CHANGE ERROR HANDLER FOR SSL ERROR: Change of indent

Fix hamcore access: Correcting path separator for hamcore.

.github/ISSUE_TEMPLATE.md

@@ -1,51 +0,0 @@
-Hi, there!
-
-Thank you for using SoftEther.
-
-If you are running SoftEther VPN 4.x (i.e. Stable Edition), please read the comparison with Developer Edition at: 
-
-https://github.com/SoftEtherVPN/SoftEtherVPN#comparison-with-stable-edition
-
-Before you submit an issue, please read the following:
-
-Is this a question?
-
-- If the answer is "yes", then please ask your question on [www.vpnusers.com](http://www.vpnusers.com).
-The issue section on GitHub is reserved for bugs and feature requests.
-
-- If the answer is "no", please read the following:
-
-We provide a template which is specifically made for bug reports, in order to be sure that the report includes enough details to be helpful.
-
-Please use or adapt it as needed.
-
----
-
-### Prerequisites
-
-* [ ] Can you reproduce?
-* [ ] Are you running the latest version of SoftEtherVPN?
-
-**SoftEther version:**
-**Component:** [Server, Client, Bridge, etc.]
-**Operating system:** [Windows, Linux, BSD, macOS, etc.]
-**Architecture:** [64 bit, 32 bit]
-
-[In case it's a computer with known specs, such as the Raspberry Pi, you can specify it omitting the details.]
-**Processor:** [Specify brand and model. Example: AMD Ryzen 7 1800x]
-
-### Description
-
-[Description of the bug]
-
-**Expected behavior:**
-[What you expected to happen]
-
-**Actual behavior:**
-[What actually happened]
-
-### Steps to reproduce
-
-1. [First step]
-2. [Second step]
-3. [And so on...]

.github/ISSUE_TEMPLATE/bug_report_or_issue_report.yml

@@ -0,0 +1,87 @@
+name: Bug Report or Issue Report
+description: File a bug report or an issue report
+labels: "needs-triage"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!         
+        We provide a template which is specifically made for bug reports, to be sure that the report includes enough details to be helpful.
+  
+  - type: checkboxes
+    attributes:
+      label: Are you using SoftEther VPN 5.x?
+      description: |
+        This issue tracker is for SoftEther VPN Developer Edition versioned 5.x.
+        Please report issues about SoftEther VPN Stable Edition versioned 4.x through the correct path.
+        See also [the top  of the issue tracker](https://github.com/SoftEtherVPN/SoftEtherVPN/issues/new/choose).
+      options:
+        - label: Yes, I'm using SoftEther VPN 5.x, not 4.x.
+          required: true
+
+  - type: input
+    attributes:
+      label: Version
+      description: |
+          The exact version you are using.
+          It would be very nice if you let us know version tag or commit hash.
+      placeholder: "5.02.5180 / 09b7e4f / 5.01.9674+git20200806+8181039+dfsg2-2build1"
+    
+  - type: dropdown
+    attributes:
+      label: Component
+      description: Which component did you encounter an issue with?
+      multiple: true
+      options:
+        - VPN Server
+        - VPN Bridge
+        - VPN Client
+        - VPN Tools
+        - Other
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Operating system & version
+      placeholder: "Windows 11 Pro 23H2 / Ubuntu 22.04 / FreeBSD 14.0 / macOS Sonoma / Independent"
+      description: |
+        Let us know about your operating system and version.
+    validations:
+      required: true
+      
+  - type: input
+    attributes:
+      label: Architecture or Hardware model
+      placeholder: "amd64 / aarch64 / Raspberry Pi 4B+ / Apple M2"
+      description: |
+        Necessary if your issue is architecture-specific.
+
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      placeholder: Having detailed steps helps us reproduce the bug.
+    validations:
+      required: true
+      
+  - type: textarea
+    attributes:
+      label: ✔️ Expected Behavior
+      placeholder: What do you expect to happen?
+    validations:
+      required: false
+      
+  - type: textarea
+    attributes:
+      label: ❌ Actual Behavior
+      placeholder: What happened actually?
+    validations:
+      required: false
+      
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Links? References?  
+        Anything that will give us more context about the issue you are encountering!
+  

