mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-22 17:39:53 +03:00
v4.22-9634-beta
This commit is contained in:
parent
0978e1a016
commit
4df2eb4f9c
51
AUTHORS.TXT
51
AUTHORS.TXT
@ -67,6 +67,57 @@ CONTRIBUTORS on GitHub:
|
||||
- ygrek
|
||||
https://github.com/ygrek
|
||||
|
||||
- ajee cai
|
||||
https://github.com/ajeecai
|
||||
|
||||
- NOKUBI Takatsugu
|
||||
https://github.com/knok
|
||||
|
||||
- Den Lesnov
|
||||
https://github.com/Leden
|
||||
|
||||
- Ilya Shipitsin
|
||||
https://github.com/chipitsine
|
||||
|
||||
- Matt Lewandowsky
|
||||
https://github.com/lewellyn
|
||||
|
||||
- Raymond Tau
|
||||
https://github.com/rtau
|
||||
|
||||
- Luiz Eduardo Gava
|
||||
https://github.com/LegDog
|
||||
|
||||
- Charles Surett
|
||||
https://github.com/scj643
|
||||
|
||||
- Jeff Tang
|
||||
https://github.com/mrjefftang
|
||||
|
||||
- Victor Salgado
|
||||
https://github.com/mcsalgado
|
||||
|
||||
- micsell
|
||||
https://github.com/micsell
|
||||
|
||||
- yehorov
|
||||
https://github.com/yehorov
|
||||
|
||||
- dglushenok
|
||||
https://github.com/dglushenok
|
||||
|
||||
- NoNameA 774
|
||||
https://github.com/nna774
|
||||
|
||||
- Alexandre De Oliveira
|
||||
https://github.com/yodresh
|
||||
|
||||
- Bernhard Rosenkraenzer
|
||||
https://github.com/berolinux
|
||||
|
||||
- Sacha Bernstein
|
||||
https://github.com/sacha
|
||||
|
||||
|
||||
JOIN THE SOFTETHER VPN DEVELOPMENT
|
||||
----------------------------------
|
||||
|
@ -100,4 +100,3 @@ fi
|
||||
* Tue Jan 21 2014 Dexter Ang <thepoch@gmail.com>
|
||||
- Initial release
|
||||
|
||||
|
||||
|
1
configure
vendored
1
configure
vendored
@ -110,4 +110,3 @@ esac
|
||||
cp src/makefiles/${OS}_${CPU}.mak Makefile
|
||||
|
||||
echo "The Makefile is generated. Run 'make' to build SoftEther VPN."
|
||||
|
||||
|
3
debian/rules
vendored
3
debian/rules
vendored
@ -21,6 +21,7 @@ configure_config:
|
||||
if [ $(shell uname -m) = 'x86_64' ]; then echo -e "1\n2\n" | ./configure; fi
|
||||
if [ $(shell uname -m) = 'i686' ]; then echo -e "1\n1\n" | ./configure; fi
|
||||
if [ $(shell uname -m) = 'armv6l' ]; then echo -e "1\n1\n" | ./configure; fi
|
||||
if [ $(shell uname -m) = 'armv7l' ]; then echo -e "1\n1\n" | ./configure; fi
|
||||
if [ $(shell uname -m) = 'armv5tel' ]; then echo -e "1\n1\n" | ./configure; fi
|
||||
if [ $(shell uname -m) = 'aarch64' ]; then echo -e "1\n2\n" | ./configure; fi
|
||||
if [ $(shell uname -m) = 'armv7l' ]; then echo -e "1\n1\n" | ./configure; fi
|
||||
|
||||
|
1
debian/softether-vpnserver.init
vendored
1
debian/softether-vpnserver.init
vendored
@ -1,3 +1,4 @@
|
||||
|
||||
#! /bin/sh
|
||||
|
||||
### BEGIN INIT INFO
|
||||
|
Binary file not shown.
BIN
src/BuildFiles/Library/Win32_Debug/libssl32.lib
Normal file
BIN
src/BuildFiles/Library/Win32_Debug/libssl32.lib
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
src/BuildFiles/Library/Win32_Release/libssl32.lib
Normal file
BIN
src/BuildFiles/Library/Win32_Release/libssl32.lib
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
src/BuildFiles/Library/x64_Debug/libssl32.lib
Normal file
BIN
src/BuildFiles/Library/x64_Debug/libssl32.lib
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
src/BuildFiles/Library/x64_Release/libssl32.lib
Normal file
BIN
src/BuildFiles/Library/x64_Release/libssl32.lib
Normal file
Binary file not shown.
Binary file not shown.
@ -430,7 +430,7 @@ namespace BuildUtil
|
||||
{
|
||||
// Windows
|
||||
public static readonly OS Windows = new OS("windows", "Windows",
|
||||
"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2",
|
||||
"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016",
|
||||
new Cpu[]
|
||||
{
|
||||
CpuList.intel,
|
||||
@ -438,7 +438,7 @@ namespace BuildUtil
|
||||
|
||||
// Linux
|
||||
public static readonly OS Linux = new OS("linux", "Linux",
|
||||
"Linux Kernel 2.4 / 2.6 / 3.x",
|
||||
"Linux Kernel 2.4 / 2.6 / 3.x / 4.x",
|
||||
new Cpu[]
|
||||
{
|
||||
CpuList.x86,
|
||||
|
@ -1166,7 +1166,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
||||
|
||||
name = NewName(cn, cn, cn, L"US", NULL, NULL);
|
||||
|
||||
dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, MAX(GetDaysUntil2038(), SERVER_DEFAULT_CERT_DAYS), NULL);
|
||||
dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, GetDaysUntil2038Ex(), NULL);
|
||||
|
||||
FreeName(name);
|
||||
|
||||
|
@ -274,6 +274,15 @@ bool IsSupportedWinVer(RPC_WINVER *v)
|
||||
return true;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Windows Server 2016
|
||||
if (v->ServicePack <= 0)
|
||||
{
|
||||
// SP0 only
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
@ -1750,7 +1759,7 @@ CEDAR *NewCedar(X *server_x, K *server_k)
|
||||
|
||||
c->TrafficDiffList = NewList(NULL);
|
||||
|
||||
SetCedarCipherList(c, "RC4-MD5");
|
||||
SetCedarCipherList(c, SERVER_DEFAULT_CIPHER_NAME);
|
||||
|
||||
c->ClientId = _II("CLIENT_ID");
|
||||
|
||||
@ -1803,8 +1812,6 @@ CEDAR *NewCedar(X *server_x, K *server_k)
|
||||
|
||||
c->BuildInfo = CopyStr(tmp);
|
||||
|
||||
c->DisableSslVersions = SSL_OPT_DEFAULT;
|
||||
|
||||
return c;
|
||||
}
|
||||
|
||||
|
@ -135,10 +135,10 @@
|
||||
|
||||
|
||||
// Version number
|
||||
#define CEDAR_VER 421
|
||||
#define CEDAR_VER 422
|
||||
|
||||
// Build Number
|
||||
#define CEDAR_BUILD 9613
|
||||
#define CEDAR_BUILD 9634
|
||||
|
||||
// Beta number
|
||||
//#define BETA_NUMBER 3
|
||||
@ -158,11 +158,11 @@
|
||||
|
||||
// Specifies the build date
|
||||
#define BUILD_DATE_Y 2016
|
||||
#define BUILD_DATE_M 4
|
||||
#define BUILD_DATE_D 24
|
||||
#define BUILD_DATE_HO 15
|
||||
#define BUILD_DATE_MI 39
|
||||
#define BUILD_DATE_SE 17
|
||||
#define BUILD_DATE_M 11
|
||||
#define BUILD_DATE_D 27
|
||||
#define BUILD_DATE_HO 14
|
||||
#define BUILD_DATE_MI 33
|
||||
#define BUILD_DATE_SE 59
|
||||
|
||||
// Tolerable time difference
|
||||
#define ALLOW_TIMESTAMP_DIFF (UINT64)(3 * 24 * 60 * 60 * 1000)
|
||||
@ -404,22 +404,7 @@
|
||||
#define KEEP_ALIVE_MAGIC 0xffffffff
|
||||
#define MAX_KEEPALIVE_SIZE 512
|
||||
|
||||
// SSL/TLS Versions
|
||||
#define SSL_VERSION_SSL_V2 0x01 // SSLv2
|
||||
#define SSL_VERSION_SSL_V3 0x02 // SSLv3
|
||||
#define SSL_VERSION_TLS_V1_0 0x04 // TLS v1.0
|
||||
#define SSL_VERSION_TLS_V1_1 0x08 // TLS v1.1
|
||||
#define SSL_VERSION_TLS_V1_2 0x10 // TLS v1.2
|
||||
|
||||
// SSL/TLS Version Names
|
||||
#define NAME_SSL_VERSION_SSL_V2 "SSL_V2" // SSLv2
|
||||
#define NAME_SSL_VERSION_SSL_V3 "SSL_V3" // SSLv3
|
||||
#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_0" // TLS v1.0
|
||||
#define NAME_SSL_VERSION_TLS_V1_1 "TLS_V1_1" // TLS v1.1
|
||||
#define NAME_SSL_VERSION_TLS_V1_2 "TLS_V1_2" // TLS v1.2
|
||||
|
||||
// OpenSSL SSL Context Option Flags default
|
||||
#define SSL_OPT_DEFAULT 0x0
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
@ -685,7 +670,7 @@
|
||||
|
||||
#define ARP_ENTRY_EXPIRES (30 * 1000) // ARP table expiration date
|
||||
#define ARP_ENTRY_POLLING_TIME (1 * 1000) // ARP table cleaning timer
|
||||
#define ARP_REQUEST_TIMEOUT (200) // ARP request time-out period
|
||||
#define ARP_REQUEST_TIMEOUT (1000) // ARP request time-out period
|
||||
#define ARP_REQUEST_GIVEUP (5 * 1000) // Time to give up sending the ARP request
|
||||
#define IP_WAIT_FOR_ARP_TIMEOUT (5 * 1000) // Total time that an IP packet waiting for ARP table
|
||||
#define IP_COMBINE_TIMEOUT (10 * 1000) // Time-out of IP packet combining
|
||||
@ -1067,8 +1052,7 @@ typedef struct CEDAR
|
||||
UINT QueueBudget; // Queue budget
|
||||
LOCK *FifoBudgetLock; // Fifo budget lock
|
||||
UINT FifoBudget; // Fifo budget
|
||||
bool AcceptOnlyTls; // Accept only TLS (Disable SSL)
|
||||
UINT DisableSslVersions; // Bitmap of SSL Version to disable
|
||||
SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings
|
||||
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String
|
||||
} CEDAR;
|
||||
|
||||
|
@ -46,7 +46,7 @@
|
||||
Name="VCCLCompilerTool"
|
||||
Optimization="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);WinPcap"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_LIB;_USE_32BIT_TIME_T"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
|
||||
MinimalRebuild="true"
|
||||
ExceptionHandling="0"
|
||||
BasicRuntimeChecks="3"
|
||||
@ -188,7 +188,7 @@
|
||||
EnableIntrinsicFunctions="false"
|
||||
FavorSizeOrSpeed="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);WinPcap"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;_USE_32BIT_TIME_T;VPN_SPEED"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;VPN_SPEED"
|
||||
StringPooling="false"
|
||||
ExceptionHandling="0"
|
||||
RuntimeLibrary="0"
|
||||
|
@ -2182,12 +2182,13 @@ BUF *CiAccountToCfg(RPC_CLIENT_CREATE_ACCOUNT *t)
|
||||
PACK *CiRpcDispatch(RPC *rpc, char *name, PACK *p)
|
||||
{
|
||||
PACK *ret;
|
||||
CLIENT *c;
|
||||
// Validate arguments
|
||||
if (rpc == NULL || name == NULL || p == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
CLIENT *c = rpc->Param;
|
||||
c = rpc->Param;
|
||||
|
||||
ret = NewPack();
|
||||
|
||||
@ -6033,8 +6034,9 @@ L_TRY:
|
||||
|
||||
if (ret != NULL)
|
||||
{
|
||||
ret->Rpc = rpc;
|
||||
RPC_CLIENT_VERSION t;
|
||||
|
||||
ret->Rpc = rpc;
|
||||
Zero(&t, sizeof(t));
|
||||
CcGetClientVersion(ret, &t);
|
||||
ret->OsType = t.OsType;
|
||||
@ -6487,7 +6489,7 @@ bool Win32CiSecureSign(SECURE_SIGN *sign)
|
||||
// Success
|
||||
ret = true;
|
||||
sign->ClientCert = batch[0].OutputX;
|
||||
Copy(sign->Signature, batch[1].OutputSign, 128);
|
||||
Copy(sign->Signature, batch[1].OutputSign, MIN(sizeof(sign->Signature),sizeof(batch[1].OutputSign)));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1245,6 +1245,7 @@ void TtsWorkerThread(THREAD *thread, void *param)
|
||||
if (ret != 0 && ret != SOCK_LATER)
|
||||
{
|
||||
ts->State = 5;
|
||||
ts->LastCommTime = now;
|
||||
}
|
||||
break;
|
||||
|
||||
@ -1255,6 +1256,8 @@ void TtsWorkerThread(THREAD *thread, void *param)
|
||||
{
|
||||
UCHAR c;
|
||||
|
||||
ts->LastCommTime = now;
|
||||
|
||||
// Direction of the data is in the first byte that is received
|
||||
c = recv_buf_data[0];
|
||||
|
||||
@ -1276,6 +1279,8 @@ void TtsWorkerThread(THREAD *thread, void *param)
|
||||
|
||||
// Span
|
||||
ts->Span = READ_UINT64(recv_buf_data + sizeof(UINT64) + 1);
|
||||
|
||||
ts->GiveupSpan = ts->Span * 3ULL + 180000ULL;
|
||||
}
|
||||
}
|
||||
break;
|
||||
@ -1289,6 +1294,8 @@ void TtsWorkerThread(THREAD *thread, void *param)
|
||||
// Checking the first byte of received
|
||||
UCHAR c = recv_buf_data[0];
|
||||
|
||||
ts->LastCommTime = now;
|
||||
|
||||
if (ts->FirstRecvTick == 0)
|
||||
{
|
||||
// Record the time at which the data has been received for the first
|
||||
@ -1326,10 +1333,20 @@ void TtsWorkerThread(THREAD *thread, void *param)
|
||||
if (ts->NoMoreSendData == false)
|
||||
{
|
||||
ret = Send(ts->Sock, send_buf_data, buf_size, false);
|
||||
|
||||
if (ret != 0 && ret != SOCK_LATER)
|
||||
{
|
||||
ts->LastCommTime = now;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = Recv(ts->Sock, recv_buf_data, buf_size, false);
|
||||
|
||||
if (ret != 0 && ret != SOCK_LATER)
|
||||
{
|
||||
ts->LastCommTime = now;
|
||||
}
|
||||
}
|
||||
|
||||
if (ts->FirstSendTick == 0)
|
||||
@ -1364,6 +1381,11 @@ void TtsWorkerThread(THREAD *thread, void *param)
|
||||
{
|
||||
ret = Send(ts->Sock, &tmp64, sizeof(tmp64), false);
|
||||
|
||||
if (ret != 0 && ret != SOCK_LATER)
|
||||
{
|
||||
ts->LastCommTime = now;
|
||||
}
|
||||
|
||||
if (ret != SOCK_LATER)
|
||||
{
|
||||
UINT j;
|
||||
@ -1390,6 +1412,12 @@ void TtsWorkerThread(THREAD *thread, void *param)
|
||||
break;
|
||||
}
|
||||
|
||||
if (now > (ts->LastCommTime + ts->GiveupSpan))
|
||||
{
|
||||
// Timeout: disconnect orphan sessions
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (ret == 0)
|
||||
{
|
||||
// Mark as deleting the socket because it is disconnected
|
||||
@ -1514,7 +1542,7 @@ void TtsAcceptProc(TTS *tts, SOCK *listen_socket)
|
||||
else
|
||||
{
|
||||
// Connected from the client
|
||||
AcceptInit(s);
|
||||
AcceptInitEx(s, true);
|
||||
tts->NewSocketArrived = true;
|
||||
LockList(tts->TtsSockList);
|
||||
{
|
||||
@ -1523,6 +1551,9 @@ void TtsAcceptProc(TTS *tts, SOCK *listen_socket)
|
||||
ts->Id = (++tts->IdSeed);
|
||||
ts->Sock = s;
|
||||
|
||||
ts->GiveupSpan = (UINT64)(10 * 60 * 1000);
|
||||
ts->LastCommTime = Tick64();
|
||||
|
||||
UniFormat(tmp, sizeof(tmp), _UU("TTS_ACCEPTED"), ts->Id,
|
||||
s->RemoteHostname, s->RemotePort);
|
||||
TtPrint(tts->Param, tts->Print, tmp);
|
||||
@ -8079,7 +8110,7 @@ UINT PsServerCipherGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
RPC_STR t;
|
||||
TOKEN_LIST *ciphers;
|
||||
UINT i;
|
||||
wchar_t tmp[MAX_SIZE];
|
||||
wchar_t tmp[4096];
|
||||
|
||||
o = ParseCommandList(c, cmd_name, str, NULL, 0);
|
||||
if (o == NULL)
|
||||
@ -10039,7 +10070,11 @@ UINT PsLogFileGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
filename = GetParamStr(o, "SAVE");
|
||||
if (IsEmptyStr(filename))
|
||||
{
|
||||
filename = GetParamStr(o, "SAVEPATH");
|
||||
}
|
||||
|
||||
c->Write(c, _UU("CMD_LogFileGet_START"));
|
||||
|
||||
|
@ -204,6 +204,8 @@ struct TTS_SOCK
|
||||
UINT64 FirstRecvTick; // Time which the data has been received last
|
||||
UINT64 FirstSendTick; // Time which the data has been sent last
|
||||
UINT64 Span; // Period
|
||||
UINT64 GiveupSpan;
|
||||
UINT64 LastCommTime;
|
||||
};
|
||||
|
||||
// Traffic test server
|
||||
|
@ -3137,8 +3137,7 @@ void ConnectionAccept(CONNECTION *c)
|
||||
|
||||
// Start the SSL communication
|
||||
Debug("StartSSL()\n");
|
||||
s->DisableSslVersions = c->Cedar->DisableSslVersions;
|
||||
|
||||
Copy(&s->SslAcceptSettings, &c->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
|
||||
if (StartSSL(s, x, k) == false)
|
||||
{
|
||||
// Failed
|
||||
|
@ -144,7 +144,7 @@ struct SECURE_SIGN
|
||||
char SecurePrivateKeyName[MAX_SECURE_DEVICE_FILE_LEN + 1]; // Secure device secret key name
|
||||
X *ClientCert; // Client certificate
|
||||
UCHAR Random[SHA1_SIZE]; // Random value for signature
|
||||
UCHAR Signature[128]; // Signed data
|
||||
UCHAR Signature[4096 / 8]; // Signed data
|
||||
UINT UseSecureDeviceId;
|
||||
UINT BitmapId; // Bitmap ID
|
||||
};
|
||||
|
@ -670,9 +670,12 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
|
||||
if (ret == NULL)
|
||||
{
|
||||
Debug("WpcCall: %s\n", url3);
|
||||
ret = WpcCallEx(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
|
||||
NULL, NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), NULL, DDNS_RPC_MAX_RECV_SIZE,
|
||||
add_header_name, add_header_value);
|
||||
ret = WpcCallEx2(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
|
||||
NULL, NULL, ((cert_hash != NULL && ((cert_hash->Size % SHA1_SIZE) == 0)) ? cert_hash->Buf : NULL),
|
||||
(cert_hash != NULL ? cert_hash->Size / SHA1_SIZE : 0),
|
||||
NULL, DDNS_RPC_MAX_RECV_SIZE,
|
||||
add_header_name, add_header_value,
|
||||
DDNS_SNI_VER_STRING);
|
||||
Debug("WpcCall Ret: %u\n", ret);
|
||||
}
|
||||
|
||||
@ -874,8 +877,11 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
|
||||
}
|
||||
|
||||
|
||||
recv = HttpRequest(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL,
|
||||
NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL));
|
||||
