Added raw function wrapping X509_digest
This commit is contained in:
parent
8b85913ac0
commit
9c999b7135
@ -54,8 +54,8 @@ extern "C"
|
|||||||
typedef struct crypto_cert_struct* CryptoCert;
|
typedef struct crypto_cert_struct* CryptoCert;
|
||||||
|
|
||||||
FREERDP_API CryptoCert crypto_cert_read(BYTE* data, UINT32 length);
|
FREERDP_API CryptoCert crypto_cert_read(BYTE* data, UINT32 length);
|
||||||
|
FREERDP_API BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length);
|
||||||
FREERDP_API char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash);
|
FREERDP_API char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash);
|
||||||
FREERDP_API char* crypto_cert_sign_with_hash(X509* xcert, const char* hash);
|
|
||||||
FREERDP_API char* crypto_cert_fingerprint(X509* xcert);
|
FREERDP_API char* crypto_cert_fingerprint(X509* xcert);
|
||||||
FREERDP_API char* crypto_cert_subject(X509* xcert);
|
FREERDP_API char* crypto_cert_subject(X509* xcert);
|
||||||
FREERDP_API char* crypto_cert_subject_common_name(X509* xcert, int* length);
|
FREERDP_API char* crypto_cert_subject_common_name(X509* xcert, int* length);
|
||||||
|
@ -571,7 +571,7 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
|
|||||||
|
|
||||||
if (!rc4Ctx)
|
if (!rc4Ctx)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "EVP_CipherInit_ex failure");
|
WLog_ERR(TAG, "winpr_Cipher_New failure");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -581,13 +581,13 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
|
|||||||
|
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "EVP_CipherUpdate failure");
|
WLog_ERR(TAG, "winpr_Cipher_Update failure");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!winpr_Cipher_Final(rc4Ctx, pbOut + cbOut, &cbFinal))
|
if (!winpr_Cipher_Final(rc4Ctx, pbOut + cbOut, &cbFinal))
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "EVP_CipherFinal_ex failure");
|
WLog_ERR(TAG, "winpr_Cipher_Final failure");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -663,7 +663,7 @@ static BOOL freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* pas
|
|||||||
|
|
||||||
if (!winpr_Cipher_Final(aesDec, pbOut + cbOut, &cbFinal))
|
if (!winpr_Cipher_Final(aesDec, pbOut + cbOut, &cbFinal))
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "EVP_DecryptFinal_ex failure");
|
WLog_ERR(TAG, "winpr_Cipher_Final failure");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -215,25 +215,49 @@ void crypto_reverse(BYTE* data, int length)
|
|||||||
|
|
||||||
char* crypto_cert_fingerprint(X509* xcert)
|
char* crypto_cert_fingerprint(X509* xcert)
|
||||||
{
|
{
|
||||||
return crypto_cert_fingerprint_by_hash(xcert, "sha1");
|
return crypto_cert_fingerprint_by_hash(xcert, "sha256");
|
||||||
|
}
|
||||||
|
|
||||||
|
BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length)
|
||||||
|
{
|
||||||
|
UINT32 fp_len = EVP_MAX_MD_SIZE;
|
||||||
|
BYTE* fp;
|
||||||
|
const EVP_MD* md = EVP_get_digestbyname(hash);
|
||||||
|
if (!md)
|
||||||
|
return NULL;
|
||||||
|
if (!length)
|
||||||
|
return NULL;
|
||||||
|
if (!xcert)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
fp = calloc(fp_len, sizeof(BYTE));
|
||||||
|
if (!fp)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
if (X509_digest(xcert, md, fp, &fp_len) != 1)
|
||||||
|
{
|
||||||
|
free(fp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
*length = fp_len;
|
||||||
|
return fp;
|
||||||
}
|
}
|
||||||
|
|
||||||
char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash)
|
char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash)
|
||||||
{
|
{
|
||||||
size_t i = 0;
|
UINT32 fp_len, i;
|
||||||
|
BYTE* fp;
|
||||||
char* p;
|
char* p;
|
||||||
char* fp_buffer;
|
char* fp_buffer;
