[core] update to new crypto/cert API

2023-02-03 11:53:49 +01:00 · 2023-02-03 11:53:49 +01:00 · 94b2f551b3
commit 94b2f551b3
parent 67bd1d08d3
5 changed files with 23 additions and 18 deletions
--- a/libfreerdp/core/connection.c
+++ b/libfreerdp/core/connection.c
@ -39,6 +39,9 @@
 #include <freerdp/cache/pointer.h>

 #include "../crypto/crypto.h"
+#include "../crypto/privatekey.h"
+#include "../crypto/certificate.h"
+
 #include "utils.h"

 #define TAG FREERDP_TAG("core.connection")
@ -698,16 +701,15 @@ static const BYTE fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xE

 static BOOL rdp_client_establish_keys(rdpRdp* rdp)
 {
-	BYTE* mod;
-	BYTE* exp;
-	wStream* s;
-	UINT32 length;
-	UINT32 key_len;
+	BYTE* mod = NULL;
+	BYTE* exp = NULL;
+	wStream* s = NULL;
+	UINT32 length = 0;
+	UINT32 key_len = 0;
 	int status = 0;
 	BOOL ret = FALSE;
-	rdpSettings* settings;
+	rdpSettings* settings = rdp->settings;
 	BYTE* crypt_client_random = NULL;
-	settings = rdp->settings;

 	if (!settings->UseRdpSecurityLayer)
 	{
@ -724,8 +726,9 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
 		return FALSE;
 	winpr_RAND(settings->ClientRandom, settings->ClientRandomLength);

-	WINPR_ASSERT(settings->RdpServerCertificate);
-	const rdpCertInfo* info = &settings->RdpServerCertificate->cert_info;
+	const rdpCertInfo* info = freerdp_certificate_get_info(settings->RdpServerCertificate);
+	if (!info)
+		return FALSE;

 	/*
 	 * client random must be (bitlen / 8) + 8 - see [MS-RDPBCGR] 5.3.4.1
@ -829,7 +832,7 @@ static BOOL rdp_update_client_random(rdpSettings* settings, const BYTE* crypt_ra
 	const rdpRsaKey* rsa = freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey);
 	WINPR_ASSERT(rsa);

-	const rdpCertInfo* cinfo = &rsa->cert;
+	const rdpCertInfo* cinfo = freerdp_key_get_info(rsa);
 	WINPR_ASSERT(cinfo);

 	if (crypt_random_len != cinfo->ModulusLength + 8)
--- a/libfreerdp/core/gateway/http.c
+++ b/libfreerdp/core/gateway/http.c
@ -27,6 +27,7 @@
 #include <winpr/string.h>

 #include <freerdp/log.h>
+#include <freerdp/crypto/crypto.h>

 /* websocket need sha1 for Sec-Websocket-Accept */
 #include <winpr/crypto.h>
--- a/libfreerdp/core/gateway/rpc.c
+++ b/libfreerdp/core/gateway/rpc.c
@ -30,8 +30,6 @@

 #include <freerdp/log.h>

-#include <openssl/bio.h>
-
 #ifdef FREERDP_HAVE_VALGRIND_MEMCHECK_H
 #include <valgrind/memcheck.h>
 #endif
--- a/libfreerdp/core/gcc.c
+++ b/libfreerdp/core/gcc.c
@ -27,10 +27,13 @@

 #include <freerdp/log.h>
 #include <freerdp/utils/string.h>
+#include <freerdp/crypto/certificate.h>

 #include "utils.h"
 #include "gcc.h"
-#include "certificate.h"
+#include "nego.h"
+
+#include "../crypto/certificate.h"

 #define TAG FREERDP_TAG("core.gcc")

@ -1638,7 +1641,7 @@ BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
 	data = settings->ServerCertificate;
 	length = settings->ServerCertificateLength;

-	if (!certificate_read_server_certificate(settings->RdpServerCertificate, data, length))
+	if (!freerdp_certificate_read_server_cert(settings->RdpServerCertificate, data, length))
 		goto fail;

 	return TRUE;
@ -1822,7 +1825,7 @@ BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs)
 	Stream_Seek_UINT32(s); /* serverCertLen */
 	Stream_Write(s, settings->ServerRandom, settings->ServerRandomLength);

-	const SSIZE_T len = certificate_write_server_certificate(
+	const SSIZE_T len = freerdp_certificate_write_server_cert(
 	    settings->RdpServerCertificate, CERT_TEMPORARILY_ISSUED | CERT_CHAIN_VERSION_1, s);
 	if (len < 0)
 		return FALSE;
--- a/libfreerdp/core/peer.c
+++ b/libfreerdp/core/peer.c
@ -26,11 +26,11 @@

 #include "info.h"
 #include "display.h"
-#include "certificate.h"

 #include <freerdp/log.h>
 #include <freerdp/streamdump.h>
 #include <freerdp/redirection.h>
+#include <freerdp/crypto/certificate.h>

 #include "rdp.h"
 #include "peer.h"
@ -250,7 +250,7 @@ static BOOL freerdp_peer_initialize(freerdp_peer* client)

 	if (settings->PrivateKeyFile)
 	{
-		settings->RdpServerRsaKey = key_new(settings->PrivateKeyFile);
+		settings->RdpServerRsaKey = freerdp_key_new_from_file(settings->PrivateKeyFile);

 		if (!settings->RdpServerRsaKey)
 		{
@ -260,7 +260,7 @@ static BOOL freerdp_peer_initialize(freerdp_peer* client)
 	}
 	else if (settings->PrivateKeyContent)
 	{
-		settings->RdpServerRsaKey = key_new_from_content(settings->PrivateKeyContent, NULL);
+		settings->RdpServerRsaKey = freerdp_key_new_from_pem(settings->PrivateKeyContent);

 		if (!settings->RdpServerRsaKey)
 		{