diff options
Diffstat (limited to 'src/Mayaqua')
| -rw-r--r-- | src/Mayaqua/Encrypt.c | 62 | ||||
| -rw-r--r-- | src/Mayaqua/Encrypt.h | 6 | ||||
| -rw-r--r-- | src/Mayaqua/Kernel.c | 26 | ||||
| -rw-r--r-- | src/Mayaqua/MayaType.h | 5 | ||||
| -rw-r--r-- | src/Mayaqua/Mayaqua.c | 2 | ||||
| -rw-r--r-- | src/Mayaqua/Mayaqua.h | 1 | ||||
| -rw-r--r-- | src/Mayaqua/Memory.c | 243 | ||||
| -rw-r--r-- | src/Mayaqua/Memory.h | 43 | ||||
| -rw-r--r-- | src/Mayaqua/Network.c | 78 | ||||
| -rw-r--r-- | src/Mayaqua/Tick64.c | 17 | ||||
| -rw-r--r-- | src/Mayaqua/Tick64.h | 1 | ||||
| -rw-r--r-- | src/Mayaqua/Unix.c | 62 | ||||
| -rw-r--r-- | src/Mayaqua/Unix.h | 1 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/cmp.h | 23 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/cmperr.h | 6 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/cmserr.h | 1 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/dsaerr.h | 3 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/ecerr.h | 3 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/opensslv.h | 10 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/sslerr.h | 1 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/trace.h | 8 | ||||
| -rw-r--r-- | src/Mayaqua/win32_inc/openssl/x509v3.h | 4 |
22 files changed, 497 insertions, 109 deletions
diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index f6fe91be..d4641449 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -1552,7 +1552,8 @@ void CertTest_() // Hash a pointer to a 32-bit
UINT HashPtrToUINT(void *p)
{
- UCHAR hash_data[MD5_SIZE];
+ UCHAR hash_data[SHA256_SIZE];
+ UCHAR hash_src[CANARY_RAND_SIZE + sizeof(void *)];
UINT ret;
// Validate arguments
if (p == NULL)
@@ -1560,7 +1561,11 @@ UINT HashPtrToUINT(void *p) return 0;
}
- Hash(hash_data, &p, sizeof(p), false);
+ Zero(hash_src, sizeof(hash_src));
+ Copy(hash_src + 0, GetCanaryRand(CANARY_RAND_ID_PTR_KEY_HASH), CANARY_RAND_SIZE);
+ Copy(hash_src + CANARY_RAND_SIZE, p, sizeof(void *));
+
+ HashSha256(hash_data, hash_src, sizeof(hash_src));
Copy(&ret, hash_data, sizeof(ret));
@@ -6967,6 +6972,59 @@ crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c, return ret;
}
+// OpenSSL 3.0.0 to 3.0.2 has a bug with RC4-MD5.
+// See: https://github.com/openssl/openssl/issues/13363 https://github.com/openssl/openssl/pull/13378
+
+static bool ssl_is_rc4md5_buggy_version = false;
+static bool ssl_has_cache_is_rc4md5_buggy_version = false;
+
+bool IsSslLibVersionBuggyForRc4Md5()
+{
+ bool ret = false;
+ if (ssl_has_cache_is_rc4md5_buggy_version)
+ {
+ return ssl_is_rc4md5_buggy_version;
+ }
+
+ ret = IsSslLibVersionBuggyForRc4Md5_Internal();
+
+ ssl_is_rc4md5_buggy_version = ret;
+ ssl_has_cache_is_rc4md5_buggy_version = true;
+
+ return ret;
+}
+
+bool IsSslLibVersionBuggyForRc4Md5_Internal()
+{
+ UINT verint = 0;
+ UINT ver_major = 0;
+ UINT ver_minor = 0;
+ UINT ver_fix = 0;
+ UINT ver_patch = 0;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ DoNothing();
+#else // OPENSSL_VERSION_NUMBER
+ verint = OpenSSL_version_num();
+
+ ver_major = (verint >> 28) & 0x0F;
+ ver_minor = (verint >> 20) & 0xFF;
+ ver_fix = (verint >> 12) & 0xFF;
+ ver_patch = (verint >> 4) & 0xFF;
+#endif // OPENSSL_VERSION_NUMBER
+
+ if (ver_major == 3 && ver_minor == 0)
+ {
+ if (ver_patch <= 2)
+ {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+
static char ssl_version_cache[MAX_PATH] = CLEAN;
void GetSslLibVersion(char *str, UINT size)
diff --git a/src/Mayaqua/Encrypt.h b/src/Mayaqua/Encrypt.h index 4a22b428..94b46f49 100644 --- a/src/Mayaqua/Encrypt.h +++ b/src/Mayaqua/Encrypt.h @@ -144,9 +144,7 @@ void RAND_Free_For_SoftEther(); // OpenSSL default cipher algorithms
#define OPENSSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
-// OpenSSL 3.x has a bug. https://github.com/openssl/openssl/issues/13363 https://github.com/openssl/openssl/pull/13378
-// At 2021-09-08 this bug is reported as fixed on Github, but actually still exists on RC4-MD5.
-// So, with OpenSSL 3.0 we manually disable RC4-MD5 by default on both SSL server and SSL client.