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+contact_links:
+  - name: Are you using SoftEther VPN 4.x?
+    about: This repository is for SoftEther VPN 5.x Developer Edition, developed independently from SoftEther VPN 4.x. Visit vpnusers.com if you would like to report issues or ask questions about version 4.x!
+    url: https://www.vpnusers.com/
+
+  - name: Questions about SoftEtherVPN 5.x
+    about: Visit Discussions to ask community to help.
+    url: https://github.com/SoftEtherVPN/SoftEtherVPN/discussions/new?category=q-a

.gitignore

@@ -209,4 +209,4 @@ developer_tools/stbchecker/**/ASALocalRun/
 developer_tools/stbchecker/**/*.binlog
 developer_tools/stbchecker/**/*.nvuser
 developer_tools/stbchecker/**/.mfractor/
-
+/vcpkg_installed

CMakeLists.txt

@@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.10)
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")
 
 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5180")
+	set(BUILD_NUMBER "5182")
 endif()
 
 if (BUILD_NUMBER LESS 5180)

CMakeSettings.json

@@ -1,5 +1,5 @@
 {
-  "environments": [ { "BuildNumber": "5180" } ],
+  "environments": [ { "BuildNumber": "5182" } ],
   "configurations": [
     {
       "name": "x64-native",

src/BUILD_UNIX.md

@@ -228,7 +228,7 @@ You can write your own VPN Server management application in your favorite langua
 
 You can use any SoftEtherVPN component (server, client, bridge) without installing it, if you wish so.
 
-In this case please do not run the `make install` command after compiling the source code, and head directly to the **bin/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.
+In this case please do not run the `make install` command after compiling the source code, and head directly to the **build/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.
 
 ************************************
 Thank You Using SoftEther VPN !

src/Cedar/BridgeWin32.c

@@ -1161,7 +1161,8 @@ void Win32EthMakeCombinedName(char *dst, UINT dst_size, char *nicname, char *gui
 
 	if (IsEmptyStr(guid) == false)
 	{
-		Format(dst, dst_size, "%s (ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
+		// Allow to combine "FriendlyName" consisting of a NULL character and ID.
+		Format(dst, dst_size, "%s(ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
 	}
 	else
 	{
@@ -1185,18 +1186,19 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
 
 	len = StrLen(str);
 
-	if (len >= 16)
+	// Allow to combine "FriendlyName" consisting of a NULL character and ID beginning with "(ID=".
+	if (len >= 15)
 	{
-		StrCpy(id_str, sizeof(id_str), str + len - 16);
+		StrCpy(id_str, sizeof(id_str), str + len - 15);
 
-		if (StartWith(id_str, " (ID="))
+		if (StartWith(id_str, "(ID="))
 		{
 			if (EndWith(id_str, ")"))
 			{
 				char num[MAX_SIZE];
 
 				Zero(num, sizeof(num));
-				StrCpy(num, sizeof(num), id_str + 5);
+				StrCpy(num, sizeof(num), id_str + 4);
 
 				num[StrLen(num) - 1] = 0;
 
@@ -1204,7 +1206,7 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
 
 				if (ret != 0)
 				{
-					name[len - 16] = 0;
+					name[len - 15] = 0;
 				}
 			}
 		}
@@ -1346,6 +1348,8 @@ TOKEN_LIST *GetEthListEx(UINT *total_num_including_hidden, bool enum_normal, boo
 
 			Debug("%s - %s\n", a->Guid, a->Title);
 		}
+		// Make sure that "FriendlyName" does not cosist a NULL character.
+		Debug("%s,- s=%d, t=%s, %s,\n", a->Guid, show, tmp, a->Title[0] == 0 ? "check=NG FriendlyName(Title) is NULL !" : "check=OK");
 	}
 
 	*total_num_including_hidden = ret->NumTokens;
@@ -1405,7 +1409,7 @@ LIST *GetEthAdapterListInternal()
 	UINT size;
 	char *buf;
 	UINT i, j;
-	char *qos_tag = " (Microsoft's Packet Scheduler)";
+	char *qos_tag = "(Microsoft's Packet Scheduler)";	// Allow to combine "FriendlyName" consisting of a NULL character and QOS tag.
 	SU *su = NULL;
 	LIST *su_adapter_list = NULL;
 
