1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 01:19:52 +03:00

Compare commits

...

9 Commits

Author SHA1 Message Date
Syuugo
0639843809
Merge 9a7e55b3e0 into bc31a5cfd3 2024-06-18 23:47:10 -04:00
Ilya Shipitsin
bc31a5cfd3
Merge pull request #2002 from siddharth-narayan/quantum-safe-key-agreement
Add Post Quantum key agreement
2024-06-18 22:41:52 +02:00
Siddharth
68964ab0d7 Guard variables with OpenSSL version 2024-06-18 16:09:10 -04:00
siddharth-narayan
bf3c50fde4
Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement 2024-06-18 14:55:45 -04:00
Siddharth
b06486b37d Remove unecessary provider include 2024-06-18 00:01:58 -04:00
Syuugo
9a7e55b3e0
Update workflows 2024-06-16 00:31:25 +09:00
siddharth-narayan
63ffab9ee4
Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement 2024-05-20 23:20:52 -04:00
Siddharth
2fe4ca0f8c Fix incorrect PQ_GROUP_LIST string 2024-05-20 21:46:57 -04:00
Siddharth
a50d8910ba Add PQ Groups and the provider for them 2024-05-20 19:48:23 -04:00
12 changed files with 105 additions and 55 deletions

View File

@ -8,15 +8,16 @@ on:
jobs:
build:
name: build
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: archive
- name: Archive
id: archive
run: |
VERSION=${{ github.event.release.tag_name }}
@ -28,12 +29,8 @@ jobs:
tar cJf $TARBALL $PKGNAME
echo "tarball=$TARBALL" >> $GITHUB_OUTPUT
- name: upload tarball
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload tarball
uses: softprops/action-gh-release@v2
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./${{ steps.archive.outputs.tarball }}
asset_name: ${{ steps.archive.outputs.tarball }}
asset_content_type: application/gzip
files: ./${{ steps.archive.outputs.tarball }}
name: ${{ steps.archive.outputs.tarball }}

View File

@ -1,4 +1,3 @@
name: Coverity
on:
@ -10,28 +9,36 @@ permissions:
jobs:
scan:
name: Scan
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'SoftEtherVPN' }}
if: github.repository_owner == 'SoftEtherVPN'
steps:
- uses: actions/checkout@v2
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Install apt dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev libsodium-dev
- name: Download Coverity build tool
run: |
wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=SoftEtherVPN%2FSoftEtherVPN" -O coverity_tool.tar.gz
mkdir coverity_tool
tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
- name: Configure
run: |
./configure
- name: Build with Coverity build tool
run: |
export PATH=`pwd`/coverity_tool/bin:$PATH
cov-build --dir cov-int make -C build
- name: Submit build result to Coverity Scan
run: |
tar czvf cov.tar.gz cov-int

View File

@ -19,15 +19,18 @@ jobs:
container:
image: fedora:rawhide
steps:
- uses: actions/checkout@v1
with:
submodules: true
- name: Install dependencies
run: |
dnf -y install git cmake ncurses-devel openssl-devel libsodium-devel readline-devel zlib-devel gcc-c++ clang
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Compile with ${{ matrix.cc }}
run: |
export CC=${{ matrix.cc }}
./configure
make -C build

View File

@ -1,3 +1,4 @@
name: Linux
on: [push, pull_request]
permissions:
@ -5,14 +6,16 @@ permissions:
jobs:
build_and_test:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install dependencies
run: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev
run: sudo apt-get update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev
- name: Build
run: |

View File

@ -1,3 +1,4 @@
name: macOS
on: [push, pull_request, workflow_dispatch]
permissions:
@ -11,18 +12,21 @@ jobs:
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v4
with:
submodules: true
- name: Install dependencies
run: |
brew install libsodium
- name: Compile
run: |
./configure
make -C build
- name: Test
run: |
otool -L build/vpnserver
.ci/memory-leak-test.sh

View File

@ -1,4 +1,4 @@
name: alpine/musl
name: Alpine/musl
on: [push, pull_request]
@ -7,17 +7,22 @@ permissions:
jobs:
musl:
name: gcc
runs-on: ubuntu-latest
container:
image: alpine:latest
steps:
- uses: actions/checkout@v1
with:
submodules: true
name: gcc
runs-on: ubuntu-latest
container:
image: alpine:latest
steps:
- name: Install dependencies
run: apk add binutils --no-cache build-base readline-dev openssl-dev ncurses-dev git cmake zlib-dev libsodium-dev gnu-libiconv
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Configure
run: ./configure
- name: make
run: make -C build
run: make -C build