+// OpenSSL 3.0.0 to 3.0.2 has a bug with RC4-MD5. https://github.com/openssl/openssl/issues/13363 https://github.com/openssl/openssl/pull/13378
#define OPENSSL_DEFAULT_CIPHER_LIST_NO_RC4_MD5 (OPENSSL_DEFAULT_CIPHER_LIST ":!RC4-MD5")
// IANA definitions taken from IKEv1 Phase 1
@@ -668,6 +666,8 @@ void Aead_ChaCha20Poly1305_Ietf_Test(); void GetSslLibVersion(char *str, UINT size);
void GetSslLibVersion_Internal(char *str, UINT size);
+bool IsSslLibVersionBuggyForRc4Md5();
+bool IsSslLibVersionBuggyForRc4Md5_Internal();
diff --git a/src/Mayaqua/Kernel.c b/src/Mayaqua/Kernel.c index 2edc142e..47bce23d 100644 --- a/src/Mayaqua/Kernel.c +++ b/src/Mayaqua/Kernel.c @@ -2401,10 +2401,34 @@ void AbortExitEx(char *msg) msg = "Unknown Error";
}
- f = fopen("abort_error_log.txt", "w");
+ f = fopen("abort_error_log.txt", "a");
if (f != NULL)
{
+ SYSTEMTIME time = CLEAN;
+ char time_str[128] = CLEAN;
+ char* crlf = "\r\n";
+ char* tag = "---------";
+
+ LocalTime(&time);
+
+ sprintf(time_str, "%04u-%02u-%02u %02u:%02u:%02u",
+ time.wYear, time.wMonth, time.wDay,
+ time.wHour, time.wMinute, time.wSecond);
+
+ fwrite(tag, 1, strlen(tag), f);
+
+ fwrite(crlf, 1, strlen(crlf), f);
+
+ fwrite(time_str, 1, strlen(time_str), f);
+
+ fwrite(crlf, 1, strlen(crlf), f);
+
fwrite(msg, 1, strlen(msg), f);
+
+ fwrite(crlf, 1, strlen(crlf), f);
+
+ fwrite(crlf, 1, strlen(crlf), f);
+
fclose(f);
}
diff --git a/src/Mayaqua/MayaType.h b/src/Mayaqua/MayaType.h index abd1037f..809cbc53 100644 --- a/src/Mayaqua/MayaType.h +++ b/src/Mayaqua/MayaType.h @@ -218,7 +218,7 @@ typedef int (COMPARE)(void *p1, void *p2); #define GET_ABS(a) ((a) >= 0 ? (a) : -(a))
// Convert the pointer to UINT
-#define POINTER_TO_KEY(p) ((sizeof(void *) == sizeof(UINT)) ? (UINT)(p) : HashPtrToUINT(p))
+#define POINTER_TO_KEY(p) (HashPtrToUINT(p))
// Compare the pointer and UINT
#define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i))
// Convert the pointer to UINT64
@@ -411,7 +411,8 @@ typedef struct TRACKING_LIST TRACKING_LIST; typedef struct IO IO;
// Memory.h
-typedef struct MEMTAG MEMTAG;
+typedef struct MEMTAG1 MEMTAG1;
+typedef struct MEMTAG2 MEMTAG2;
typedef struct BUF BUF;
typedef struct FIFO FIFO;
typedef struct LIST LIST;
diff --git a/src/Mayaqua/Mayaqua.c b/src/Mayaqua/Mayaqua.c index dbe6c67d..5d7a9a51 100644 --- a/src/Mayaqua/Mayaqua.c +++ b/src/Mayaqua/Mayaqua.c @@ -159,6 +159,8 @@ void InitProcessCallOnceEx(int restricted_mode) {
init_proc_once_flag = true;
+ InitCanaryRand();
+
#ifdef OS_WIN32
MsInitProcessCallOnce(restricted_mode);
#endif // OS_WIN32
diff --git a/src/Mayaqua/Mayaqua.h b/src/Mayaqua/Mayaqua.h index 6330f435..6c05a5f3 100644 --- a/src/Mayaqua/Mayaqua.h +++ b/src/Mayaqua/Mayaqua.h @@ -119,7 +119,6 @@ #define DONT_USE_KERNEL_STATUS // Do not update the kernel status
#define WIN32_USE_HEAP_API_FOR_MEMORY // Use the heap API to allocate memory
#define WIN32_NO_DEBUG_HELP_DLL // Do not call the DLL for debugging
-#define DONT_CHECK_HEAP // Do not check the status of the heap
#define DONT_ALLOW_RUN_ON_DEBUGGER // Do not allow running on the debugger
#endif // VPN_SPEED
diff --git a/src/Mayaqua/Memory.c b/src/Mayaqua/Memory.c index f9e0dfde..dc9abd8b 100644 --- a/src/Mayaqua/Memory.c +++ b/src/Mayaqua/Memory.c @@ -127,6 +127,105 @@ static UINT fifo_current_realloc_mem_size = FIFO_REALLOC_MEM_SIZE; static ACTIVE_PATCH_ENTRY ActivePatchList[MAX_ACTIVE_PATCH] = CLEAN;
+static bool canary_inited = false;
+typedef struct CANARY_RAND_DATA
+{
+ UCHAR Data[CANARY_RAND_SIZE + 4];
+} CANARY_RAND_DATA;
+
+static CANARY_RAND_DATA canary_rand_data[NUM_CANARY_RAND] = CLEAN;
+
+static UINT64 canary_memtag_magic1 = 0;
+static UINT64 canary_memtag_magic2 = 0;
+
+UCHAR *GetCanaryRand(UINT id)
+{
+ if (id >= NUM_CANARY_RAND)
+ {
+ id = NUM_CANARY_RAND - 1;
+ }
+
+ return &((canary_rand_data[id].Data)[0]);
+}
+
+void InitCanaryRand()
+{
+ SYSTEMTIME st = CLEAN;
+ char random_seed[1024] = CLEAN;
+ UINT64 t1 = 0, t2 = 0;
+ if (canary_inited)
+ {
+ return;
+ }
+
+#ifdef OS_WIN32
+ Win32GetSystemTime(&st);
+ memcpy(&t1, ((UCHAR *)&st) + 0, 8);
+ memcpy(&t2, ((UCHAR *)&st) + 8, 8);
+#else // OS_WIN32
+ struct timeval tv = CLEAN;
+ struct timezone tz = CLEAN;
+ gettimeofday(&tv, &tz);
+ t1 = (UINT64)tv.tv_sec;
+ t2 = (UINT64)tv.tv_usec;
+#endif // OS_WIN32
+
+ {
+ UINT64 dos_rand = (UINT64)rand();
+ UINT64 tick1 = TickHighresNano64(true);
+ UINT64 tick2 = TickHighresNano64(true);
+
+ UINT i;
+
+ void *p1 = malloc(1);
+ void *p2 = malloc(1);
+
+ for (i = 0;i < NUM_CANARY_RAND;i++)
+ {
+ // using sprintf() here is safe.