@@ -1660,7 +1664,8 @@ ANSI_STR:
 				}
 				else
 				{
-					Format(tmp, sizeof(tmp), "%s (%u)", a->Title, k + 1);
+					// Allow to combine "FriendlyName" consisting of a NULL character and SEQ number.
+					Format(tmp, sizeof(tmp), "%s(%u)", a->Title, k + 1);
 				}
 
 				ok = true;

src/Cedar/IPC.c

@@ -1537,7 +1537,8 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
 								// Remove link-layer address options for Windows clients (required on Windows 11)
 								if (header_size > 0)
 								{
-									UCHAR *src = p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer + header_size;
+									//UCHAR *src = p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer + header_size;
+									UCHAR* src = (UCHAR *)p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer + header_size;// Cast the pointer to UCHAR *.
 									UINT opt_size = p->ICMPv6HeaderPacketInfo.DataSize - header_size;
 									UCHAR *dst = src;
 									UINT removed = 0;

src/Cedar/SeLowUser.c

@@ -753,11 +753,45 @@ LIST *SuGetAdapterList(SU *u)
 	for (i = 0;i < u->AdapterInfoList.NumAdapters;i++)
 	{
 		SL_ADAPTER_INFO *info = &u->AdapterInfoList.Adapters[i];
-		SU_ADAPTER_LIST *a = SuAdapterInfoToAdapterList(info);
 
-		if (a != NULL)
+		if (IsEmptyStr(info->FriendlyName))
 		{
-			Add(ret, a);
+			// Some NetAdapterCx drivers doesn't report the FriendlyName in the kernel mode.
+			// So we attempt to obtain the DriverDesc string from NetCfg registry key alternatively.
+			char regkey[MAX_PATH] = {0};
+			char tmp[MAX_PATH] = {0};
+			char adapter_guid[MAX_PATH] = {0};
+
+			UniToStr(adapter_guid, sizeof(adapter_guid), info->AdapterId + StrLen(SL_ADAPTER_ID_PREFIX));
+
+			if (GetClassRegKeyWin32(regkey, sizeof(regkey), tmp, sizeof(tmp), adapter_guid))
+			{
+				char *driver_desc = MsRegReadStrEx2(REG_LOCAL_MACHINE, regkey, "DriverDesc", false, true);
+
+				if (driver_desc != NULL)
+				{
+					StrCpy(info->FriendlyName, sizeof(info->FriendlyName), driver_desc);
+					Free(driver_desc);
+				}
+			}
+		}
+
+		{
+			SU_ADAPTER_LIST *a = SuAdapterInfoToAdapterList(info);
+
+			char macstr[128] = {0};
+			BinToStr(macstr, sizeof(macstr), info->MacAddress, sizeof(info->MacAddress));
+
+			if (a != NULL)
+			{
+				// Debug("SU: Adapter %u (OK): ID=%S, MAC=%s, FriendlyName=%s\n", i, info->AdapterId, macstr, info->FriendlyName);
+
+				Add(ret, a);
+			}
+			else
+			{
+				// Debug("SU: Adapter %u (NG): ID=%S, MAC=%s, FriendlyName=%s\n", i, info->AdapterId, macstr, info->FriendlyName);
+			}
 		}
 	}
 
@@ -827,7 +861,8 @@ SU_ADAPTER_LIST *SuAdapterInfoToAdapterList(SL_ADAPTER_INFO *info)
 	Copy(&t.Info, info, sizeof(SL_ADAPTER_INFO));
 