StrCpy(data.SniString, sizeof(data.SniString), DDNS_SNI_VER_STRING);
|
||||
|
||||
recv = HttpRequestEx3(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL,
|
||||
NULL, ((cert_hash != NULL && (cert_hash->Size % SHA1_SIZE) == 0) ? cert_hash->Buf : NULL),
|
||||
(cert_hash != NULL ? cert_hash->Size / SHA1_SIZE : 0), NULL, 0, NULL, NULL);
|
||||
|
||||
FreeBuf(cert_hash);
|
||||
|
||||
|
@ -115,7 +115,14 @@
|
||||
#define DDNS_H
|
||||
|
||||
// Certificate hash
|
||||
#define DDNS_CERT_HASH "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3"
|
||||
#define DDNS_CERT_HASH "78BF0499A99396907C9F49DD13571C81FE26E6F5" \
|
||||
"439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \
|
||||
"EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" \
|
||||
"74DF99D4B1B5F0488A388B50D347D26013DC67A5" \
|
||||
"6EBB39AFCA8C900635CFC11218CF293A612457E4"
|
||||
|
||||
#define DDNS_SNI_VER_STRING "DDNS"
|
||||
|
||||
|
||||
// Destination URL
|
||||
#define DDNS_URL_V4_GLOBAL "https://x%c.x%c.servers.ddns.softether-network.net/ddns/ddns.aspx"
|
||||
|
@ -214,7 +214,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
|
||||
if (GetIP(&ip, radius_servers_list->Token[i]))
|
||||
{
|
||||
eap = NewEapClient(&ip, radius_port, radius_secret, radius_retry_interval,
|
||||
RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username);
|
||||
RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username, hubname);
|
||||
|
||||
if (eap != NULL)
|
||||
{
|
||||
|
@ -438,9 +438,9 @@ struct HUB
|
||||
UINT RadiusRetryInterval; // Radius retry interval
|
||||
BUF *RadiusSecret; // Radius shared key
|
||||
char RadiusSuffixFilter[MAX_SIZE]; // Radius suffix filter
|
||||
char RadiusRealm[MAX_SIZE]; // Radius realm (optional)
|
||||
bool RadiusConvertAllMsChapv2AuthRequestToEap; // Convert all MS-CHAPv2 auth request to EAP
|
||||
bool RadiusUsePeapInsteadOfEap; // Use PEAP instead of EAP
|
||||
char RadiusRealm[MAX_SIZE]; // Radius realm (optional)
|
||||
volatile bool Halt; // Halting flag
|
||||
bool Offline; // Offline
|
||||
bool BeingOffline; // Be Doing Offline
|
||||
|
@ -4723,11 +4723,13 @@ bool GetBestTransformSettingForIPsecSa(IKE_SERVER *ike, IKE_PACKET *pr, IPSEC_SA
|
||||
if (transform_payload != NULL)
|
||||
{
|
||||
IKE_PACKET_TRANSFORM_PAYLOAD *transform = &transform_payload->Payload.Transform;
|
||||
IPSEC_SA_TRANSFORM_SETTING *set = NULL;
|
||||
IPSEC_SA_TRANSFORM_SETTING set;
|
||||
|
||||
if (TransformPayloadToTransformSettingForIPsecSa(ike, transform, set, server_ip))
|
||||
Zero(&set, sizeof(set));
|
||||
|
||||
if (TransformPayloadToTransformSettingForIPsecSa(ike, transform, &set, server_ip))
|
||||
{
|
||||
Copy(setting, set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
|
||||
Copy(setting, &set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
|
||||
|
||||
setting->SpiServerToClient = READ_UINT(proposal->Spi->Buf);
|
||||
|
||||
@ -4735,11 +4737,11 @@ bool GetBestTransformSettingForIPsecSa(IKE_SERVER *ike, IKE_PACKET *pr, IPSEC_SA
|
||||
}
|
||||
else
|
||||
{
|
||||
if (set != NULL && set->OnlyCapsuleModeIsInvalid)
|
||||
if (set.OnlyCapsuleModeIsInvalid)
|
||||
{
|
||||
if (ocmii_flag == false)
|
||||
{
|
||||
Copy(setting, set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
|
||||
Copy(setting, &set, sizeof(IPSEC_SA_TRANSFORM_SETTING));
|
||||
ocmii_flag = true;
|
||||
}
|
||||
}
|
||||
|
@ -426,7 +426,6 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
|
||||
|
||||
// Upload the authentication data
|
||||
p = PackLoginWithPlainPassword(hubname, username, password);
|
||||
PackAddInt64(p, "timestamp", SystemTime64());
|
||||
PackAddStr(p, "hello", client_name);
|
||||
PackAddInt(p, "client_ver", cedar->Version);
|
||||
PackAddInt(p, "client_build", cedar->Build);
|
||||
@ -690,7 +689,7 @@ void IPCDhcpSetConditionalUserClass(IPC *ipc, DHCP_OPTION_LIST *req)
|
||||
return;
|
||||
}
|
||||
|
||||
if (hub->Option && hub->Option->UseHubNameAsDhcpUserClassOption == true)
|
||||
if (hub->Option && hub->Option->UseHubNameAsDhcpUserClassOption)
|
||||
{
|
||||
StrCpy(req->UserClass, sizeof(req->UserClass), ipc->HubName);
|
||||
}
|
||||
|
@ -2114,8 +2114,8 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
|
||||
if (r->Exists)
|
||||
{
|
||||
Format(l3_options, sizeof(l3_options),
|
||||
",route %r %r %r",
|
||||
&r->Network, &r->SubnetMask, &r->Gateway);
|
||||
",route %r %r vpn_gateway",
|
||||
&r->Network, &r->SubnetMask);
|
||||
|
||||
StrCat(option_str, sizeof(option_str), l3_options);
|
||||
}
|
||||
|
@ -540,6 +540,12 @@ void L3KnownArp(L3IF *f, UINT ip, UCHAR *mac)
|
||||
return;
|
||||
}
|
||||
|
||||
if (!((f->IpAddress & f->SubnetMask) == (ip & f->SubnetMask)))
|
||||
{
|
||||
// Outside the subnet
|
||||
return;
|
||||
}
|
||||
|
||||
// Delete an ARP query entry to this IP address
|
||||
Zero(&t, sizeof(t));
|
||||
t.IpAddress = ip;
|
||||
|
@ -1396,13 +1396,15 @@ char *BuildHttpLogStr(HTTPLOG *h)
|
||||
|
||||
b = NewBuf();
|
||||
|
||||
if (StartWith(h->Path, "http://"))
|
||||
if (StartWith(h->Path, "http://") || StartWith(h->Path, "https://"))
|
||||
{
|
||||
StrCpy(url, sizeof(url), h->Path);
|
||||
}
|
||||
else
|
||||
{
|
||||
// URL generation
|
||||
if (h->IsSsl == false)
|
||||
{
|
||||
if (h->Port == 80)
|
||||
{
|
||||
Format(url, sizeof(url), "http://%s%s",
|
||||
@ -1414,6 +1416,20 @@ char *BuildHttpLogStr(HTTPLOG *h)
|
||||
h->Hostname, h->Port, h->Path);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (h->Port == 443)
|
||||
{
|
||||
Format(url, sizeof(url), "https://%s/",
|
||||
h->Hostname);
|
||||
}
|
||||
else
|
||||
{
|
||||
Format(url, sizeof(url), "https://%s:%u/",
|
||||
h->Hostname, h->Port);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
AddLogBufToStr(b, "HttpMethod", h->Method);
|
||||
AddLogBufToStr(b, "HttpUrl", url);
|
||||
|
@ -690,8 +690,11 @@ void UpdateClientThreadMain(UPDATE_CLIENT *c)
|
||||
|
||||
cert_hash = StrToBin(UPDATE_SERVER_CERT_HASH);
|
||||
|
||||
recv = HttpRequestEx2(&data, NULL, UPDATE_CONNECT_TIMEOUT, UPDATE_COMM_TIMEOUT, &ret, false, NULL, NULL,
|
||||
NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL),
|
||||
StrCpy(data.SniString, sizeof(data.SniString), DDNS_SNI_VER_STRING);
|
||||
|
||||
recv = HttpRequestEx3(&data, NULL, UPDATE_CONNECT_TIMEOUT, UPDATE_COMM_TIMEOUT, &ret, false, NULL, NULL,
|
||||
NULL, ((cert_hash != NULL && (cert_hash->Size % SHA1_SIZE) == 0) ? cert_hash->Buf : NULL),
|
||||
(cert_hash != NULL ? (cert_hash->Size / SHA1_SIZE) : 0),
|
||||
(bool *)&c->HaltFlag, 0, NULL, NULL);
|
||||
|
||||
FreeBuf(cert_hash);
|
||||
@ -1312,7 +1315,6 @@ bool ServerAccept(CONNECTION *c)
|
||||
FARM_MEMBER *f = NULL;
|
||||
SERVER *server = NULL;
|
||||
POLICY ticketed_policy;
|
||||
UINT64 timestamp;
|
||||
UCHAR unique[SHA1_SIZE], unique2[SHA1_SIZE];
|
||||
CEDAR *cedar;
|
||||
RPC_WINVER winver;
|
||||
@ -1450,31 +1452,6 @@ bool ServerAccept(CONNECTION *c)
|
||||
}
|
||||
}
|
||||
|
||||
// Time inspection
|
||||
timestamp = PackGetInt64(p, "timestamp");
|
||||
if (timestamp != 0)
|
||||
{
|
||||
UINT64 now = SystemTime64();
|
||||
UINT64 abs;
|
||||
if (now >= timestamp)
|
||||
{
|
||||
abs = now - timestamp;
|
||||
}
|
||||
else
|
||||
{
|
||||
abs = timestamp - now;
|
||||
}
|
||||
|
||||
if (abs > ALLOW_TIMESTAMP_DIFF)
|
||||
{
|
||||
// Time difference is too large
|
||||
FreePack(p);
|
||||
c->Err = ERR_BAD_CLOCK;
|
||||
error_detail = "ERR_BAD_CLOCK";
|
||||
goto CLEANUP;
|
||||
}
|
||||
}
|
||||
|
||||
// Get the client version
|
||||
PackGetStr(p, "client_str", c->ClientStr, sizeof(c->ClientStr));
|
||||
c->ClientVer = PackGetInt(p, "client_ver");
|
||||
@ -1655,7 +1632,7 @@ bool ServerAccept(CONNECTION *c)
|
||||
{
|
||||
radius_login_opt.In_CheckVLanId = hub->Option->AssignVLanIdByRadiusAttribute;
|
||||
radius_login_opt.In_DenyNoVlanId = hub->Option->DenyAllRadiusLoginWithNoVlanAssign;
|
||||
if (hub->Option->UseHubNameAsRadiusNasId == true)
|
||||
if (hub->Option->UseHubNameAsRadiusNasId)
|
||||
{
|
||||
StrCpy(radius_login_opt.NasId, sizeof(radius_login_opt.NasId), hubname);
|
||||
}
|
||||
@ -4578,7 +4555,7 @@ bool ClientSecureSign(CONNECTION *c, UCHAR *sign, UCHAR *random, X **x)
|
||||
|
||||
if (ret)
|
||||
{
|
||||
Copy(sign, ss->Signature, 128);
|
||||
Copy(sign, ss->Signature, sizeof(ss->Signature));
|
||||
*x = ss->ClientCert;
|
||||
}
|
||||
|
||||
@ -5857,7 +5834,7 @@ bool ClientUploadAuth(CONNECTION *c)
|
||||
// Authentication by secure device
|
||||
if (ClientSecureSign(c, sign, c->Random, &x))
|
||||
{
|
||||
p = PackLoginWithCert(o->HubName, a->Username, x, sign, 128);
|
||||
p = PackLoginWithCert(o->HubName, a->Username, x, sign, x->bits / 8);
|
||||
c->ClientX = CloneX(x);
|
||||
FreeX(x);
|
||||
}
|
||||
@ -5880,9 +5857,6 @@ bool ClientUploadAuth(CONNECTION *c)
|
||||
PackAddData(p, "ticket", c->Ticket, SHA1_SIZE);
|
||||
}
|
||||
|
||||
// Current time
|
||||
PackAddInt64(p, "timestamp", SystemTime64());
|
||||
|
||||
if (p == NULL)
|
||||
{
|
||||
// Error
|
||||
@ -6073,9 +6047,8 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
SOCK *s;
|
||||
UINT num = 0, max = 19;
|
||||
SERVER *server;
|
||||
char hostname[64];
|
||||
char *vpn_http_target = HTTP_VPN_TARGET2;
|
||||
bool check_hostname = true;
|
||||
bool check_hostname = false;
|
||||
// Validate arguments
|
||||
if (c == NULL)
|
||||
{
|
||||
@ -6083,7 +6056,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
}
|
||||
|
||||
|
||||
strcpy(hostname, "");
|
||||
|
||||
server = c->Cedar->Server;
|
||||
|
||||
s = c->FirstSock;
|
||||
@ -6113,6 +6086,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
if (check_hostname && (StrCmpi(h->Version, "HTTP/1.1") == 0 || StrCmpi(h->Version, "HTTP/1.2") == 0))
|
||||
{
|
||||
HTTP_VALUE *v;
|
||||
char hostname[64];
|
||||
|
||||
Zero(hostname, sizeof(hostname));
|
||||
|
||||
@ -6347,12 +6321,6 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
}
|
||||
}
|
||||
|
||||
if ((b == false) && (StartWith(h->Target, "/wiki")))
|
||||
{
|
||||
HttpSendRedirect(s, h->Target, hostname);
|
||||
b = true;
|
||||
}
|
||||
|
||||
if (b == false)
|
||||
{
|
||||
// Not Found
|
||||
|
@ -180,7 +180,7 @@ struct UPDATE_CLIENT
|
||||
#define UPDATE_FAMILY_NAME _SS("PRODUCT_FAMILY_NAME")
|
||||
|
||||
// Software update server certificate hash
|
||||
#define UPDATE_SERVER_CERT_HASH "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3"
|
||||
#define UPDATE_SERVER_CERT_HASH DDNS_CERT_HASH
|
||||
|
||||
// URL
|
||||
#define UPDATE_SERVER_URL_GLOBAL "https://update-check.softether-network.net/update/update.aspx?family=%s&software=%s&mybuild=%u&lang=%s"
|
||||
|
@ -686,6 +686,11 @@ void EapSetRadiusGeneralAttributes(RADIUS_PACKET *r, EAP_CLIENT *e)
|
||||
ui = Endian32(5);
|
||||
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_NAS_PORT_TYPE, 0, 0, &ui, sizeof(UINT)));
|
||||
|
||||
if (IsEmptyStr(e->CalledStationStr) == false)
|
||||
{
|
||||
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_CALLED_STATION_ID, 0, 0, e->CalledStationStr, StrLen(e->CalledStationStr)));
|
||||
}
|
||||
|
||||
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_CALLING_STATION_ID, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr)));
|
||||
|
||||
Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_TUNNEL_CLIENT_ENDPOINT, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr)));
|
||||
@ -1237,7 +1242,7 @@ bool EapSendPacket(EAP_CLIENT *e, RADIUS_PACKET *r)
|
||||
}
|
||||
|
||||
// New EAP client
|
||||
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username)
|
||||
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username, char *hubname)
|
||||
{
|
||||
EAP_CLIENT *e;
|
||||
if (server_ip == NULL)
|
||||
@ -1266,6 +1271,7 @@ EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, U
|
||||
e->GiveupTimeout = giveup_timeout;
|
||||
StrCpy(e->SharedSecret, sizeof(e->SharedSecret), shared_secret);
|
||||
|
||||
StrCpy(e->CalledStationStr, sizeof(e->CalledStationStr), hubname);
|
||||
StrCpy(e->ClientIpStr, sizeof(e->ClientIpStr), client_ip_str);
|
||||
StrCpy(e->Username, sizeof(e->Username), username);
|
||||
e->LastRecvEapId = 0;
|
||||
@ -1702,8 +1708,8 @@ LABEL_ERROR:
|
||||
////////// Classical implementation
|
||||
|
||||
// Attempts Radius authentication (with specifying retry interval and multiple server)
|
||||
bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
|
||||
RADIUS_LOGIN_OPTION *opt)
|
||||
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
|
||||
RADIUS_LOGIN_OPTION *opt, char *hubname)
|
||||
{
|
||||
UCHAR random[MD5_SIZE];
|
||||
UCHAR id;
|
||||
@ -1835,7 +1841,7 @@ bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *s
|
||||
BUF *user_password = (is_mschap ? NULL : RadiusCreateUserPassword(encrypted_password->Buf, encrypted_password->Size));
|
||||
BUF *nas_id;
|
||||
|
||||
if (IsEmptyStr(opt->NasId) == true)
|
||||
if (IsEmptyStr(opt->NasId))
|
||||
{
|
||||
nas_id = RadiusCreateNasId(CEDAR_SERVER_STR);
|
||||
}
|
||||
@ -1890,8 +1896,11 @@ bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *s
|
||||
ui = Endian32(1);
|
||||
RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui));
|
||||
|
||||
// Called-Station-Id
|
||||
// Called-Station-ID - VPN Hub Name
|
||||
if (IsEmptyStr(hubname) == false)
|
||||
{
|
||||
RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname));
|
||||
}
|
||||
|
||||
// Calling-Station-Id
|
||||
RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str));
|
||||
@ -1943,8 +1952,11 @@ bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *s
|
||||
ui = Endian32(1);
|
||||
RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui));
|
||||
|
||||
// Called-Station-Id
|
||||
// Called-Station-ID - VPN Hub Name
|
||||
if (IsEmptyStr(hubname) == false)
|
||||
{
|
||||
RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname));
|
||||
}
|
||||
|
||||
// Calling-Station-Id
|
||||
RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str));
|
||||
|
@ -311,6 +311,7 @@ struct EAP_CLIENT
|
||||
UINT ServerPort;
|
||||
char SharedSecret[MAX_SIZE];
|
||||
char ClientIpStr[256];
|
||||
char CalledStationStr[256];
|
||||
char Username[MAX_USERNAME_LEN + 1];
|
||||
UINT ResendTimeout;
|
||||
UINT GiveupTimeout;
|
||||
@ -346,7 +347,7 @@ RADIUS_AVP *GetRadiusAvp(RADIUS_PACKET *p, UCHAR type);
|
||||
void RadiusTest();
|
||||
|
||||
|
||||
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username);
|
||||
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username, char *hubname);
|
||||
void ReleaseEapClient(EAP_CLIENT *e);
|
||||
void CleanupEapClient(EAP_CLIENT *e);
|
||||
bool EapClientSendMsChapv2AuthRequest(EAP_CLIENT *e);
|
||||
@ -376,8 +377,8 @@ struct RADIUS_LOGIN_OPTION
|
||||
};
|
||||
|
||||
// Function prototype
|
||||
bool RadiusLogin(CONNECTION *c, char *hubname, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
|
||||
RADIUS_LOGIN_OPTION *opt);
|
||||
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
|
||||
RADIUS_LOGIN_OPTION *opt, char *hubname);
|
||||
BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
|
||||
BUF *RadiusCreateUserName(wchar_t *username);
|
||||
BUF *RadiusCreateUserPassword(void *data, UINT size);
|
||||
|
@ -876,12 +876,14 @@ static UINT SmDdnsGetKey(char *key, SM_DDNS *d){
|
||||
UINT err;
|
||||
BUF *buf;
|
||||
