2628c562be
Disable unecessary liboqs algorithms
2025-12-02 02:57:15 -06:00
e9f7089c8b
Update post quantum submodules
2025-12-02 02:05:27 -06:00
4bb366572d
Mayaqua build: allow disabling OQS
...
SoftEtherVPN version 5.02.5186 enable post-quantum algorithms, but these
come at a large size increase (after strip, on x86_64, with default
options as of master):
- default options: 9.1M
- new -DOQS_ENABLE=OFF: 762K
Note it is also possible to disable all the algorithms individually by
passing the (243!) options to cmake -DOQS_ENABLE_KEM_BIKE=OFF
-DOQS_ENABLE_KEM_FRODOKEM=OFF -DOQS_ENABLE_KEM_NTRUPRIME=OFF ...,
in which case the binary goes back to a reasonable size of 830K
In the future, it might make sense to add a few settings picking
"sensible" algorithms, e.g. allow everything for a server build or only
allow the best algorithms for a lightweight client.
See: #2148
2025-10-01 18:05:59 +09:00
efb04daa34
Proper fix for #2122 #2150
...
Bundled cpu_features needs to be built with PIC but SHARED_LIBS should
be OFF.
2025-09-05 22:40:18 +09:00
2746e8dd19
Build bundled cpu_features with PIC
...
After updating bundled cpu_features to 0.9.0, set_property() is not
effective. We need to use set() instead.
Resolves : #2122 #2150
2025-08-25 21:52:15 +09:00
0389bfd97a
fix: Continue decapsulation to parse L3 data from VLAN-tagged packets
2025-07-17 10:51:52 -04:00
260bc09276
Merge pull request #2092 from metalefty/cpu_features
...
cpu_features improvements
2025-04-08 22:56:47 +02:00
10a2806f12
CI: Use system's cpu_features in FreeBSD CI
2025-01-15 17:09:18 +09:00
972256c578
Update liboqs and oqs-provider submodules - Add X25519MLKEM768 NIST finalized PQ Key exchange
2025-01-14 17:37:55 -06:00
e2e8193495
Improve the usage of cpu_features
...
- Add USE_SYSTEM_CPU_FEATURES flag to use system's cpu_features
instead of the bundled one
- Allow the use of cpu_features for more architectures on Linux [1]
[1] https://github.com/google/cpu_features/tree/v0.9.0?tab=readme-ov-file#whats-supported
2025-01-14 22:58:20 +09:00
71b6aa7a8c
Update cpu_features to 0.9.0
2025-01-14 18:09:18 +09:00
8be6d756b8
Merge pull request #2089 from metalefty/drop_exec
...
Drop unnecessary exec permission
2025-01-14 07:36:11 +01:00
a6c5f0d135
Drop unnecessary exec permission
2025-01-14 14:35:34 +09:00
27d233a522
Merge branch 'SoftEtherVPN:master' into nt-fix
2024-08-15 04:28:13 -04:00
e2017772c7
Fix potential NULL pointer dereference
2024-08-01 15:43:34 +08:00
a836b3bd5e
Merge pull request #2022 from siddharth-narayan/built-in-post-quantum
...
Add built in post quantum functionality
2024-07-19 20:05:47 +02:00
3a25c6bf73
Fix incorrect "Not on NT" error messages
2024-07-17 15:16:11 -07:00
67fe99e1dc
Move duplicated code to one place
2024-07-16 02:33:16 -04:00
d4d20e4443
Remove testing code
2024-07-04 13:56:13 -04:00
a45219bb78
Revert "Fix engine include errors on Fedora Rawhide"
...
This reverts commit 1d57ccf94a
2024-07-04 13:15:50 -04:00
25585a1e3d
Guard engine.h include
2024-07-04 13:05:30 -04:00
1d57ccf94a
Fix engine include errors on Fedora Rawhide
2024-07-04 06:55:06 -04:00
1f9ce6f9c2
Skip oqsprovider build when OpenSSL version is less than 3.0
2024-06-28 17:05:52 -04:00
28ded982a7
Remove empty OpenSSL version guard
2024-06-28 14:18:48 -04:00
0af6c96d88
Skip tests for oqsprovider
2024-06-28 04:01:30 -04:00
c2c1388f8c
Update liboqs and oqs-provider git submodules
2024-06-28 04:00:51 -04:00
d15f92c9b2
Make oqsprovider not build tests
2024-06-28 04:00:51 -04:00
7dc3f2240c
Add liboqs with find_package
2024-06-26 20:55:09 -04:00
eb66e7d360
That's not how you comment in C!
2024-06-21 15:16:27 -04:00
13e6369db3
Add liboqs because it isn't normally packaged
2024-06-21 15:14:49 -04:00
102485a4b8
Add oqsprovider statically (built in) by default
2024-06-20 22:08:38 -04:00
68964ab0d7
Guard variables with OpenSSL version
2024-06-18 16:09:10 -04:00
bf3c50fde4
Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement
2024-06-18 14:55:45 -04:00
b06486b37d
Remove unecessary provider include
2024-06-18 00:01:58 -04:00
b2ec1bd5dd
Change ssl error handler: Having to read all of the errors using ERR_get_error
2024-06-08 02:28:28 +09:00
08213b7f0e
CHANGE ERROR HANDLER FOR SSL ERROR: Change of indent
2024-05-26 23:50:05 +09:00
98852b77d9
CHANGE ERROR HANDLER FOR SSL ERROR:
2024-05-26 23:36:21 +09:00
2fe4ca0f8c
Fix incorrect PQ_GROUP_LIST string
2024-05-20 21:46:57 -04:00
a50d8910ba
Add PQ Groups and the provider for them
2024-05-20 19:48:23 -04:00
9a009d750a
Use macro 'MAX' instead of 'max'
2024-04-16 19:14:44 +09:00
c36d7187a8
Fix 'RemoveDefGwOnDhcpForLocalhost' function No.2: Change the minimum size of DHCP reply
2024-04-16 10:30:10 +09:00
97203568e7
Fix 'RemoveDefGwOnDhcpForLocalhost' function: Change to exclude unplugged device from MAC address list.
2024-03-31 23:07:16 +09:00
2789b16c12
Fix hamcore access: Correcting path separator for hamcore.
2024-03-16 12:52:46 +09:00
60ee463044
adjust types of variables
...
gcc14 is not happy on "error: passing argument .. from incompatible pointer type [-Wincompatible-pointer-types]"
2024-02-23 11:06:27 +01:00
ff4b74afda
Merge pull request #1929 from chipitsine/pr_1921_followup
...
fix nullptr deref
2023-12-01 17:18:40 +01:00
e6792d8893
fix nullptr deref
...
Co-authored-by: icy17 <1061499390@qq.com >
2023-11-19 10:57:28 +01:00
f4bbe476be
Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
...
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-10-07 04:42:41 +02:00
2dec52b875
Heap area protection of memory has been enhanced.
...
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
2023-10-07 04:42:34 +02:00
c49e462ed1
Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
...
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-09-28 18:26:17 +09:00
f736d18267
temporarily suppress clang warnings on "-Wincompatible-function-pointer-types"
2023-09-16 00:03:03 +02:00