 	UniToStr(tmp, sizeof(tmp), info->AdapterId);
-	if (IsEmptyStr(tmp) || IsEmptyStr(info->FriendlyName) || StartWith(tmp, SL_ADAPTER_ID_PREFIX) == false)
+	// Make the NIC appear in the "Local Bridge Settings" list regardless of a NULL character consisted in "FriendlyName".
+	if (IsEmptyStr(tmp) || /* IsEmptyStr(info->FriendlyName) || */ StartWith(tmp, SL_ADAPTER_ID_PREFIX) == false)
 	{
 		// Name is invalid
 		return NULL;

src/Cedar/Session.c

@@ -615,7 +615,7 @@ void SessionMain(SESSION *s)
 					UINT max_conn = s->ClientOption->MaxConnection;
 
 					if ((s->CurrentConnectionEstablishTime +
-						(UINT64)(s->ClientOption->AdditionalConnectionInterval * 1000 * 2 + CONNECTING_TIMEOUT * 2))
+						(UINT64)(num_tcp_conn * s->ClientOption->AdditionalConnectionInterval * 1000 * 2 + CONNECTING_TIMEOUT * 2))
 						<= Tick64())
 					{
 						if (s->ClientOption->BindLocalPort != 0 || num_tcp_conn == 0)

src/Cedar/Virtual.c

@@ -9340,20 +9340,48 @@ UINT ServeDhcpDiscoverEx(VH *v, UCHAR *mac, UINT request_ip, bool is_static_ip)
 		return 0;
 	}
 
+	UINT ret = 0;
 	DHCP_LEASE *d = SearchDhcpLeaseByIp(v, request_ip);
+
 	if (d != NULL)
 	{
-		// The requested IP address is used already
-		return 0;
+		// If an entry for the same IP address already exists,
+		// check whether it is a request from the same MAC address
+		if (Cmp(mac, d->MacAddress, 6) == 0)
+		{
+			// Examine whether the specified IP address is within the range of static assignment
+			if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
+				Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+			{
+				// Accept if within the range of static assignment
+				ret = request_ip;
+			}
+		}
+		else {
+			// Duplicated IPV4 address found. The specified IP address is not available for use
+			char ipstr[MAX_HOST_NAME_LEN + 1] = { 0 };
+			char macstr[128] = { 0 };
+			IPToStr32(ipstr, sizeof(ipstr), request_ip);
+			MacToStr(macstr, sizeof(macstr), d->MacAddress);
+			Debug("Virtual DHC Server: Duplicated IP address detected. Static IP: %s, with the MAC: %s\n", ipstr, macstr);
+		}
 	}
-
-	// For static IP, the requested IP address must NOT be within the range of the DHCP pool
-	if (Endian32(request_ip) < Endian32(v->DhcpIpStart) || Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+	else
 	{
-		return request_ip;
+		// Examine whether the specified IP address is within the range of static assignment
+		if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
+			Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+		{
+			// Accept if within the range of static assignment
+			ret = request_ip;
+		}
+		else
+		{
+			// The specified IP address is not available for use
+		}
 	}
 
-	return 0;
+	return ret;
 }
 
 // Take an appropriate IP addresses that can be assigned newly
@@ -9540,6 +9568,11 @@ void VirtualDhcpServer(VH *v, PKT *p)
 			{
 				ip = ServeDhcpRequestEx(v, p->MacAddressSrc, opt->RequestedIp, ip_static);
 			}
+			// If the IP address in user's note is changed, then reply to DHCP_REQUEST with DHCP_NAK
+			if (p->L3.IPv4Header->SrcIP && ip != p->L3.IPv4Header->SrcIP)
+			{
+				ip = 0;
+			}
 		}
 
 		if (ip != 0 || opt->Opcode == DHCP_INFORM)
@@ -9552,6 +9585,14 @@ void VirtualDhcpServer(VH *v, PKT *p)
 				char client_mac[MAX_SIZE];
 				char client_ip[MAX_SIZE];
 