+ sprintf(random_seed,
+ "%u "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%llu "
+ "%u "
+ ,
+ i,
+ (UINT64)InitCanaryRand,
+ (UINT64)&canary_inited,
+ (UINT64)&((canary_rand_data[0].Data)[0]),
+ (UINT64)&random_seed[0],
+ tick1,
+ tick2,
+ dos_rand,
+ (UINT64)p1,
+ (UINT64)p2,
+ t1,
+ t2,
+ ~i
+ );
+
+ Hash(canary_rand_data[i].Data, random_seed, (UINT)strlen(random_seed), true);
+ }
+
+ free(p1);
+ free(p2);
+
+ canary_memtag_magic1 = *((UINT64 *)(GetCanaryRand(CANARY_RAND_ID_MEMTAG_MAGIC) + 0));
+ canary_memtag_magic2 = *((UINT64 *)(GetCanaryRand(CANARY_RAND_ID_MEMTAG_MAGIC) + 8));
+
+ canary_inited = true;
+ }
+}
+
// Add active patch
bool Vars_ActivePatch_AddStr(char* name, char* str_value)
{
@@ -3923,6 +4022,10 @@ void AdjustBufSize(BUF *b, UINT new_size) while (b->SizeReserved < new_size)
{
+ if (b->SizeReserved > 0x7FFFFFFF)
+ {
+ AbortExitEx("AdjustBufSize(): too large buffer size");
+ }
b->SizeReserved = b->SizeReserved * 2;
}
b->Buf = ReAlloc(b->Buf, b->SizeReserved);
@@ -4556,33 +4659,52 @@ void *Malloc(UINT size) }
void *MallocEx(UINT size, bool zero_clear_when_free)
{
- MEMTAG *tag;
+ MEMTAG1 *tag1;
+ MEMTAG2 *tag2;
UINT real_size;
+ if (canary_inited == false)
+ {
+ InitCanaryRand();
+ }
+
+ if (size > MAX_MALLOC_MEM_SIZE)
+ {
+ AbortExitEx("MallocEx() error: too large size");
+ }
+
real_size = CALC_MALLOCSIZE(size);
- tag = InternalMalloc(real_size);
+ tag1 = InternalMalloc(real_size);
+
+ tag1->Magic = canary_memtag_magic1 ^ ((UINT64)tag1 * GOLDEN_RATION_PRIME_U64);
+ tag1->Size = size;
+ tag1->ZeroFree = zero_clear_when_free;
- Zero(tag, sizeof(MEMTAG));
- tag->Magic = MEMTAG_MAGIC;
- tag->Size = size;
- tag->ZeroFree = zero_clear_when_free;
+ tag2 = (MEMTAG2 *)(((UCHAR *)tag1) + CALC_MALLOCSIZE(tag1->Size) - sizeof(MEMTAG2));
+ tag2->Magic = canary_memtag_magic2 ^ ((UINT64)tag2 * GOLDEN_RATION_PRIME_U64);
- return MEMTAG_TO_POINTER(tag);
+ return MEMTAG1_TO_POINTER(tag1);
}
// Get memory size
UINT GetMemSize(void *addr)
{
- MEMTAG *tag;
+ MEMTAG1 *tag;
+
+ if (canary_inited == false)
+ {
+ InitCanaryRand();
+ }
+
// Validate arguments
if (IS_NULL_POINTER(addr))
{
return 0;
}
- tag = POINTER_TO_MEMTAG(addr);
- CheckMemTag(tag);
+ tag = POINTER_TO_MEMTAG1(addr);
+ CheckMemTag1(tag);
return tag->Size;
}
@@ -4590,20 +4712,35 @@ UINT GetMemSize(void *addr) // ReAlloc
void *ReAlloc(void *addr, UINT size)
{
- MEMTAG *tag;
+ MEMTAG1 *tag1;
+ MEMTAG2 *tag2;
bool zerofree;
+
+ if (canary_inited == false)
+ {
+ InitCanaryRand();
+ }
+
+ if (size > MAX_MALLOC_MEM_SIZE)
+ {
+ AbortExitEx("ReAlloc() error: too large size");
+ }
+
// Validate arguments
if (IS_NULL_POINTER(addr))
{
return NULL;
}
- tag = POINTER_TO_MEMTAG(addr);
- CheckMemTag(tag);
+ tag1 = POINTER_TO_MEMTAG1(addr);
+ CheckMemTag1(tag1);
+
+ tag2 = (MEMTAG2 *)(((UCHAR *)tag1) + CALC_MALLOCSIZE(tag1->Size) - sizeof(MEMTAG2));
+ CheckMemTag2(tag2);
- zerofree = tag->ZeroFree;
+ zerofree = tag1->ZeroFree;
- if (tag->Size == size)
+ if (tag1->Size == size)
{
// No size change
return addr;
@@ -4615,10 +4752,10 @@ void *ReAlloc(void *addr, UINT size) // Size changed (zero clearing required)
void *new_p = MallocEx(size, true);
- if (tag->Size <= size)
+ if (tag1->Size <= size)
{
// Size expansion
- Copy(new_p, addr, tag->Size);
+ Copy(new_p, addr, tag1->Size);
}
else
{
@@ -4634,13 +4771,22 @@ void *ReAlloc(void *addr, UINT size) else
{
// Size changed
- MEMTAG *tag2 = InternalReAlloc(tag, CALC_MALLOCSIZE(size));
+ MEMTAG1 *tag1_new;
+ MEMTAG2 *tag2_new;
+
+ tag1->Magic = 0;
+ tag2->Magic = 0;
+
+ tag1_new = InternalReAlloc(tag1, CALC_MALLOCSIZE(size));
- Zero(tag2, sizeof(MEMTAG));
- tag2->Magic = MEMTAG_MAGIC;
- tag2->Size = size;
+ tag1_new->Magic = canary_memtag_magic1 ^ ((UINT64)tag1_new * GOLDEN_RATION_PRIME_U64);
+ tag1_new->Size = size;
+ tag1_new->ZeroFree = 0;
- return MEMTAG_TO_POINTER(tag2);
+ tag2_new = (MEMTAG2 *)(((UCHAR *)tag1_new) + CALC_MALLOCSIZE(size) - sizeof(MEMTAG2));
+ tag2_new->Magic = canary_memtag_magic2 ^ ((UINT64)tag2_new * GOLDEN_RATION_PRIME_U64);
+
+ return MEMTAG1_TO_POINTER(tag1_new);
