[Openvpn-devel,v2,release/2.5] msvc: adjust build options to harden binaries

Message ID 20220217090153.394-1-lstipakov@gmail.com
State Superseded
Headers show
Series [Openvpn-devel,v2,release/2.5] msvc: adjust build options to harden binaries | expand

Commit Message

Lev Stipakov Feb. 16, 2022, 10:01 p.m. UTC
From: Lev Stipakov <lev@openvpn.net>

 - enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)

 - hash object files with SHA256 (/ZH:SHA_256 compiler option)

 - enable SDL. The required to add

    _CRT_NONSTDC_NO_DEPRECATE
    _CRT_SECURE_NO_WARNINGS
    _WINSOCK_DEPRECATED_NO_WARNINGS

preprocessor definitions. I don't feel like replacing strdup (which is
correct POSIX function) and inet_ntoa (we always pass IPv4 address to
it, inet_ntop will make code more complex)

Above issues were discovered by bitskim.

Before applying this patch, this one must be applied from master:

https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html


Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
 v2:
   - rebase on top of latest release/2.5
   - add SDL checks to all configurations

 src/openvpn/auth_token.c              |  1 +
 src/openvpn/openvpn.vcxproj           | 38 +++++++++++++------
 src/openvpnmsica/openvpnmsica.vcxproj | 48 ++++++++++++++++++++++++
 src/openvpnserv/openvpnserv.vcxproj   | 26 ++++++++++---
 src/tapctl/tapctl.vcxproj             | 54 ++++++++++++++++++++++++---
 5 files changed, 143 insertions(+), 24 deletions(-)

Comments

Илья Шипицин Feb. 16, 2022, 11:07 p.m. UTC | #1
I've missed that patch [Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC
C4996 warnings (mail-archive.com)
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html>

I'll test updated patch soon.

чт, 17 февр. 2022 г. в 14:03, Lev Stipakov <lstipakov@gmail.com>:

> From: Lev Stipakov <lev@openvpn.net>
>
>  - enable hardware-enforced stack protection on
> compatible hardware/software (/CETCOMPAT linker option)
>
>  - hash object files with SHA256 (/ZH:SHA_256 compiler option)
>
>  - enable SDL. The required to add
>
>     _CRT_NONSTDC_NO_DEPRECATE
>     _CRT_SECURE_NO_WARNINGS
>     _WINSOCK_DEPRECATED_NO_WARNINGS
>
> preprocessor definitions. I don't feel like replacing strdup (which is
> correct POSIX function) and inet_ntoa (we always pass IPv4 address to
> it, inet_ntop will make code more complex)
>
> Above issues were discovered by bitskim.
>
> Before applying this patch, this one must be applied from master:
>
>
> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html
>
>
> Signed-off-by: Lev Stipakov <lev@openvpn.net>
> ---
>  v2:
>    - rebase on top of latest release/2.5
>    - add SDL checks to all configurations
>
>  src/openvpn/auth_token.c              |  1 +
>  src/openvpn/openvpn.vcxproj           | 38 +++++++++++++------
>  src/openvpnmsica/openvpnmsica.vcxproj | 48 ++++++++++++++++++++++++
>  src/openvpnserv/openvpnserv.vcxproj   | 26 ++++++++++---
>  src/tapctl/tapctl.vcxproj             | 54 ++++++++++++++++++++++++---
>  5 files changed, 143 insertions(+), 24 deletions(-)
>
> diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c
> index ca7e5a4d..37af6605 100644
> --- a/src/openvpn/auth_token.c
> +++ b/src/openvpn/auth_token.c
> @@ -87,6 +87,7 @@ add_session_token_env(struct tls_session *session,
> struct tls_multi *multi,
>
>              default:
>                  /* Silence compiler warning, all four possible
> combinations are covered */
> +                state = NULL;
>                  ASSERT(0);
>          }
>      }
> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
> index 91d5ebbe..05c63b03 100644
> --- a/src/openvpn/openvpn.vcxproj
> +++ b/src/openvpn/openvpn.vcxproj
> @@ -147,11 +147,13 @@
>    </PropertyGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
>      <ClCompile>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
>
>  <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
> -      <WarningLevel>Level2</WarningLevel>
>        <TreatWarningAsError>true</TreatWarningAsError>
>
>  <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> +      <WarningLevel>Level2</WarningLevel>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +      <SDLCheck>true</SDLCheck>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> @@ -162,11 +164,13 @@
>    </ItemDefinitionGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
>      <ClCompile>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
>
>  <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
> -      <WarningLevel>Level2</WarningLevel>
>        <TreatWarningAsError>true</TreatWarningAsError>
>
>  <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> +      <WarningLevel>Level2</WarningLevel>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +      <SDLCheck>true</SDLCheck>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> @@ -177,11 +181,13 @@
>    </ItemDefinitionGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
>      <ClCompile>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
>
>  <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
> -      <WarningLevel>Level2</WarningLevel>
>        <TreatWarningAsError>true</TreatWarningAsError>
>
>  <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> +      <WarningLevel>Level2</WarningLevel>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +      <SDLCheck>true</SDLCheck>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> @@ -192,44 +198,52 @@
>    </ItemDefinitionGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
>      <ClCompile>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
>
>  <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
> -      <WarningLevel>Level2</WarningLevel>
>        <TreatWarningAsError>true</TreatWarningAsError>
>
>  <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
>        <ControlFlowGuard>Guard</ControlFlowGuard>
> +      <WarningLevel>Level2</WarningLevel>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +      <SDLCheck>true</SDLCheck>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
>
>  <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies>
>
>  <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
>        <SubSystem>Console</SubSystem>
> +      <CETCompat>true</CETCompat>
>      </Link>
>    </ItemDefinitionGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
>      <ClCompile>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
>
>  <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
> -      <WarningLevel>Level2</WarningLevel>
>        <TreatWarningAsError>true</TreatWarningAsError>
>
>  <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
>        <ControlFlowGuard>Guard</ControlFlowGuard>
> +      <SDLCheck>true</SDLCheck>
> +      <WarningLevel>Level2</WarningLevel>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
>
>  <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies>
>
>  <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
>        <SubSystem>Console</SubSystem>
> +      <CETCompat>true</CETCompat>
>      </Link>
>    </ItemDefinitionGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
>      <ClCompile>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
>
>  <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
> -      <WarningLevel>Level2</WarningLevel>
>        <TreatWarningAsError>true</TreatWarningAsError>
>
>  <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
>        <ControlFlowGuard>Guard</ControlFlowGuard>