+				// If there is any entry with the same MAC address, then remove it
+				d = SearchDhcpLeaseByMac(v, p->MacAddressSrc);
+				if (d != NULL)
+				{
+					FreeDhcpLease(d);
+					Delete(v->DhcpLeaseList, d);
+				}
+
 				// Remove old records with the same IP address
 				d = SearchDhcpLeaseByIp(v, ip);
 				if (d != NULL)
@@ -9710,36 +9751,40 @@ void VirtualDhcpServer(VH *v, PKT *p)
 		}
 		else
 		{
-			// There is no IP address that can be provided
-			DHCP_OPTION_LIST ret;
-			LIST *o;
-			Zero(&ret, sizeof(ret));
-
-			ret.Opcode = DHCP_NACK;
-			ret.ServerAddress = v->HostIP;
-			StrCpy(ret.DomainName, sizeof(ret.DomainName), v->DhcpDomain);
-			ret.SubnetMask = v->DhcpMask;
-
-			// Build the DHCP option
-			o = BuildDhcpOption(&ret);
-			if (o != NULL)
+			// Reply of DHCP_REQUEST must be either DHCP_ACK or DHCP_NAK
+			if (opt->Opcode == DHCP_REQUEST)
 			{
-				BUF *b = BuildDhcpOptionsBuf(o);
-				if (b != NULL)
-				{
-					UINT dest_ip = p->L3.IPv4Header->SrcIP;
-					if (dest_ip == 0)
-					{
-						dest_ip = 0xffffffff;
-					}
-					// Transmission
-					VirtualDhcpSend(v, tran_id, dest_ip, Endian16(p->L4.UDPHeader->SrcPort),
-					                ip, dhcp->ClientMacAddress, b, dhcp->HardwareType, dhcp->HardwareAddressSize);
+				// There is no IP address that can be provided
+				DHCP_OPTION_LIST ret;
+				LIST *o;
+				Zero(&ret, sizeof(ret));
 
-					// Release the memory
-					FreeBuf(b);
+				ret.Opcode = DHCP_NACK;
+				ret.ServerAddress = v->HostIP;
+				StrCpy(ret.DomainName, sizeof(ret.DomainName), v->DhcpDomain);
+				ret.SubnetMask = v->DhcpMask;
+
+				// Build the DHCP option
+				o = BuildDhcpOption(&ret);
+				if (o != NULL)
+				{
+					BUF *b = BuildDhcpOptionsBuf(o);
+					if (b != NULL)
+					{
+						UINT dest_ip = p->L3.IPv4Header->SrcIP;
+						if (dest_ip == 0)
+						{
+							dest_ip = 0xffffffff;
+						}
+						// Transmission
+						VirtualDhcpSend(v, tran_id, dest_ip, Endian16(p->L4.UDPHeader->SrcPort),
+							ip, dhcp->ClientMacAddress, b, dhcp->HardwareType, dhcp->HardwareAddressSize);
+
+						// Release the memory
+						FreeBuf(b);
+					}
+					FreeDhcpOptions(o);
 				}
-				FreeDhcpOptions(o);
 			}
 		}
 	}

src/Mayaqua/FileIO.c

@@ -2124,6 +2124,24 @@ IO *FileOpenEx(char *name, bool write_mode, bool read_lock)
 
 	return ret;
 }
+
+// Replace the specified character in the string with a new character
+wchar_t *UniReplaceCharW(wchar_t *src, UINT size, wchar_t c, wchar_t  newc) {
+	if (src == NULL)
+	{
+		return NULL;
+	}
+	for (; *src; src++, size -= sizeof(wchar_t)) {
+		if (size < sizeof(wchar_t)) {
+			break;
+		}
+		if (*src == c) {
+			*src = newc;
+		}
+	}
+	return (wchar_t *)src;
+}
+
 IO *FileOpenExW(wchar_t *name, bool write_mode, bool read_lock)
 {
 	wchar_t tmp[MAX_SIZE];
@@ -2140,9 +2158,12 @@ IO *FileOpenExW(wchar_t *name, bool write_mode, bool read_lock)
 		IO *o = ZeroMalloc(sizeof(IO));
 		name++;
 		UniStrCpy(o->NameW, sizeof(o->NameW), name);
+#ifdef	OS_WIN32
+		UniReplaceCharW(o->NameW, sizeof(o->NameW), L'\\', L'/');		// Path separator "/" is used.
+#endif	// OS_WIN32
 		UniToStr(o->Name, sizeof(o->Name), o->NameW);
 		o->HamMode = true;
-		o->HamBuf = ReadHamcoreW(name);
+		o->HamBuf = ReadHamcoreW(o->NameW);
 		if (o->HamBuf == NULL)
 		{
 			Free(o);

