Merge PR #900: release 5.01.9670

Merge PR #899: Set unbuffered mode for *nix systems stdout, allowing interactive use…

.appveyor.yml

@@ -15,7 +15,8 @@ skip_commits:
   files:
     - .travis.yml
     - .gitlab-ci.yml
-    - azure-pipelines.yml
+    - .azure-pipelines.yml
+    - .cirrus.yml
 
 init:
   - ps: Update-AppveyorBuild -Version "build-$env:APPVEYOR_BUILD_NUMBER-$($env:APPVEYOR_REPO_COMMIT.substring(0,7))"

.azure-pipelines.yml

@@ -0,0 +1,6 @@
+jobs:
+  - template: .ci/azure-pipelines-linux.yml
+
+#  - template: .ci/azure-pipelines-osx.yml
+
+  - template: .ci/azure-pipelines-win.yml

.ci/azure-pipelines-linux.yml

@@ -0,0 +1,19 @@
+jobs:
+- job: linux_64
+  displayName: 'Ubuntu 16.04'
+  pool:
+    vmImage: ubuntu-16.04
+  variables:
+    CPACK_GENERATOR: DEB
+  steps:
+  - checkout: self  
+    submodules: recursive
+  - script: |
+      sudo apt -y install cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev
+      ./configure
+      make package -C tmp -j $(nproc || sysctl -n hw.ncpu || echo 4)
+      .ci/appveyor-deb-install-test.sh
+      sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # openvpn build deps
+      sudo .ci/start-se-openvpn.sh
+      sudo .ci/run-openvpn-tests.sh
+    displayName: 'Ubuntu 16.04'

.ci/azure-pipelines-win.yml

@@ -0,0 +1,28 @@
+jobs:
+- job: win_64
+  displayName: 'Visual Studio 2017'
+  pool:
+    vmImage: vs2017-win2016
+  steps:
+  - checkout: self
+    submodules: recursive
+  - script: |
+     call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
+      configure
+  - script: |
+     call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
+      cd tmp
+      nmake
+  - powershell: |
+     . .ci\appveyor-vpntest.ps1
+  - powershell: |
+     New-Item -Path '$(build.artifactstagingdirectory)/publish' -ItemType Directory
+  - task: CopyFiles@2
+    inputs:
+      sourceFolder: '$(Build.SourcesDirectory)'
+      contents: 'build/?(*.exe|*.se2|*.pdb)'
+      TargetFolder: '$(build.artifactstagingdirectory)/publish'
+  - task: PublishBuildArtifacts@1
+    inputs:
+      pathtoPublish: '$(build.artifactstagingdirectory)/publish'
+      artifactName: vs2017

.cirrus.yml

@@ -0,0 +1,12 @@
+FreeBSD_task:
+  freebsd_instance:
+    image: freebsd-12-0-release-amd64
+  env:
+    ASSUME_ALWAYS_YES: TRUE # required for unattanded "pkg" invocation
+  install_script:
+    - pkg install cmake gmake openssl111 git
+    - git submodule update --init --recursive
+  script:
+    - ./configure
+    - gmake -j $(nproc || sysctl -n hw.ncpu || echo 4) -C tmp
+    - ldd build/vpnserver

.gitlab-ci.yml

@@ -5,7 +5,8 @@
     changes:
       - .appveyor.yml
       - .travis.yml
-      - azure-pipelines.yml
+      - .azure-pipelines.yml
+      - .cirrus.yml
   before_script:
     - REPOSITORY="$PWD" && cd ..
     - apt-get update && apt-get install -y dpkg-dev wget g++ gcc libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev git file

.travis.yml

@@ -14,6 +14,15 @@ matrix:
     - env: OPENSSL_VERSION="1.1.0f"
       os: linux
       compiler: gcc
+    - env: OPENSSL_VERSION="1.1.0f" LABEL="linux-ppc64le" CMAKE_VERSION="3.9.6"
+      os: linux-ppc64le
+      compiler: gcc
+      install:
+        - wget https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}.tar.gz && tar -xzf cmake-${CMAKE_VERSION}.tar.gz
+        - cd cmake-${CMAKE_VERSION} 
+        - ./bootstrap > build-deps.log 2>&1 || (cat build-deps.log && exit 1)
+        - sudo make install > build-deps.log 2>&1 || (cat build-deps.log && exit 1)
+        - cd ..
     - env: OPENSSL_VERSION="1.0.2o" RUN_COVERITY="1"
       os: linux
       compiler: clang

CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.7)
 
 project("SoftEther VPN"
-  VERSION 5.01.9669
+  VERSION 5.01.9670
   LANGUAGES C
 )
 

README.md

@@ -134,7 +134,11 @@ https://github.com/chipitsine
 
 ## For Ubuntu
 
-[Launchpad PPA](https://launchpad.net/~paskal-07/+archive/ubuntu/softethervpn/+packages) maintained by [Dmitry Verkhoturov](https://github.com/paskal)
+Launchpad PPA maintained by [Dmitry Verkhoturov](https://github.com/paskal):
+
+[Daily builds](https://code.launchpad.net/~paskal-07/+archive/ubuntu/softethervpn) (latest released tag)
+
+[Nightly builds](https://code.launchpad.net/~paskal-07/+archive/ubuntu/softethervpn-nightly)
 
 ## From binary installers:
 

azure-pipelines.yml

@@ -1,19 +0,0 @@
-pool:
-  vmImage: 'Ubuntu 16.04'
-  
-variables:
-  CPACK_GENERATOR: DEB
-
-steps:
-- checkout: self  
-  submodules: recursive
-
-- script: |
-    sudo apt -y install cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev
-    ./configure
-    make package -C tmp -j $(nproc || sysctl -n hw.ncpu || echo 4)
-    .ci/appveyor-deb-install-test.sh
-    sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # openvpn build deps
-    sudo .ci/start-se-openvpn.sh
-    sudo .ci/run-openvpn-tests.sh
-  displayName: 'Ubuntu 16.04'

configure.cmd

@@ -26,4 +26,5 @@ if %errorlevel% == 0 (
 	echo The Makefile is generated. Run 'nmake' to build SoftEther VPN.
 ) else (
 	cd ..
+	exit /b 1
 )

src/BuildFiles/VerScript/ver.rc

@@ -17,7 +17,7 @@ BEGIN
             VALUE "FileVersion", "${PROJECT_VERSION_MAJOR}, ${PROJECT_VERSION_MINOR}, 0, ${PROJECT_VERSION_PATCH}"
             VALUE "InternalName", "${COMPONENT_INTERNAL_NAME}"
             VALUE "LegalCopyright", "Copyright (c) 2012-${DATE_YEAR} all contributors on SoftEther VPN project in GitHub. Copyright (C) 2004-${DATE_YEAR} Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation. All Rights Reserved."
-            VALUE "LegalTrademarks", "SoftEther(R) is a registered trademark of SoftEther Corporation in Japan, United Status and People's Republic of China. SoftEther Corporation is a company founded at University of Tsukuba, Japan."
+            VALUE "LegalTrademarks", "SoftEther(R) is a registered trademark of SoftEther Corporation in Japan, United States and People's Republic of China. SoftEther Corporation is a company founded at University of Tsukuba, Japan."
             VALUE "OriginalFilename", "${COMPONENT_FILE_NAME}"
             VALUE "ProductName", "${PROJECT_NAME} ${COMPONENT_NAME}"
             VALUE "ProductVersion", "${PROJECT_VERSION_MAJOR}, ${PROJECT_VERSION_MINOR}, 0, ${PROJECT_VERSION_PATCH}"

src/Cedar/Cedar.c

@@ -1416,14 +1416,7 @@ void GetCedarVersion(char *tmp, UINT size)
 
 UINT GetCedarVersionNumber()
 {
-	UINT pow = 10;
-
-	while (CEDAR_VERSION_MAJOR >= pow)
-	{
-		pow *= 10;
-	}
-
-	return CEDAR_VERSION_MAJOR * pow + CEDAR_VERSION_MINOR;
+	return CEDAR_VERSION_MAJOR * 100 + CEDAR_VERSION_MINOR;
 }
 