> +      <WarningLevel>Level2</WarningLevel>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +      <SDLCheck>true</SDLCheck>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> diff --git a/src/openvpnmsica/openvpnmsica.vcxproj
> b/src/openvpnmsica/openvpnmsica.vcxproj
> index 11aa78bb..3a9f0c97 100644
> --- a/src/openvpnmsica/openvpnmsica.vcxproj
> +++ b/src/openvpnmsica/openvpnmsica.vcxproj
> @@ -135,6 +135,54 @@
>    <PropertyGroup Label="Vcpkg"
> Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
>      <VcpkgEnabled>true</VcpkgEnabled>
>    </PropertyGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
> +    <Link>
> +      <CETCompat>true</CETCompat>
> +    </Link>
> +    <ClCompile>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
> +    <Link>
> +      <CETCompat>true</CETCompat>
> +    </Link>
> +    <ClCompile>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +      <SDLCheck>true</SDLCheck>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
> +    <ClCompile>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
> +    <ClCompile>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
> +    <ClCompile>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
> +    <ClCompile>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
>    <ItemGroup>
>      <ClCompile Include="..\tapctl\error.c" />
>      <ClCompile Include="..\tapctl\tap.c" />
> diff --git a/src/openvpnserv/openvpnserv.vcxproj
> b/src/openvpnserv/openvpnserv.vcxproj
> index 520242f4..c70db229 100644
> --- a/src/openvpnserv/openvpnserv.vcxproj
> +++ b/src/openvpnserv/openvpnserv.vcxproj
> @@ -124,7 +124,9 @@
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
>      <ClCompile>
>
>  <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> @@ -135,7 +137,9 @@
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
>      <ClCompile>
>
>  <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> @@ -146,7 +150,9 @@
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
>      <ClCompile>
>
>  <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> @@ -157,29 +163,37 @@
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
>      <ClCompile>
>
>  <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
>
>  <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
>        <SubSystem>Console</SubSystem>
> +      <CETCompat>true</CETCompat>
>      </Link>
>    </ItemDefinitionGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
>      <ClCompile>
>
>  <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
>
>  <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
>        <SubSystem>Console</SubSystem>
> +      <CETCompat>true</CETCompat>
>      </Link>
>    </ItemDefinitionGroup>
>    <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
>      <ClCompile>
>
>  <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
> -
> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +
> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
>      </ClCompile>
>      <ResourceCompile />
>      <Link>
> diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj
> index 79da9d33..f439dc4f 100644
> --- a/src/tapctl/tapctl.vcxproj
> +++ b/src/tapctl/tapctl.vcxproj
> @@ -135,12 +135,54 @@
>    <PropertyGroup Label="Vcpkg"
> Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
>      <VcpkgEnabled>true</VcpkgEnabled>
>    </PropertyGroup>
> -  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
> -  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
> -  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
> -  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
> -  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
> -  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
> +    <ClCompile>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
> +    <ClCompile>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
> +    <ClCompile>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
> +    <ClCompile>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +    </ClCompile>
> +    <Link>
> +      <CETCompat>true</CETCompat>
> +    </Link>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
> +    <ClCompile>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
> +  <ItemDefinitionGroup
> Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
> +    <Link>
> +      <CETCompat>true</CETCompat>
> +    </Link>
> +    <ClCompile>
> +      <SDLCheck>true</SDLCheck>
> +      <AdditionalOptions>/ZH:SHA_256
> %(AdditionalOptions)</AdditionalOptions>
> +
> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
> +    </ClCompile>
> +  </ItemDefinitionGroup>
>    <ItemGroup>
>      <ClCompile Include="error.c" />
>      <ClCompile Include="tap.c" />
> --
> 2.23.0.windows.1
>
>
>
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
<div dir="ltr"><div dir="ltr">I&#39;ve missed that patch <a href="https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html">[Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC C4996 warnings (mail-archive.com)</a></div><div dir="ltr"><br></div><div>I&#39;ll test updated patch soon.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 17 февр. 2022 г. в 14:03, Lev Stipakov &lt;<a href="mailto:lstipakov@gmail.com">lstipakov@gmail.com</a>&gt;:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">From: Lev Stipakov &lt;<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>&gt;<br>
<br>
 - enable hardware-enforced stack protection on<br>
compatible hardware/software (/CETCOMPAT linker option)<br>
<br>
 - hash object files with SHA256 (/ZH:SHA_256 compiler option)<br>
<br>
 - enable SDL. The required to add<br>
<br>
    _CRT_NONSTDC_NO_DEPRECATE<br>
    _CRT_SECURE_NO_WARNINGS<br>
    _WINSOCK_DEPRECATED_NO_WARNINGS<br>
<br>
preprocessor definitions. I don&#39;t feel like replacing strdup (which is<br>