src/Mayaqua/Microsoft.c

@@ -2568,6 +2568,7 @@ MS_ADAPTER_LIST *MsCreateAdapterListInnerExVista(bool no_info)
 				UniStrCpy(a->TitleW, sizeof(a->TitleW), title);
 				UniToStr(a->Title, sizeof(a->Title), title);
 				a->Index = r->InterfaceIndex;
+				a->MediaConnectState = r->MediaConnectState;
 				a->Type = r->Type;
 				a->Status = ConvertMidStatusVistaToXp(r->OperStatus);
 				a->Mtu = r->Mtu;

src/Mayaqua/Microsoft.h

@@ -281,6 +281,7 @@ typedef struct MS_ADAPTER
 	char Title[MAX_PATH];			// Display name
 	wchar_t TitleW[MAX_PATH];		// Display Name (Unicode)
 	UINT Index;						// Index
+	UINT MediaConnectState;			// Media Connect State
 	UINT Type;						// Type
 	UINT Status;					// Status
 	UINT Mtu;						// MTU

src/Mayaqua/Network.c

@@ -540,6 +540,13 @@ LIST *Win32GetNicList()
 
 		if (a->Type == 6 && a->AddressSize == 6)
 		{
+			// If the connection state of the interface is unknown, then exclude it.
+			// Unknown means that the device is not plugged into the local host.
+			if (a->MediaConnectState == MediaConnectStateUnknown)
+			{
+				continue;
+			}
+
 			NIC_ENTRY *e = ZeroMalloc(sizeof(NIC_ENTRY));
 
 			StrCpy(e->IfName, sizeof(e->IfName), a->Title);
@@ -12281,6 +12288,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			ret = SSL_peek(ssl, &c, sizeof(c));
 		}
 		Unlock(sock->ssl_lock);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+		// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+		// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+		// > You should instead call SSL_get_error() to find out if it's retryable.
 		if (ret == 0)
 		{
 			// The communication have been disconnected
@@ -12288,7 +12300,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 			return 0;
 		}
-		if (ret < 0)
+#endif
+		if (ret <= 0)
 		{
 			// An error has occurred
 			e = SSL_get_error(ssl, ret);
@@ -12296,14 +12309,16 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			{
 				if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-				        &&
-				        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-				        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-				        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+					&&
+					sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+					sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+					sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-				   )
+					)
 				{
-					Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+					UINT ssl_err_no = ERR_get_error();
+
+					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 					Disconnect(sock);
 					return 0;
 				}
@@ -12330,14 +12345,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-// Run the time-out thread for SOLARIS
+		// Run the time-out thread for SOLARIS
 #ifdef UNIX_SOLARIS
 		ttparam = NewSocketTimeout(sock);
 #endif // UNIX_SOLARIS
 
 		ret = SSL_read(ssl, data, size);
 
-// Stop the timeout thread
+		// Stop the timeout thread
 #ifdef UNIX_SOLARIS
 		FreeSocketTimeout(ttparam);
 #endif // UNIX_SOLARIS
@@ -12350,7 +12365,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12373,6 +12392,12 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+	// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+	// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+	// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+	// > You should instead call SSL_get_error() to find out if it's retryable.
 	if (ret == 0)
 	{
 		// Disconnect the communication
@@ -12380,20 +12405,24 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 		return 0;
 	}
+#endif
+
 	if (sock->AsyncMode)
 	{
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
 			if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-			        &&
-			        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-			        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-			        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+				&&
+				sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+				sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+				sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-			   )
+				)
 			{
-				Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+				UINT ssl_err_no = ERR_get_error();
+
+				Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 				Disconnect(sock);
 				return 0;
 			}
@@ -12431,7 +12460,11 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		}
 
 		ret = SSL_write(ssl, data, size);
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12453,6 +12486,8 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		sock->WriteBlocked = false;
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 	if (ret == 0)
 	{
 		// Disconnect
@@ -12460,6 +12495,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		Disconnect(sock);
 		return 0;
 	}
+#endif
 
 	if (sock->AsyncMode)
 	{

src/Mayaqua/TcpIp.c

@@ -4168,6 +4168,7 @@ BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size)
 	LIST *opt_list2 = NULL;
 	UINT src_size = size;
 	UINT i;
+	UINT dhcp_min_size;
 	// Validate arguments
 	if (m == NULL || data == NULL || size == 0)
 	{
@@ -4270,11 +4271,13 @@ BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size)
 		// Rewrite if anything changes. Do not rewrite if there is no change
 		ret_ok = true;
 