FOLDER *root, *ddnsfolder;
|
||||
RPC *rpc;
|
||||
|
||||
// Validate arguments
|
||||
if(d == NULL || d->s == NULL || key == NULL){
|
||||
return ERR_INTERNAL_ERROR;
|
||||
}
|
||||
RPC *rpc = d->s->Rpc;
|
||||
|
||||
rpc = d->s->Rpc;
|
||||
|
||||
Zero(&config, sizeof(config));
|
||||
err = ScGetConfig(d->s->Rpc, &config);
|
||||
@ -17011,6 +17013,7 @@ void SmSslDlgInit(HWND hWnd, SM_SSL *s)
|
||||
|
||||
// Set the encryption algorithm list
|
||||
cipher_list = GetCipherList();
|
||||
SetFont(hWnd, C_CIPHER, GetFont("Tahoma", 8, false, false, false, false));
|
||||
CbSetHeight(hWnd, C_CIPHER, 18);
|
||||
for (i = 0;i < cipher_list->NumTokens;i++)
|
||||
{
|
||||
|
@ -214,9 +214,9 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
|
||||
if( IsEmptyStr(h->RadiusRealm) == false )
|
||||
{
|
||||
char name_and_realm[MAX_SIZE];
|
||||
StrCpy(name_and_realm, MAX_SIZE, username);
|
||||
StrCat(name_and_realm, (MAX_SIZE - StrLen(name_and_realm)), "@");
|
||||
StrCat(name_and_realm, (MAX_SIZE - StrLen(name_and_realm)), h->RadiusRealm);
|
||||
StrCpy(name_and_realm, sizeof(name_and_realm), username);
|
||||
StrCat(name_and_realm, sizeof(name_and_realm), "@");
|
||||
StrCat(name_and_realm, sizeof(name_and_realm), h->RadiusRealm);
|
||||
name = CopyStrToUni(name_and_realm);
|
||||
}
|
||||
else
|
||||
@ -276,9 +276,9 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
|
||||
if (UniIsEmptyStr(suffix_filter_w) || UniEndWith(name, suffix_filter_w))
|
||||
{
|
||||
// Attempt to login
|
||||
b = RadiusLogin(c, hub->Name, radius_server_addr, radius_server_port,
|
||||
b = RadiusLogin(c, radius_server_addr, radius_server_port,
|
||||
radius_secret, StrLen(radius_secret),
|
||||
name, password, interval, mschap_v2_server_response_20, opt);
|
||||
name, password, interval, mschap_v2_server_response_20, opt, hub->Name);
|
||||
|
||||
if (b)
|
||||
{
|
||||
|
@ -2152,7 +2152,7 @@ void SiGenerateDefaultCertEx(X **server_x, K **server_k, char *common_name)
|
||||
|
||||
name = NewName(cn, cn, cn,
|
||||
L"US", NULL, NULL);
|
||||
x = NewRootX(public_key, private_key, name, MAX(GetDaysUntil2038(), SERVER_DEFAULT_CERT_DAYS), NULL);
|
||||
x = NewRootX(public_key, private_key, name, GetDaysUntil2038Ex(), NULL);
|
||||
|
||||
*server_x = x;
|
||||
*server_k = private_key;
|
||||
@ -2578,7 +2578,7 @@ void SiLoadInitialConfiguration(SERVER *s)
|
||||
}
|
||||
|
||||
// Default to TLS only; mitigates CVE-2016-0800
|
||||
s->Cedar->AcceptOnlyTls = true;
|
||||
s->Cedar->SslAcceptSettings.AcceptOnlyTls = true;
|
||||
|
||||
// Auto saving interval related
|
||||
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
|
||||
@ -2765,9 +2765,6 @@ void SiInitConfiguration(SERVER *s)
|
||||
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
|
||||
s->BackupConfigOnlyWhenModified = true;
|
||||
|
||||
// Default to TLS only; mitigates CVE-2016-0800
|
||||
s->Cedar->AcceptOnlyTls = true;
|
||||
|
||||
// IPsec server
|
||||
if (s->Cedar->Bridge == false)
|
||||
{
|
||||
@ -5019,10 +5016,10 @@ void SiWriteHubCfg(FOLDER *f, HUB *h)
|
||||
CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort);
|
||||
CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval);
|
||||
CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter);
|
||||
CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
|
||||
|
||||
CfgAddBool(f, "RadiusConvertAllMsChapv2AuthRequestToEap", h->RadiusConvertAllMsChapv2AuthRequestToEap);
|
||||
CfgAddBool(f, "RadiusUsePeapInsteadOfEap", h->RadiusUsePeapInsteadOfEap);
|
||||
CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
|
||||
}
|
||||
Unlock(h->RadiusOptionLock);
|
||||
|
||||
@ -6170,47 +6167,16 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
|
||||
// AcceptOnlyTls
|
||||
if (CfgIsItem(f, "AcceptOnlyTls"))
|
||||
{
|
||||
c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
|
||||
c->SslAcceptSettings.AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
|
||||
}
|
||||
else
|
||||
{
|
||||
c->AcceptOnlyTls = true;
|
||||
}
|
||||
|
||||
if (c->AcceptOnlyTls) {
|
||||
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
|
||||
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
|
||||
}
|
||||
|
||||
if (CfgGetStr(f, "DisableSslVersions", tmp, sizeof(tmp))) {
|
||||
TOKEN_LIST *sslVersions= ParseToken(tmp, ", ");
|
||||
UINT i;
|
||||
for (i = 0;i < sslVersions->NumTokens;i++)
|
||||
{
|
||||
char *sslVersion=sslVersions->Token[i];
|
||||
if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V2)==0) {
|
||||
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
|
||||
continue;
|
||||
}
|
||||
if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V3)==0) {
|
||||
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
|
||||
continue;
|
||||
}
|
||||
if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_0)==0) {
|
||||
c->DisableSslVersions |= SSL_VERSION_TLS_V1_0;
|
||||
continue;
|
||||
}
|
||||
if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_1)==0) {
|
||||
c->DisableSslVersions |= SSL_VERSION_TLS_V1_1;
|
||||
continue;
|
||||
}
|
||||
if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_2)==0) {
|
||||
c->DisableSslVersions |= SSL_VERSION_TLS_V1_2;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
FreeToken(sslVersions);
|
||||
// Default to TLS only; mitigates CVE-2016-0800
|
||||
c->SslAcceptSettings.AcceptOnlyTls = true;
|
||||
}
|
||||
c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0");
|
||||
c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1");
|
||||
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
|
||||
}
|
||||
Unlock(c->lock);
|
||||
|
||||
@ -6519,42 +6485,10 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
|
||||
CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp);
|
||||
CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix);
|
||||
|
||||
CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls);
|
||||
|
||||
{
|
||||
char tmp[MAX_SIZE];
|
||||
tmp[0] = 0;
|
||||
if (c->DisableSslVersions & SSL_VERSION_SSL_V2) {
|
||||
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V2);
|
||||
StrCat(tmp, sizeof(tmp), ",");
|
||||
}
|
||||
if (c->DisableSslVersions & SSL_VERSION_SSL_V3) {
|
||||
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V3);
|
||||
StrCat(tmp, sizeof(tmp), ",");
|
||||
}
|
||||
if (c->DisableSslVersions & SSL_VERSION_TLS_V1_0) {
|
||||
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_0);
|
||||
StrCat(tmp, sizeof(tmp), ",");
|
||||
}
|
||||
if (c->DisableSslVersions & SSL_VERSION_TLS_V1_1) {
|
||||
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_1);
|
||||
StrCat(tmp, sizeof(tmp), ",");
|
||||
}
|
||||
if (c->DisableSslVersions & SSL_VERSION_TLS_V1_2) {
|
||||
StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_2);
|
||||
StrCat(tmp, sizeof(tmp), ",");
|
||||
}
|
||||
if (StrLen(tmp) >= 1)
|
||||
{
|
||||
if (tmp[StrLen(tmp) - 1] == ',')
|
||||
{
|
||||
tmp[StrLen(tmp) - 1] = 0;
|
||||
}
|
||||
}
|
||||
CfgAddStr(f, "DisableSslVersions", tmp);
|
||||
}
|
||||
|
||||
|
||||
CfgAddBool(f, "AcceptOnlyTls", c->SslAcceptSettings.AcceptOnlyTls);
|
||||
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
|
||||
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
|
||||
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);
|
||||
|
||||
// Disable session reconnect
|
||||
CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));
|
||||
|
@ -118,12 +118,14 @@ void UdpAccelPoll(UDP_ACCEL *a)
|
||||
{
|
||||
IP nat_t_ip;
|
||||
UINT num_ignore_errors = 0;
|
||||
UCHAR *tmp;
|
||||
// Validate arguments
|
||||
if (a == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
UCHAR *tmp = a->TmpBuf;
|
||||
|
||||
tmp = a->TmpBuf;
|
||||
|
||||
Lock(a->NatT_Lock);
|
||||
{
|
||||
|
@ -2393,12 +2393,14 @@ bool NnTestConnectivity(NATIVE_STACK *a, TUBE *halt_tube)
|
||||
IP my_priv_ip;
|
||||
UINT num_send_dns = 0;
|
||||
IP using_dns;
|
||||
UINT src_port = 0;
|
||||
// Validate arguments
|
||||
if (a == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
UINT src_port = NnGenSrcPort(a->IsIpRawMode);
|
||||
|
||||
src_port = NnGenSrcPort(a->IsIpRawMode);
|
||||
|
||||
Copy(&using_dns, &a->DnsServerIP, sizeof(IP));
|
||||
|
||||
@ -3999,12 +4001,14 @@ bool NatTransactIcmp(VH *v, NAT_ENTRY *n)
|
||||
BLOCK *block;
|
||||
IP dest_ip;
|
||||
UINT num_ignore_errors = 0;
|
||||
UINT dest_port = 0;
|
||||
// Validate arguments
|
||||
if (v == NULL || n == NULL)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
UINT dest_port = n->DestPort;
|
||||
|
||||
dest_port = n->DestPort;
|
||||
|
||||
if (n->DisconnectNow)
|
||||
{
|
||||
@ -4202,12 +4206,14 @@ bool NatTransactUdp(VH *v, NAT_ENTRY *n)
|
||||
BLOCK *block;
|
||||
IP dest_ip;
|
||||
UINT num_ignore_errors;
|
||||
UINT dest_port = 0;
|
||||
// Validate arguments
|
||||
if (v == NULL || n == NULL)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
UINT dest_port = n->DestPort;
|
||||
|
||||
dest_port = n->DestPort;
|
||||
|
||||
if (n->DisconnectNow)
|
||||
{
|
||||
|
@ -1725,12 +1725,14 @@ static wchar_t *WuUniReadFile(char *filename)
|
||||
static void WuUniReplace(wchar_t **buf, wchar_t *from, wchar_t *to)
|
||||
{
|
||||
UINT dstsize;
|
||||
wchar_t *oldbuf;
|
||||
|
||||
if(buf == NULL || from == NULL || to == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
wchar_t *oldbuf = *buf;
|
||||
|
||||
oldbuf = *buf;
|
||||
|
||||
dstsize = (UniCalcReplaceStrEx(*buf, from, to, true) + 1) * sizeof(wchar_t);
|
||||
*buf = (wchar_t*)Malloc(dstsize);
|
||||
|
@ -204,7 +204,7 @@ typedef struct WINUI_SECURE_BATCH
|
||||
X *OutputX; // Output certificate
|
||||
K *InputK; // Input secret key
|
||||
LIST *EnumList; // Enumerated list
|
||||
UCHAR OutputSign[128]; // Output signature
|
||||
UCHAR OutputSign[4096 / 8]; // Output signature
|
||||
bool Succeed; // Success flag
|
||||
} WINUI_SECURE_BATCH;
|
||||
|
||||
|
@ -163,6 +163,14 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t
|
||||
PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
|
||||
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
|
||||
char *additional_header_name, char *additional_header_value)
|
||||
{
|
||||
return WpcCallEx2(url, setting, timeout_connect, timeout_comm, function_name, pack,
|
||||
cert, key, sha1_cert_hash, (sha1_cert_hash == NULL ? 0 : 1),
|
||||
cancel, max_recv_size, additional_header_name, additional_header_value, NULL);
|
||||
}
|
||||
PACK *WpcCallEx2(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
|
||||
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, UINT num_hashes, bool *cancel, UINT max_recv_size,
|
||||
char *additional_header_name, char *additional_header_value, char *sni_string)
|
||||
{
|
||||
URL_DATA data;
|
||||
BUF *b, *recv;
|
||||
@ -197,8 +205,14 @@ PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT
|
||||
StrCpy(data.AdditionalHeaderValue, sizeof(data.AdditionalHeaderValue), additional_header_value);
|
||||
}
|
||||
|
||||
recv = HttpRequestEx(&data, setting, timeout_connect, timeout_comm, &error,
|
||||
false, b->Buf, NULL, NULL, sha1_cert_hash, cancel, max_recv_size);
|
||||
if (sni_string != NULL && IsEmptyStr(sni_string) == false)
|
||||
{
|
||||
StrCpy(data.SniString, sizeof(data.SniString), sni_string);
|
||||
}
|
||||
|
||||
recv = HttpRequestEx3(&data, setting, timeout_connect, timeout_comm, &error,
|
||||
false, b->Buf, NULL, NULL, sha1_cert_hash, num_hashes, cancel, max_recv_size,
|
||||
NULL, NULL);
|
||||
|
||||
FreeBuf(b);
|
||||
|
||||
@ -693,6 +707,16 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
UINT *error_code, bool check_ssl_trust, char *post_data,
|
||||
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash,
|
||||
bool *cancel, UINT max_recv_size, char *header_name, char *header_value)
|
||||
{
|
||||
return HttpRequestEx3(data, setting, timeout_connect, timeout_comm, error_code, check_ssl_trust,
|
||||
post_data, recv_callback, recv_callback_param, sha1_cert_hash, (sha1_cert_hash == NULL ? 0 : 1),
|
||||
cancel, max_recv_size, header_name, header_value);
|
||||
}
|
||||
BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
UINT timeout_connect, UINT timeout_comm,
|
||||
UINT *error_code, bool check_ssl_trust, char *post_data,
|
||||
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, UINT num_hashes,
|
||||
bool *cancel, UINT max_recv_size, char *header_name, char *header_value)
|
||||
{
|
||||
WPC_CONNECT con;
|
||||
SOCK *s;
|
||||
@ -728,6 +752,14 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
{
|
||||
timeout_comm = WPC_TIMEOUT;
|
||||
}
|
||||
if (sha1_cert_hash == NULL)
|
||||
{
|
||||
num_hashes = 0;
|
||||
}
|
||||
if (num_hashes == 0)
|
||||
{
|
||||
sha1_cert_hash = NULL;
|
||||
}
|
||||
|
||||
// Connection
|
||||
Zero(&con, sizeof(con));
|
||||
@ -773,7 +805,7 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
if (data->Secure)
|
||||
{
|
||||
// Start the SSL communication
|
||||
if (StartSSLEx(s, NULL, NULL, true, 0, NULL) == false)
|
||||
if (StartSSLEx(s, NULL, NULL, true, 0, (IsEmptyStr(data->SniString) ? NULL : data->SniString)) == false)
|
||||
{
|
||||
// SSL connection failed
|
||||
*error_code = ERR_PROTOCOL_ERROR;
|
||||
@ -782,13 +814,28 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (sha1_cert_hash != NULL)
|
||||
if (sha1_cert_hash != NULL && num_hashes >= 1)
|
||||
{
|
||||
UCHAR hash[SHA1_SIZE];
|
||||
UINT i;
|
||||
bool ok = false;
|
||||
|
||||
Zero(hash, sizeof(hash));
|
||||
GetXDigest(s->RemoteX, hash, true);
|
||||
|
||||
if (Cmp(hash, sha1_cert_hash, SHA1_SIZE) != 0)
|
||||
for (i = 0;i < num_hashes;i++)
|
||||
{
|
||||
UCHAR *a = (UCHAR *)sha1_cert_hash;
|
||||
a += (SHA1_SIZE * i);
|
||||
|
||||
if (Cmp(hash, a, SHA1_SIZE) == 0)
|
||||
{
|
||||
ok = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (ok == false)
|
||||
{
|
||||
// Destination certificate hash mismatch
|
||||
*error_code = ERR_CERT_NOT_TRUSTED;
|
||||
|
@ -159,6 +159,7 @@ struct URL_DATA
|
||||
char Referer[MAX_SIZE * 3]; // Referer
|
||||
char AdditionalHeaderName[128]; // Additional header name
|
||||
char AdditionalHeaderValue[MAX_SIZE]; // Additional header value
|
||||
char SniString[MAX_SIZE]; // SNI String
|
||||
};
|
||||
|
||||
// WPC entry
|
||||
@ -204,6 +205,11 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
UINT *error_code, bool check_ssl_trust, char *post_data,
|
||||
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash,
|
||||
bool *cancel, UINT max_recv_size, char *header_name, char *header_value);
|
||||
BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
UINT timeout_connect, UINT timeout_comm,
|
||||
UINT *error_code, bool check_ssl_trust, char *post_data,
|
||||
WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, UINT num_hashes,
|
||||
bool *cancel, UINT max_recv_size, char *header_name, char *header_value);
|
||||
SOCK *WpcSockConnect(WPC_CONNECT *param, UINT *error_code, UINT timeout);
|
||||
SOCK *WpcSockConnectEx(WPC_CONNECT *param, UINT *error_code, UINT timeout, bool *cancel);
|
||||
SOCK *WpcSockConnect2(char *hostname, UINT port, INTERNET_SETTING *t, UINT *error_code, UINT timeout);
|
||||
@ -223,6 +229,9 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t
|
||||
PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
|
||||
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
|
||||
