AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-10 17:54:58 +03:00
Code Releases Activity

Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement

Browse Source
This commit is contained in:
siddharth-narayan
2024-06-18 14:55:45 -04:00
committed by GitHub
parent b06486b37d 26c61b3213
commit bf3c50fde4
6 changed files with 128 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
src/Mayaqua/Network.c
View File

@ -12287,9 +12287,15 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
return 0;
}
ERR_clear_error();
ret = SSL_peek(ssl, &c, sizeof(c));
}
Unlock(sock->ssl_lock);
#if OPENSSL_VERSION_NUMBER < 0x30000000L
// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
// > You should instead call SSL_get_error() to find out if it's retryable.
if (ret == 0)
{
// The communication have been disconnected
@ -12297,7 +12303,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
return 0;
}
if (ret < 0)
#endif
if (ret <= 0)
{
// An error has occurred
e = SSL_get_error(ssl, ret);
@ -12305,14 +12312,18 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
{
if (e == SSL_ERROR_SSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L
&&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
&&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
#endif
)
)
{
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
UINT ssl_err_no;
while (ssl_err_no = ERR_get_error()){
Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
};
Disconnect(sock);
return 0;
}
@ -12339,14 +12350,15 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
}
#endif // OS_UNIX
// Run the time-out thread for SOLARIS
// Run the time-out thread for SOLARIS
#ifdef UNIX_SOLARIS
ttparam = NewSocketTimeout(sock);
#endif // UNIX_SOLARIS
ERR_clear_error();
ret = SSL_read(ssl, data, size);
// Stop the timeout thread
// Stop the timeout thread
#ifdef UNIX_SOLARIS
FreeSocketTimeout(ttparam);
#endif // UNIX_SOLARIS
@ -12359,7 +12371,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
}
#endif // OS_UNIX
if (ret < 0)
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ret < 0) // OpenSSL version < 3.0.0
#else
if (ret <= 0) // OpenSSL version >= 3.0.0
#endif
{
e = SSL_get_error(ssl, ret);
}
@ -12382,6 +12398,12 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
return (UINT)ret;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
// > You should instead call SSL_get_error() to find out if it's retryable.
if (ret == 0)
{
// Disconnect the communication
@ -12389,20 +12411,26 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
return 0;
}
#endif
if (sock->AsyncMode)
{
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
{
if (e == SSL_ERROR_SSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L
&&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
&&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
#endif
)
)
{
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
UINT ssl_err_no;
while (ssl_err_no = ERR_get_error()) {
Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
};
Disconnect(sock);
return 0;
}
@ -12411,8 +12439,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
return SOCK_LATER;
}
}
Debug("%s %u e=%u SecureRecv() Disconnect\n", __FILE__, __LINE__, e);
Disconnect(sock);
Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
return 0;
}
@ -12439,8 +12467,13 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
return 0;
}
ERR_clear_error();
ret = SSL_write(ssl, data, size);
if (ret < 0)
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ret < 0) // OpenSSL version < 3.0.0
#else
if (ret <= 0) // OpenSSL version >= 3.0.0
#endif
{
e = SSL_get_error(ssl, ret);
}
@ -12462,6 +12495,8 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
sock->WriteBlocked = false;
return (UINT)ret;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ret == 0)
{
// Disconnect
@ -12469,18 +12504,29 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
Disconnect(sock);
return 0;
}
#endif
if (sock->AsyncMode)
{
// Confirmation of the error value
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
{
if (e == SSL_ERROR_SSL)
{
UINT ssl_err_no;
while (ssl_err_no = ERR_get_error()) {
Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
};
Disconnect(sock);
return 0;
}
sock->WriteBlocked = true;
return SOCK_LATER;
}
Debug("%s %u e=%u\n", __FILE__, __LINE__, e);
}
//Debug("%s %u SecureSend() Disconnect\n", __FILE__, __LINE__);
Debug("%s %u e=%u SecureSend() Disconnect\n", __FILE__, __LINE__, e);
Disconnect(sock);
return 0;
}