 // Create Cedar object

src/CurrentBuild.txt

@@ -1,5 +1,5 @@
 VERSION_MAJOR 5
 VERSION_MINOR 1
-VERSION_BUILD 9669
+VERSION_BUILD 9670
 BUILD_NAME unstable
-BUILD_DATE 20190203_194253
+BUILD_DATE 20190407_185715

src/Mayaqua/Encrypt.c

@@ -18,6 +18,7 @@
 #include <stdarg.h>
 #include <time.h>
 #include <errno.h>
+#include <openssl/crypto.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
@@ -2196,7 +2197,9 @@ bool RsaVerify(void *data, UINT data_size, void *sign, K *k)
 bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
 {
 	UCHAR hash_data[SIGN_HASH_SIZE];
-	UCHAR decrypt_data[SIGN_HASH_SIZE];
+	UCHAR *decrypt_data;
+	RSA *rsa;
+	UINT rsa_size;
 	// Validate arguments
 	if (data == NULL || sign == NULL || k == NULL || k->private_key != false)
 	{
@@ -2207,24 +2210,38 @@ bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
 		bits = RSA_KEY_SIZE;
 	}
 
+	rsa = EVP_PKEY_get0_RSA(k->pkey);
+	if (rsa == NULL)
+	{
+		return false;
+	}
+
 	// Hash the data
 	if (HashForSign(hash_data, sizeof(hash_data), data, data_size) == false)
 	{
 		return false;
 	}
 
+	rsa_size = RSA_size(rsa);
+	rsa_size = MAX(rsa_size, 1024); // For just in case
+	decrypt_data = ZeroMalloc(rsa_size);
+
 	// Decode the signature
-	if (RSA_public_decrypt(bits / 8, sign, decrypt_data, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
+	if (RSA_public_decrypt(bits / 8, sign, decrypt_data, rsa, RSA_PKCS1_PADDING) <= 0)
 	{
+		Free(decrypt_data);
 		return false;
 	}
 
 	// Comparison
 	if (Cmp(decrypt_data, hash_data, SIGN_HASH_SIZE) != 0)
 	{
+		Free(decrypt_data);
 		return false;
 	}
 
+	Free(decrypt_data);
+
 	return true;
 }
 
@@ -3684,6 +3701,10 @@ void FreeOpenSSLThreadState()
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_thread_state(NULL);
+#else
+#ifndef LIBRESSL_VERSION_NUMBER
+	OPENSSL_thread_stop();
+#endif
 #endif
 }
 
@@ -3704,7 +3725,9 @@ void FreeCryptLibrary()
 #ifdef OPENSSL_FIPS
 	FIPS_mode_set(0);
 #endif
+#ifndef OPENSSL_NO_ENGINE
 	ENGINE_cleanup();
+#endif
 	CONF_modules_unload(1);
 	EVP_cleanup();
 

src/Mayaqua/Mayaqua.c

@@ -566,15 +566,15 @@ void FreeMayaqua()
 	// Release of real-time clock
 	FreeTick64();
 
-	// Release of crypt library
-	FreeCryptLibrary();
-
 	// Release of the string library
 	FreeStringLibrary();
 
 	// Release of thread pool
 	FreeThreading();
 
+	// Release of crypt library
+	FreeCryptLibrary();
+
 	if (IsTrackingEnabled())
 	{
 		// Show the kernel status

src/Mayaqua/Network.c

@@ -12212,7 +12212,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		if (sock->Connected == false)
 		{
 			Unlock(sock->ssl_lock);
-			Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
+			Debug("%s %u SecureSend() Disconnect\n", __FILE__, __LINE__);
 			return 0;
 		}
 
@@ -12242,7 +12242,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 	if (ret == 0)
 	{
 		// Disconnect
-		Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
+		Debug("%s %u SecureSend() Disconnect\n", __FILE__, __LINE__);
 		Disconnect(sock);
 		return 0;
 	}
@@ -12257,7 +12257,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		}
 		Debug("%s %u e=%u\n", __FILE__, __LINE__, e);
 	}
-	//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
+	//Debug("%s %u SecureSend() Disconnect\n", __FILE__, __LINE__);
 	Disconnect(sock);
 	return 0;
 }

src/vpncmd/vpncmd.c

@@ -35,6 +35,9 @@ int main(int argc, char *argv[])
 
 #ifdef	OS_WIN32
 	SetConsoleTitleA(CEDAR_PRODUCT_STR " VPN Command Line Utility");
+#else
+	// For *nix, disable output buffering to allow for interactive use 
+	setbuf(stdout,NULL);
 #endif	// OS_WIN32
 
 #if defined(_DEBUG) || defined(DEBUG)	// In VC++ compilers, the macro is "_DEBUG", not "DEBUG".