char *additional_header_name, char *additional_header_value);
|
||||
PACK *WpcCallEx2(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
|
||||
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, UINT num_hashes, bool *cancel, UINT max_recv_size,
|
||||
char *additional_header_name, char *additional_header_value, char *sni_string);
|
||||
bool IsProxyPrivateIp(INTERNET_SETTING *s);
|
||||
|
||||
#endif // WPC_H
|
||||
|
@ -1,4 +1,4 @@
|
||||
BUILD_NUMBER 9613
|
||||
VERSION 421
|
||||
BUILD_NUMBER 9634
|
||||
VERSION 422
|
||||
BUILD_NAME beta
|
||||
BUILD_DATE 20160424_153917
|
||||
BUILD_DATE 20161127_143359
|
||||
|
@ -46,7 +46,7 @@
|
||||
Name="VCCLCompilerTool"
|
||||
Optimization="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);$(SolutionDir)Mayaqua"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;_USE_32BIT_TIME_T"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
|
||||
MinimalRebuild="true"
|
||||
ExceptionHandling="0"
|
||||
BasicRuntimeChecks="3"
|
||||
@ -232,7 +232,7 @@
|
||||
EnableIntrinsicFunctions="false"
|
||||
FavorSizeOrSpeed="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);$(SolutionDir)Mayaqua"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;_USE_32BIT_TIME_T;VPN_SPEED"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;VPN_SPEED"
|
||||
StringPooling="false"
|
||||
ExceptionHandling="0"
|
||||
RuntimeLibrary="0"
|
||||
|
@ -385,6 +385,34 @@ bool FileCopyExW(wchar_t *src, wchar_t *dst, bool read_lock)
|
||||
|
||||
return ret;
|
||||
}
|
||||
bool FileCopyExWithEofW(wchar_t *src, wchar_t *dst, bool read_lock)
|
||||
{
|
||||
BUF *b;
|
||||
bool ret = false;
|
||||
// Validate arguments
|
||||
if (src == NULL || dst == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
b = ReadDumpExW(src, false);
|
||||
if (b == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
SeekBuf(b, b->Size, 0);
|
||||
|
||||
WriteBufChar(b, 0x1A);
|
||||
|
||||
SeekBuf(b, 0, 0);
|
||||
|
||||
ret = DumpBufW(b, dst);
|
||||
|
||||
FreeBuf(b);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Save the settings to a file
|
||||
void CfgSave(FOLDER *f, char *name)
|
||||
@ -459,7 +487,8 @@ bool CfgSaveExW3(CFG_RW *rw, FOLDER *f, wchar_t *name, UINT *written_size, bool
|
||||
// Generate a temporary file name
|
||||
UniFormat(tmp, sizeof(tmp), L"%s.log", name);
|
||||
// Copy the file that currently exist to a temporary file
|
||||
FileCopyW(name, tmp);
|
||||
// with appending the EOF
|
||||
FileCopyExWithEofW(name, tmp, true);
|
||||
|
||||
// Save the new file
|
||||
o = FileCreateW(name);
|
||||
@ -481,6 +510,7 @@ bool CfgSaveExW3(CFG_RW *rw, FOLDER *f, wchar_t *name, UINT *written_size, bool
|
||||
{
|
||||
// Successful saving file
|
||||
FileClose(o);
|
||||
|
||||
// Delete the temporary file
|
||||
FileDeleteW(tmp);
|
||||
}
|
||||
@ -528,6 +558,7 @@ FOLDER *CfgReadW(wchar_t *name)
|
||||
bool binary_file = false;
|
||||
bool invalid_file = false;
|
||||
UCHAR header[8];
|
||||
bool has_eof = false;
|
||||
// Validate arguments
|
||||
if (name == NULL)
|
||||
{
|
||||
@ -543,8 +574,31 @@ FOLDER *CfgReadW(wchar_t *name)
|
||||
o = FileOpenW(newfile, false);
|
||||
if (o == NULL)
|
||||
{
|
||||
UINT size;
|
||||
// Read the temporary file
|
||||
o = FileOpenW(tmp, false);
|
||||
|
||||
if (o != NULL)
|
||||
{
|
||||
// Check the EOF
|
||||
size = FileSize(o);
|
||||
if (size >= 2)
|
||||
{
|
||||
char c;
|
||||
|
||||
if (FileSeek(o, FILE_BEGIN, size - 1) && FileRead(o, &c, 1) && c == 0x1A && FileSeek(o, FILE_BEGIN, 0))
|
||||
{
|
||||
// EOF ok
|
||||
has_eof = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
// No EOF: file is corrupted
|
||||
FileClose(o);
|
||||
o = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -577,6 +631,11 @@ FOLDER *CfgReadW(wchar_t *name)
|
||||
|
||||
// Read into the buffer
|
||||
size = FileSize(o);
|
||||
if (has_eof)
|
||||
{
|
||||
// Ignore EOF
|
||||
size -= 1;
|
||||
}
|
||||
buf = Malloc(size);
|
||||
FileRead(o, buf, size);
|
||||
b = NewBuf();
|
||||
|
@ -1818,6 +1818,40 @@ UINT GetDaysUntil2038()
|
||||
return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24));
|
||||
}
|
||||
}
|
||||
UINT GetDaysUntil2038Ex()
|
||||
{
|
||||
SYSTEMTIME now;
|
||||
|
||||
Zero(&now, sizeof(now));
|
||||
SystemTime(&now);
|
||||
|
||||
if (now.wYear >= 2030)
|
||||
{
|
||||
UINT64 now = SystemTime64();
|
||||
UINT64 target;
|
||||
SYSTEMTIME st;
|
||||
|
||||
Zero(&st, sizeof(st));
|
||||
st.wYear = 2049;
|
||||
st.wMonth = 12;
|
||||
st.wDay = 30;
|
||||
|
||||
target = SystemToUINT64(&st);
|
||||
|
||||
if (now >= target)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24));
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return GetDaysUntil2038();
|
||||
}
|
||||
}
|
||||
|
||||
// Issue an X509 certificate
|
||||
X *NewX(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
|
||||
@ -4885,6 +4919,22 @@ bool DhCompute(DH_CTX *dh, void *dst_priv_key, void *src_pub_key, UINT key_size)
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Creating a DH 2048bit
|
||||
DH_CTX *DhNew2048()
|
||||
{
|
||||
return DhNew(DH_SET_2048, 2);
|
||||
}
|
||||
// Creating a DH 3072bit
|
||||
DH_CTX *DhNew3072()
|
||||
{
|
||||
return DhNew(DH_SET_3072, 2);
|
||||
}
|
||||
// Creating a DH 4096bit
|
||||
DH_CTX *DhNew4096()
|
||||
{
|
||||
return DhNew(DH_SET_4096, 2);
|
||||
}
|
||||
|
||||
// Creating a DH GROUP1
|
||||
DH_CTX *DhNewGroup1()
|
||||
{
|
||||
|
@ -170,6 +170,61 @@ void RAND_Free_For_SoftEther();
|
||||
|
||||
#define DH_SIMPLE_160 "AEE7561459353C95DDA966AE1FD25D95CD46E935"
|
||||
|
||||
#define DH_SET_2048 \
|
||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
||||
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
|
||||
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
|
||||
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
|
||||
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
|
||||
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
|
||||
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
|
||||
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
|
||||
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
|
||||
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
|
||||
"15728E5A8AACAA68FFFFFFFFFFFFFFFF"
|
||||
|
||||
#define DH_SET_3072 \
|
||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"\
|
||||
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"\
|
||||
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"\
|
||||
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"\
|
||||
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"\
|
||||
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"\
|
||||
"83655D23DCA3AD961C62F356208552BB9ED529077096966D"\
|
||||
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"\
|
||||
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"\
|
||||
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"\
|
||||
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"\
|
||||
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"\
|
||||
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"\
|
||||
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"\
|
||||
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"\
|
||||
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
|
||||
|
||||
#define DH_SET_4096 \
|
||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
||||
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
|
||||
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
|
||||
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
|
||||
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
|
||||
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
|
||||
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
|
||||
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
|
||||
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
|
||||
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
|
||||
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
|
||||
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
|
||||
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
|
||||
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
|
||||
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
|
||||
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
|
||||
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
|
||||
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
|
||||
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
|
||||
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
|
||||
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
|
||||
"FFFFFFFFFFFFFFFF"
|
||||
|
||||
// Macro
|
||||
#define HASHED_DATA(p) (((UCHAR *)p) + 15)
|
||||
|
||||
@ -376,6 +431,7 @@ X *NewRootX(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial);
|
||||
X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial);
|
||||
X *NewX(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial);
|
||||
UINT GetDaysUntil2038();
|
||||
UINT GetDaysUntil2038Ex();
|
||||
X_SERIAL *NewXSerial(void *data, UINT size);
|
||||
void FreeXSerial(X_SERIAL *serial);
|
||||
char *ByteToStr(BYTE *src, UINT src_size);
|
||||
@ -465,6 +521,9 @@ DH_CTX *DhNewGroup1();
|
||||
DH_CTX *DhNewGroup2();
|
||||
DH_CTX *DhNewGroup5();
|
||||
DH_CTX *DhNewSimple160();
|
||||
DH_CTX *DhNew2048();
|
||||
DH_CTX *DhNew3072();
|
||||
DH_CTX *DhNew4096();
|
||||
DH_CTX *DhNew(char *prime, UINT g);
|
||||
void DhFree(DH_CTX *dh);
|
||||
BUF *DhToBuf(DH_CTX *dh);
|
||||
|
@ -381,12 +381,15 @@ void ZipAddFileStart(ZIP_PACKER *p, char *name, UINT size, UINT64 dt, UINT attri
|
||||
UINT ZipAddFileData(ZIP_PACKER *p, void *data, UINT pos, UINT len)
|
||||
{
|
||||
UINT ret;
|
||||
UINT total_size;
|
||||
// Validate arguments
|
||||
if (p == NULL)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
UINT total_size = p->CurrentFile->CurrentSize + len;
|
||||
|
||||
total_size = p->CurrentFile->CurrentSize + len;
|
||||
|
||||
if (total_size > p->CurrentFile->Size)
|
||||
{
|
||||
return 0;
|
||||
|
@ -172,6 +172,109 @@ static LOCALE current_locale;
|
||||
LOCK *tick_manual_lock = NULL;
|
||||
UINT g_zero = 0;
|
||||
|
||||
#define MONSPERYEAR 12
|
||||
#define DAYSPERNYEAR 365
|
||||
#define DAYSPERLYEAR 366
|
||||
#define SECSPERMIN 60
|
||||
#define SECSPERHOUR (60*60)
|
||||
#define SECSPERDAY (24*60*60)
|
||||
#define DAYSPERWEEK 7
|
||||
#define TM_SUNDAY 0
|
||||
#define TM_MONDAY 1
|
||||
#define TM_TUESDAY 2
|
||||
#define TM_WEDNESDAY 3
|
||||
#define TM_THURSDAY 4
|
||||
#define TM_FRIDAY 5
|
||||
#define TM_SATURDAY 6
|
||||
|
||||
#define TM_YEAR_BASE 1900
|
||||
|
||||
#define EPOCH_YEAR 1970
|
||||
#define EPOCH_WDAY TM_THURSDAY
|
||||
|
||||
#define isleap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
|
||||
|
||||
static const int mon_lengths[2][MONSPERYEAR] = {
|
||||
{ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 },
|
||||
{ 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }
|
||||
};
|
||||
|
||||
static const int year_lengths[2] = {
|
||||
DAYSPERNYEAR, DAYSPERLYEAR
|
||||
};
|
||||
|
||||
|
||||
/*
|
||||
* Taken from FreeBSD src / lib / libc / stdtime / localtime.c 1.43 revision.
|
||||
* localtime.c 7.78.
|
||||
* tzfile.h 1.8
|
||||
* adapted to be replacement gmtime_r.
|
||||
*/
|
||||
static void
|
||||
c_timesub(timep, offset, tmp)
|
||||
const time_64t * const timep;
|
||||
const long offset;
|
||||
struct tm * const tmp;
|
||||
{
|
||||
INT64 days;
|
||||
INT64 rem;
|
||||
INT64 y;
|
||||
int yleap;
|
||||
const int * ip;
|
||||
|
||||
days = *timep / SECSPERDAY;
|
||||
rem = *timep % SECSPERDAY;
|
||||
rem += (offset);
|
||||
while (rem < 0) {
|
||||
rem += SECSPERDAY;
|
||||
--days;
|
||||
}
|
||||
while (rem >= SECSPERDAY) {
|
||||
rem -= SECSPERDAY;
|
||||
++days;
|
||||
}
|
||||
tmp->tm_hour = (int) (rem / SECSPERHOUR);
|
||||
rem = rem % SECSPERHOUR;
|
||||
tmp->tm_min = (int) (rem / SECSPERMIN);
|
||||
/*
|
||||
** A positive leap second requires a special
|
||||
** representation. This uses "... ??:59:60" et seq.
|
||||
*/
|
||||
tmp->tm_sec = (int) (rem % SECSPERMIN) ;
|
||||
tmp->tm_wday = (int) ((EPOCH_WDAY + days) % DAYSPERWEEK);
|
||||
if (tmp->tm_wday < 0)
|
||||
tmp->tm_wday += DAYSPERWEEK;
|
||||
y = EPOCH_YEAR;
|
||||
#define LEAPS_THRU_END_OF(y) ((y) / 4 - (y) / 100 + (y) / 400)
|
||||
while (days < 0 || days >= (long) year_lengths[yleap = isleap(y)]) {
|
||||
INT64 newy;
|
||||
|
||||
newy = y + days / DAYSPERNYEAR;
|
||||
if (days < 0)
|
||||
--newy;
|
||||
days -= (newy - y) * DAYSPERNYEAR +
|
||||
LEAPS_THRU_END_OF(newy - 1) -
|
||||
LEAPS_THRU_END_OF(y - 1);
|
||||
y = newy;
|
||||
}
|
||||
tmp->tm_year = (int)(y - TM_YEAR_BASE);
|
||||
tmp->tm_yday = (int) days;
|
||||
ip = mon_lengths[yleap];
|
||||
for (tmp->tm_mon = 0; days >= (INT64) ip[tmp->tm_mon]; ++(tmp->tm_mon))
|
||||
days = days - (INT64) ip[tmp->tm_mon];
|
||||
tmp->tm_mday = (int) (days + 1);
|
||||
tmp->tm_isdst = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Re-entrant version of gmtime.
|
||||
*/
|
||||
struct tm * c_gmtime_r(const time_64t* timep, struct tm *tm)
|
||||
{
|
||||
c_timesub(timep, 0L, tm);
|
||||
return tm;
|
||||
}
|
||||
|
||||
// Get the real-time system timer
|
||||
UINT TickRealtime()
|
||||
{
|
||||
@ -219,7 +322,14 @@ UINT64 TickGetRealtimeTickValue64()
|
||||
|
||||
gettimeofday(&tv, &tz);
|
||||
|
||||
if (sizeof(tv.tv_sec) != 4)
|
||||
{
|
||||
ret = (UINT64)tv.tv_sec * 1000ULL + (UINT64)tv.tv_usec / 1000ULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = (UINT64)((UINT64)((UINT32)tv.tv_sec)) * 1000ULL + (UINT64)tv.tv_usec / 1000ULL;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -815,7 +925,7 @@ void GetTimeStr64(char *str, UINT size, UINT64 sec64)
|
||||
// Convert to a time to be used safely in the current POSIX implementation
|
||||
UINT64 SafeTime64(UINT64 sec64)
|
||||
{
|
||||
return MAKESURE(sec64, 0, 2115947647000ULL);
|
||||
return MAKESURE(sec64, 0, 4102243323123ULL);
|
||||
}
|
||||
|
||||
// Thread pool
|
||||
@ -1694,7 +1804,7 @@ void TmToSystem(SYSTEMTIME *st, struct tm *t)
|
||||
NormalizeTm(&tmp);
|
||||
|
||||
Zero(st, sizeof(SYSTEMTIME));
|
||||
st->wYear = MAKESURE(tmp.tm_year + 1900, 1970, 2037);
|
||||
st->wYear = MAKESURE(tmp.tm_year + 1900, 1970, 2099);
|
||||
st->wMonth = MAKESURE(tmp.tm_mon + 1, 1, 12);
|
||||
st->wDay = MAKESURE(tmp.tm_mday, 1, 31);
|
||||
st->wDayOfWeek = MAKESURE(tmp.tm_wday, 0, 6);
|
||||
@ -1714,7 +1824,7 @@ void SystemToTm(struct tm *t, SYSTEMTIME *st)
|
||||
}
|
||||
|
||||
Zero(t, sizeof(struct tm));
|
||||
t->tm_year = MAKESURE(st->wYear, 1970, 2037) - 1900;
|
||||
t->tm_year = MAKESURE(st->wYear, 1970, 2099) - 1900;
|
||||
t->tm_mon = MAKESURE(st->wMonth, 1, 12) - 1;
|
||||
t->tm_mday = MAKESURE(st->wDay, 1, 31);
|
||||
t->tm_hour = MAKESURE(st->wHour, 0, 23);
|
||||
@ -1726,7 +1836,7 @@ void SystemToTm(struct tm *t, SYSTEMTIME *st)
|
||||
}
|
||||
|
||||
// Convert the time_t to SYSTEMTIME
|
||||
void TimeToSystem(SYSTEMTIME *st, time_t t)
|
||||
void TimeToSystem(SYSTEMTIME *st, time_64t t)
|
||||
{
|
||||
struct tm tmp;
|
||||
// Validate arguments
|
||||
@ -1740,7 +1850,7 @@ void TimeToSystem(SYSTEMTIME *st, time_t t)
|
||||
}
|
||||
|
||||
// Convert the time_t to 64-bit SYSTEMTIME
|
||||