correct POSIX function) and inet_ntoa (we always pass IPv4 address to<br>
it, inet_ntop will make code more complex)<br>
<br>
Above issues were discovered by bitskim.<br>
<br>
Before applying this patch, this one must be applied from master:<br>
<br>
<a href="https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html" rel="noreferrer" target="_blank">https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html</a><br>
<br>
<br>
Signed-off-by: Lev Stipakov &lt;<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>&gt;<br>
---<br>
 v2:<br>
   - rebase on top of latest release/2.5<br>
   - add SDL checks to all configurations<br>
<br>
 src/openvpn/auth_token.c              |  1 +<br>
 src/openvpn/openvpn.vcxproj           | 38 +++++++++++++------<br>
 src/openvpnmsica/openvpnmsica.vcxproj | 48 ++++++++++++++++++++++++<br>
 src/openvpnserv/openvpnserv.vcxproj   | 26 ++++++++++---<br>
 src/tapctl/tapctl.vcxproj             | 54 ++++++++++++++++++++++++---<br>
 5 files changed, 143 insertions(+), 24 deletions(-)<br>
<br>
diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c<br>
index ca7e5a4d..37af6605 100644<br>
--- a/src/openvpn/auth_token.c<br>
+++ b/src/openvpn/auth_token.c<br>
@@ -87,6 +87,7 @@ add_session_token_env(struct tls_session *session, struct tls_multi *multi,<br>
<br>
             default:<br>
                 /* Silence compiler warning, all four possible combinations are covered */<br>
+                state = NULL;<br>
                 ASSERT(0);<br>
         }<br>
     }<br>
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj<br>
index 91d5ebbe..05c63b03 100644<br>
--- a/src/openvpn/openvpn.vcxproj<br>
+++ b/src/openvpn/openvpn.vcxproj<br>
@@ -147,11 +147,13 @@<br>
   &lt;/PropertyGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|Win32&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
       &lt;UndefinePreprocessorDefinitions&gt;%(UndefinePreprocessorDefinitions)&lt;/UndefinePreprocessorDefinitions&gt;<br>
-      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
       &lt;TreatWarningAsError&gt;true&lt;/TreatWarningAsError&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
+      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
@@ -162,11 +164,13 @@<br>
   &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|x64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
       &lt;UndefinePreprocessorDefinitions&gt;%(UndefinePreprocessorDefinitions)&lt;/UndefinePreprocessorDefinitions&gt;<br>
-      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
       &lt;TreatWarningAsError&gt;true&lt;/TreatWarningAsError&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
+      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
@@ -177,11 +181,13 @@<br>
   &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|ARM64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
       &lt;UndefinePreprocessorDefinitions&gt;%(UndefinePreprocessorDefinitions)&lt;/UndefinePreprocessorDefinitions&gt;<br>
-      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
       &lt;TreatWarningAsError&gt;true&lt;/TreatWarningAsError&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
+      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
@@ -192,44 +198,52 @@<br>
   &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|Win32&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
       &lt;UndefinePreprocessorDefinitions&gt;%(UndefinePreprocessorDefinitions)&lt;/UndefinePreprocessorDefinitions&gt;<br>
-      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
       &lt;TreatWarningAsError&gt;true&lt;/TreatWarningAsError&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
       &lt;ControlFlowGuard&gt;Guard&lt;/ControlFlowGuard&gt;<br>
+      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
       &lt;AdditionalDependencies&gt;Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib&lt;/AdditionalDependencies&gt;<br>
       &lt;AdditionalLibraryDirectories&gt;$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)&lt;/AdditionalLibraryDirectories&gt;<br>
       &lt;SubSystem&gt;Console&lt;/SubSystem&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
     &lt;/Link&gt;<br>
   &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|x64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
       &lt;UndefinePreprocessorDefinitions&gt;%(UndefinePreprocessorDefinitions)&lt;/UndefinePreprocessorDefinitions&gt;<br>
-      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
       &lt;TreatWarningAsError&gt;true&lt;/TreatWarningAsError&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
       &lt;ControlFlowGuard&gt;Guard&lt;/ControlFlowGuard&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
       &lt;AdditionalDependencies&gt;Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib&lt;/AdditionalDependencies&gt;<br>
       &lt;AdditionalLibraryDirectories&gt;$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)&lt;/AdditionalLibraryDirectories&gt;<br>
       &lt;SubSystem&gt;Console&lt;/SubSystem&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
     &lt;/Link&gt;<br>
   &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|ARM64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
       &lt;UndefinePreprocessorDefinitions&gt;%(UndefinePreprocessorDefinitions)&lt;/UndefinePreprocessorDefinitions&gt;<br>
-      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
       &lt;TreatWarningAsError&gt;true&lt;/TreatWarningAsError&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
       &lt;ControlFlowGuard&gt;Guard&lt;/ControlFlowGuard&gt;<br>
+      &lt;WarningLevel&gt;Level2&lt;/WarningLevel&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj<br>