View File

@ -1,3 +1,4 @@
name: STB Check
on: [push, pull_request]
permissions:
@ -5,12 +6,16 @@ permissions:
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Check
run: |
cd developer_tools/stbchecker
dotnet run ../../src/bin/hamcore
dotnet run ../../src/bin/hamcore

View File

@ -1,3 +1,4 @@
name: Windows
on: [push, pull_request]
permissions:
@ -14,19 +15,24 @@ jobs:
runs-on: windows-latest
name: ${{ matrix.platform.ARCHITECTURE }}
steps:
- uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Cache vcpkg
uses: actions/cache@v4
with:
path: 'build/vcpkg_installed/'
key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
- name: Set version variables
run: |
$v = python version.py
echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Build
env:
ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
@ -44,11 +50,14 @@ jobs:
vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
shell: cmd
- name: Test
shell: powershell
run: |
. .ci/appveyor-vpntest.ps1
- uses: actions/upload-artifact@v4
- name: Upload built binaries
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: Binaries-${{ matrix.platform.ARCHITECTURE }}
@ -56,8 +65,10 @@ jobs:
build/*.exe
build/*.pdb
build/*.se2
- uses: actions/upload-artifact@v4
- name: Upload installers
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: Installers-${{ matrix.platform.ARCHITECTURE }}
path: build/installers
path: build/installers

View File

@ -14,16 +14,19 @@ permissions:
jobs:
release:
name: Release
runs-on: windows-latest
outputs:
upload_url: "${{ steps.create_release.outputs.upload_url }}"
steps:
- name: "Checkout repository"
uses: actions/checkout@v4
- name: "Create GitHub release"
id: create_release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
build-windows:
name: ${{ matrix.platform.ARCHITECTURE }}
runs-on: windows-latest
@ -35,15 +38,18 @@ jobs:
{ ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
]
steps:
- name: "Checkout repository"
uses: actions/checkout@v4
with:
submodules: true
- name: Cache vcpkg
uses: actions/cache@v4
with:
path: 'build/vcpkg_installed/'
key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
- name: Set version variables
run: |
$b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber
@ -51,6 +57,7 @@ jobs:
$v = python version.py
echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Build
env:
ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
@ -68,27 +75,19 @@ jobs:
vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
shell: cmd
- name: dir
- name: Show directory items
run: |
Get-ChildItem -Recurse build/installers
shell: pwsh
- name: "Upload softether-vpnclient"
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: "${{ github.token }}"
uses: softprops/action-gh-release@v2
with:
upload_url: "${{ needs.release.outputs.upload_url }}"
asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_content_type: "application/octet-stream"
files: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
- name: "Upload softether-vpnserver_vpnbridge"
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: "${{ github.token }}"
uses: softprops/action-gh-release@v2
with:
upload_url: "${{ needs.release.outputs.upload_url }}"
asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_content_type: "application/octet-stream"
files: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"

View File

@ -88,6 +88,7 @@ int ssl_clientcert_index = 0;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static OSSL_PROVIDER *ossl_provider_legacy = NULL;
static OSSL_PROVIDER *ossl_provider_default = NULL;
static OSSL_PROVIDER *ossl_provider_oqsprovider = NULL;
#endif
LOCK **ssl_lock_obj = NULL;
@ -3974,6 +3975,12 @@ void FreeCryptLibrary()
OSSL_PROVIDER_unload(ossl_provider_legacy);
ossl_provider_legacy = NULL;
}
if (ossl_provider_oqsprovider != NULL)
{
OSSL_PROVIDER_unload(ossl_provider_oqsprovider);
ossl_provider_oqsprovider = NULL;
}
#endif
}
@ -3996,6 +4003,7 @@ void InitCryptLibrary()
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy");
ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default");
ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, "oqsprovider");
#endif
ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);

View File

@ -11905,6 +11905,10 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
Unlock(openssl_lock);
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
SSL_set1_groups_list(sock->ssl, PQ_GROUP_LIST);
#endif
if (sock->ServerMode)
{
// Lock(ssl_connect_lock);
@ -11984,7 +11988,7 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
// Unlock(ssl_connect_lock);
}
else
{
{
prev_timeout = GetTimeout(sock);
SetTimeout(sock, ssl_timeout);
// Client mode

View File

@ -59,6 +59,10 @@ struct DYN_VALUE
#define DEFAULT_CIPHER_LIST "ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#define PQ_GROUP_LIST "p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
#endif
// SSL logging function
//#define ENABLE_SSL_LOGGING
#define SSL_LOGGING_DIRNAME "@ssl_log"