}
}
}
@@ -4648,44 +4794,69 @@ void *ReAlloc(void *addr, UINT size) // Free
void Free(void *addr)
{
- MEMTAG *tag;
+ MEMTAG1 *tag1;
+ MEMTAG2 *tag2;
// Validate arguments
if (IS_NULL_POINTER(addr))
{
return;
}
- tag = POINTER_TO_MEMTAG(addr);
- CheckMemTag(tag);
+ if (canary_inited == false)
+ {
+ InitCanaryRand();
+ }
+
+ tag1 = POINTER_TO_MEMTAG1(addr);
+ CheckMemTag1(tag1);
+
+ tag2 = (MEMTAG2 *)(((UCHAR *)tag1) + CALC_MALLOCSIZE(tag1->Size) - sizeof(MEMTAG2));
+ CheckMemTag2(tag2);
- if (tag->ZeroFree)
+ if (tag1->ZeroFree)
{
// Zero clear
- Zero(addr, tag->Size);
+ Zero(addr, tag1->Size);
}
// Memory release
- tag->Magic = 0;
- InternalFree(tag);
+ tag1->Magic = 0;
+ tag2->Magic = 0;
+ InternalFree(tag1);
+}
+
+// Check the memtag1
+void CheckMemTag1(MEMTAG1 *tag)
+{
+ // Validate arguments
+ if (tag == NULL)
+ {
+ AbortExitEx("CheckMemTag1: tag1 == NULL");
+ return;
+ }
+
+ if (tag->Magic != (canary_memtag_magic1 ^ ((UINT64)tag * GOLDEN_RATION_PRIME_U64)))
+ {
+ AbortExitEx("CheckMemTag1: tag1->Magic != canary_memtag_magic1");
+ return;
+ }
}
-// Check the memtag
-void CheckMemTag(MEMTAG *tag)
+// Check the memtag2
+void CheckMemTag2(MEMTAG2 *tag)
{
-#ifndef DONT_CHECK_HEAP
// Validate arguments
if (tag == NULL)
{
- AbortExitEx("CheckMemTag: tag == NULL");
+ AbortExitEx("CheckMemTag2: tag2 == NULL");
return;
}
- if (tag->Magic != MEMTAG_MAGIC)
+ if (tag->Magic != (canary_memtag_magic2 ^ ((UINT64)tag * GOLDEN_RATION_PRIME_U64)))
{
- AbortExitEx("CheckMemTag: tag->Magic != MEMTAG_MAGIC");
+ AbortExitEx("CheckMemTag2: tag2->Magic != canary_memtag_magic2");
return;
}
-#endif // DONT_CHECK_HEAP
}
// ZeroMalloc
diff --git a/src/Mayaqua/Memory.h b/src/Mayaqua/Memory.h index 1e71b72d..7ee137b3 100644 --- a/src/Mayaqua/Memory.h +++ b/src/Mayaqua/Memory.h @@ -109,16 +109,20 @@ #define MallocFast Malloc
#define ZeroMallocFast ZeroMalloc
+#define MAX_MALLOC_MEM_SIZE (0xffffffff - 64)
+
// Memory size that can be passed to the kernel at a time
#define MAX_SEND_BUF_MEM_SIZE (10 * 1024 * 1024)
-// The magic number for memory tag
-#define MEMTAG_MAGIC 0x49414449
+#define CALC_MALLOCSIZE(size) (((MAX(size, 1) + 7) / 8) * 8 + sizeof(MEMTAG1) + sizeof(MEMTAG2))
+#define MEMTAG1_TO_POINTER(p) ((void *)(((UCHAR *)(p)) + sizeof(MEMTAG1)))
+#define POINTER_TO_MEMTAG1(p) ((MEMTAG1 *)(((UCHAR *)(p)) - sizeof(MEMTAG1)))
+#define IS_NULL_POINTER(p) (((p) == NULL) || ((POINTER_TO_UINT64(p) == (UINT64)sizeof(MEMTAG1))))
-#define CALC_MALLOCSIZE(size) ((MAX(size, 1)) + sizeof(MEMTAG))
-#define MEMTAG_TO_POINTER(p) ((void *)(((UCHAR *)(p)) + sizeof(MEMTAG)))
-#define POINTER_TO_MEMTAG(p) ((MEMTAG *)(((UCHAR *)(p)) - sizeof(MEMTAG)))
-#define IS_NULL_POINTER(p) (((p) == NULL) || ((POINTER_TO_UINT64(p) == (UINT64)sizeof(MEMTAG))))
+// Golden Ratio Prime
+// From https://github.com/torvalds/linux/blob/88c5083442454e5e8a505b11fa16f32d2879651e/include/linux/hash.h
+#define GOLDEN_RATION_PRIME_U32 ((UINT32)0x61C88647)
+#define GOLDEN_RATION_PRIME_U64 ((UINT64)7046029254386353131ULL) // 0x61C8864680B583EB
// Fixed size of a block of memory pool
#define MEMPOOL_MAX_SIZE 3000
@@ -126,14 +130,18 @@ // Active patch
#define MAX_ACTIVE_PATCH 1024
-
-// Memory tag
-struct MEMTAG
+// Memory tag 1
+struct MEMTAG1
{
- UINT Magic;
+ UINT64 Magic;
UINT Size;
bool ZeroFree;
- UINT Padding;
+};
+
+// Memory tag 2
+struct MEMTAG2
+{
+ UINT64 Magic;
};
// Buffer
@@ -299,7 +307,8 @@ void *ZeroMalloc(UINT size); void *ZeroMallocEx(UINT size, bool zero_clear_when_free);
void *ReAlloc(void *addr, UINT size);
void Free(void *addr);
-void CheckMemTag(MEMTAG *tag);
+void CheckMemTag1(MEMTAG1 *tag);
+void CheckMemTag2(MEMTAG2 *tag);
UINT GetMemSize(void *addr);
void *InternalMalloc(UINT size);
@@ -540,5 +549,15 @@ UINT* GenerateShuffleListWithSeed(UINT num, void* seed, UINT seed_size); void Shuffle(UINT* array, UINT size);
void ShuffleWithSeed(UINT* array, UINT size, void* seed, UINT seed_size);
+#define NUM_CANARY_RAND 32
+#define CANARY_RAND_ID_MEMTAG_MAGIC 0
+#define CANARY_RAND_ID_PTR_KEY_HASH 1
+#define CANARY_RAND_SIZE 20
+
+
+
