diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-10-30 21:13:35 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-10-30 21:13:35 +0100 |
commit | 700d03d241b7335d9c647afb114100929dfbd909 (patch) | |
tree | 870cd187db57915d40e8e4d7a2b14f238ba3ddfc /python/vyos | |
parent | 5ffe914cb35f77dad3a095ca7167e46d9f087b33 (diff) | |
download | vyos-1x-700d03d241b7335d9c647afb114100929dfbd909.tar.gz vyos-1x-700d03d241b7335d9c647afb114100929dfbd909.zip |
openvpn: T2994: verify DH key length
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/configverify.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index d3ca56d11..babb0feb7 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -259,3 +259,27 @@ def verify_accel_ppp_base_service(config): if 'delegation_prefix' not in ipv6_pool['delegate'][delegate]: raise ConfigError('delegation-prefix length required!') +def verify_diffie_hellman_length(file, min_keysize): + """ Verify Diffie-Hellamn keypair length given via file. It must be greater + then or equal to min_keysize """ + + try: + keysize = str(min_keysize) + except: + return False + + import os + import re + from vyos.util import cmd + + if os.path.exists(file): + + out = cmd(f'openssl dhparam -inform PEM -in {file} -text') + prog = re.compile('\d+\s+bit') + if prog.search(out): + bits = prog.search(out)[0].split()[0] + if int(min_keysize) >= int(bits): + return True + + return False + |