AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-04-20 22:09:26 +03:00
Code Releases Activity
2,126 Commits 5 Branches 27 Tags
e884c4ef7648ae27c01c9a5da0bc404ae5b8520b
Commit Graph

458 Commits

Author SHA1 Message Date
Siddharth Narayan 2628c562be Disable unecessary liboqs algorithms 2025-12-02 02:57:15 -06:00
Siddharth Narayan e9f7089c8b Update post quantum submodules 2025-12-02 02:05:27 -06:00
Dominique Martinet 4bb366572d Mayaqua build: allow disabling OQS 
SoftEtherVPN version 5.02.5186 enable post-quantum algorithms, but these
come at a large size increase (after strip, on x86_64, with default
options as of master):
- default options: 9.1M
- new -DOQS_ENABLE=OFF: 762K

Note it is also possible to disable all the algorithms individually by
passing the (243!) options to cmake -DOQS_ENABLE_KEM_BIKE=OFF
-DOQS_ENABLE_KEM_FRODOKEM=OFF -DOQS_ENABLE_KEM_NTRUPRIME=OFF ...,
in which case the binary goes back to a reasonable size of 830K

In the future, it might make sense to add a few settings picking
"sensible" algorithms, e.g. allow everything for a server build or only
allow the best algorithms for a lightweight client.

See: #2148
 2025-10-01 18:05:59 +09:00
Koichiro Iwao efb04daa34 Proper fix for #2122 #2150 
Bundled cpu_features needs to be built with PIC but SHARED_LIBS should
be OFF.
 2025-09-05 22:40:18 +09:00
Koichiro Iwao 2746e8dd19 Build bundled cpu_features with PIC 
After updating bundled cpu_features to 0.9.0, set_property() is not
effective. We need to use set() instead.

Resolves: #2122 #2150
 2025-08-25 21:52:15 +09:00
onetown 0389bfd97a fix: Continue decapsulation to parse L3 data from VLAN-tagged packets 2025-07-17 10:51:52 -04:00
Ilya Shipitsin 260bc09276 Merge pull request #2092 from metalefty/cpu_features 
cpu_features improvements
 2025-04-08 22:56:47 +02:00
Koichiro Iwao 10a2806f12 CI: Use system's cpu_features in FreeBSD CI 2025-01-15 17:09:18 +09:00
Siddharth 972256c578 Update liboqs and oqs-provider submodules - Add X25519MLKEM768 NIST finalized PQ Key exchange 2025-01-14 17:37:55 -06:00
Koichiro Iwao e2e8193495 Improve the usage of cpu_features 
- Add USE_SYSTEM_CPU_FEATURES flag to use system's cpu_features
  instead of the bundled one
- Allow the use of cpu_features for more architectures on Linux [1]