UINT64 TimeToSystem64(time_t t)
|
||||
UINT64 TimeToSystem64(time_64t t)
|
||||
{
|
||||
SYSTEMTIME st;
|
||||
|
||||
@ -1750,7 +1860,7 @@ UINT64 TimeToSystem64(time_t t)
|
||||
}
|
||||
|
||||
// Convert the SYSTEMTIME to time_t
|
||||
time_t SystemToTime(SYSTEMTIME *st)
|
||||
time_64t SystemToTime(SYSTEMTIME *st)
|
||||
{
|
||||
struct tm t;
|
||||
// Validate arguments
|
||||
@ -1764,7 +1874,7 @@ time_t SystemToTime(SYSTEMTIME *st)
|
||||
}
|
||||
|
||||
// Convert a 64-bit SYSTEMTIME to a time_t
|
||||
time_t System64ToTime(UINT64 i)
|
||||
time_64t System64ToTime(UINT64 i)
|
||||
{
|
||||
SYSTEMTIME st;
|
||||
|
||||
@ -1774,9 +1884,9 @@ time_t System64ToTime(UINT64 i)
|
||||
}
|
||||
|
||||
// Convert the tm to time_t
|
||||
time_t TmToTime(struct tm *t)
|
||||
time_64t TmToTime(struct tm *t)
|
||||
{
|
||||
time_t tmp;
|
||||
time_64t tmp;
|
||||
// Validate arguments
|
||||
if (t == NULL)
|
||||
{
|
||||
@ -1784,7 +1894,7 @@ time_t TmToTime(struct tm *t)
|
||||
}
|
||||
|
||||
tmp = c_mkgmtime(t);
|
||||
if (tmp == (time_t)-1)
|
||||
if (tmp == (time_64t)-1)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@ -1792,42 +1902,22 @@ time_t TmToTime(struct tm *t)
|
||||
}
|
||||
|
||||
// Convert time_t to tm
|
||||
void TimeToTm(struct tm *t, time_t time)
|
||||
void TimeToTm(struct tm *t, time_64t time)
|
||||
{
|
||||
struct tm *ret;
|
||||
// Validate arguments
|
||||
if (t == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef OS_UNIX
|
||||
ret = gmtime(&time);
|
||||
#else // OS_UNIX
|
||||
ret = malloc(sizeof(struct tm));
|
||||
memset(ret, 0, sizeof(struct tm));
|
||||
gmtime_r(&time, ret);
|
||||
#endif // OS_UNIX
|
||||
|
||||
if (ret == NULL)
|
||||
{
|
||||
Zero(t, sizeof(struct tm));
|
||||
}
|
||||
else
|
||||
{
|
||||
Copy(t, ret, sizeof(struct tm));
|
||||
}
|
||||
|
||||
#ifdef OS_UNIX
|
||||
free(ret);
|
||||
#endif // OS_UNIX
|
||||
c_gmtime_r(&time, t);
|
||||
}
|
||||
|
||||
// Normalize the tm
|
||||
void NormalizeTm(struct tm *t)
|
||||
{
|
||||
struct tm *ret;
|
||||
time_t tmp;
|
||||
time_64t tmp;
|
||||
// Validate arguments
|
||||
if (t == NULL)
|
||||
{
|
||||
@ -1835,31 +1925,12 @@ void NormalizeTm(struct tm *t)
|
||||
}
|
||||
|
||||
tmp = c_mkgmtime(t);
|
||||
if (tmp == (time_t)-1)
|
||||
if (tmp == (time_64t)-1)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef OS_UNIX
|
||||
ret = gmtime(&tmp);
|
||||
#else // OS_UNIX
|
||||
ret = malloc(sizeof(struct tm));
|
||||
memset(ret, 0, sizeof(struct tm));
|
||||
gmtime_r(&tmp, ret);
|
||||
#endif // OS_UNIX
|
||||
|
||||
if (ret == NULL)
|
||||
{
|
||||
Zero(t, sizeof(struct tm));
|
||||
}
|
||||
else
|
||||
{
|
||||
Copy(t, ret, sizeof(struct tm));
|
||||
}
|
||||
|
||||
#ifdef OS_UNIX
|
||||
free(ret);
|
||||
#endif // OS_UNIX
|
||||
c_gmtime_r(&tmp, t);
|
||||
}
|
||||
|
||||
// Normalize the SYSTEMTIME
|
||||
@ -1934,10 +2005,19 @@ INT64 GetTimeDiffEx(SYSTEMTIME *basetime, bool local_time)
|
||||
|
||||
Copy(&snow, basetime, sizeof(SYSTEMTIME));
|
||||
|
||||
if (sizeof(time_t) == 4)
|
||||
{
|
||||
if (snow.wYear >= 2038)
|
||||
{
|
||||
// For old systems: avoid the 2038-year problem
|
||||
snow.wYear = 2037;
|
||||
}
|
||||
}
|
||||
|
||||
SystemToTm(&now, &snow);
|
||||
if (local_time == false)
|
||||
{
|
||||
tmp = c_mkgmtime(&now);
|
||||
tmp = (time_t)c_mkgmtime(&now);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1965,54 +2045,12 @@ INT64 GetTimeDiffEx(SYSTEMTIME *basetime, bool local_time)
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Get the time difference between the local time and system time
|
||||
INT64 GetTimeDiff()
|
||||
{
|
||||
time_t tmp;
|
||||
struct tm t1, t2;
|
||||
SYSTEMTIME snow;
|
||||
struct tm now;
|
||||
SYSTEMTIME s1, s2;
|
||||
INT64 ret;
|
||||
|
||||
static INT64 cache = INFINITE;
|
||||
|
||||
if (cache != INFINITE)
|
||||
{
|
||||
// Returns the cache data after measured once
|
||||
return cache;
|
||||
}
|
||||
|
||||
SystemTime(&snow);
|
||||
SystemToTm(&now, &snow);
|
||||
tmp = c_mkgmtime(&now);
|
||||
if (tmp == (time_t)-1)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef OS_UNIX
|
||||
Copy(&t1, localtime(&tmp), sizeof(struct tm));
|
||||
Copy(&t2, gmtime(&tmp), sizeof(struct tm));
|
||||
#else // OS_UNIX
|
||||
localtime_r(&tmp, &t1);
|
||||
gmtime_r(&tmp, &t2);
|
||||
#endif // OS_UNIX
|
||||
|
||||
TmToSystem(&s1, &t1);
|
||||
TmToSystem(&s2, &t2);
|
||||
|
||||
cache = ret = (INT)SystemToUINT64(&s1) - (INT)SystemToUINT64(&s2);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Convert UINT64 to the SYSTEMTIME
|
||||
void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64)
|
||||
{
|
||||
UINT64 tmp64;
|
||||
UINT sec, millisec;
|
||||
time_t time;
|
||||
time_64t time;
|
||||
// Validate arguments
|
||||
if (st == NULL)
|
||||
{
|
||||
@ -2023,7 +2061,7 @@ void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64)
|
||||
tmp64 = sec64 / (UINT64)1000;
|
||||
millisec = (UINT)(sec64 - tmp64 * (UINT64)1000);
|
||||
sec = (UINT)tmp64;
|
||||
time = (time_t)sec;
|
||||
time = (time_64t)sec;
|
||||
TimeToSystem(st, time);
|
||||
st->wMilliseconds = (WORD)millisec;
|
||||
}
|
||||
@ -2032,7 +2070,7 @@ void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64)
|
||||
UINT64 SystemToUINT64(SYSTEMTIME *st)
|
||||
{
|
||||
UINT64 sec64;
|
||||
time_t time;
|
||||
time_64t time;
|
||||
// Validate arguments
|
||||
if (st == NULL)
|
||||
{
|
||||
@ -2091,7 +2129,7 @@ void SystemTime(SYSTEMTIME *st)
|
||||
KS_INC(KS_GETTIME_COUNT);
|
||||
}
|
||||
|
||||
time_t c_mkgmtime(struct tm *tm)
|
||||
time_64t c_mkgmtime(struct tm *tm)
|
||||
{
|
||||
int years, months, days, hours, minutes, seconds;
|
||||
|
||||
@ -2142,7 +2180,7 @@ time_t c_mkgmtime(struct tm *tm)
|
||||
tm->tm_isdst = 0;
|
||||
|
||||
if (years < 1970)
|
||||
return (time_t)-1;
|
||||
return (time_64t)-1;
|
||||
|
||||
#if (defined(TM_YEAR_MAX) && defined(TM_MON_MAX) && defined(TM_MDAY_MAX))
|
||||
#if (defined(TM_HOUR_MAX) && defined(TM_MIN_MAX) && defined(TM_SEC_MAX))
|
||||
@ -2156,11 +2194,11 @@ time_t c_mkgmtime(struct tm *tm)
|
||||
(hours == TM_HOUR_MAX &&
|
||||
(minutes > TM_MIN_MAX ||
|
||||
(minutes == TM_MIN_MAX && seconds > TM_SEC_MAX) )))))))
|
||||
return (time_t)-1;
|
||||
return (time_64t)-1;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
return (time_t)(86400L * (unsigned long)(unsigned)days +
|
||||
return (time_64t)(86400L * (unsigned long)(unsigned)days +
|
||||
3600L * (unsigned long)hours +
|
||||
(unsigned long)(60 * minutes + seconds));
|
||||
}
|
||||
|
@ -194,15 +194,16 @@ void FreeThreading();
|
||||
void ThreadPoolProc(THREAD *t, void *param);
|
||||
void SetThreadName(UINT thread_id, char *name, void *param);
|
||||
|
||||
time_t c_mkgmtime(struct tm *tm);
|
||||
time_t System64ToTime(UINT64 i);
|
||||
struct tm * c_gmtime_r(const time_64t* timep, struct tm *tm);
|
||||
time_64t c_mkgmtime(struct tm *tm);
|
||||
time_64t System64ToTime(UINT64 i);
|
||||
void TmToSystem(SYSTEMTIME *st, struct tm *t);
|
||||
void SystemToTm(struct tm *t, SYSTEMTIME *st);
|
||||
void TimeToSystem(SYSTEMTIME *st, time_t t);
|
||||
UINT64 TimeToSystem64(time_t t);
|
||||
time_t SystemToTime(SYSTEMTIME *st);
|
||||
time_t TmToTime(struct tm *t);
|
||||
void TimeToTm(struct tm *t, time_t time);
|
||||
void TimeToSystem(SYSTEMTIME *st, time_64t t);
|
||||
UINT64 TimeToSystem64(time_64t t);
|
||||
time_64t SystemToTime(SYSTEMTIME *st);
|
||||
time_64t TmToTime(struct tm *t);
|
||||
void TimeToTm(struct tm *t, time_64t time);
|
||||
void NormalizeTm(struct tm *t);
|
||||
void NormalizeSystem(SYSTEMTIME *st);
|
||||
void LocalToSystem(SYSTEMTIME *system, SYSTEMTIME *local);
|
||||
|
@ -145,7 +145,7 @@ typedef struct x509_crl_st X509_CRL;
|
||||
#define BUF_SIZE 512
|
||||
|
||||
// Support Windows OS list
|
||||
#define SUPPORTED_WINDOWS_LIST "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2"
|
||||
#define SUPPORTED_WINDOWS_LIST "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016"
|
||||
|
||||
// Infinite
|
||||
#ifndef WINDOWS_H
|
||||
@ -299,6 +299,8 @@ typedef signed char CHAR;
|
||||
typedef unsigned long long UINT64;
|
||||
typedef signed long long INT64;
|
||||
|
||||
typedef signed long long time_64t;
|
||||
|
||||
#ifdef OS_UNIX
|
||||
// Avoiding compile error
|
||||
#define __cdecl
|
||||
@ -523,6 +525,7 @@ typedef struct SAFE_BLOCK SAFE_BLOCK;
|
||||
typedef struct SAFE_REQUEST_LOG SAFE_REQUEST_LOG;
|
||||
typedef struct DYN_VALUE DYN_VALUE;
|
||||
typedef struct RELAY_PARAMETER RELAY_PARAMETER;
|
||||
typedef struct SSL_ACCEPT_SETTINGS SSL_ACCEPT_SETTINGS;
|
||||
|
||||
// Tick64.h
|
||||
typedef struct ADJUST_TIME ADJUST_TIME;
|
||||
|
@ -46,7 +46,7 @@
|
||||
Name="VCCLCompilerTool"
|
||||
Optimization="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_LIB;_USE_32BIT_TIME_T"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
|
||||
MinimalRebuild="true"
|
||||
ExceptionHandling="0"
|
||||
BasicRuntimeChecks="3"
|
||||
@ -188,7 +188,7 @@
|
||||
EnableIntrinsicFunctions="false"
|
||||
FavorSizeOrSpeed="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;_USE_32BIT_TIME_T;VPN_SPEED"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;VPN_SPEED"
|
||||
StringPooling="false"
|
||||
ExceptionHandling="0"
|
||||
RuntimeLibrary="0"
|
||||
|
@ -204,6 +204,7 @@ static SERVICE_FUNCTION *g_start, *g_stop;
|
||||
static bool exiting = false;
|
||||
static bool wnd_end;
|
||||
static bool is_usermode = false;
|
||||
static bool wts_is_locked_flag = false;
|
||||
static HICON tray_icon;
|
||||
static NOTIFYICONDATA nid;
|
||||
static NOTIFYICONDATAW nid_nt;
|
||||
@ -9194,6 +9195,11 @@ bool MsCloseWarningWindow(NO_WARNING *nw, UINT thread_id)
|
||||
{
|
||||
HWND hWnd;
|
||||
|
||||
if (nw->Halt)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
if (MsIsVista() == false)
|
||||
{
|
||||
hWnd = LIST_DATA(o, i);
|
||||
@ -12341,6 +12347,175 @@ bool MsIsPasswordEmpty(wchar_t *username)
|
||||
return false;
|
||||
}
|
||||
|
||||
// Determine if the workstation is locked by using WTS API
|
||||
bool MsDetermineIsLockedByWtsApi()
|
||||
{
|
||||
return wts_is_locked_flag;
|
||||
}
|
||||
|
||||
// IsLocked Window Proc
|
||||
LRESULT CALLBACK MsIsLockedWindowHandlerWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam)
|
||||
{
|
||||
MS_ISLOCKED *d = NULL;
|
||||
CREATESTRUCT *cs;
|
||||
// Validate arguments
|
||||
if (hWnd == NULL)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
d = (MS_ISLOCKED *)GetWindowLongPtrA(hWnd, GWLP_USERDATA);
|
||||
if (d == NULL && msg != WM_CREATE)
|
||||
{
|
||||
goto LABEL_END;
|
||||
}
|
||||
|
||||
switch (msg)
|
||||
{
|
||||
case WM_CREATE:
|
||||
cs = (CREATESTRUCT *)lParam;
|
||||
d = (MS_ISLOCKED *)cs->lpCreateParams;
|
||||
SetWindowLongPtrA(hWnd, GWLP_USERDATA, (LONG_PTR)d);
|
||||
|
||||
ms->nt->WTSRegisterSessionNotification(hWnd, NOTIFY_FOR_THIS_SESSION);
|
||||
|
||||
wts_is_locked_flag = false;
|
||||
|
||||
break;
|
||||
|
||||
case WM_WTSSESSION_CHANGE:
|
||||
{
|
||||
char tmp[MAX_SIZE];
|
||||
|
||||
GetDateTimeStr64(tmp, sizeof(tmp), LocalTime64());
|
||||
|
||||
switch (wParam)
|
||||
{
|
||||
case WTS_SESSION_LOCK:
|
||||
Debug("%s: Enter Lock\n", tmp);
|
||||
d->IsLockedFlag = true;
|
||||
wts_is_locked_flag = true;
|
||||
break;
|
||||
|
||||
case WTS_SESSION_UNLOCK:
|
||||
Debug("%s: Enter Unlock\n", tmp);
|
||||
d->IsLockedFlag = false;
|
||||
wts_is_locked_flag = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case WM_DESTROY:
|
||||
Debug("Unregister\n");
|
||||
ms->nt->WTSUnRegisterSessionNotification(hWnd);
|
||||
PostQuitMessage(0);
|
||||
break;
|
||||
}
|
||||
|
||||
LABEL_END:
|
||||
return DefWindowProc(hWnd, msg, wParam, lParam);
|
||||
}
|
||||
|
||||
// IsLocked thread proc
|
||||
void MsIsLockedThreadProc(THREAD *thread, void *param)
|
||||
{
|
||||
MS_ISLOCKED *d = (MS_ISLOCKED *)param;
|
||||
char wndclass_name[MAX_PATH];
|
||||
WNDCLASS wc;
|
||||
HWND hWnd;
|
||||
MSG msg;
|
||||
// Validate arguments
|
||||
if (d == NULL || thread == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
Format(wndclass_name, sizeof(wndclass_name), "WNDCLASS_%X", Rand32());
|
||||
|
||||
Zero(&wc, sizeof(wc));
|
||||
wc.hbrBackground = (HBRUSH)GetStockObject(WHITE_BRUSH);
|
||||
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
|
||||
wc.hIcon = NULL;
|
||||
wc.hInstance = ms->hInst;
|
||||
wc.lpfnWndProc = MsIsLockedWindowHandlerWindowProc;
|
||||
wc.lpszClassName = wndclass_name;
|
||||
if (RegisterClassA(&wc) == 0)
|
||||
{
|
||||
NoticeThreadInit(thread);
|
||||
return;
|
||||
}
|
||||
|
||||
hWnd = CreateWindowA(wndclass_name, wndclass_name, WS_OVERLAPPEDWINDOW,
|
||||
CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT,
|
||||
NULL, NULL, ms->hInst, d);
|
||||
|
||||
d->hWnd = hWnd;
|
||||
|
||||
NoticeThreadInit(thread);
|
||||
|
||||
if (hWnd == NULL)
|
||||
{
|
||||
UnregisterClassA(wndclass_name, ms->hInst);
|
||||
return;
|
||||
}
|
||||
|
||||
while (GetMessage(&msg, NULL, 0, 0))
|
||||
{
|
||||
TranslateMessage(&msg);
|
||||
DispatchMessage(&msg);
|
||||
}
|
||||
|
||||
DestroyWindow(hWnd);
|
||||
|
||||
UnregisterClassA(wndclass_name, ms->hInst);
|
||||
}
|
||||
|
||||
// Create new IsLocked thread
|
||||
MS_ISLOCKED *MsNewIsLocked()
|
||||
{
|
||||
MS_ISLOCKED *d;
|
||||
THREAD *t;
|
||||
|
||||
SleepThread(5000);
|
||||
|
||||
if (IsNt() == false || ms->nt->WTSRegisterSessionNotification == NULL ||
|
||||
ms->nt->WTSUnRegisterSessionNotification == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
d = ZeroMalloc(sizeof(MS_ISLOCKED));
|
||||
|
||||
t = NewThread(MsIsLockedThreadProc, d);
|
||||
|
||||
WaitThreadInit(t);
|
||||
|
||||
d->Thread = t;
|
||||
|
||||
return d;
|
||||
}
|
||||
|
||||
// Stop and free the IsLocked thread
|
||||
void MsFreeIsLocked(MS_ISLOCKED *d)
|
||||
{
|
||||
if (d == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (d->hWnd != NULL)
|
||||
{
|
||||
PostMessageA(d->hWnd, WM_CLOSE, 0, 0);
|
||||
}
|
||||
|
||||
WaitThread(d->Thread, INFINITE);
|
||||
ReleaseThread(d->Thread);
|
||||
|
||||
Free(d);
|
||||
}
|
||||
|
||||
// Execution of shutdown (NT)
|
||||
bool MsShutdownEx(bool reboot, bool force, UINT time_limit, char *message)
|
||||
{
|
||||
@ -12689,6 +12864,12 @@ NT_API *MsLoadNtApiFunctions()
|
||||
nt->WTSEnumerateSessionsA =
|
||||
(BOOL (__stdcall *)(HANDLE,DWORD,DWORD,PWTS_SESSION_INFOA *,DWORD *))
|
||||
GetProcAddress(nt->hWtsApi32, "WTSEnumerateSessionsA");
|
||||
nt->WTSRegisterSessionNotification =
|
||||
(BOOL (__stdcall *)(HWND,DWORD))
|
||||
GetProcAddress(nt->hWtsApi32, "WTSRegisterSessionNotification");
|
||||
nt->WTSUnRegisterSessionNotification =
|
||||
(BOOL (__stdcall *)(HWND))
|
||||
GetProcAddress(nt->hWtsApi32, "WTSUnRegisterSessionNotification");
|
||||
}
|
||||
|
||||
// Service related API
|
||||
|
@ -431,6 +431,8 @@ typedef struct NT_API
|
||||
void (WINAPI *WTSFreeMemory)(void *);
|
||||
BOOL (WINAPI *WTSDisconnectSession)(HANDLE, DWORD, BOOL);
|
||||
BOOL (WINAPI *WTSEnumerateSessions)(HANDLE, DWORD, DWORD, PWTS_SESSION_INFO *, DWORD *);
|
||||
BOOL (WINAPI *WTSRegisterSessionNotification)(HWND, DWORD);
|
||||
BOOL (WINAPI *WTSUnRegisterSessionNotification)(HWND);
|
||||
SC_HANDLE (WINAPI *OpenSCManager)(LPCTSTR, LPCTSTR, DWORD);
|
||||