+void InitCanaryRand();
+UCHAR *GetCanaryRand(UINT id);
+
#endif // MEMORY_H
diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index 9a3b8f00..b3cbab7e 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -178,10 +178,10 @@ struct ROUTE_CHANGE_DATA // HTTP constant
-static char http_404_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>404 Not Found</TITLE>\r\n</HEAD><BODY>\r\n<H1>Not Found</H1>\r\nThe requested URL $TARGET$ was not found on this server.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
-static char http_403_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>403 Forbidden</TITLE>\r\n</HEAD><BODY>\r\n<H1>Forbidden</H1>\r\nYou don't have permission to access $TARGET$\r\non this server.<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
-static char http_500_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>500 Server Error</TITLE>\r\n</HEAD><BODY>\r\n<H1>Server Error</H1>\r\nServer Error<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
-static char http_501_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>501 Method Not Implemented</TITLE>\r\n</HEAD><BODY>\r\n<H1>Method Not Implemented</H1>\r\n$METHOD$ to $TARGET$ not supported.<P>\r\nInvalid method in request $METHOD$ $TARGET$ $VERSION$<P>\r\n<HR>\r\n<ADDRESS>HTTP Server at $HOST$ Port $PORT$</ADDRESS>\r\n</BODY></HTML>\r\n";
+static char http_404_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>404 Not Found</TITLE>\r\n</HEAD><BODY>\r\n<H1>Not Found</H1>\r\nThe requested URL $TARGET$ was not found on this server.<P>\r\n<HR>\r\n<ADDRESS>HTTPS Server</ADDRESS>\r\n</BODY></HTML>\r\n";
+static char http_403_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>403 Forbidden</TITLE>\r\n</HEAD><BODY>\r\n<H1>Forbidden</H1>\r\nYou don't have permission to access $TARGET$\r\non this server.<P>\r\n<HR>\r\n<ADDRESS>HTTPS Server</ADDRESS>\r\n</BODY></HTML>\r\n";
+static char http_500_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>500 Server Error</TITLE>\r\n</HEAD><BODY>\r\n<H1>Server Error</H1>\r\nServer Error<P>\r\n<HR>\r\n<ADDRESS>HTTPS Server</ADDRESS>\r\n</BODY></HTML>\r\n";
+static char http_501_str[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>501 Method Not Implemented</TITLE>\r\n</HEAD><BODY>\r\n<H1>Method Not Implemented</H1>\r\n$METHOD$ to $TARGET$ not supported.<P>\r\nInvalid method in request $METHOD$ $TARGET$ $VERSION$<P>\r\n<HR>\r\n<ADDRESS>HTTPS Server</ADDRESS>\r\n</BODY></HTML>\r\n";
static char http_detect_server_startwith[] = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>403 Forbidden</TITLE>\r\n</HEAD><BODY>\r\n<H1>Forbidden</H1>\r\nYou don't have permission to access ";
static char http_detect_server_tag_future[] = "9C37197CA7C2428388C2E6E59B829B30";
@@ -1474,7 +1474,9 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp) bool is_ok = PackGetBool(p, "ok");
UINT64 tran_id = PackGetInt64(p, "tran_id");
- ExtractAndApplyDynList(p);
+ // This ExtractAndApplyDynList() calling was removed because it is not actually used and could be abused by
+ // illegal UDP packets that spoof the source IP address. 2023-6-14 Daiyuu Nobori
+ // ExtractAndApplyDynList(p);
if (r->ServerMode)
{
@@ -5995,10 +5997,13 @@ int SslCertVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx) if (cert != NULL)
{
X *tmpX = X509ToX(cert); // this only wraps cert, but we need to make a copy
- X *copyX = CloneX(tmpX);
- tmpX->do_not_free = true; // do not release inner X509 object
- FreeX(tmpX);
- clientcert->X = copyX;
+ if (tmpX != NULL)
+ {
+ X *copyX = CloneX(tmpX);
+ tmpX->do_not_free = true; // do not release inner X509 object
+ FreeX(tmpX);
+ clientcert->X = copyX;
+ }
}
}
}
@@ -13051,16 +13056,15 @@ void SetWantToUseCipher(SOCK *sock, char *name) StrCat(tmp, sizeof(tmp), " ");
StrCat(tmp, sizeof(tmp), cipher_list);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- // OpenSSL 3.x has a bug. https://github.com/openssl/openssl/issues/13363 https://github.com/openssl/openssl/pull/13378
- // At 2021-09-08 this bug is reported as fixed on Github, but actually still exists on RC4-MD5.