[1] https://github.com/google/cpu_features/tree/v0.9.0?tab=readme-ov-file#whats-supported
 2025-01-14 22:58:20 +09:00
Koichiro Iwao 71b6aa7a8c Update cpu_features to 0.9.0 2025-01-14 18:09:18 +09:00
Ilya Shipitsin 8be6d756b8 Merge pull request #2089 from metalefty/drop_exec 
Drop unnecessary exec permission
 2025-01-14 07:36:11 +01:00
Koichiro Iwao a6c5f0d135 Drop unnecessary exec permission 2025-01-14 14:35:34 +09:00
siddharth-narayan 27d233a522 Merge branch 'SoftEtherVPN:master' into nt-fix 2024-08-15 04:28:13 -04:00
icy17 e2017772c7 Fix potential NULL pointer dereference 2024-08-01 15:43:34 +08:00
Ilya Shipitsin a836b3bd5e Merge pull request #2022 from siddharth-narayan/built-in-post-quantum 
Add built in post quantum functionality
 2024-07-19 20:05:47 +02:00
Siddharth 3a25c6bf73 Fix incorrect "Not on NT" error messages 2024-07-17 15:16:11 -07:00
Siddharth 67fe99e1dc Move duplicated code to one place 2024-07-16 02:33:16 -04:00
Siddharth d4d20e4443 Remove testing code 2024-07-04 13:56:13 -04:00
Siddharth a45219bb78 Revert "Fix engine include errors on Fedora Rawhide" 
This reverts commit 1d57ccf94a.
 2024-07-04 13:15:50 -04:00
siddharth-narayan 25585a1e3d Guard engine.h include 2024-07-04 13:05:30 -04:00
Siddharth 1d57ccf94a Fix engine include errors on Fedora Rawhide 2024-07-04 06:55:06 -04:00
Siddharth 1f9ce6f9c2 Skip oqsprovider build when OpenSSL version is less than 3.0 2024-06-28 17:05:52 -04:00
Siddharth 28ded982a7 Remove empty OpenSSL version guard 2024-06-28 14:18:48 -04:00
Siddharth 0af6c96d88 Skip tests for oqsprovider 2024-06-28 04:01:30 -04:00
Siddharth c2c1388f8c Update liboqs and oqs-provider git submodules 2024-06-28 04:00:51 -04:00
Siddharth d15f92c9b2 Make oqsprovider not build tests 2024-06-28 04:00:51 -04:00
Siddharth 7dc3f2240c Add liboqs with find_package 2024-06-26 20:55:09 -04:00
Siddharth eb66e7d360 That's not how you comment in C! 2024-06-21 15:16:27 -04:00
Siddharth 13e6369db3 Add liboqs because it isn't normally packaged 2024-06-21 15:14:49 -04:00
Siddharth 102485a4b8 Add oqsprovider statically (built in) by default 2024-06-20 22:08:38 -04:00
Siddharth 68964ab0d7 Guard variables with OpenSSL version 2024-06-18 16:09:10 -04:00
siddharth-narayan bf3c50fde4 Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement 2024-06-18 14:55:45 -04:00
Siddharth b06486b37d Remove unecessary provider include 2024-06-18 00:01:58 -04:00
hiura b2ec1bd5dd Change ssl error handler: Having to read all of the errors using ERR_get_error 2024-06-08 02:28:28 +09:00
hiura 08213b7f0e CHANGE ERROR HANDLER FOR SSL ERROR: Change of indent 2024-05-26 23:50:05 +09:00
hiura 98852b77d9 CHANGE ERROR HANDLER FOR SSL ERROR: 2024-05-26 23:36:21 +09:00
Siddharth 2fe4ca0f8c Fix incorrect PQ_GROUP_LIST string 2024-05-20 21:46:57 -04:00
Siddharth a50d8910ba Add PQ Groups and the provider for them 2024-05-20 19:48:23 -04:00
hiura 9a009d750a Use macro 'MAX' instead of 'max' 2024-04-16 19:14:44 +09:00
hiura c36d7187a8 Fix 'RemoveDefGwOnDhcpForLocalhost' function No.2: Change the minimum size of DHCP reply 2024-04-16 10:30:10 +09:00
hiura 97203568e7 Fix 'RemoveDefGwOnDhcpForLocalhost' function: Change to exclude unplugged device from MAC address list. 2024-03-31 23:07:16 +09:00
hiura 2789b16c12 Fix hamcore access: Correcting path separator for hamcore. 2024-03-16 12:52:46 +09:00
Ilya Shipitsin 60ee463044 adjust types of variables 
gcc14 is not happy on "error: passing argument .. from incompatible pointer type [-Wincompatible-pointer-types]"
 2024-02-23 11:06:27 +01:00
Ilya Shipitsin ff4b74afda Merge pull request #1929 from chipitsine/pr_1921_followup 
fix nullptr deref
 2023-12-01 17:18:40 +01:00
Ilya Shipitsin e6792d8893 fix nullptr deref 
Co-authored-by: icy17 <1061499390@qq.com>
 2023-11-19 10:57:28 +01:00
Daiyuu Nobori f4bbe476be Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753 
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-10-07 04:42:41 +02:00
Daiyuu Nobori 2dec52b875 Heap area protection of memory has been enhanced. 
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
 2023-10-07 04:42:34 +02:00
Daiyuu Nobori c49e462ed1 Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736 
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-09-28 18:26:17 +09:00
Ilya Shipitsin f736d18267 temporarily suppress clang warnings on "-Wincompatible-function-pointer-types" 2023-09-16 00:03:03 +02:00