|
||||||
UINT32 fp_len;
|
|
||||||
BYTE fp[EVP_MAX_MD_SIZE];
|
fp = crypto_cert_hash(xcert, hash, &fp_len);
|
||||||
const EVP_MD* md = EVP_get_digestbyname(hash);
|
if (!fp)
|
||||||
if (!md)
|
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
X509_digest(xcert, md, fp, &fp_len);
|
fp_buffer = calloc(fp_len * 3 + 1, sizeof(char));
|
||||||
fp_buffer = (char*)calloc(fp_len + 1, 3);
|
|
||||||
|
|
||||||
if (!fp_buffer)
|
if (!fp_buffer)
|
||||||
return NULL;
|
goto fail;
|
||||||
|
|
||||||
p = fp_buffer;
|
p = fp_buffer;
|
||||||
|
|
||||||
@ -244,6 +268,9 @@ char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash)
|
|||||||
}
|
}
|
||||||
|
|
||||||
sprintf_s(p, (fp_len - i) * 3, "%02" PRIx8 "", fp[i]);
|
sprintf_s(p, (fp_len - i) * 3, "%02" PRIx8 "", fp[i]);
|
||||||
|
fail:
|
||||||
|
free(fp);
|
||||||
|
|
||||||
return fp_buffer;
|
return fp_buffer;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -611,13 +611,15 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
|
|||||||
SEC_CHANNEL_BINDINGS* ChannelBindings;
|
SEC_CHANNEL_BINDINGS* ChannelBindings;
|
||||||
SecPkgContext_Bindings* ContextBindings;
|
SecPkgContext_Bindings* ContextBindings;
|
||||||
const size_t PrefixLength = strnlen(TLS_SERVER_END_POINT, ARRAYSIZE(TLS_SERVER_END_POINT));
|
const size_t PrefixLength = strnlen(TLS_SERVER_END_POINT, ARRAYSIZE(TLS_SERVER_END_POINT));
|
||||||
BYTE CertificateHash[32] = { 0 };
|
BYTE* CertificateHash = crypto_cert_hash(cert, "sha256", &CertificateHashLength);
|
||||||
X509_digest(cert, EVP_sha256(), CertificateHash, &CertificateHashLength);
|
if (!CertificateHash)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
ChannelBindingTokenLength = PrefixLength + CertificateHashLength;
|
ChannelBindingTokenLength = PrefixLength + CertificateHashLength;
|
||||||
ContextBindings = (SecPkgContext_Bindings*)calloc(1, sizeof(SecPkgContext_Bindings));
|
ContextBindings = (SecPkgContext_Bindings*)calloc(1, sizeof(SecPkgContext_Bindings));
|
||||||
|
|
||||||
if (!ContextBindings)
|
if (!ContextBindings)
|
||||||
return NULL;
|
goto out_free;
|
||||||
|
|
||||||
ContextBindings->BindingsLength = sizeof(SEC_CHANNEL_BINDINGS) + ChannelBindingTokenLength;
|
ContextBindings->BindingsLength = sizeof(SEC_CHANNEL_BINDINGS) + ChannelBindingTokenLength;
|
||||||
ChannelBindings = (SEC_CHANNEL_BINDINGS*)calloc(1, ContextBindings->BindingsLength);
|
ChannelBindings = (SEC_CHANNEL_BINDINGS*)calloc(1, ContextBindings->BindingsLength);
|
||||||
@ -633,6 +635,7 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
|
|||||||
memcpy(ChannelBindingToken + PrefixLength, CertificateHash, CertificateHashLength);
|
memcpy(ChannelBindingToken + PrefixLength, CertificateHash, CertificateHashLength);
|
||||||
return ContextBindings;
|
return ContextBindings;
|
||||||
out_free:
|
out_free:
|
||||||
|
free(CertificateHash);
|
||||||
free(ContextBindings);
|
free(ContextBindings);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -1195,7 +1198,7 @@ static BOOL is_accepted_fingerprint(CryptoCert cert, const char* CertificateAcce
|
|||||||
while (cur)
|
while (cur)
|
||||||
{
|
{
|
||||||
BOOL equal;
|
BOOL equal;
|
||||||
|
char* strhash;
|
||||||
const char* h = strtok(cur, ":");
|
const char* h = strtok(cur, ":");
|
||||||
const char* fp;
|
const char* fp;
|
||||||
|
|
||||||
@ -1206,7 +1209,7 @@ static BOOL is_accepted_fingerprint(CryptoCert cert, const char* CertificateAcce
|
|||||||
if (!fp)
|
if (!fp)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
char* strhash = crypto_cert_fingerprint_by_hash(cert->px509, h);
|
strhash = crypto_cert_fingerprint_by_hash(cert->px509, h);
|
||||||
if (!strhash)
|
if (!strhash)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user