index 11aa78bb..3a9f0c97 100644<br>
--- a/src/openvpnmsica/openvpnmsica.vcxproj<br>
+++ b/src/openvpnmsica/openvpnmsica.vcxproj<br>
@@ -135,6 +135,54 @@<br>
   &lt;PropertyGroup Label=&quot;Vcpkg&quot; Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|x64&#39;&quot;&gt;<br>
     &lt;VcpkgEnabled&gt;true&lt;/VcpkgEnabled&gt;<br>
   &lt;/PropertyGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|x64&#39;&quot;&gt;<br>
+    &lt;Link&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
+    &lt;/Link&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|Win32&#39;&quot;&gt;<br>
+    &lt;Link&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
+    &lt;/Link&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|ARM64&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|ARM64&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|Win32&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|x64&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemGroup&gt;<br>
     &lt;ClCompile Include=&quot;..\tapctl\error.c&quot; /&gt;<br>
     &lt;ClCompile Include=&quot;..\tapctl\tap.c&quot; /&gt;<br>
diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj<br>
index 520242f4..c70db229 100644<br>
--- a/src/openvpnserv/openvpnserv.vcxproj<br>
+++ b/src/openvpnserv/openvpnserv.vcxproj<br>
@@ -124,7 +124,9 @@<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|Win32&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\openvpn;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
@@ -135,7 +137,9 @@<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|x64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\openvpn;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
@@ -146,7 +150,9 @@<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|ARM64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\openvpn;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
@@ -157,29 +163,37 @@<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|Win32&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\openvpn;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
       &lt;AdditionalDependencies&gt;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)&lt;/AdditionalDependencies&gt;<br>
       &lt;SubSystem&gt;Console&lt;/SubSystem&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
     &lt;/Link&gt;<br>
   &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|x64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\openvpn;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
       &lt;AdditionalDependencies&gt;legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)&lt;/AdditionalDependencies&gt;<br>
       &lt;SubSystem&gt;Console&lt;/SubSystem&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
     &lt;/Link&gt;<br>
   &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|ARM64&#39;&quot;&gt;<br>
     &lt;ClCompile&gt;<br>
       &lt;AdditionalIncludeDirectories&gt;..\openvpn;..\compat;%(AdditionalIncludeDirectories)&lt;/AdditionalIncludeDirectories&gt;<br>
-      &lt;PreprocessorDefinitions&gt;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
     &lt;/ClCompile&gt;<br>
     &lt;ResourceCompile /&gt;<br>
     &lt;Link&gt;<br>
diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj<br>
index 79da9d33..f439dc4f 100644<br>
--- a/src/tapctl/tapctl.vcxproj<br>
+++ b/src/tapctl/tapctl.vcxproj<br>
@@ -135,12 +135,54 @@<br>
   &lt;PropertyGroup Label=&quot;Vcpkg&quot; Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|x64&#39;&quot;&gt;<br>
     &lt;VcpkgEnabled&gt;true&lt;/VcpkgEnabled&gt;<br>
   &lt;/PropertyGroup&gt;<br>
-  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|ARM64&#39;&quot; /&gt;<br>
-  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|ARM64&#39;&quot; /&gt;<br>
-  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|Win32&#39;&quot; /&gt;<br>
-  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|Win32&#39;&quot; /&gt;<br>
-  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|x64&#39;&quot; /&gt;<br>
-  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|x64&#39;&quot; /&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|ARM64&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|ARM64&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|Win32&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|Win32&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+    &lt;/ClCompile&gt;<br>
+    &lt;Link&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
+    &lt;/Link&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Debug|x64&#39;&quot;&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
+  &lt;ItemDefinitionGroup Condition=&quot;&#39;$(Configuration)|$(Platform)&#39;==&#39;Release|x64&#39;&quot;&gt;<br>
+    &lt;Link&gt;<br>
+      &lt;CETCompat&gt;true&lt;/CETCompat&gt;<br>
+    &lt;/Link&gt;<br>
+    &lt;ClCompile&gt;<br>
+      &lt;SDLCheck&gt;true&lt;/SDLCheck&gt;<br>
+      &lt;AdditionalOptions&gt;/ZH:SHA_256 %(AdditionalOptions)&lt;/AdditionalOptions&gt;<br>
+      &lt;PreprocessorDefinitions&gt;%(PreprocessorDefinitions)&lt;/PreprocessorDefinitions&gt;<br>
+    &lt;/ClCompile&gt;<br>
+  &lt;/ItemDefinitionGroup&gt;<br>
   &lt;ItemGroup&gt;<br>
     &lt;ClCompile Include=&quot;error.c&quot; /&gt;<br>
     &lt;ClCompile Include=&quot;tap.c&quot; /&gt;<br>
-- <br>
2.23.0.windows.1<br>
<br>
<br>
<br>
_______________________________________________<br>
Openvpn-devel mailing list<br>
<a href="mailto:Openvpn-devel@lists.sourceforge.net" target="_blank">Openvpn-devel@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/openvpn-devel" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/openvpn-devel</a><br>
</blockquote></div>

