1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00

Set RSA bits considering OpenSSL security Level

This commit is contained in:
Takuho NAKANO 2020-05-05 21:03:17 +09:00 committed by Davide Beatrici
parent 5ca62bdd8a
commit 190672bd84
3 changed files with 38 additions and 2 deletions

View File

@ -67,13 +67,26 @@ void CheckNetworkListenThread(THREAD *thread, void *param)
{ {
CHECK_NETWORK_1 *c = (CHECK_NETWORK_1 *)param; CHECK_NETWORK_1 *c = (CHECK_NETWORK_1 *)param;
SOCK *s; SOCK *s;
UINT i; UINT i, rsa_bits = 1024;
K *pub, *pri; K *pub, *pri;
X *x; X *x;
LIST *o = NewList(NULL); LIST *o = NewList(NULL);
NAME *name = NewName(L"Test", L"Test", L"Test", L"JP", L"Ibaraki", L"Tsukuba"); NAME *name = NewName(L"Test", L"Test", L"Test", L"JP", L"Ibaraki", L"Tsukuba");
RsaGen(&pri, &pub, 1024); // Set RSA bits considering OpenSSL security Level
// Security level 4 needs 7680 bits
switch (GetOSSecurityLevel())
{
case 2:
rsa_bits = 2048;
break;
case 3:
rsa_bits = 4096;
break;
default:
break;
}
RsaGen(&pri, &pub, rsa_bits);
x = NewRootX(pub, pri, name, 1000, NULL); x = NewRootX(pub, pri, name, 1000, NULL);
FreeName(name); FreeName(name);

View File

@ -16840,6 +16840,28 @@ void FreeSSLCtx(struct ssl_ctx_st *ctx)
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
} }
// Get OS (maximum) Security Level
UINT GetOSSecurityLevel()
{
UINT security_level_new = 0, security_level_set_ssl_version = 0;
struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
security_level_new = SSL_CTX_get_security_level(ctx);
#endif
security_level_set_ssl_version = SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
FreeSSLCtx(ctx);
if(security_level_new >= security_level_set_ssl_version)
{
return security_level_new;
}
return security_level_set_ssl_version;
}
// The number of get ip threads // The number of get ip threads
void SetGetIpThreadMaxNum(UINT num) void SetGetIpThreadMaxNum(UINT num)
{ {

View File

@ -1448,6 +1448,7 @@ void RefreshLocalMacAddressList();
struct ssl_ctx_st *NewSSLCtx(bool server_mode); struct ssl_ctx_st *NewSSLCtx(bool server_mode);
void FreeSSLCtx(struct ssl_ctx_st *ctx); void FreeSSLCtx(struct ssl_ctx_st *ctx);
UINT GetOSSecurityLevel();
void SetCurrentDDnsFqdn(char *name); void SetCurrentDDnsFqdn(char *name);
void GetCurrentDDnsFqdn(char *name, UINT size); void GetCurrentDDnsFqdn(char *name, UINT size);