X509_ALGOR *alg1,
X509_ALGOR *alg2,
ASN1_BIT_STRING *sig));
# define EVP_PKEY_OP_UNDEFINED 0
# define EVP_PKEY_OP_PARAMGEN (1<<1)

View File

@ -1,4 +1,4 @@
/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
/* ssl/kssl.h */
/*
* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
* 2000. project 2000.

View File

@ -41,12 +41,18 @@ extern "C" {
#ifndef OPENSSL_NO_SSL_TRACE
# define OPENSSL_NO_SSL_TRACE
#endif
#ifndef OPENSSL_NO_SSL2
# define OPENSSL_NO_SSL2
#endif
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
#ifndef OPENSSL_NO_UNIT_TEST
# define OPENSSL_NO_UNIT_TEST
#endif
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
# define OPENSSL_NO_WEAK_SSL_CIPHERS
#endif
#endif /* OPENSSL_DOING_MAKEDEPEND */
@ -89,12 +95,18 @@ extern "C" {
# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
# define NO_SSL_TRACE
# endif
# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
# define NO_SSL2
# endif
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
# define NO_UNIT_TEST
# endif
# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
# define NO_WEAK_SSL_CIPHERS
# endif
#endif
#define OPENSSL_CPUID_OBJ
@ -203,7 +215,7 @@ extern "C" {
#endif
#if defined(DES_RISC1) && defined(DES_RISC2)
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
@ -222,7 +234,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
optimization options. Older Sparc's work better with only UNROLL, but
there's no way to tell at compile time what it is you're running on */
#if defined( sun ) /* Newer Sparc's */
#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
# define DES_PTR
# define DES_RISC1
# define DES_UNROLL

View File

@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1000201fL
# define OPENSSL_VERSION_NUMBER 0x100020afL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-fips 19 Mar 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a 19 Mar 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

View File

@ -178,6 +178,8 @@ typedef struct engine_st ENGINE;
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct comp_method_st COMP_METHOD;
typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;

View File

@ -531,6 +531,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_PEM_strings(void);
/* Error codes for the PEM functions. */
@ -592,6 +593,7 @@ void ERR_load_PEM_strings(void);
# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119
# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120
# define PEM_R_HEADER_TOO_LONG 128
# define PEM_R_INCONSISTENT_HEADER 121
# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122
# define PEM_R_KEYBLOB_TOO_SHORT 123

View File

@ -270,7 +270,7 @@ int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
/* BEGIN ERROR CODES */
/*

View File

@ -82,16 +82,21 @@ typedef struct SRP_gN_cache_st {
DECLARE_STACK_OF(SRP_gN_cache)
typedef struct SRP_user_pwd_st {
/* Owned by us. */
char *id;
BIGNUM *s;
BIGNUM *v;
/* Not owned by us. */
const BIGNUM *g;
const BIGNUM *N;
/* Owned by us. */
char *info;
} SRP_user_pwd;
DECLARE_STACK_OF(SRP_user_pwd)
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
typedef struct SRP_VBASE_st {
STACK_OF(SRP_user_pwd) *users_pwd;
STACK_OF(SRP_gN_cache) *gN_cache;
@ -115,7 +120,12 @@ DECLARE_STACK_OF(SRP_gN)
SRP_VBASE *SRP_VBASE_new(char *seed_key);
int SRP_VBASE_free(SRP_VBASE *vb);
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
/* This method ignores the configured seed and fails for an unknown user. */
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g);
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,