- // So, with OpenSSL 3.0 we manually disable RC4-MD5 by default on both SSL server and SSL client.
+ if (IsSslLibVersionBuggyForRc4Md5())
+ {
+ // OpenSSL 3.0.0 to 3.0.2 has a bug with RC4-MD5. https://github.com/openssl/openssl/issues/13363 https://github.com/openssl/openssl/pull/13378
- // If the user specify "RC4-MD5", then "RC4-SHA" will be used manually.
+ // If the user specify "RC4-MD5", then "RC4-SHA" will be used manually.
- // Note: We can remove this code after OpenSSL 3.x will be fixed on this bug.
- ReplaceStrEx(tmp, sizeof(tmp), tmp, "RC4-MD5", "RC4-SHA", true);
-#endif
+ // Note: We can remove this code after OpenSSL 3.x will be fixed on this bug.
+ ReplaceStrEx(tmp, sizeof(tmp), tmp, "RC4-MD5", "RC4-SHA", true);
+ }
sock->WaitToUseCipher = CopyStr(tmp);
}
@@ -13386,6 +13390,13 @@ SSL_CTX_SHARED* NewSslCtxSharedInternal(SSL_CTX_SHARED_SETTINGS* settings) SSL_CTX_set_security_level(ssl_ctx, 0);
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ // For compatibility with OpenSSL 0.9.8l or older
+ // See https://www.openssl.org/docs/man1.0.2/man3/SSL_get_secure_renegotiation_support.html
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+#endif
+
if (settings->Settings2.IsClient == false)
{
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
@@ -13874,14 +13885,11 @@ bool StartSSLWithSettings(SOCK* sock, UINT ssl_timeout, char* sni_hostname, SSL_ {
char* set_value = OPENSSL_DEFAULT_CIPHER_LIST;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- // OpenSSL 3.x has a bug. https://github.com/openssl/openssl/issues/13363 https://github.com/openssl/openssl/pull/13378
- // At 2021-09-08 this bug is reported as fixed on Github, but actually still exists on RC4-MD5.
- // So, with OpenSSL 3.0 we manually disable RC4-MD5 by default on both SSL server and SSL client.
-
- // Note: We can remove this code after OpenSSL 3.x will be fixed on this bug.
- set_value = OPENSSL_DEFAULT_CIPHER_LIST_NO_RC4_MD5;
-#endif
+ if (IsSslLibVersionBuggyForRc4Md5())
+ {
+ // OpenSSL 3.0.0 to 3.0.2 has a bug with RC4-MD5. https://github.com/openssl/openssl/issues/13363 https://github.com/openssl/openssl/pull/13378
+ set_value = OPENSSL_DEFAULT_CIPHER_LIST_NO_RC4_MD5;
+ }
SSL_set_cipher_list(sock->ssl, set_value);
}
@@ -14013,9 +14021,16 @@ bool StartSSLWithSettings(SOCK* sock, UINT ssl_timeout, char* sni_hostname, SSL_ X *local_x;
// Got a certificate
local_x = X509ToX(x509);
- local_x->do_not_free = true;
- sock->LocalX = CloneX(local_x);
- FreeX(local_x);
+ if (local_x != NULL)
+ {
+ local_x->do_not_free = true;
+ sock->LocalX = CloneX(local_x);
+ FreeX(local_x);
+ }
+ else
+ {
+ sock->LocalX = NULL;
+ }
}
// Automatic retry mode
@@ -18754,6 +18769,13 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode) SSL_CTX_set_security_level(ctx, 0);
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ // For compatibility with OpenSSL 0.9.8l or older
+ // See https://www.openssl.org/docs/man1.0.2/man3/SSL_get_secure_renegotiation_support.html
+ SSL_CTX_set_options(ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+ SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+#endif
+
return ctx;
}
diff --git a/src/Mayaqua/Tick64.c b/src/Mayaqua/Tick64.c index ffaabde5..d3b1cb02 100644 --- a/src/Mayaqua/Tick64.c +++ b/src/Mayaqua/Tick64.c @@ -139,6 +139,23 @@ UINT64 TickHighres64() return ret;
}
+UINT64 TickHighresNano64(bool raw)
+{
+ UINT64 ret = 0;
+
+#ifdef OS_WIN32
+
+ ret = (UINT64)(MsGetHiResTimeSpan(MsGetHiResCounter()) * 1000000000.0f);
+
+#else // OS_WIN32
+
+ ret = UnixGetHighresTickNano64(raw);
+
+#endif // OS_WIN32
+
+ return ret;
+}
+
// Convert the Tick value to time
UINT64 Tick64ToTime64(UINT64 tick)
{
diff --git a/src/Mayaqua/Tick64.h b/src/Mayaqua/Tick64.h index 1925191d..32c66cf4 100644 --- a/src/Mayaqua/Tick64.h +++ b/src/Mayaqua/Tick64.h @@ -144,6 +144,7 @@ UINT64 Diff64(UINT64 a, UINT64 b); UINT64 Tick64ToTime64(UINT64 tick);
UINT64 TickToTime(UINT64 tick);
UINT64 TickHighres64();
+UINT64 TickHighresNano64(bool raw);
#endif // TICK64_H
diff --git a/src/Mayaqua/Unix.c b/src/Mayaqua/Unix.c index ff84d35d..c988ea26 100644 --- a/src/Mayaqua/Unix.c +++ b/src/Mayaqua/Unix.c @@ -2114,6 +2114,68 @@ void UnixGetSystemTime(SYSTEMTIME *system_time) pthread_mutex_unlock(&get_time_lock);
}
+UINT64 UnixGetHighresTickNano64(bool raw)
+{
+#if defined(OS_WIN32) || defined(CLOCK_REALTIME) || defined(CLOCK_MONOTONIC) || defined(CLOCK_HIGHRES)
+ struct timespec t;
+ UINT64 ret;
+ static bool akirame = false;
+
+ if (akirame)
+ {
+ return UnixGetTick64() * 1000000ULL;
+ }
+
+ Zero(&t, sizeof(t));
+
+ if (raw == false)
+ {
+ // Function to get the boot time of the system
+ // Be careful. The Implementation is depend on the system.
