Added raw function wrapping X509_digest
This commit is contained in:
Armin Novak
akallabeth
parent
8b85913ac0
commit
9c999b7135
@ -54,8 +54,8 @@ extern "C"
|
||||
typedef struct crypto_cert_struct* CryptoCert;
|
||||
|
||||
FREERDP_API CryptoCert crypto_cert_read(BYTE* data, UINT32 length);
|
||||
FREERDP_API BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length);
|
||||
FREERDP_API char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash);
|
||||
FREERDP_API char* crypto_cert_sign_with_hash(X509* xcert, const char* hash);
|
||||
FREERDP_API char* crypto_cert_fingerprint(X509* xcert);
|
||||
FREERDP_API char* crypto_cert_subject(X509* xcert);
|
||||
FREERDP_API char* crypto_cert_subject_common_name(X509* xcert, int* length);
|
||||
|
||||
@ -571,7 +571,7 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
|
||||
|
||||
if (!rc4Ctx)
|
||||
{
|
||||
WLog_ERR(TAG, "EVP_CipherInit_ex failure");
|
||||
WLog_ERR(TAG, "winpr_Cipher_New failure");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -581,13 +581,13 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
|
||||
|
||||
if (!rc)
|
||||
{
|
||||
WLog_ERR(TAG, "EVP_CipherUpdate failure");
|
||||
WLog_ERR(TAG, "winpr_Cipher_Update failure");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (!winpr_Cipher_Final(rc4Ctx, pbOut + cbOut, &cbFinal))
|
||||
{
|
||||
WLog_ERR(TAG, "EVP_CipherFinal_ex failure");
|
||||
WLog_ERR(TAG, "winpr_Cipher_Final failure");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -663,7 +663,7 @@ static BOOL freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* pas
|
||||
|
||||
if (!winpr_Cipher_Final(aesDec, pbOut + cbOut, &cbFinal))
|
||||
{
|
||||
WLog_ERR(TAG, "EVP_DecryptFinal_ex failure");
|
||||
WLog_ERR(TAG, "winpr_Cipher_Final failure");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
||||
@ -215,25 +215,49 @@ void crypto_reverse(BYTE* data, int length)
|
||||
|
||||
char* crypto_cert_fingerprint(X509* xcert)
|
||||
{
|
||||
return crypto_cert_fingerprint_by_hash(xcert, "sha1");
|
||||
return crypto_cert_fingerprint_by_hash(xcert, "sha256");
|
||||
}
|
||||
|
||||
BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length)
|
||||
{
|
||||
UINT32 fp_len = EVP_MAX_MD_SIZE;
|
||||
BYTE* fp;
|
||||
const EVP_MD* md = EVP_get_digestbyname(hash);
|
||||
if (!md)
|
||||
return NULL;
|
||||
if (!length)
|
||||
return NULL;
|
||||
if (!xcert)
|
||||
return NULL;
|
||||
|
||||
fp = calloc(fp_len, sizeof(BYTE));
|
||||
if (!fp)
|
||||
return NULL;
|
||||
|
||||
if (X509_digest(xcert, md, fp, &fp_len) != 1)
|
||||
{
|
||||
free(fp);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
*length = fp_len;
|
||||
return fp;
|
||||
}
|
||||
|
||||
char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash)
|
||||
{
|
||||
size_t i = 0;
|
||||
UINT32 fp_len, i;
|
||||
BYTE* fp;
|
||||
char* p;
|
||||
char* fp_buffer;
|
||||
UINT32 fp_len;
|
||||
BYTE fp[EVP_MAX_MD_SIZE];
|
||||
const EVP_MD* md = EVP_get_digestbyname(hash);
|
||||
if (!md)
|
||||
|
||||
fp = crypto_cert_hash(xcert, hash, &fp_len);
|
||||
if (!fp)
|
||||
return NULL;
|
||||
|
||||
X509_digest(xcert, md, fp, &fp_len);
|
||||
fp_buffer = (char*)calloc(fp_len + 1, 3);
|
||||
|
||||
fp_buffer = calloc(fp_len * 3 + 1, sizeof(char));
|
||||
if (!fp_buffer)
|
||||
return NULL;
|
||||
goto fail;
|
||||
|
||||
p = fp_buffer;
|
||||
|
||||
@ -244,6 +268,9 @@ char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash)
|
||||
}
|
||||
|
||||
sprintf_s(p, (fp_len - i) * 3, "%02" PRIx8 "", fp[i]);
|
||||
fail:
|
||||
free(fp);
|
||||
|
||||
return fp_buffer;
|
||||
}
|
||||
|
||||
|
||||
@ -611,13 +611,15 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
|
||||
SEC_CHANNEL_BINDINGS* ChannelBindings;
|
||||
SecPkgContext_Bindings* ContextBindings;
|
||||
const size_t PrefixLength = strnlen(TLS_SERVER_END_POINT, ARRAYSIZE(TLS_SERVER_END_POINT));
|
||||
BYTE CertificateHash[32] = { 0 };
|
||||
X509_digest(cert, EVP_sha256(), CertificateHash, &CertificateHashLength);
|
||||
BYTE* CertificateHash = crypto_cert_hash(cert, "sha256", &CertificateHashLength);
|
||||
if (!CertificateHash)
|
||||
return NULL;
|
||||
|
||||
ChannelBindingTokenLength = PrefixLength + CertificateHashLength;
|
||||
ContextBindings = (SecPkgContext_Bindings*)calloc(1, sizeof(SecPkgContext_Bindings));
|
||||
|
||||
if (!ContextBindings)
|
||||
return NULL;
|
||||
goto out_free;
|
||||
|
||||
ContextBindings->BindingsLength = sizeof(SEC_CHANNEL_BINDINGS) + ChannelBindingTokenLength;
|
||||
ChannelBindings = (SEC_CHANNEL_BINDINGS*)calloc(1, ContextBindings->BindingsLength);
|
||||
@ -633,6 +635,7 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
|
||||
memcpy(ChannelBindingToken + PrefixLength, CertificateHash, CertificateHashLength);
|
||||
return ContextBindings;
|
||||
out_free:
|
||||
free(CertificateHash);
|
||||
free(ContextBindings);
|
||||
return NULL;
|
||||
}
|
||||
@ -1195,7 +1198,7 @@ static BOOL is_accepted_fingerprint(CryptoCert cert, const char* CertificateAcce
|
||||
while (cur)
|
||||
{
|
||||
BOOL equal;
|
||||
|
||||
char* strhash;
|
||||
const char* h = strtok(cur, ":");
|
||||
const char* fp;
|
||||
|
||||
@ -1206,7 +1209,7 @@ static BOOL is_accepted_fingerprint(CryptoCert cert, const char* CertificateAcce
|
||||
if (!fp)
|
||||
continue;
|
||||
|
||||
char* strhash = crypto_cert_fingerprint_by_hash(cert->px509, h);
|
||||
strhash = crypto_cert_fingerprint_by_hash(cert->px509, h);
|
||||
if (!strhash)
|
||||
continue;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user