diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index 84671de4..71ad5767 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -7777,11 +7777,6 @@ UINT StAddCa(ADMIN *a, RPC_HUB_ADD_CA *t) return ERR_INVALID_PARAMETER; } - if (t->Cert->is_compatible_bit == false) - { - return ERR_NOT_RSA_1024; - } - CHECK_RIGHT; LockHubList(c); @@ -9446,11 +9441,6 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t) return ERR_PROTOCOL_ERROR; } - if (t->Cert->is_compatible_bit == false) - { - return ERR_NOT_RSA_1024; - } - if (CheckXandK(t->Cert, t->Key) == false) { return ERR_PROTOCOL_ERROR; diff --git a/src/Cedar/Client.c b/src/Cedar/Client.c index 1ce3fe83..3067cdc3 100644 --- a/src/Cedar/Client.c +++ b/src/Cedar/Client.c @@ -7109,14 +7109,6 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner) } } - if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false) - { - // Server certificate is invalid - UnlockList(c->AccountList); - CiSetError(c, ERR_NOT_RSA_1024); - return false; - } - Lock(ret->lock); { @@ -7236,14 +7228,6 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner) } } - if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false) - { - // The server certificate is invalid - UnlockList(c->AccountList); - CiSetError(c, ERR_NOT_RSA_1024); - return false; - } - // Add a new account new_account = ZeroMalloc(sizeof(ACCOUNT)); new_account->lock = NewLock(); @@ -8536,12 +8520,6 @@ bool CtAddCa(CLIENT *c, RPC_CERT *cert) return false; } - if (cert->x->is_compatible_bit == false) - { - CiSetError(c, ERR_NOT_RSA_1024); - return false; - } - AddCa(c->Cedar, cert->x); CiSaveConfigurationFile(c); diff --git a/src/Cedar/WinUi.c b/src/Cedar/WinUi.c index b2b633a1..9a4c3bbb 100644 --- a/src/Cedar/WinUi.c +++ b/src/Cedar/WinUi.c @@ -35,6 +35,9 @@ #include #include +#include +#include + // Process name list of incompatible anti-virus software static BAD_PROCESS bad_processes[] = { @@ -5566,17 +5569,58 @@ void PrintCertInfo(HWND hWnd, CERT_DLG *p) GetDateTimeStrEx64(tmp, sizeof(tmp), SystemToLocal64(x->notAfter), NULL); LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_NOT_AFTER"), tmp); - // Number of bits - if (x->is_compatible_bit) - { - UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits); - LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp); - } - // Public key k = GetKFromX(x); if (k != NULL) { + UINT type = EVP_PKEY_base_id(k->pkey); + switch (type) + { + case EVP_PKEY_RSA: + LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_ALGORITHM"), L"RSA"); + UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits); + LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp); + break; + case EVP_PKEY_EC: + LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_ALGORITHM"), L"ECDSA"); + UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits); + LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp); + +# ifndef OPENSSL_NO_EC + EC_KEY *key = EVP_PKEY_get0_EC_KEY(k->pkey); + if (key == NULL) + { + break; + } + + EC_GROUP *group = EC_KEY_get0_group(key); + if (group == NULL) + { + break; + } + + int nid = EC_GROUP_get_curve_name(group); + if (nid == 0) + { + break; + } + + if (StrToUni(tmp, sizeof(tmp), OBJ_nid2sn(nid)) > 0) + { + wchar_t *nname = CopyStrToUni(EC_curve_nid2nist(nid)); + if (nname) + { + UniFormat(tmp, sizeof(tmp), L"%s (%s)", tmp, nname); + } + LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_PARAMETER"), tmp); + Free(nname); + } +# endif + break; + default: + break; + } + BUF *b = KToBuf(k, false, NULL); s_tmp = CopyBinToStrEx(b->Buf, b->Size); StrToUni(tmp, sizeof(tmp), s_tmp); diff --git a/src/bin/hamcore/strtable_cn.stb b/src/bin/hamcore/strtable_cn.stb index 87dd7e1c..0f49f8df 100644 --- a/src/bin/hamcore/strtable_cn.stb +++ b/src/bin/hamcore/strtable_cn.stb @@ -428,12 +428,14 @@ CERT_ISSUER 发行者 CERT_SUBJECT 主题 CERT_NOT_BEFORE 有效期自 CERT_NOT_AFTER 有效期至 -CERT_BITS 数位 +CERT_BITS 位数 CERT_PUBLIC_KEY 公钥 CERT_DIGEST_MD5 摘要 (MD5) CERT_DIGEST_SHA1 摘要 (SHA-1) CERT_NO_SERIAL 没有序列号 CERT_BITS_FORMAT %u bits +CERT_KEY_ALGORITHM 公钥算法 +CERT_KEY_PARAMETER 参数 #关于证书认证对话框 diff --git a/src/bin/hamcore/strtable_en.stb b/src/bin/hamcore/strtable_en.stb index 088cf2e3..60094a49 100644 --- a/src/bin/hamcore/strtable_en.stb +++ b/src/bin/hamcore/strtable_en.stb @@ -432,6 +432,8 @@ CERT_DIGEST_MD5 Digest (MD5) CERT_DIGEST_SHA1 Digest (SHA-1) CERT_NO_SERIAL There is no serial number CERT_BITS_FORMAT %u bits +CERT_KEY_ALGORITHM Public Key Algorithm +CERT_KEY_PARAMETER Parameters # Concerning certificate confirmation dialogs diff --git a/src/bin/hamcore/strtable_ja.stb b/src/bin/hamcore/strtable_ja.stb index 05e0fc91..29ba2f58 100644 --- a/src/bin/hamcore/strtable_ja.stb +++ b/src/bin/hamcore/strtable_ja.stb @@ -434,6 +434,8 @@ CERT_DIGEST_MD5 ダイジェスト (MD5) CERT_DIGEST_SHA1 ダイジェスト (SHA-1) CERT_NO_SERIAL シリアル番号はありません CERT_BITS_FORMAT %u bits +CERT_KEY_ALGORITHM 公開鍵アルゴリズム +CERT_KEY_PARAMETER パラメータ # 証明書確認ダイアログ関係 diff --git a/src/bin/hamcore/strtable_ko.stb b/src/bin/hamcore/strtable_ko.stb index 8265df7e..4186e8fd 100644 --- a/src/bin/hamcore/strtable_ko.stb +++ b/src/bin/hamcore/strtable_ko.stb @@ -438,6 +438,8 @@ CERT_DIGEST_MD5 다이제스트 (MD5) CERT_DIGEST_SHA1 다이제스트 (SHA-1) CERT_NO_SERIAL 일련 번호가 없습니다 CERT_BITS_FORMAT %u bits +CERT_KEY_ALGORITHM 공개 키 알고리즘 +CERT_KEY_PARAMETER 매개변수 # 인증서 확인 대화 관계 diff --git a/src/bin/hamcore/strtable_pt_br.stb b/src/bin/hamcore/strtable_pt_br.stb index 89adfdcc..75828b2d 100644 --- a/src/bin/hamcore/strtable_pt_br.stb +++ b/src/bin/hamcore/strtable_pt_br.stb @@ -448,6 +448,8 @@ CERT_DIGEST_MD5 Resumo (MD5) CERT_DIGEST_SHA1 Resumo (SHA-1) CERT_NO_SERIAL There is no serial number CERT_BITS_FORMAT %u bits +CERT_KEY_ALGORITHM Public Key Algorithm +CERT_KEY_PARAMETER Parameters # Concerning certificate confirmation dialogs diff --git a/src/bin/hamcore/strtable_ru.stb b/src/bin/hamcore/strtable_ru.stb index 8f179c70..b3ac6ecc 100644 --- a/src/bin/hamcore/strtable_ru.stb +++ b/src/bin/hamcore/strtable_ru.stb @@ -432,6 +432,8 @@ CERT_DIGEST_MD5 Digest (MD5) CERT_DIGEST_SHA1 Digest (SHA-1) CERT_NO_SERIAL There is no serial number CERT_BITS_FORMAT %u bits +CERT_KEY_ALGORITHM Public Key Algorithm +CERT_KEY_PARAMETER Parameters # Concerning certificate confirmation dialogs diff --git a/src/bin/hamcore/strtable_tw.stb b/src/bin/hamcore/strtable_tw.stb index 5f760da6..d4e767ed 100644 --- a/src/bin/hamcore/strtable_tw.stb +++ b/src/bin/hamcore/strtable_tw.stb @@ -438,6 +438,8 @@ CERT_DIGEST_MD5 摘要 (MD5) CERT_DIGEST_SHA1 摘要 (SHA-1) CERT_NO_SERIAL 沒有序號 CERT_BITS_FORMAT %u bits +CERT_KEY_ALGORITHM 公開金鑰演算法 +CERT_KEY_PARAMETER 參數 #關於證書認證對話方塊