SC_HANDLE (WINAPI *CreateServiceA)(SC_HANDLE, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR);
|
||||
SC_HANDLE (WINAPI *CreateServiceW)(SC_HANDLE, LPCWSTR, LPCWSTR, DWORD, DWORD, DWORD, DWORD, LPCWSTR, LPCWSTR, LPDWORD, LPCWSTR, LPCWSTR, LPCWSTR);
|
||||
@ -590,6 +592,13 @@ typedef struct MS_ADAPTER_LIST
|
||||
MS_ADAPTER **Adapters; // Content
|
||||
} MS_ADAPTER_LIST;
|
||||
|
||||
typedef struct MS_ISLOCKED
|
||||
{
|
||||
HWND hWnd;
|
||||
THREAD *Thread;
|
||||
volatile bool IsLockedFlag;
|
||||
} MS_ISLOCKED;
|
||||
|
||||
// TCP setting
|
||||
typedef struct MS_TCP
|
||||
{
|
||||
@ -741,6 +750,14 @@ char *MsGetExeFileName();
|
||||
char *MsGetExeDirName();
|
||||
wchar_t *MsGetExeDirNameW();
|
||||
|
||||
void MsIsLockedThreadProc(THREAD *thread, void *param);
|
||||
MS_ISLOCKED *MsNewIsLocked();
|
||||
void MsFreeIsLocked(MS_ISLOCKED *d);
|
||||
void MsStartIsLockedThread();
|
||||
void MsStopIsLockedThread();
|
||||
bool MsDetermineIsLockedByWtsApi();
|
||||
|
||||
|
||||
bool MsShutdown(bool reboot, bool force);
|
||||
bool MsShutdownEx(bool reboot, bool force, UINT time_limit, char *message);
|
||||
bool MsCheckLogon(wchar_t *username, char *password);
|
||||
|
@ -155,7 +155,6 @@
|
||||
#ifdef UNIX_MACOS
|
||||
#include <sys/event.h>
|
||||
#endif // UNIX_MACOS
|
||||
#include <Cedar/Cedar.h>
|
||||
|
||||
#ifdef OS_WIN32
|
||||
NETWORK_WIN32_FUNCTIONS *w32net;
|
||||
@ -188,8 +187,6 @@ struct ROUTE_CHANGE_DATA
|
||||
|
||||
|
||||
// HTTP constant
|
||||
//static char http_301_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>301 Moved Permanently</TITLE>\r\n</HEAD><BODY>\r\n<H1>Moved</H1>\r\nThis páge has moved to <A HREF=\"https://$HOST$:4443$TARGET$\">new address</A>.<P>\r\n<HR>\r\n</BODY></HTML>\r\n";
|
||||
static char http_301_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>301 Moved Permanently</TITLE>\r\n</HEAD><BODY>\r\n<H1>Moved</H1>\r\nThis páge has moved to <A HREF=\"https://$HOSTNAME$:4443$TARGET$\">new address</A>.<P>\r\n<HR>\r\n</BODY></HTML>\r\n";
|
||||
static char http_404_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>404 Not Found</TITLE>\r\n</HEAD><BODY>\r\n<H1>Not Found</H1>\r\nThe requested URL $TARGET$ was not found on this server.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
|
||||
static char http_403_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>403 Forbidden</TITLE>\r\n</HEAD><BODY>\r\n<H1>Forbidden</H1>\r\nYou don't have permission to access $TARGET$\r\non this server.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
|
||||
static char http_500_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>500 Server Error</TITLE>\r\n</HEAD><BODY>\r\n<H1>Server Error</H1>\r\nServer Error<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
|
||||
@ -236,7 +233,7 @@ static COUNTER *getip_thread_counter = NULL;
|
||||
static UINT max_getip_thread = 0;
|
||||
|
||||
|
||||
static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA";
|
||||
static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES128-SHA256 AES256-GCM-SHA384 AES256-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384";
|
||||
static LIST *ip_clients = NULL;
|
||||
|
||||
static LIST *local_mac_list = NULL;
|
||||
@ -248,7 +245,7 @@ static UINT rand_port_numbers[256] = {0};
|
||||
static bool g_use_privateip_file = false;
|
||||
static bool g_source_ip_validation_force_disable = false;
|
||||
|
||||
static DH_CTX *dh_1024 = NULL;
|
||||
static DH_CTX *dh_2048 = NULL;
|
||||
|
||||
typedef struct PRIVATE_IP_SUBNET
|
||||
{
|
||||
@ -5824,7 +5821,8 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
|
||||
{
|
||||
if (server_mode)
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_server_method());
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
|
||||
|
||||
AddChainSslCertOnDirectory(ssl_ctx);
|
||||
|
||||
@ -5835,7 +5833,7 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_client_method());
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
|
||||
}
|
||||
|
||||
//SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cb_test);
|
||||
@ -12773,7 +12771,7 @@ bool SendAll(SOCK *sock, void *data, UINT size, bool secure)
|
||||
// Set the cipher algorithm name to want to use
|
||||
void SetWantToUseCipher(SOCK *sock, char *name)
|
||||
{
|
||||
char tmp[254];
|
||||
char tmp[1024];
|
||||
// Validate arguments
|
||||
if (sock == NULL || name == NULL)
|
||||
{
|
||||
@ -12913,7 +12911,7 @@ bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x)
|
||||
// Start a TCP-SSL communication
|
||||
bool StartSSL(SOCK *sock, X *x, K *priv)
|
||||
{
|
||||
return StartSSLEx(sock, x, priv, false, 0, NULL);
|
||||
return StartSSLEx(sock, x, priv, true, 0, NULL);
|
||||
}
|
||||
bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, char *sni_hostname)
|
||||
{
|
||||
@ -12976,23 +12974,39 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
if (sock->ServerMode)
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
|
||||
long ssl_opt_flags=0x0L;
|
||||
if (sock->DisableSslVersions & SSL_VERSION_SSL_V2) {
|
||||
ssl_opt_flags |= SSL_OP_NO_SSLv2;
|
||||
|
||||
#ifdef SSL_OP_NO_SSLv2
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
|
||||
#endif // SSL_OP_NO_SSLv2
|
||||
|
||||
if (sock->SslAcceptSettings.AcceptOnlyTls)
|
||||
{
|
||||
#ifdef SSL_OP_NO_SSLv3
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
|
||||
#endif // SSL_OP_NO_SSLv3
|
||||
}
|
||||
if (sock->DisableSslVersions & SSL_VERSION_SSL_V3) {
|
||||
ssl_opt_flags |= SSL_OP_NO_SSLv3;
|
||||
|
||||
if (sock->SslAcceptSettings.Tls_Disable1_0)
|
||||
{
|
||||
#ifdef SSL_OP_NO_TLSv1
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
|
||||
#endif // SSL_OP_NO_TLSv1
|
||||
}
|
||||
if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_0) {
|
||||
ssl_opt_flags |= SSL_OP_NO_TLSv1;
|
||||
|
||||
if (sock->SslAcceptSettings.Tls_Disable1_1)
|
||||
{
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
|
||||
#endif // SSL_OP_NO_TLSv1_1
|
||||
}
|
||||
if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_1) {
|
||||
ssl_opt_flags |= SSL_OP_NO_TLSv1_1;
|
||||
|
||||
if (sock->SslAcceptSettings.Tls_Disable1_2)
|
||||
{
|
||||
#ifdef SSL_OP_NO_TLSv1_2
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
|
||||
#endif // SSL_OP_NO_TLSv1_2
|
||||
}
|
||||
if (sock->DisableSslVersions & SSL_VERSION_TLS_V1_2) {
|
||||
ssl_opt_flags |= SSL_OP_NO_TLSv1_2;
|
||||
}
|
||||
SSL_CTX_set_options(ssl_ctx, ssl_opt_flags);
|
||||
|
||||
Unlock(openssl_lock);
|
||||
AddChainSslCertOnDirectory(ssl_ctx);
|
||||
Lock(openssl_lock);
|
||||
@ -13005,7 +13019,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_client_method());
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
|
||||
}
|
||||
}
|
||||
sock->ssl = SSL_new(ssl_ctx);
|
||||
@ -13021,6 +13035,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
}
|
||||
}
|
||||
#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
|
||||
}
|
||||
Unlock(openssl_lock);
|
||||
|
||||
@ -13206,6 +13221,8 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
#ifdef ENABLE_SSL_LOGGING
|
||||
|
||||
// Enable SSL logging
|
||||
@ -13838,6 +13855,10 @@ void DisableGetHostNameWhenAcceptInit()
|
||||
|
||||
// Initialize the connection acceptance
|
||||
void AcceptInit(SOCK *s)
|
||||
{
|
||||
AcceptInitEx(s, false);
|
||||
}
|
||||
void AcceptInitEx(SOCK *s, bool no_lookup_hostname)
|
||||
{
|
||||
char tmp[MAX_SIZE];
|
||||
// Validate arguments
|
||||
@ -13848,7 +13869,7 @@ void AcceptInit(SOCK *s)
|
||||
|
||||
Zero(tmp, sizeof(tmp));
|
||||
|
||||
if (disable_gethostname_by_accept == false)
|
||||
if (disable_gethostname_by_accept == false && no_lookup_hostname == false)
|
||||
{
|
||||
if (GetHostName(tmp, sizeof(tmp), &s->RemoteIP) == false ||
|
||||
IsEmptyStr(tmp))
|
||||
@ -17760,9 +17781,9 @@ DH *TmpDhCallback(SSL *ssl, int is_export, int keylength)
|
||||
{
|
||||
DH *ret = NULL;
|
||||
|
||||
if (dh_1024 != NULL)
|
||||
if (dh_2048 != NULL)
|
||||
{
|
||||
ret = dh_1024->dh;
|
||||
ret = dh_2048->dh;
|
||||
}
|
||||
|
||||
return ret;
|
||||
@ -17786,6 +17807,10 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
|
||||
|
||||
SSL_CTX_set_tmp_dh_callback(ctx, TmpDhCallback);
|
||||
|
||||
#ifdef SSL_CTX_set_ecdh_auto
|
||||
SSL_CTX_set_ecdh_auto(ctx, 1);
|
||||
#endif // SSL_CTX_set_ecdh_auto
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@ -17879,7 +17904,7 @@ void InitNetwork()
|
||||
disable_cache = false;
|
||||
|
||||
|
||||
dh_1024 = DhNewGroup2();
|
||||
dh_2048 = DhNew2048();
|
||||
|
||||
Zero(rand_port_numbers, sizeof(rand_port_numbers));
|
||||
|
||||
@ -18313,10 +18338,10 @@ void SetCurrentGlobalIP(IP *ip, bool ipv6)
|
||||
void FreeNetwork()
|
||||
{
|
||||
|
||||
if (dh_1024 != NULL)
|
||||
if (dh_2048 != NULL)
|
||||
{
|
||||
DhFree(dh_1024);
|
||||
dh_1024 = NULL;
|
||||
DhFree(dh_2048);
|
||||
dh_2048 = NULL;
|
||||
}
|
||||
|
||||
// Release of thread-related
|
||||
@ -21875,69 +21900,6 @@ bool HttpSendNotImplemented(SOCK *s, char *method, char *target, char *version)
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Sending the 301 Moved Permanently: Redirect
|
||||
bool HttpSendRedirect(SOCK *s, char *target, char *hostname)
|
||||
{
|
||||
HTTP_HEADER *h;
|
||||
char *str;
|
||||
//char *redirect_to_static="https://$HOSTNAME$:4443$TARGET$";
|
||||
char *redirect_to_static="https://%s:4443%s";
|
||||
char *redirect_to;
|
||||
UINT redir_size;
|
||||
UINT str_size;
|
||||
bool ret;
|
||||
char host[MAX_SIZE];
|
||||
UINT port;
|
||||
// Validate arguments
|
||||
if (s == NULL || target == NULL || hostname == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// Get the host name
|
||||
//GetMachineName(host, MAX_SIZE);
|
||||
Zero(host, sizeof(host));
|
||||
IPToStr(host, sizeof(host), &s->LocalIP);
|
||||
|
||||
// Creating a header
|
||||
h = NewHttpHeader("HTTP/1.1", "301", "Moved Permanently");
|
||||
|
||||
redir_size = strlen(redirect_to_static) * 2 + StrLen(target) + StrLen(hostname);
|
||||
redirect_to = Malloc(redir_size);
|
||||
snprintf(redirect_to, redir_size, redirect_to_static, hostname, target);
|
||||
//StrCpy(redirect_to, redir_size, redirect_to_static);
|
||||
//ReplaceStri(redirect_to, redir_size, redirect_to, "$TARGET$", target);
|
||||
//ReplaceStri(redirect_to, redir_size, redirect_to, "$HOSTNAME$", hostname);
|
||||
|
||||
AddHttpValue(h, NewHttpValue("Location", redirect_to));
|
||||
AddHttpValue(h, NewHttpValue("Content-Type", HTTP_CONTENT_TYPE));
|
||||
|
||||
// Creating a Data
|
||||
str_size = sizeof(http_301_str) * 2 + StrLen(target) + StrLen(hostname);
|
||||
str = Malloc(str_size);
|
||||
StrCpy(str, str_size, http_301_str);
|
||||
|
||||
// TARGET
|
||||
ReplaceUnsafeCharInTarget(target);
|
||||
ReplaceStri(str, str_size, str, "$TARGET$", target);
|
||||
|
||||
// HOST
|
||||
//ReplaceStri(str, str_size, str, "$HOST$", host);
|
||||
|
||||
// HOSTNAME
|
||||
ReplaceStri(str, str_size, str, "$HOSTNAME$", hostname);
|
||||
|
||||
// Transmission
|
||||
ret = PostHttp(s, h, str, StrLen(str));
|
||||
|
||||
FreeHttpHeader(h);
|
||||
Free(redirect_to);
|
||||
Free(str);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
// Sending a 404 Not Found error
|
||||
bool HttpSendNotFound(SOCK *s, char *target)
|
||||
{
|
||||
@ -22744,7 +22706,14 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
|
||||
USHORT handshake_length;
|
||||
|
||||
// Validate arguments
|
||||
if (packet_buf == NULL || packet_size == 0)
|
||||
if (packet_buf == NULL || packet_size <= 11)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!(packet_buf[0] == 0x16 && packet_buf[1] >= 0x03 &&
|
||||
packet_buf[5] == 0x01 && packet_buf[6] == 0x00 &&
|
||||
packet_buf[9] >= 0x03))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -22758,7 +22727,7 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
|
||||
version = Endian16(version);
|
||||
handshake_length = Endian16(handshake_length);
|
||||
|
||||
if (version >= 0x0301)
|
||||
if (content_type == 0x16 && version >= 0x0301)
|
||||
{
|
||||
UCHAR *handshake_data = Malloc(handshake_length);
|
||||
|
||||
@ -22874,11 +22843,14 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
|
||||
name_buf = ZeroMalloc(name_len + 1);
|
||||
|
||||
if (ReadBuf(dbuf, name_buf, name_len) == name_len)
|
||||
{
|
||||
if (StrLen(name_buf) >= 1)
|
||||
{
|
||||
ret = true;
|
||||
|
||||
StrCpy(sni, sni_size, name_buf);
|
||||
}
|
||||
}
|
||||
|
||||
Free(name_buf);
|
||||
}
|
||||
|
@ -246,6 +246,15 @@ struct SOCK_EVENT
|
||||
#define SOCK_RUDP_LISTEN 5
|
||||
#define SOCK_REVERSE_LISTEN 6
|
||||
|
||||
// SSL Accept Settings
|
||||
struct SSL_ACCEPT_SETTINGS
|
||||
{
|
||||
bool AcceptOnlyTls;
|
||||
bool Tls_Disable1_0;
|
||||
bool Tls_Disable1_1;
|
||||
bool Tls_Disable1_2;
|
||||
};
|
||||
|
||||
// Socket
|
||||
struct SOCK
|
||||
{
|
||||
@ -312,8 +321,7 @@ struct SOCK
|
||||
IP Reverse_MyServerGlobalIp; // Self global IP address when using the reverse socket
|
||||
UINT Reverse_MyServerPort; // Self port number when using the reverse socket
|
||||
UCHAR Ssl_Init_Async_SendAlert[2]; // Initial state of SSL send_alert
|
||||
bool AcceptOnlyTls; // Accept only TLS (disable SSLv3)
|
||||
UINT DisableSslVersions; // Bitmap of SSL Version to disable
|
||||
SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings
|
||||
bool RawIP_HeaderIncludeFlag;
|
||||
|
||||
#ifdef ENABLE_SSL_LOGGING
|
||||
@ -1044,7 +1052,6 @@ char *HttpHeaderToStr(HTTP_HEADER *header);
|
||||
bool PostHttp(SOCK *s, HTTP_HEADER *header, void *post_data, UINT post_size);
|
||||
UINT GetContentLength(HTTP_HEADER *header);
|
||||
void GetHttpDateStr(char *str, UINT size, UINT64 t);
|
||||
bool HttpSendRedirect(SOCK *s, char *target, char* hostname);
|
||||
bool HttpSendForbidden(SOCK *s, char *target, char *server_id);
|
||||
bool HttpSendNotFound(SOCK *s, char *target);
|
||||
bool HttpSendNotImplemented(SOCK *s, char *method, char *target, char *version);
|
||||
@ -1370,6 +1377,7 @@ bool GetDomainName(char *name, UINT size);
|
||||
bool UnixGetDomainName(char *name, UINT size);
|
||||
void RenewDhcp();
|
||||
void AcceptInit(SOCK *s);
|
||||
void AcceptInitEx(SOCK *s, bool no_lookup_hostname);
|
||||
void DisableGetHostNameWhenAcceptInit();
|
||||
bool CheckCipherListName(char *name);
|
||||
TOKEN_LIST *GetCipherList();
|
||||
|
@ -424,12 +424,18 @@ bool SignSecByObject(SECURE *sec, SEC_OBJ *obj, void *dst, void *src, UINT size)
|
||||
|
||||
// Perform Signing
|
||||
size = 128;
|
||||
// First try with 1024 bit
|
||||
ret = sec->Api->C_Sign(sec->SessionId, hash, sizeof(hash), dst, &size);
|
||||
if (ret != CKR_OK || size != 128)
|
||||
if (ret != CKR_OK && 128 < size && size <= 4096/8)
|
||||
{
|
||||
// Retry with expanded bits
|
||||
ret = sec->Api->C_Sign(sec->SessionId, hash, sizeof(hash), dst, &size);
|
||||
}
|
||||
if (ret != CKR_OK || size == 0 || size > 4096/8)
|
||||
{
|
||||
// Failure
|
||||
sec->Error = SEC_ERROR_HARDWARE_ERROR;
|
||||
Debug("C_Sign Error: 0x%x\n", ret);
|
||||
Debug("C_Sign Error: 0x%x size:%d\n", ret, size);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -782,6 +788,11 @@ bool WriteSecCert(SECURE *sec, bool private_obj, char *name, X *x)
|
||||
b_private_obj = false;
|
||||
}
|
||||
|
||||
// CryptoID PKCS#11 requires CKA_ID attiribute instead of CKA_LABEL.