+#ifdef CLOCK_HIGHRES
+ clock_gettime(CLOCK_HIGHRES, &t);
+#else // CLOCK_HIGHRES
+#ifdef CLOCK_MONOTONIC
+ clock_gettime(CLOCK_MONOTONIC, &t);
+#else // CLOCK_MONOTONIC
+ clock_gettime(CLOCK_REALTIME, &t);
+#endif // CLOCK_MONOTONIC
+#endif // CLOCK_HIGHRES
+ }
+ else
+ {
+ // Function to get the boot time of the system
+ // Be careful. The Implementation is depend on the system.
+#ifdef CLOCK_HIGHRES
+ clock_gettime(CLOCK_HIGHRES, &t);
+#else // CLOCK_HIGHRES
+#ifdef CLOCK_MONOTONIC_RAW
+ clock_gettime(CLOCK_MONOTONIC_RAW, &t);
+#else // CLOCK_MONOTONIC_RAW
+#ifdef CLOCK_MONOTONIC
+ clock_gettime(CLOCK_MONOTONIC, &t);
+#else // CLOCK_MONOTONIC
+ clock_gettime(CLOCK_REALTIME, &t);
+#endif // CLOCK_MONOTONIC
+#endif // CLOCK_MONOTONIC_RAW
+#endif // CLOCK_HIGHRES
+ }
+
+ ret = ((UINT64)((UINT32)t.tv_sec)) * 1000000000LL + (UINT64)t.tv_nsec;
+
+ if (akirame == false && ret == 0)
+ {
+ ret = UnixGetTick64() * 1000000ULL;
+ akirame = true;
+ }
+
+ return ret;
+
+#else
+ return UnixGetTick64() * 1000000ULL;
+#endif
+}
+
// Get the system timer (64bit)
UINT64 UnixGetTick64()
{
diff --git a/src/Mayaqua/Unix.h b/src/Mayaqua/Unix.h index b8f2351f..aed9e6cf 100644 --- a/src/Mayaqua/Unix.h +++ b/src/Mayaqua/Unix.h @@ -214,6 +214,7 @@ void UnixRestoreThreadPriority(); void UnixSetResourceLimit(UINT id, UINT64 value);
bool UnixIs64BitRlimSupported();
UINT64 UnixGetTick64();
+UINT64 UnixGetHighresTickNano64(bool raw);
void UnixSigChldHandler(int sig);
void UnixCloseIO();
void UnixDaemon(bool debug_mode);
diff --git a/src/Mayaqua/win32_inc/openssl/cmp.h b/src/Mayaqua/win32_inc/openssl/cmp.h index e28c9ac1..7bc98500 100644 --- a/src/Mayaqua/win32_inc/openssl/cmp.h +++ b/src/Mayaqua/win32_inc/openssl/cmp.h @@ -2,7 +2,7 @@ * WARNING: do not edit!
* Generated by makefile from include\openssl\cmp.h.in
*
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -193,13 +193,16 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; * -- CertReqMsg
* }
*/
-# define OSSL_CMP_PKISTATUS_accepted 0
-# define OSSL_CMP_PKISTATUS_grantedWithMods 1
-# define OSSL_CMP_PKISTATUS_rejection 2
-# define OSSL_CMP_PKISTATUS_waiting 3
-# define OSSL_CMP_PKISTATUS_revocationWarning 4
+# define OSSL_CMP_PKISTATUS_request -3
+# define OSSL_CMP_PKISTATUS_trans -2
+# define OSSL_CMP_PKISTATUS_unspecified -1
+# define OSSL_CMP_PKISTATUS_accepted 0
+# define OSSL_CMP_PKISTATUS_grantedWithMods 1
+# define OSSL_CMP_PKISTATUS_rejection 2
+# define OSSL_CMP_PKISTATUS_waiting 3
+# define OSSL_CMP_PKISTATUS_revocationWarning 4
# define OSSL_CMP_PKISTATUS_revocationNotification 5
-# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
+# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
@@ -439,11 +442,12 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
const unsigned char *ref, int len);
-int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
- const int len);
+int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
+ const unsigned char *sec, int len);
/* CMP message header and extra certificates: */
int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
+int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx);
int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
STACK_OF(X509) *extraCertsOut);
/* certificate template: */
@@ -499,6 +503,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
const char *propq);
diff --git a/src/Mayaqua/win32_inc/openssl/cmperr.h b/src/Mayaqua/win32_inc/openssl/cmperr.h index a0dbea28..081551b2 100644 --- a/src/Mayaqua/win32_inc/openssl/cmperr.h +++ b/src/Mayaqua/win32_inc/openssl/cmperr.h @@ -1,6 +1,6 @@ /*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -67,9 +67,13 @@ # define CMP_R_MISSING_P10CSR 121
# define CMP_R_MISSING_PBM_SECRET 166
# define CMP_R_MISSING_PRIVATE_KEY 131
+# define CMP_R_MISSING_PRIVATE_KEY_FOR_POPO 190
# define CMP_R_MISSING_PROTECTION 143
+# define CMP_R_MISSING_PUBLIC_KEY 183
# define CMP_R_MISSING_REFERENCE_CERT 168
+# define CMP_R_MISSING_SECRET 178
# define CMP_R_MISSING_SENDER_IDENTIFICATION 111
+# define CMP_R_MISSING_TRUST_ANCHOR 179
# define CMP_R_MISSING_TRUST_STORE 144
# define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED 161
# define CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED 170
diff --git a/src/Mayaqua/win32_inc/openssl/cmserr.h b/src/Mayaqua/win32_inc/openssl/cmserr.h index 90115144..9cfa1445 100644 --- a/src/Mayaqua/win32_inc/openssl/cmserr.h +++ b/src/Mayaqua/win32_inc/openssl/cmserr.h @@ -105,6 +105,7 @@ # define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149
