Added raw function wrapping X509_digest

This commit is contained in:
Armin Novak 2020-02-12 13:47:35 +01:00 committed by akallabeth
parent 8b85913ac0
commit 9c999b7135
4 changed files with 50 additions and 20 deletions

View File

@ -54,8 +54,8 @@ extern "C"
typedef struct crypto_cert_struct* CryptoCert;
FREERDP_API CryptoCert crypto_cert_read(BYTE* data, UINT32 length);
FREERDP_API BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length);
FREERDP_API char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash);
FREERDP_API char* crypto_cert_sign_with_hash(X509* xcert, const char* hash);
FREERDP_API char* crypto_cert_fingerprint(X509* xcert);
FREERDP_API char* crypto_cert_subject(X509* xcert);
FREERDP_API char* crypto_cert_subject_common_name(X509* xcert, int* length);

View File

@ -571,7 +571,7 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
if (!rc4Ctx)
{
WLog_ERR(TAG, "EVP_CipherInit_ex failure");
WLog_ERR(TAG, "winpr_Cipher_New failure");
goto fail;
}
@ -581,13 +581,13 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
if (!rc)
{
WLog_ERR(TAG, "EVP_CipherUpdate failure");
WLog_ERR(TAG, "winpr_Cipher_Update failure");
goto fail;
}
if (!winpr_Cipher_Final(rc4Ctx, pbOut + cbOut, &cbFinal))
{
WLog_ERR(TAG, "EVP_CipherFinal_ex failure");
WLog_ERR(TAG, "winpr_Cipher_Final failure");
goto fail;
}
@ -663,7 +663,7 @@ static BOOL freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* pas
if (!winpr_Cipher_Final(aesDec, pbOut + cbOut, &cbFinal))
{
WLog_ERR(TAG, "EVP_DecryptFinal_ex failure");
WLog_ERR(TAG, "winpr_Cipher_Final failure");
goto fail;
}

View File

@ -215,25 +215,49 @@ void crypto_reverse(BYTE* data, int length)
char* crypto_cert_fingerprint(X509* xcert)
{
return crypto_cert_fingerprint_by_hash(xcert, "sha1");
return crypto_cert_fingerprint_by_hash(xcert, "sha256");
}
BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length)
{
UINT32 fp_len = EVP_MAX_MD_SIZE;
BYTE* fp;
const EVP_MD* md = EVP_get_digestbyname(hash);
if (!md)
return NULL;
if (!length)
return NULL;
if (!xcert)
return NULL;
fp = calloc(fp_len, sizeof(BYTE));
if (!fp)
return NULL;
if (X509_digest(xcert, md, fp, &fp_len) != 1)
{
free(fp);
return NULL;
}
*length = fp_len;
return fp;
}
char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash)
{
size_t i = 0;
UINT32 fp_len, i;
BYTE* fp;
char* p;
char* fp_buffer;
UINT32 fp_len;
BYTE fp[EVP_MAX_MD_SIZE];
const EVP_MD* md = EVP_get_digestbyname(hash);
if (!md)
fp = crypto_cert_hash(xcert, hash, &fp_len);
if (!fp)
return NULL;
X509_digest(xcert, md, fp, &fp_len);
fp_buffer = (char*)calloc(fp_len + 1, 3);
fp_buffer = calloc(fp_len * 3 + 1, sizeof(char));
if (!fp_buffer)
return NULL;
goto fail;
p = fp_buffer;
@ -244,6 +268,9 @@ char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash)
}
sprintf_s(p, (fp_len - i) * 3, "%02" PRIx8 "", fp[i]);
fail:
free(fp);
return fp_buffer;
}

View File

@ -611,13 +611,15 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
SEC_CHANNEL_BINDINGS* ChannelBindings;
SecPkgContext_Bindings* ContextBindings;
const size_t PrefixLength = strnlen(TLS_SERVER_END_POINT, ARRAYSIZE(TLS_SERVER_END_POINT));
BYTE CertificateHash[32] = { 0 };
X509_digest(cert, EVP_sha256(), CertificateHash, &CertificateHashLength);
BYTE* CertificateHash = crypto_cert_hash(cert, "sha256", &CertificateHashLength);
if (!CertificateHash)
return NULL;
ChannelBindingTokenLength = PrefixLength + CertificateHashLength;
ContextBindings = (SecPkgContext_Bindings*)calloc(1, sizeof(SecPkgContext_Bindings));
if (!ContextBindings)
return NULL;
goto out_free;
ContextBindings->BindingsLength = sizeof(SEC_CHANNEL_BINDINGS) + ChannelBindingTokenLength;
ChannelBindings = (SEC_CHANNEL_BINDINGS*)calloc(1, ContextBindings->BindingsLength);
@ -633,6 +635,7 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
memcpy(ChannelBindingToken + PrefixLength, CertificateHash, CertificateHashLength);
return ContextBindings;
out_free:
free(CertificateHash);
free(ContextBindings);
return NULL;
}
@ -1195,7 +1198,7 @@ static BOOL is_accepted_fingerprint(CryptoCert cert, const char* CertificateAcce
while (cur)
{
BOOL equal;
char* strhash;
const char* h = strtok(cur, ":");
const char* fp;
@ -1206,7 +1209,7 @@ static BOOL is_accepted_fingerprint(CryptoCert cert, const char* CertificateAcce
if (!fp)
continue;
char* strhash = crypto_cert_fingerprint_by_hash(cert->px509, h);
strhash = crypto_cert_fingerprint_by_hash(cert->px509, h);
if (!strhash)
continue;