|
||||
if(sec->Dev->Id == 22) {
|
||||
a[7].type = CKA_ID;
|
||||
}
|
||||
|
||||
// Remove objects which have the same name
|
||||
if (CheckSecObject(sec, name, SEC_X))
|
||||
{
|
||||
@ -2007,7 +2018,7 @@ void TestSecMain(SECURE *sec)
|
||||
}
|
||||
|
||||
Print("Generating Key...\n");
|
||||
if (RsaGen(&private_key, &public_key, 1024) == false)
|
||||
if (RsaGen(&private_key, &public_key, 2048) == false)
|
||||
{
|
||||
Print("RsaGen() Failed.\n");
|
||||
}
|
||||
@ -2077,9 +2088,10 @@ void TestSecMain(SECURE *sec)
|
||||
}
|
||||
else
|
||||
{
|
||||
UCHAR sign_cpu[128];
|
||||
UCHAR sign_sec[128];
|
||||
UCHAR sign_cpu[512];
|
||||
UCHAR sign_sec[512];
|
||||
K *pub = GetKFromX(cert);
|
||||
UINT keybtytes = (cert->bits)/8;
|
||||
Print("Ok.\n");
|
||||
Print("Signing Data by CPU...\n");
|
||||
if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false)
|
||||
@ -2090,7 +2102,7 @@ void TestSecMain(SECURE *sec)
|
||||
{
|
||||
Print("Ok.\n");
|
||||
Print("sign_cpu: ");
|
||||
PrintBin(sign_cpu, sizeof(sign_cpu));
|
||||
PrintBin(sign_cpu, keybtytes);
|
||||
Print("Signing Data by %s..\n", sec->Dev->DeviceName);
|
||||
if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false)
|
||||
{
|
||||
@ -2100,14 +2112,14 @@ void TestSecMain(SECURE *sec)
|
||||
{
|
||||
Print("Ok.\n");
|
||||
Print("sign_sec: ");
|
||||
PrintBin(sign_sec, sizeof(sign_sec));
|
||||
PrintBin(sign_sec, keybtytes);
|
||||
Print("Compare...");
|
||||
if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0)
|
||||
if (Cmp(sign_sec, sign_cpu, keybtytes) == 0)
|
||||
{
|
||||
Print("Ok.\n");
|
||||
Print("Verify...");
|
||||
if (RsaVerify(test_str, StrLen(test_str),
|
||||
sign_sec, pub) == false)
|
||||
if (RsaVerifyEx(test_str, StrLen(test_str),
|
||||
sign_sec, pub, cert->bits) == false)
|
||||
{
|
||||
Print("[FAILED]\n");
|
||||
}
|
||||
|
@ -307,7 +307,8 @@ SECURE_DEVICE SupportedList[] =
|
||||
{18, SECURE_IC_CARD, "Gemalto .NET", "Gemalto", "gtop11dotnet.dll"},
|
||||
{19, SECURE_IC_CARD, "Gemalto .NET 64bit", "Gemalto", "gtop11dotnet64.dll"},
|
||||
{20, SECURE_USB_TOKEN, "ePass 2003", "Feitian Technologies", "eps2003csp11.dll"},
|
||||
{20, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"},
|
||||
{21, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"},
|
||||
{22, SECURE_USB_TOKEN, "CryptoID", "Longmai Technology", "cryptoida_pkcs11.dll"},
|
||||
};
|
||||
|
||||
#ifdef OS_WIN32
|
||||
|
@ -1829,20 +1829,27 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b
|
||||
{
|
||||
USHORT port_raw = Endian16(80);
|
||||
USHORT port_raw2 = Endian16(8080);
|
||||
USHORT port_raw3 = Endian16(443);
|
||||
|
||||
// Analyze if the packet is a part of HTTP
|
||||
if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP)
|
||||
{
|
||||
TCP_HEADER *tcp = p->L4.TCPHeader;
|
||||
if (tcp != NULL && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
|
||||
{
|
||||
if (tcp->DstPort == port_raw || tcp->DstPort == port_raw2)
|
||||
if (tcp != NULL && (tcp->DstPort == port_raw || tcp->DstPort == port_raw2) &&
|
||||
(!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
|
||||
{
|
||||
if (p->PayloadSize >= 1)
|
||||
{
|
||||
p->HttpLog = ParseHttpAccessLog(p);
|
||||
}
|
||||
}
|
||||
if (tcp != NULL && tcp->DstPort == port_raw3 &&
|
||||
(!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
|
||||
{
|
||||
if (p->PayloadSize >= 1)
|
||||
{
|
||||
p->HttpLog = ParseHttpsAccessLog(p);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -2014,6 +2021,33 @@ void CorrectChecksum(PKT *p)
|
||||
}
|
||||
|
||||
|
||||
// Parse the HTTPS access log
|
||||
HTTPLOG *ParseHttpsAccessLog(PKT *pkt)
|
||||
{
|
||||
HTTPLOG h;
|
||||
char sni[MAX_PATH];
|
||||
// Validate arguments
|
||||
if (pkt == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (GetSniNameFromSslPacket(pkt->Payload, pkt->PayloadSize, sni, sizeof(sni)) == false)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
Zero(&h, sizeof(h));
|
||||
|
||||
StrCpy(h.Method, sizeof(h.Method), "SSL_Connect");
|
||||
StrCpy(h.Hostname, sizeof(h.Hostname), sni);
|
||||
h.Port = Endian16(pkt->L4.TCPHeader->DstPort);
|
||||
StrCpy(h.Path, sizeof(h.Path), "/");
|
||||
h.IsSsl = true;
|
||||
|
||||
return Clone(&h, sizeof(h));
|
||||
}
|
||||
|
||||
// Parse the HTTP access log
|
||||
HTTPLOG *ParseHttpAccessLog(PKT *pkt)
|
||||
{
|
||||
|
@ -651,6 +651,7 @@ struct HTTPLOG
|
||||
char Protocol[64]; // Protocol
|
||||
char UserAgent[MAX_SIZE]; // User Agent value
|
||||
char Referer[MAX_SIZE]; // Referer
|
||||
bool IsSsl; // Is SSL
|
||||
};
|
||||
|
||||
// Packet
|
||||
@ -919,6 +920,7 @@ void FreeDhcpOptions(LIST *o);
|
||||
LIST *ParseDhcpOptions(void *data, UINT size);
|
||||
BUF *BuildDhcpOptionsBuf(LIST *o);
|
||||
HTTPLOG *ParseHttpAccessLog(PKT *pkt);
|
||||
HTTPLOG *ParseHttpsAccessLog(PKT *pkt);
|
||||
|
||||
BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size);
|
||||
BUF *DhcpModifyIPv4(DHCP_MODIFY_OPTION *m, void *data, UINT size);
|
||||
|
@ -2031,6 +2031,7 @@ void UnixInc32(UINT *value)
|
||||
void UnixGetSystemTime(SYSTEMTIME *system_time)
|
||||
{
|
||||
time_t now = 0;
|
||||
time_64t now2 = 0;
|
||||
struct tm tm;
|
||||
struct timeval tv;
|
||||
struct timezone tz;
|
||||
@ -2048,7 +2049,16 @@ void UnixGetSystemTime(SYSTEMTIME *system_time)
|
||||
|
||||
time(&now);
|
||||
|
||||
gmtime_r(&now, &tm);
|
||||
if (sizeof(time_t) == 4)
|
||||
{
|
||||
now2 = (time_64t)((UINT64)((UINT32)now));
|
||||
}
|
||||
else
|
||||
{
|
||||
now2 = now;
|
||||
}
|
||||
|
||||
c_gmtime_r(&now2, &tm);
|
||||
|
||||
TmToSystem(system_time, &tm);
|
||||
|
||||
@ -2087,7 +2097,7 @@ UINT64 UnixGetTick64()
|
||||
#endif // CLOCK_MONOTONIC
|
||||
#endif // CLOCK_HIGHRES
|
||||
|
||||
ret = (UINT64)t.tv_sec * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
|
||||
ret = ((UINT64)((UINT32)t.tv_sec)) * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
|
||||
|
||||
if (akirame == false && ret == 0)
|
||||
{
|
||||
@ -2106,7 +2116,7 @@ UINT64 UnixGetTick64()
|
||||
host_get_clock_service(mach_host_self(), SYSTEM_CLOCK, &clock_serv);
|
||||
}
|
||||
clock_get_time(clock_serv, &t);
|
||||
ret = (UINT64)t.tv_sec * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
|
||||
ret = ((UINT64)((UINT32)t.tv_sec)) * 1000LL + (UINT64)t.tv_nsec / 1000000LL;
|
||||
return ret;
|
||||
#else
|
||||
return TickRealtimeManual();
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes.h */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -291,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags);
|
||||
* BIO_CB_RETURN flag indicates if it is after the call
|
||||
*/
|
||||
# define BIO_CB_RETURN 0x80
|
||||
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
|
||||
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
|
||||
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
|
||||
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
|
||||
|
||||
@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
|
||||
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
|
||||
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
|
||||
# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
|
||||
# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
|
||||
|
||||
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
|
||||
|
||||
/* BIO_s_accept_socket() */
|
||||
/* BIO_s_accept() */
|
||||
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
|
||||
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
|
||||
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
|
||||
@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
|
||||
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
|
||||
|
||||
/* BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_do_connect(b) BIO_do_handshake(b)
|
||||
# define BIO_do_accept(b) BIO_do_handshake(b)
|
||||
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
|
||||
@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
|
||||
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
|
||||
|
||||
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
|
||||
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
|
||||
|
||||
/* BIO_s_file() */
|
||||
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
|
||||
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
|
||||
|
||||
/* BIO_s_fd() and BIO_s_file() */
|
||||
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
|
||||
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
|
||||
|
||||
@ -555,11 +559,11 @@ int BIO_read_filename(BIO *b, const char *name);
|
||||
# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
|
||||
# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
|
||||
# define BIO_set_ssl_renegotiate_bytes(b,num) \
|
||||
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
|
||||
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
|
||||
# define BIO_get_num_renegotiates(b) \
|
||||
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
|
||||
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
|
||||
# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
|
||||
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
|
||||
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
|
||||
|
||||
/* defined in evp.h */
|
||||
/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
|
||||
@ -685,7 +689,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
|
||||
long argl, long ret);
|
||||
|
||||
BIO_METHOD *BIO_s_mem(void);
|
||||
BIO *BIO_new_mem_buf(void *buf, int len);
|
||||
BIO *BIO_new_mem_buf(const void *buf, int len);
|
||||
BIO_METHOD *BIO_s_socket(void);
|
||||
BIO_METHOD *BIO_s_connect(void);
|
||||
BIO_METHOD *BIO_s_accept(void);
|
||||
|
@ -125,6 +125,7 @@
|
||||
#ifndef HEADER_BN_H
|
||||
# define HEADER_BN_H
|
||||
|
||||
# include <limits.h>
|
||||
# include <openssl/e_os2.h>
|
||||
# ifndef OPENSSL_NO_FP_API
|
||||
# include <stdio.h> /* FILE */
|
||||
@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void);
|
||||
|
||||
/* library internal functions */
|
||||
|
||||
# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
|
||||
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
|
||||
# define bn_expand(a,bits) \
|
||||
( \
|
||||
bits > (INT_MAX - BN_BITS2 + 1) ? \
|
||||
NULL \
|
||||
: \
|
||||
(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
|
||||
(a) \
|
||||
: \
|
||||
bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
|
||||
)
|
||||
|
||||
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
|
||||
BIGNUM *bn_expand2(BIGNUM *a, int words);
|
||||
# ifndef OPENSSL_NO_DEPRECATED
|
||||
@ -779,6 +789,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
||||
* wouldn't be constructed with top!=dmax. */ \
|
||||
BN_ULONG *_not_const; \
|
||||
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
|
||||
/* Debug only - safe to ignore error return */ \
|
||||
RAND_pseudo_bytes(&_tmp_char, 1); \
|
||||
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
|
||||
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
|
||||
@ -831,6 +842,8 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
||||
if (*(ftl--)) break; \
|
||||
(a)->top = tmp_top; \
|
||||
} \
|
||||
if ((a)->top == 0) \
|
||||
(a)->neg = 0; \
|
||||
bn_pollute(a); \
|
||||
}
|
||||
|
||||
@ -892,6 +905,7 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
|
||||
# define BN_F_BN_GF2M_MOD_SQR 136
|
||||
# define BN_F_BN_GF2M_MOD_SQRT 137
|
||||
# define BN_F_BN_LSHIFT 145
|
||||
# define BN_F_BN_MOD_EXP2_MONT 118
|
||||
# define BN_F_BN_MOD_EXP_MONT 109
|
||||
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
|
||||
@ -907,12 +921,14 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_F_BN_NEW 113
|
||||
# define BN_F_BN_RAND 114
|
||||
# define BN_F_BN_RAND_RANGE 122
|
||||
# define BN_F_BN_RSHIFT 146
|
||||
# define BN_F_BN_USUB 115
|
||||
|
||||
/* Reason codes. */
|
||||
# define BN_R_ARG2_LT_ARG3 100
|
||||
# define BN_R_BAD_RECIPROCAL 101
|
||||
# define BN_R_BIGNUM_TOO_LONG 114
|
||||
# define BN_R_BITS_TOO_SMALL 118
|
||||
# define BN_R_CALLED_WITH_EVEN_MODULUS 102
|
||||
# define BN_R_DIV_BY_ZERO 103
|
||||
# define BN_R_ENCODING_ERROR 104
|
||||
@ -920,6 +936,7 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_R_INPUT_NOT_REDUCED 110
|
||||
# define BN_R_INVALID_LENGTH 106
|
||||
# define BN_R_INVALID_RANGE 115
|
||||
# define BN_R_INVALID_SHIFT 119
|
||||
# define BN_R_NOT_A_SQUARE 111
|
||||
# define BN_R_NOT_INITIALIZED 107
|
||||
# define BN_R_NO_INVERSE 108
|
||||
|
@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len);
|
||||
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
|
||||
size_t BUF_strnlen(const char *str, size_t maxlen);
|
||||
char *BUF_strdup(const char *str);
|
||||
|
||||
/*
|
||||
* Like strndup, but in addition, explicitly guarantees to never read past the
|
||||
* first |siz| bytes of |str|.
|
||||
*/
|
||||
char *BUF_strndup(const char *str, size_t siz);
|
||||
|
||||
void *BUF_memdup(const void *data, size_t siz);
|
||||
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia.h */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -4,13 +4,17 @@
|
||||
|
||||
# include <openssl/crypto.h>
|
||||
|
||||
# ifdef OPENSSL_NO_COMP
|
||||
# error COMP is disabled.
|
||||
# endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct comp_ctx_st COMP_CTX;
|
||||
|
||||
typedef struct comp_method_st {
|
||||
struct comp_method_st {
|
||||
int type; /* NID for compression library */
|
||||
const char *name; /* A text string to identify the library */
|
||||
int (*init) (COMP_CTX *ctx);
|
||||
@ -26,7 +30,7 @@ typedef struct comp_method_st {
|
||||
*/
|
||||
long (*ctrl) (void);
|
||||
long (*callback_ctrl) (void);
|
||||
} COMP_METHOD;
|
||||
};
|
||||
|
||||
struct comp_ctx_st {
|
||||
COMP_METHOD *meth;
|
||||
|
@ -628,7 +628,7 @@ void OPENSSL_init(void);
|
||||
* into a defined order as the return value when a != b is undefined, other
|
||||
* than to be non-zero.
|
||||
*/
|
||||
int CRYPTO_memcmp(const void *a, const void *b, size_t len);
|
||||
int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len);
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/des/des_old.h */
|
||||
|
||||
/*-
|
||||
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
|
||||
|
@ -142,7 +142,7 @@ struct dh_st {
|
||||
BIGNUM *p;
|
||||
BIGNUM *g;
|
||||
long length; /* optional */
|
||||
BIGNUM *pub_key; /* g^x */
|
||||
BIGNUM *pub_key; /* g^x % p */
|
||||
BIGNUM *priv_key; /* x */
|
||||
int flags;
|
||||
BN_MONT_CTX *method_mont_p;
|
||||
@ -174,6 +174,7 @@ struct dh_st {
|
||||
/* DH_check_pub_key error codes */
|
||||
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
|
||||
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
|
||||
# define DH_CHECK_PUBKEY_INVALID 0x04
|
||||
|
||||
/*
|
||||
* primes p where (p-1)/2 is prime too are called "safe"; we define this for
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* dso.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* dso.h */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
@ -109,6 +109,12 @@ extern "C" {
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# define OPENSSL_SYS_WIN32
|
||||
# endif
|
||||
# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# if !defined(OPENSSL_SYS_WIN64)
|
||||
# define OPENSSL_SYS_WIN64
|
||||
# endif
|
||||
# endif
|
||||
# if defined(OPENSSL_SYSNAME_WINNT)
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# define OPENSSL_SYS_WINNT
|
||||
@ -121,7 +127,7 @@ extern "C" {
|
||||
# endif
|
||||
|
||||
/* Anything that tries to look like Microsoft is "Windows" */
|
||||
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
|
||||
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# define OPENSSL_SYS_WINDOWS
|
||||
# ifndef OPENSSL_SYS_MSDOS
|
||||
@ -325,4 +331,3 @@ extern "C" {
|
||||
#undef OPENSSL_SYS_WIN32
|
||||
#undef OPENSSL_SYS_WINDOWS
|
||||
#endif // _MSC_VER
|
||||
|
||||
|
@ -106,7 +106,7 @@ typedef enum {
|
||||
/** the point is encoded as z||x, where the octet z specifies
|
||||
* which solution of the quadratic equation y is */
|
||||
POINT_CONVERSION_COMPRESSED = 2,
|
||||
/** the point is encoded as z||x||y, where z is the octet 0x02 */
|
||||
/** the point is encoded as z||x||y, where z is the octet 0x04 */
|
||||
POINT_CONVERSION_UNCOMPRESSED = 4,
|
||||
/** the point is encoded as z||x||y, where the octet z specifies
|
||||
* which solution of the quadratic equation y is */
|
||||
@ -1097,6 +1097,12 @@ void ERR_load_EC_strings(void);
|
||||
# define EC_F_ECPARAMETERS_PRINT_FP 148
|
||||
# define EC_F_ECPKPARAMETERS_PRINT 149
|
||||
# define EC_F_ECPKPARAMETERS_PRINT_FP 150
|
||||
# define EC_F_ECP_NISTZ256_GET_AFFINE 240
|
||||
# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243
|
||||
# define EC_F_ECP_NISTZ256_POINTS_MUL 241
|
||||
# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244
|
||||
# define EC_F_ECP_NISTZ256_SET_WORDS 245
|
||||
# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242
|
||||
# define EC_F_ECP_NIST_MOD_192 203
|
||||
# define EC_F_ECP_NIST_MOD_224 204
|
||||
# define EC_F_ECP_NIST_MOD_256 205
|
||||
@ -1208,11 +1214,6 @@ void ERR_load_EC_strings(void);
|
||||
# define EC_F_NISTP224_PRE_COMP_NEW 227
|
||||
# define EC_F_NISTP256_PRE_COMP_NEW 236
|
||||
# define EC_F_NISTP521_PRE_COMP_NEW 237
|
||||
# define EC_F_ECP_NISTZ256_GET_AFFINE 240
|
||||
# define EC_F_ECP_NISTZ256_POINTS_MUL 241
|
||||
# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242
|
||||
# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243
|
||||
# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244
|
||||
# define EC_F_O2I_ECPUBLICKEY 152
|
||||
# define EC_F_OLD_EC_PRIV_DECODE 222
|
||||
# define EC_F_PKEY_EC_CTRL 197
|
||||
|
@ -233,7 +233,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx);
|
||||
* \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
|
||||
*/
|
||||
|
||||
ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method);
|
||||
ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method);
|
||||
|
||||
/** frees a ECDSA_METHOD structure
|
||||
* \param ecdsa_method pointer to the ECDSA_METHOD structure
|
||||
|
@ -103,7 +103,6 @@
|
||||
# define EVP_PKS_RSA 0x0100
|
||||
# define EVP_PKS_DSA 0x0200
|
||||
# define EVP_PKS_EC 0x0400
|
||||
# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
|
||||
|
||||
# define EVP_PKEY_NONE NID_undef
|
||||
# define EVP_PKEY_RSA NID_rsaEncryption
|
||||
@ -424,6 +423,9 @@ struct evp_cipher_st {
|
||||
# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b
|
||||
# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c
|
||||
|
||||
/* RFC 5246 defines additional data to be 13 bytes in length */
|
||||
# define EVP_AEAD_TLS1_AAD_LEN 13
|
||||
|
||||
typedef struct {
|
||||
unsigned char *out;
|
||||
const unsigned char *inp;
|
||||
@ -1121,6 +1123,19 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
|
||||
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
|
||||
int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
|
||||
long arg1, void *arg2));
|
||||
void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
|
||||
int (*item_verify) (EVP_MD_CTX *ctx,
|
||||
const ASN1_ITEM *it,
|
||||
void *asn,
|
||||
X509_ALGOR *a,
|
||||
ASN1_BIT_STRING *sig,
|
||||
EVP_PKEY *pkey),
|
||||
int (*item_sign) (EVP_MD_CTX *ctx,
|
||||
const ASN1_ITEM *it,
|
||||
void *asn,
|
||||
X509_ALGOR *alg1,
|
||||
X509_ALGOR *alg2,
|
||||
ASN1_BIT_STRING *sig));
|
||||
|
||||
# define EVP_PKEY_OP_UNDEFINED 0
|
||||
# define EVP_PKEY_OP_PARAMGEN (1<<1)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
|
||||
/* ssl/kssl.h */
|
||||
/*
|
||||
* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
|
||||
* 2000. project 2000.