# define CMS_R_UNKNOWN_ID 150
# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
+# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194
# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
# define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE 192
# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
diff --git a/src/Mayaqua/win32_inc/openssl/dsaerr.h b/src/Mayaqua/win32_inc/openssl/dsaerr.h index efe63910..c88b0ac8 100644 --- a/src/Mayaqua/win32_inc/openssl/dsaerr.h +++ b/src/Mayaqua/win32_inc/openssl/dsaerr.h @@ -1,6 +1,6 @@ /*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -38,6 +38,7 @@ # define DSA_R_P_NOT_PRIME 115
# define DSA_R_Q_NOT_PRIME 113
# define DSA_R_SEED_LEN_SMALL 110
+# define DSA_R_TOO_MANY_RETRIES 116
# endif
#endif
diff --git a/src/Mayaqua/win32_inc/openssl/ecerr.h b/src/Mayaqua/win32_inc/openssl/ecerr.h index 579c47ca..d5895586 100644 --- a/src/Mayaqua/win32_inc/openssl/ecerr.h +++ b/src/Mayaqua/win32_inc/openssl/ecerr.h @@ -1,6 +1,6 @@ /*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -90,6 +90,7 @@ # define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158
# define EC_R_SHARED_INFO_ERROR 150
# define EC_R_SLOT_FULL 108
+# define EC_R_TOO_MANY_RETRIES 176
# define EC_R_UNDEFINED_GENERATOR 113
# define EC_R_UNDEFINED_ORDER 128
# define EC_R_UNKNOWN_COFACTOR 164
diff --git a/src/Mayaqua/win32_inc/openssl/opensslv.h b/src/Mayaqua/win32_inc/openssl/opensslv.h index 4d8af160..5de8dcd6 100644 --- a/src/Mayaqua/win32_inc/openssl/opensslv.h +++ b/src/Mayaqua/win32_inc/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */
# define OPENSSL_VERSION_MAJOR 3
# define OPENSSL_VERSION_MINOR 0
-# define OPENSSL_VERSION_PATCH 7
+# define OPENSSL_VERSION_PATCH 9
/*
* Additional version information
@@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
* OPENSSL_VERSION_BUILD_METADATA_STR appended.
*/
-# define OPENSSL_VERSION_STR "3.0.7"
-# define OPENSSL_FULL_VERSION_STR "3.0.7"
+# define OPENSSL_VERSION_STR "3.0.9"
+# define OPENSSL_FULL_VERSION_STR "3.0.9"
/*
* SECTION 3: ADDITIONAL METADATA
*
* These strings are defined separately to allow them to be parsable.
*/
-# define OPENSSL_RELEASE_DATE "1 Nov 2022"
+# define OPENSSL_RELEASE_DATE "30 May 2023"
/*
* SECTION 4: BACKWARD COMPATIBILITY
*/
-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.7 1 Nov 2022"
+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9 30 May 2023"
/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
# ifdef OPENSSL_VERSION_PRE_RELEASE
diff --git a/src/Mayaqua/win32_inc/openssl/sslerr.h b/src/Mayaqua/win32_inc/openssl/sslerr.h index c8269f0a..a55e17bb 100644 --- a/src/Mayaqua/win32_inc/openssl/sslerr.h +++ b/src/Mayaqua/win32_inc/openssl/sslerr.h @@ -150,6 +150,7 @@ # define SSL_R_INVALID_SRP_USERNAME 357
# define SSL_R_INVALID_STATUS_RESPONSE 328
# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
+# define SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED 333
# define SSL_R_LENGTH_MISMATCH 159
# define SSL_R_LENGTH_TOO_LONG 404
# define SSL_R_LENGTH_TOO_SHORT 160
diff --git a/src/Mayaqua/win32_inc/openssl/trace.h b/src/Mayaqua/win32_inc/openssl/trace.h index aaaa6962..dda1fa6b 100644 --- a/src/Mayaqua/win32_inc/openssl/trace.h +++ b/src/Mayaqua/win32_inc/openssl/trace.h @@ -1,5 +1,5 @@ /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,10 +43,8 @@ extern "C" { # define OSSL_TRACE_CATEGORY_TLS 3
# define OSSL_TRACE_CATEGORY_TLS_CIPHER 4
# define OSSL_TRACE_CATEGORY_CONF 5
-# ifndef OPENSSL_NO_ENGINE
-# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6
-# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7
-# endif
+# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6
+# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7
# define OSSL_TRACE_CATEGORY_PKCS5V2 8
# define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9
# define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10
diff --git a/src/Mayaqua/win32_inc/openssl/x509v3.h b/src/Mayaqua/win32_inc/openssl/x509v3.h index 97a6a6f2..b07ae3f9 100644 --- a/src/Mayaqua/win32_inc/openssl/x509v3.h +++ b/src/Mayaqua/win32_inc/openssl/x509v3.h @@ -2,7 +2,7 @@ * WARNING: do not edit!
* Generated by makefile from include\openssl\x509v3.h.in
*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st { OTHERNAME *otherName; /* otherName */
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
- ASN1_TYPE *x400Address;
+ ASN1_STRING *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;
|