AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-07 16:25:01 +03:00
Code Releases Activity

Merge pull request #1483 from domosekai/ecc

Browse Source 
Support ECDSA certificates on server side and show parameters in dialog
This commit is contained in:
Yihong Wu
2021-09-25 20:58:18 +08:00
committed by GitHub
parent 4657d7ee49 9c2a573cf2
commit 3a2d588722
10 changed files with 66 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Cedar/Admin.c
View File

@ -7777,11 +7777,6 @@ UINT StAddCa(ADMIN *a, RPC_HUB_ADD_CA *t)
return ERR_INVALID_PARAMETER;
}
if (t->Cert->is_compatible_bit == false)
{
return ERR_NOT_RSA_1024;
}
CHECK_RIGHT;
LockHubList(c);
@ -9446,11 +9441,6 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
return ERR_PROTOCOL_ERROR;
}
if (t->Cert->is_compatible_bit == false)
{
return ERR_NOT_RSA_1024;
}
if (CheckXandK(t->Cert, t->Key) == false)
{
return ERR_PROTOCOL_ERROR;

22
src/Cedar/Client.c
View File

@ -7109,14 +7109,6 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
}
}
if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
{
// Server certificate is invalid
UnlockList(c->AccountList);
CiSetError(c, ERR_NOT_RSA_1024);
return false;
}
Lock(ret->lock);
{
@ -7236,14 +7228,6 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
}
}
if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
{
// The server certificate is invalid
UnlockList(c->AccountList);
CiSetError(c, ERR_NOT_RSA_1024);
return false;
}
// Add a new account
new_account = ZeroMalloc(sizeof(ACCOUNT));
new_account->lock = NewLock();
@ -8536,12 +8520,6 @@ bool CtAddCa(CLIENT *c, RPC_CERT *cert)
return false;
}
if (cert->x->is_compatible_bit == false)
{
CiSetError(c, ERR_NOT_RSA_1024);
return false;
}
AddCa(c->Cedar, cert->x);
CiSaveConfigurationFile(c);

58
src/Cedar/WinUi.c
View File

@ -35,6 +35,9 @@
#include <shellapi.h>
#include <shlobj.h>
#include <openssl/evp.h>
#include <openssl/ec.h>
// Process name list of incompatible anti-virus software
static BAD_PROCESS bad_processes[] =
{
@ -5566,17 +5569,58 @@ void PrintCertInfo(HWND hWnd, CERT_DLG *p)
GetDateTimeStrEx64(tmp, sizeof(tmp), SystemToLocal64(x->notAfter), NULL);
LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_NOT_AFTER"), tmp);
// Number of bits
if (x->is_compatible_bit)
{
UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits);
LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp);
}
// Public key
k = GetKFromX(x);
if (k != NULL)
{
UINT type = EVP_PKEY_base_id(k->pkey);
switch (type)
{
case EVP_PKEY_RSA:
LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_ALGORITHM"), L"RSA");
UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits);
LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp);
break;
case EVP_PKEY_EC:
LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_ALGORITHM"), L"ECDSA");
UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits);
LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp);
# ifndef OPENSSL_NO_EC
EC_KEY *key = EVP_PKEY_get0_EC_KEY(k->pkey);
if (key == NULL)
{
break;
}
EC_GROUP *group = EC_KEY_get0_group(key);
if (group == NULL)
{
break;
}
int nid = EC_GROUP_get_curve_name(group);
if (nid == 0)
{
break;
}
if (StrToUni(tmp, sizeof(tmp), OBJ_nid2sn(nid)) > 0)
{
wchar_t *nname = CopyStrToUni(EC_curve_nid2nist(nid));
if (nname)
{
UniFormat(tmp, sizeof(tmp), L"%s (%s)", tmp, nname);
}
LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_PARAMETER"), tmp);
Free(nname);
}
# endif
break;
default:
break;
}
BUF *b = KToBuf(k, false, NULL);
s_tmp = CopyBinToStrEx(b->Buf, b->Size);
StrToUni(tmp, sizeof(tmp), s_tmp);