Patch

diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c
index ca7e5a4d..37af6605 100644
--- a/src/openvpn/auth_token.c
+++ b/src/openvpn/auth_token.c
@@ -87,6 +87,7 @@  add_session_token_env(struct tls_session *session, struct tls_multi *multi,
 
             default:
                 /* Silence compiler warning, all four possible combinations are covered */
+                state = NULL;
                 ASSERT(0);
         }
     }
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 91d5ebbe..05c63b03 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -147,11 +147,13 @@ 
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
-      <WarningLevel>Level2</WarningLevel>
       <TreatWarningAsError>true</TreatWarningAsError>
       <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <WarningLevel>Level2</WarningLevel>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <SDLCheck>true</SDLCheck>
     </ClCompile>
     <ResourceCompile />
     <Link>
@@ -162,11 +164,13 @@ 
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
-      <WarningLevel>Level2</WarningLevel>
       <TreatWarningAsError>true</TreatWarningAsError>
       <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <WarningLevel>Level2</WarningLevel>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <SDLCheck>true</SDLCheck>
     </ClCompile>
     <ResourceCompile />
     <Link>
@@ -177,11 +181,13 @@ 
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
     <ClCompile>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
-      <WarningLevel>Level2</WarningLevel>
       <TreatWarningAsError>true</TreatWarningAsError>
       <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <WarningLevel>Level2</WarningLevel>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <SDLCheck>true</SDLCheck>
     </ClCompile>
     <ResourceCompile />
     <Link>
@@ -192,44 +198,52 @@ 
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
-      <WarningLevel>Level2</WarningLevel>
       <TreatWarningAsError>true</TreatWarningAsError>
       <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <ControlFlowGuard>Guard</ControlFlowGuard>
+      <WarningLevel>Level2</WarningLevel>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <SDLCheck>true</SDLCheck>
     </ClCompile>
     <ResourceCompile />
     <Link>
       <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies>
       <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <SubSystem>Console</SubSystem>
+      <CETCompat>true</CETCompat>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
-      <WarningLevel>Level2</WarningLevel>
       <TreatWarningAsError>true</TreatWarningAsError>
       <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <ControlFlowGuard>Guard</ControlFlowGuard>
+      <SDLCheck>true</SDLCheck>
+      <WarningLevel>Level2</WarningLevel>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <ResourceCompile />
     <Link>
       <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies>
       <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <SubSystem>Console</SubSystem>
+      <CETCompat>true</CETCompat>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
     <ClCompile>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions>
-      <WarningLevel>Level2</WarningLevel>
       <TreatWarningAsError>true</TreatWarningAsError>
       <AdditionalIncludeDirectories>..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <ControlFlowGuard>Guard</ControlFlowGuard>
+      <WarningLevel>Level2</WarningLevel>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <SDLCheck>true</SDLCheck>
     </ClCompile>
     <ResourceCompile />
     <Link>
diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj
index 11aa78bb..3a9f0c97 100644
--- a/src/openvpnmsica/openvpnmsica.vcxproj
+++ b/src/openvpnmsica/openvpnmsica.vcxproj
@@ -135,6 +135,54 @@ 
   <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <VcpkgEnabled>true</VcpkgEnabled>
   </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Link>
+      <CETCompat>true</CETCompat>
+    </Link>
+    <ClCompile>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Link>
+      <CETCompat>true</CETCompat>
+    </Link>
+    <ClCompile>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\tapctl\error.c" />
     <ClCompile Include="..\tapctl\tap.c" />
diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj
index 520242f4..c70db229 100644
--- a/src/openvpnserv/openvpnserv.vcxproj
+++ b/src/openvpnserv/openvpnserv.vcxproj
@@ -124,7 +124,9 @@ 
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <ResourceCompile />
     <Link>
@@ -135,7 +137,9 @@ 
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <ResourceCompile />
     <Link>
@@ -146,7 +150,9 @@ 
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <ResourceCompile />
     <Link>
@@ -157,29 +163,37 @@ 
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <ResourceCompile />
     <Link>
       <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <SubSystem>Console</SubSystem>
+      <CETCompat>true</CETCompat>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <ResourceCompile />
     <Link>
       <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <SubSystem>Console</SubSystem>
+      <CETCompat>true</CETCompat>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <ResourceCompile />
     <Link>
diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj
index 79da9d33..f439dc4f 100644
--- a/src/tapctl/tapctl.vcxproj
+++ b/src/tapctl/tapctl.vcxproj
@@ -135,12 +135,54 @@ 
   <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <VcpkgEnabled>true</VcpkgEnabled>
   </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <CETCompat>true</CETCompat>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Link>
+      <CETCompat>true</CETCompat>
+    </Link>
+    <ClCompile>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="error.c" />
     <ClCompile Include="tap.c" />