View File

@ -338,7 +338,7 @@ extern "C" {
* The following cipher list is used by default. It also is substituted when
* an application-defined cipher list string starts with 'DEFAULT'.
*/
# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
@ -625,7 +625,7 @@ struct ssl_session_st {
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
/* If set, always create a new key when using tmp_ecdh parameters */
# define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Does nothing: retained for compatibiity */
# define SSL_OP_EPHEMERAL_RSA 0x0
@ -1727,6 +1727,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
# define SSL_ST_ERR 0x05
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
@ -2091,7 +2092,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
# define SSL_set1_sigalgs_list(ctx, s) \
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
@ -2344,7 +2345,7 @@ const char *SSL_get_version(const SSL *s);
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
# ifndef OPENSSL_NO_SSL2
# ifndef OPENSSL_NO_SSL2_METHOD
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
@ -2531,7 +2532,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
int keylength));
# endif
# ifndef OPENSSL_NO_COMP
const COMP_METHOD *SSL_get_current_compression(SSL *s);
const COMP_METHOD *SSL_get_current_expansion(SSL *s);
const char *SSL_COMP_get_name(const COMP_METHOD *comp);
@ -2540,13 +2540,6 @@ STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths);
void SSL_COMP_free_compression_methods(void);
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
# else
const void *SSL_get_current_compression(SSL *s);
const void *SSL_get_current_expansion(SSL *s);
const char *SSL_COMP_get_name(const void *comp);
void *SSL_COMP_get_compression_methods(void);
int SSL_COMP_add_compression_method(int id, void *cm);
# endif
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
@ -2622,6 +2615,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_DTLS1_HEARTBEAT 305
# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424
# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
# define SSL_F_DTLS1_PROCESS_RECORD 257
# define SSL_F_DTLS1_READ_BYTES 258
@ -2640,6 +2634,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_GET_CLIENT_MASTER_KEY 107
# define SSL_F_GET_SERVER_FINISHED 108
# define SSL_F_GET_SERVER_HELLO 109
# define SSL_F_GET_SERVER_STATIC_DH_KEY 340
# define SSL_F_GET_SERVER_VERIFY 110
# define SSL_F_I2D_SSL_SESSION 111
# define SSL_F_READ_N 112
@ -2670,6 +2665,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
# define SSL_F_SSL3_CHECK_FINISHED 339
# define SSL_F_SSL3_CLIENT_HELLO 131
# define SSL_F_SSL3_CONNECT 132
# define SSL_F_SSL3_CTRL 213
@ -2678,6 +2674,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
# define SSL_F_SSL3_ENC 134
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
# define SSL_F_SSL3_GET_CERT_STATUS 289
# define SSL_F_SSL3_GET_CERT_VERIFY 136
@ -2784,6 +2781,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
# define SSL_F_SSL_SESSION_DUP 348
# define SSL_F_SSL_SESSION_NEW 189
# define SSL_F_SSL_SESSION_PRINT_FP 190
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
@ -2842,8 +2840,11 @@ void ERR_load_SSL_strings(void);
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_G_LENGTH 108
# define SSL_R_BAD_DH_G_VALUE 375
# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
# define SSL_R_BAD_DH_P_LENGTH 110
# define SSL_R_BAD_DH_P_VALUE 395
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_DSA_SIGNATURE 112
# define SSL_R_BAD_ECC_CERT 304
@ -2904,6 +2905,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_DATA_LENGTH_TOO_LONG 146
# define SSL_R_DECRYPTION_FAILED 147
# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
# define SSL_R_DH_KEY_TOO_SMALL 372
# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
# define SSL_R_DIGEST_CHECK_FAILED 149
# define SSL_R_DTLS_MESSAGE_TOO_BIG 334
@ -3047,6 +3049,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_SERVERHELLO_TLSEXT 275
# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
# define SSL_R_SHORT_READ 219
# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
# define SSL_R_SRP_A_CALC 361
@ -3104,6 +3107,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
# define SSL_R_TOO_MANY_WARN_ALERTS 409
# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313

View File

@ -231,13 +231,12 @@ extern "C" {
/* ExtensionType value from RFC5620 */
# define TLSEXT_TYPE_heartbeat 15
/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
/* ExtensionType value from RFC7301 */
# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
/*
* ExtensionType value for TLS padding extension.
* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
* http://tools.ietf.org/html/draft-agl-tls-padding-03
* http://tools.ietf.org/html/draft-agl-tls-padding
*/
# define TLSEXT_TYPE_padding 21
@ -267,7 +266,7 @@ extern "C" {
/* status request value from RFC3546 */
# define TLSEXT_STATUSTYPE_ocsp 1
/* ECPointFormat values from draft-ietf-tls-ecc-12 */
/* ECPointFormat values from RFC4492 */
# define TLSEXT_ECPOINTFORMAT_first 0
# define TLSEXT_ECPOINTFORMAT_uncompressed 0
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
@ -275,7 +274,6 @@ extern "C" {
# define TLSEXT_ECPOINTFORMAT_last 2
/* Signature and hash algorithms from RFC5246 */
# define TLSEXT_signature_anonymous 0
# define TLSEXT_signature_rsa 1
# define TLSEXT_signature_dsa 2
@ -430,7 +428,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
/* AES ciphersuites from RFC3268 */
# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
@ -595,7 +592,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
/* ECC ciphersuites from RFC4492 */
# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"