|
||||
|
@ -41,12 +41,18 @@ extern "C" {
|
||||
#ifndef OPENSSL_NO_SSL_TRACE
|
||||
# define OPENSSL_NO_SSL_TRACE
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
# define OPENSSL_NO_SSL2
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_STORE
|
||||
# define OPENSSL_NO_STORE
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_UNIT_TEST
|
||||
# define OPENSSL_NO_UNIT_TEST
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||
# define OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_DOING_MAKEDEPEND */
|
||||
|
||||
@ -89,12 +95,18 @@ extern "C" {
|
||||
# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
|
||||
# define NO_SSL_TRACE
|
||||
# endif
|
||||
# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
|
||||
# define NO_SSL2
|
||||
# endif
|
||||
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
|
||||
# define NO_STORE
|
||||
# endif
|
||||
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
|
||||
# define NO_UNIT_TEST
|
||||
# endif
|
||||
# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
|
||||
# define NO_WEAK_SSL_CIPHERS
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#define OPENSSL_CPUID_OBJ
|
||||
@ -203,7 +215,7 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(DES_RISC1) && defined(DES_RISC2)
|
||||
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
|
||||
#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
|
||||
#endif
|
||||
|
||||
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
|
||||
@ -222,7 +234,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
|
||||
optimization options. Older Sparc's work better with only UNROLL, but
|
||||
there's no way to tell at compile time what it is you're running on */
|
||||
|
||||
#if defined( sun ) /* Newer Sparc's */
|
||||
#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
|
||||
# define DES_PTR
|
||||
# define DES_RISC1
|
||||
# define DES_UNROLL
|
||||
|
@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000201fL
|
||||
# define OPENSSL_VERSION_NUMBER 0x100020afL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-fips 19 Mar 2015"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a 19 Mar 2015"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
@ -178,6 +178,8 @@ typedef struct engine_st ENGINE;
|
||||
typedef struct ssl_st SSL;
|
||||
typedef struct ssl_ctx_st SSL_CTX;
|
||||
|
||||
typedef struct comp_method_st COMP_METHOD;
|
||||
|
||||
typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
|
||||
typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
|
||||
typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
|
||||
|
@ -531,6 +531,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
|
||||
* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
*/
|
||||
|
||||
void ERR_load_PEM_strings(void);
|
||||
|
||||
/* Error codes for the PEM functions. */
|
||||
@ -592,6 +593,7 @@ void ERR_load_PEM_strings(void);
|
||||
# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
|
||||
# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119
|
||||
# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120
|
||||
# define PEM_R_HEADER_TOO_LONG 128
|
||||
# define PEM_R_INCONSISTENT_HEADER 121
|
||||
# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122
|
||||
# define PEM_R_KEYBLOB_TOO_SHORT 123
|
||||
@ -609,7 +611,7 @@ void ERR_load_PEM_strings(void);
|
||||
# define PEM_R_UNSUPPORTED_ENCRYPTION 114
|
||||
# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126
|
||||
|
||||
#ifdef __cplusplus
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
# endif
|
||||
#endif
|
||||
|
@ -270,7 +270,7 @@ int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
|
||||
int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
|
||||
PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
|
||||
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
|
||||
int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
|
||||
int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/*
|
||||
|
@ -82,16 +82,21 @@ typedef struct SRP_gN_cache_st {
|
||||
DECLARE_STACK_OF(SRP_gN_cache)
|
||||
|
||||
typedef struct SRP_user_pwd_st {
|
||||
/* Owned by us. */
|
||||
char *id;
|
||||
BIGNUM *s;
|
||||
BIGNUM *v;
|
||||
/* Not owned by us. */
|
||||
const BIGNUM *g;
|
||||
const BIGNUM *N;
|
||||
/* Owned by us. */
|
||||
char *info;
|
||||
} SRP_user_pwd;
|
||||
|
||||
DECLARE_STACK_OF(SRP_user_pwd)
|
||||
|
||||
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
|
||||
|
||||
typedef struct SRP_VBASE_st {
|
||||
STACK_OF(SRP_user_pwd) *users_pwd;
|
||||
STACK_OF(SRP_gN_cache) *gN_cache;
|
||||
@ -115,7 +120,12 @@ DECLARE_STACK_OF(SRP_gN)
|
||||
SRP_VBASE *SRP_VBASE_new(char *seed_key);
|
||||
int SRP_VBASE_free(SRP_VBASE *vb);
|
||||
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
|
||||
|
||||
/* This method ignores the configured seed and fails for an unknown user. */
|
||||
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
|
||||
/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
|
||||
SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
|
||||
|
||||
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
|
||||
char **verifier, const char *N, const char *g);
|
||||
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
|
||||
|
@ -338,7 +338,7 @@ extern "C" {
|
||||
* The following cipher list is used by default. It also is substituted when
|
||||
* an application-defined cipher list string starts with 'DEFAULT'.
|
||||
*/
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
|
||||
/*
|
||||
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
||||
* starts with a reasonable order, and all we have to do for DEFAULT is
|
||||
@ -625,7 +625,7 @@ struct ssl_session_st {
|
||||
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
|
||||
/* If set, always create a new key when using tmp_ecdh parameters */
|
||||
# define SSL_OP_SINGLE_ECDH_USE 0x00080000L
|
||||
/* If set, always create a new key when using tmp_dh parameters */
|
||||
/* Does nothing: retained for compatibility */
|
||||
# define SSL_OP_SINGLE_DH_USE 0x00100000L
|
||||
/* Does nothing: retained for compatibiity */
|
||||
# define SSL_OP_EPHEMERAL_RSA 0x0
|
||||
@ -1727,6 +1727,7 @@ extern "C" {
|
||||
# define SSL_ST_BEFORE 0x4000
|
||||
# define SSL_ST_OK 0x03
|
||||
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
|
||||
# define SSL_ST_ERR 0x05
|
||||
|
||||
# define SSL_CB_LOOP 0x01
|
||||
# define SSL_CB_EXIT 0x02
|
||||
@ -2091,7 +2092,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
|
||||
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
|
||||
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
|
||||
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
|
||||
# define SSL_set1_sigalgs_list(ctx, s) \
|
||||
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
|
||||
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
|
||||
@ -2344,7 +2345,7 @@ const char *SSL_get_version(const SSL *s);
|
||||
/* This sets the 'default' SSL version that SSL_new() will create */
|
||||
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
||||
|
||||
# ifndef OPENSSL_NO_SSL2
|
||||
# ifndef OPENSSL_NO_SSL2_METHOD
|
||||
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
|
||||
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
|
||||
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
|
||||
@ -2531,7 +2532,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
|
||||
int keylength));
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_COMP
|
||||
const COMP_METHOD *SSL_get_current_compression(SSL *s);
|
||||
const COMP_METHOD *SSL_get_current_expansion(SSL *s);
|
||||
const char *SSL_COMP_get_name(const COMP_METHOD *comp);
|
||||
@ -2540,13 +2540,6 @@ STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
|
||||
*meths);
|
||||
void SSL_COMP_free_compression_methods(void);
|
||||
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
|
||||
# else
|
||||
const void *SSL_get_current_compression(SSL *s);
|
||||
const void *SSL_get_current_expansion(SSL *s);
|
||||
const char *SSL_COMP_get_name(const void *comp);
|
||||
void *SSL_COMP_get_compression_methods(void);
|
||||
int SSL_COMP_add_compression_method(int id, void *cm);
|
||||
# endif
|
||||
|
||||
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
|
||||
|
||||
@ -2622,6 +2615,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_F_DTLS1_HEARTBEAT 305
|
||||
# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
|
||||
# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
|
||||
# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424
|
||||
# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
|
||||
# define SSL_F_DTLS1_PROCESS_RECORD 257
|
||||
# define SSL_F_DTLS1_READ_BYTES 258
|
||||
@ -2640,6 +2634,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_F_GET_CLIENT_MASTER_KEY 107
|
||||
# define SSL_F_GET_SERVER_FINISHED 108
|
||||
# define SSL_F_GET_SERVER_HELLO 109
|
||||
# define SSL_F_GET_SERVER_STATIC_DH_KEY 340
|
||||
# define SSL_F_GET_SERVER_VERIFY 110
|
||||
# define SSL_F_I2D_SSL_SESSION 111
|
||||
# define SSL_F_READ_N 112
|
||||
@ -2670,6 +2665,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
|
||||
# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
|
||||
# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
|
||||
# define SSL_F_SSL3_CHECK_FINISHED 339
|
||||
# define SSL_F_SSL3_CLIENT_HELLO 131
|
||||
# define SSL_F_SSL3_CONNECT 132
|
||||
# define SSL_F_SSL3_CTRL 213
|
||||
@ -2678,6 +2674,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
|
||||
# define SSL_F_SSL3_ENC 134
|
||||
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
|
||||
# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
|
||||
# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
|
||||
# define SSL_F_SSL3_GET_CERT_STATUS 289
|
||||
# define SSL_F_SSL3_GET_CERT_VERIFY 136
|
||||
@ -2784,6 +2781,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
|
||||
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
|
||||
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
|
||||
# define SSL_F_SSL_SESSION_DUP 348
|
||||
# define SSL_F_SSL_SESSION_NEW 189
|
||||
# define SSL_F_SSL_SESSION_PRINT_FP 190
|
||||
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
|
||||
@ -2842,8 +2840,11 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
|
||||
# define SSL_R_BAD_DECOMPRESSION 107
|
||||
# define SSL_R_BAD_DH_G_LENGTH 108
|
||||
# define SSL_R_BAD_DH_G_VALUE 375
|
||||
# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
|
||||
# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
|
||||
# define SSL_R_BAD_DH_P_LENGTH 110
|
||||
# define SSL_R_BAD_DH_P_VALUE 395
|
||||
# define SSL_R_BAD_DIGEST_LENGTH 111
|
||||
# define SSL_R_BAD_DSA_SIGNATURE 112
|
||||
# define SSL_R_BAD_ECC_CERT 304
|
||||
@ -2904,6 +2905,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_R_DATA_LENGTH_TOO_LONG 146
|
||||
# define SSL_R_DECRYPTION_FAILED 147
|
||||
# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
|
||||
# define SSL_R_DH_KEY_TOO_SMALL 372
|
||||
# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
|
||||
# define SSL_R_DIGEST_CHECK_FAILED 149
|
||||
# define SSL_R_DTLS_MESSAGE_TOO_BIG 334
|
||||
@ -3047,6 +3049,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_R_SERVERHELLO_TLSEXT 275
|
||||
# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
|
||||
# define SSL_R_SHORT_READ 219
|
||||
# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
|
||||
# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
|
||||
# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
|
||||
# define SSL_R_SRP_A_CALC 361
|
||||
@ -3104,6 +3107,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
|
||||
# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
|
||||
# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
|
||||
# define SSL_R_TOO_MANY_WARN_ALERTS 409
|
||||
# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
|
||||
# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
|
||||
# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
|
||||
|
@ -231,13 +231,12 @@ extern "C" {
|
||||
/* ExtensionType value from RFC5620 */
|
||||
# define TLSEXT_TYPE_heartbeat 15
|
||||
|
||||
/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
|
||||
/* ExtensionType value from RFC7301 */
|
||||
# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
|
||||
|
||||
/*
|
||||
* ExtensionType value for TLS padding extension.
|
||||
* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
|
||||
* http://tools.ietf.org/html/draft-agl-tls-padding-03
|
||||
* http://tools.ietf.org/html/draft-agl-tls-padding
|
||||
*/
|
||||
# define TLSEXT_TYPE_padding 21
|
||||
|
||||
@ -262,20 +261,19 @@ extern "C" {
|
||||
# define TLSEXT_TYPE_next_proto_neg 13172
|
||||
# endif
|
||||
|
||||
/* NameType value from RFC 3546 */
|
||||
/* NameType value from RFC3546 */
|
||||
# define TLSEXT_NAMETYPE_host_name 0
|
||||
/* status request value from RFC 3546 */
|
||||
/* status request value from RFC3546 */
|
||||
# define TLSEXT_STATUSTYPE_ocsp 1
|
||||
|
||||
/* ECPointFormat values from draft-ietf-tls-ecc-12 */
|
||||
/* ECPointFormat values from RFC4492 */
|
||||
# define TLSEXT_ECPOINTFORMAT_first 0
|
||||
# define TLSEXT_ECPOINTFORMAT_uncompressed 0
|
||||
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
|
||||
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
|
||||
# define TLSEXT_ECPOINTFORMAT_last 2
|
||||
|
||||
/* Signature and hash algorithms from RFC 5246 */
|
||||
|
||||
/* Signature and hash algorithms from RFC5246 */
|
||||
# define TLSEXT_signature_anonymous 0
|
||||
# define TLSEXT_signature_rsa 1
|
||||
# define TLSEXT_signature_dsa 2
|
||||
@ -430,7 +428,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
|
||||
# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
|
||||
|
||||
/* AES ciphersuites from RFC3268 */
|
||||
|
||||
# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
|
||||
# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
|
||||
# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
|
||||
@ -595,7 +592,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
|
||||
# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
|
||||
# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
|
||||
|
||||
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
|
||||
/* ECC ciphersuites from RFC4492 */
|
||||
# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
|
||||
# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
|
||||
# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
|
||||
|
@ -565,6 +565,9 @@ int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
|
||||
/* At most we accept usec precision. */
|
||||
# define TS_MAX_CLOCK_PRECISION_DIGITS 6
|
||||
|
||||
/* Maximum status message length */
|
||||
# define TS_MAX_STATUS_LENGTH (1024 * 1024)
|
||||
|
||||
/* No flags are set by default. */
|
||||
void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/ui/ui.h */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2001.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/ui/ui.h */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2001.
|
||||
|
@ -1234,6 +1234,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
|
||||
* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
*/
|
||||
|
||||
void ERR_load_X509_strings(void);
|
||||
|
||||
/* Error codes for the X509 functions. */
|
||||
@ -1241,6 +1242,7 @@ void ERR_load_X509_strings(void);
|
||||
/* Function codes. */
|
||||
# define X509_F_ADD_CERT_DIR 100
|
||||
# define X509_F_BY_FILE_CTRL 101
|
||||
# define X509_F_CHECK_NAME_CONSTRAINTS 106
|
||||
# define X509_F_CHECK_POLICY 145
|
||||
# define X509_F_DIR_CTRL 102
|
||||
# define X509_F_GET_CERT_BY_SUBJECT 103
|
||||
@ -1305,6 +1307,7 @@ void ERR_load_X509_strings(void);
|
||||
# define X509_R_LOADING_CERT_DIR 103
|
||||
# define X509_R_LOADING_DEFAULTS 104
|
||||
# define X509_R_METHOD_NOT_SUPPORTED 124
|
||||
# define X509_R_NAME_TOO_LONG 134
|
||||
# define X509_R_NEWER_CRL_NOT_NEWER 132
|
||||
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
|
||||
# define X509_R_NO_CRL_NUMBER 130
|
||||
@ -1321,7 +1324,7 @@ void ERR_load_X509_strings(void);
|
||||
# define X509_R_WRONG_LOOKUP_TYPE 112
|
||||
# define X509_R_WRONG_TYPE 122
|
||||
|
||||
#ifdef __cplusplus
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
# endif
|
||||
#endif
|
||||
|
@ -313,7 +313,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
||||
X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
|
||||
|
||||
# define X509_V_OK 0
|
||||
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
|
||||
# define X509_V_ERR_UNSPECIFIED 1
|
||||
|
||||
# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
|
||||
# define X509_V_ERR_UNABLE_TO_GET_CRL 3
|
||||
@ -368,6 +368,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
||||
# define X509_V_ERR_PERMITTED_VIOLATION 47
|
||||
# define X509_V_ERR_EXCLUDED_VIOLATION 48
|
||||
# define X509_V_ERR_SUBTREE_MINMAX 49
|
||||
# define X509_V_ERR_APPLICATION_VERIFICATION 50
|
||||
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
|
||||
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
|
||||
# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
|
||||
@ -386,8 +387,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
||||
# define X509_V_ERR_EMAIL_MISMATCH 63
|
||||
# define X509_V_ERR_IP_ADDRESS_MISMATCH 64
|
||||
|
||||
/* The application is not happy */
|
||||
# define X509_V_ERR_APPLICATION_VERIFICATION 50
|
||||
/* Caller error */
|
||||
# define X509_V_ERR_INVALID_CALL 65
|
||||
/* Issuer lookup error */
|
||||
# define X509_V_ERR_STORE_LOOKUP 66
|
||||
|
||||
# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67
|
||||
|
||||
/* Certificate verify flags */
|
||||
|
||||
@ -432,6 +437,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
||||
|
||||
/* Allow partial chains if at least one certificate is in trusted store */
|
||||
# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
|
||||
/*
|
||||
* If the initial chain is not trusted, do not attempt to build an alternative
|
||||
* chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
|
||||
* will force the behaviour to match that of previous versions.
|
||||
*/
|
||||
# define X509_V_FLAG_NO_ALT_CHAINS 0x100000
|
||||
|
||||
# define X509_VP_FLAG_DEFAULT 0x1
|
||||
# define X509_VP_FLAG_OVERWRITE 0x2
|
||||
|
@ -46,7 +46,7 @@
|
||||
EnableIntrinsicFunctions="false"
|
||||
FavorSizeOrSpeed="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED"
|
||||
StringPooling="false"
|
||||
ExceptionHandling="0"
|
||||
RuntimeLibrary="0"
|
||||
|
@ -49,7 +49,7 @@
|
||||
EnableIntrinsicFunctions="false"
|
||||
FavorSizeOrSpeed="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS"
|
||||
StringPooling="false"
|
||||
ExceptionHandling="0"
|
||||
RuntimeLibrary="0"
|
||||
|
@ -49,7 +49,7 @@
|
||||
EnableIntrinsicFunctions="false"
|
||||
FavorSizeOrSpeed="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS"
|
||||
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS"
|
||||
StringPooling="false"
|
||||
ExceptionHandling="0"
|
||||
RuntimeLibrary="0"
|
||||
@ -249,7 +249,7 @@
|
||||
EnableIntrinsicFunctions="false"
|
||||
FavorSizeOrSpeed="0"
|
||||
AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS"
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS"
|
||||
StringPooling="false"
|
||||
ExceptionHandling="0"
|
||||
RuntimeLibrary="0"
|
||||
|
@ -2,7 +2,7 @@ THE IMPORTANT NOTICES ABOUT SOFTETHER VPN
|
||||
|
||||
FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL
|
||||
THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF
|
||||
YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGES YOURSELF. IN ORDER TO AVOID SUCH
|
||||
YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH
|
||||
RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING
|
||||
TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND
|
||||
UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user