-		if (ret->Size < DHCP_MIN_SIZE)
+		// If src_size is greater than DHCP_MIN_SIZE, then use the src_size as minimum size of DHCP.
+		dhcp_min_size = MAX(src_size, DHCP_MIN_SIZE);
+		if (ret->Size < dhcp_min_size)
 		{
 			// Padding
 			UCHAR *pad_buf;
-			UINT pad_size = DHCP_MIN_SIZE - ret->Size;
+			UINT pad_size = dhcp_min_size - ret->Size;
 
 			pad_buf = ZeroMalloc(pad_size);
 

src/Mayaqua/pkcs11f.h

@@ -73,7 +73,7 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
 (
   CK_BBOOL       tokenPresent,  /* only slots with tokens? */
   CK_SLOT_ID_PTR pSlotList,     /* receives array of slot IDs */
-  CK_ULONG_PTR   pulCount       /* receives number of slots */
+  CK_UINT_PTR   pulCount       /* receives number of slots */
 );
 #endif
 
@@ -351,7 +351,7 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjects)
  CK_SESSION_HANDLE    hSession,          /* session's handle */
  CK_OBJECT_HANDLE_PTR phObject,          /* gets obj. handles */
  CK_ULONG             ulMaxObjectCount,  /* max handles to get */
- CK_ULONG_PTR         pulObjectCount     /* actual # returned */
+ CK_UINT_PTR         pulObjectCount     /* actual # returned */
 );
 #endif
 
@@ -558,7 +558,7 @@ CK_PKCS11_FUNCTION_INFO(C_Sign)
   CK_BYTE_PTR       pData,           /* the data to sign */
   CK_ULONG          ulDataLen,       /* count of bytes to sign */
   CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
+  CK_UINT_PTR      pulSignatureLen  /* gets signature length */
 );
 #endif
 

src/Mayaqua/pkcs11t.h

@@ -51,6 +51,8 @@ typedef CK_BYTE           CK_BBOOL;
 /* an unsigned value, at least 32 bits long */
 typedef unsigned long int CK_ULONG;
 
+typedef unsigned int CK_UINT;
+
 /* a signed value, the same size as a CK_ULONG */
 /* CK_LONG is new for v2.0 */
 typedef long int          CK_LONG;
@@ -68,6 +70,7 @@ typedef CK_BYTE     CK_PTR   CK_BYTE_PTR;
 typedef CK_CHAR     CK_PTR   CK_CHAR_PTR;
 typedef CK_UTF8CHAR CK_PTR   CK_UTF8CHAR_PTR;
 typedef CK_ULONG    CK_PTR   CK_ULONG_PTR;
+typedef CK_UINT     CK_PTR   CK_UINT_PTR;
 typedef void        CK_PTR   CK_VOID_PTR;
 
 /* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
@@ -110,7 +113,7 @@ typedef CK_ULONG CK_NOTIFICATION;
 #define CKN_SURRENDER       0
 
 
-typedef CK_ULONG          CK_SLOT_ID;
+typedef CK_UINT          CK_SLOT_ID;
 
 typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
 
@@ -262,7 +265,7 @@ typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
 
 /* CK_SESSION_HANDLE is a Cryptoki-assigned value that
  * identifies a session */
-typedef CK_ULONG          CK_SESSION_HANDLE;
+typedef CK_UINT          CK_SESSION_HANDLE;
 
 typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; 
 
@@ -310,7 +313,7 @@ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
 
 /* CK_OBJECT_HANDLE is a token-specific identifier for an
  * object  */
-typedef CK_ULONG          CK_OBJECT_HANDLE;
+typedef CK_UINT          CK_OBJECT_HANDLE;
 
 typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;