View File

@ -565,6 +565,9 @@ int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
/* At most we accept usec precision. */
# define TS_MAX_CLOCK_PRECISION_DIGITS 6
/* Maximum status message length */
# define TS_MAX_STATUS_LENGTH (1024 * 1024)
/* No flags are set by default. */
void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);

View File

@ -1,4 +1,4 @@
/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui.h */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

View File

@ -1,4 +1,4 @@
/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
/* crypto/ui/ui.h */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2001.

View File

@ -1234,6 +1234,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_X509_strings(void);
/* Error codes for the X509 functions. */
@ -1241,6 +1242,7 @@ void ERR_load_X509_strings(void);
/* Function codes. */
# define X509_F_ADD_CERT_DIR 100
# define X509_F_BY_FILE_CTRL 101
# define X509_F_CHECK_NAME_CONSTRAINTS 106
# define X509_F_CHECK_POLICY 145
# define X509_F_DIR_CTRL 102
# define X509_F_GET_CERT_BY_SUBJECT 103
@ -1305,6 +1307,7 @@ void ERR_load_X509_strings(void);
# define X509_R_LOADING_CERT_DIR 103
# define X509_R_LOADING_DEFAULTS 104
# define X509_R_METHOD_NOT_SUPPORTED 124
# define X509_R_NAME_TOO_LONG 134
# define X509_R_NEWER_CRL_NOT_NEWER 132
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
# define X509_R_NO_CRL_NUMBER 130

View File

@ -313,7 +313,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
# define X509_V_OK 0
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
# define X509_V_ERR_UNSPECIFIED 1
# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
# define X509_V_ERR_UNABLE_TO_GET_CRL 3
@ -368,6 +368,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_ERR_PERMITTED_VIOLATION 47
# define X509_V_ERR_EXCLUDED_VIOLATION 48
# define X509_V_ERR_SUBTREE_MINMAX 49
# define X509_V_ERR_APPLICATION_VERIFICATION 50
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
@ -386,8 +387,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_ERR_EMAIL_MISMATCH 63
# define X509_V_ERR_IP_ADDRESS_MISMATCH 64
/* The application is not happy */
# define X509_V_ERR_APPLICATION_VERIFICATION 50
/* Caller error */
# define X509_V_ERR_INVALID_CALL 65
/* Issuer lookup error */
# define X509_V_ERR_STORE_LOOKUP 66
# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67
/* Certificate verify flags */
@ -432,6 +437,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
/* Allow partial chains if at least one certificate is in trusted store */
# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
/*
* If the initial chain is not trusted, do not attempt to build an alternative
* chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
* will force the behaviour to match that of previous versions.
*/
# define X509_V_FLAG_NO_ALT_CHAINS 0x100000
# define X509_VP_FLAG_DEFAULT 0x1
# define X509_VP_FLAG_OVERWRITE 0x2

View File

@ -46,7 +46,7 @@
EnableIntrinsicFunctions="false"
FavorSizeOrSpeed="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED"
StringPooling="false"
ExceptionHandling="0"
RuntimeLibrary="0"

View File

@ -49,7 +49,7 @@
EnableIntrinsicFunctions="false"
FavorSizeOrSpeed="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS"
StringPooling="false"
ExceptionHandling="0"
RuntimeLibrary="0"

View File

@ -49,7 +49,7 @@
EnableIntrinsicFunctions="false"
FavorSizeOrSpeed="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS"
StringPooling="false"
ExceptionHandling="0"
RuntimeLibrary="0"
@ -249,7 +249,7 @@
EnableIntrinsicFunctions="false"
FavorSizeOrSpeed="0"
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS"
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS"
StringPooling="false"
ExceptionHandling="0"
RuntimeLibrary="0"

View File

@ -2,7 +2,7 @@ THE IMPORTANT NOTICES ABOUT SOFTETHER VPN
FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL
THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF
YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGES YOURSELF. IN ORDER TO AVOID SUCH
YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH
RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING
TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND
UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC

Some files were not shown because too many files have changed in this diff Show More