Disabled ceritficate signature check.
This commit is contained in:
parent
4fe12b0ea3
commit
a376656b3c
@ -207,7 +207,8 @@ BOOL certificate_read_x509_certificate(rdpCertBlob* cert, rdpCertInfo* info)
|
||||
error++;
|
||||
|
||||
/* signature */
|
||||
if (!ber_read_sequence_tag(s, &length) || !Stream_SafeSeek(s, length)) /* AlgorithmIdentifier (SEQUENCE) */
|
||||
if (!ber_read_sequence_tag(s, &length) ||
|
||||
!Stream_SafeSeek(s, length)) /* AlgorithmIdentifier (SEQUENCE) */
|
||||
goto error1;
|
||||
|
||||
error++;
|
||||
@ -237,7 +238,8 @@ BOOL certificate_read_x509_certificate(rdpCertBlob* cert, rdpCertInfo* info)
|
||||
error++;
|
||||
|
||||
/* subjectPublicKeyInfo::AlgorithmIdentifier */
|
||||
if (!ber_read_sequence_tag(s, &length) || !Stream_SafeSeek(s, length)) /* AlgorithmIdentifier (SEQUENCE) */
|
||||
if (!ber_read_sequence_tag(s, &length) ||
|
||||
!Stream_SafeSeek(s, length)) /* AlgorithmIdentifier (SEQUENCE) */
|
||||
goto error1;
|
||||
|
||||
error++;
|
||||
@ -308,7 +310,8 @@ error2:
|
||||
free(info->Modulus);
|
||||
info->Modulus = 0;
|
||||
error1:
|
||||
WLog_ERR(TAG, "error reading when reading certificate: part=%s error=%d", certificate_read_errors[error], error);
|
||||
WLog_ERR(TAG, "error reading when reading certificate: part=%s error=%d",
|
||||
certificate_read_errors[error], error);
|
||||
Stream_Free(s, FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
@ -360,7 +363,8 @@ void certificate_free_x509_certificate_chain(rdpX509CertChain* x509_cert_chain)
|
||||
free(x509_cert_chain);
|
||||
}
|
||||
|
||||
static BOOL certificate_process_server_public_key(rdpCertificate* certificate, wStream* s, UINT32 length)
|
||||
static BOOL certificate_process_server_public_key(rdpCertificate* certificate, wStream* s,
|
||||
UINT32 length)
|
||||
{
|
||||
BYTE magic[4];
|
||||
UINT32 keylen;
|
||||
@ -398,27 +402,36 @@ static BOOL certificate_process_server_public_key(rdpCertificate* certificate, w
|
||||
}
|
||||
|
||||
static BOOL certificate_process_server_public_signature(rdpCertificate* certificate,
|
||||
const BYTE* sigdata, int sigdatalen, wStream* s, UINT32 siglen)
|
||||
const BYTE* sigdata, size_t sigdatalen, wStream* s, UINT32 siglen)
|
||||
{
|
||||
#if defined(CERT_VALIDATE_PADDING) || defined(CERT_VALIDATE_RSA)
|
||||
size_t i, sum;
|
||||
#endif
|
||||
#if defined(CERT_VALIDATE_RSA)
|
||||
BYTE sig[TSSK_KEY_LENGTH];
|
||||
#endif
|
||||
BYTE encsig[TSSK_KEY_LENGTH + 8];
|
||||
#if defined(VALIDATE_MD5)
|
||||
#if defined(CERT_VALIDATE_MD5) && defined(CERT_VALIDATE_RSA)
|
||||
BYTE md5hash[WINPR_MD5_DIGEST_LENGTH];
|
||||
#endif
|
||||
#if !defined(CERT_VALIDATE_MD5) || !defined(CERT_VALIDATE_RSA)
|
||||
(void)sigdata;
|
||||
(void)sigdatalen;
|
||||
#endif
|
||||
(void)certificate;
|
||||
/* Do not bother with validation of server proprietary certificate. The use of MD5 here is not allowed under FIPS.
|
||||
* Since the validation is not protecting against anything since the private/public keys are well known and documented in
|
||||
* MS-RDPBCGR section 5.3.3.1, we are not gaining any security by using MD5 for signature comparison. Rather then use MD5
|
||||
* here we just dont do the validation to avoid its use. Historically, freerdp has been ignoring a failed validation anyways. */
|
||||
#if defined(VALIDATE_MD5)
|
||||
#if defined(CERT_VALIDATE_MD5)
|
||||
|
||||
if (!winpr_Digest(WINPR_MD_MD5, sigdata, sigdatalen, md5hash, sizeof(md5hash)))
|
||||
return FALSE;
|
||||
|
||||
#endif
|
||||
Stream_Read(s, encsig, siglen);
|
||||
|
||||
/* Last 8 bytes shall be all zero. */
|
||||
#if defined(CERT_VALIDATE_PADDING)
|
||||
|
||||
for (sum = 0, i = sizeof(encsig) - 8; i < sizeof(encsig); i++)
|
||||
sum += encsig[i];
|
||||
@ -429,7 +442,9 @@ static BOOL certificate_process_server_public_signature(rdpCertificate* certific
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
#endif
|
||||
siglen -= 8;
|
||||
#if defined(CERT_VALIDATE_RSA)
|
||||
|
||||
if (crypto_rsa_public_decrypt(encsig, siglen, TSSK_KEY_LENGTH, tssk_modulus, tssk_exponent,
|
||||
sig) <= 0)
|
||||
@ -440,7 +455,7 @@ static BOOL certificate_process_server_public_signature(rdpCertificate* certific
|
||||
|
||||
/* Verify signature. */
|
||||
/* Do not bother with validation of server proprietary certificate as described above. */
|
||||
#if defined(VALIDATE_MD5)
|
||||
#if defined(CERT_VALIDATE_MD5)
|
||||
|
||||
if (memcmp(md5hash, sig, sizeof(md5hash)) != 0)
|
||||
{
|
||||
@ -449,7 +464,6 @@ static BOOL certificate_process_server_public_signature(rdpCertificate* certific
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Verify rest of decrypted data:
|
||||
* The 17th byte is 0x00.
|
||||
@ -466,6 +480,7 @@ static BOOL certificate_process_server_public_signature(rdpCertificate* certific
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@ -484,7 +499,7 @@ BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate
|
||||
UINT16 wSignatureBlobType;
|
||||
UINT16 wSignatureBlobLen;
|
||||
BYTE* sigdata;
|
||||
int sigdatalen;
|
||||
size_t sigdatalen;
|
||||
|
||||
if (Stream_GetRemainingLength(s) < 12)
|
||||
return FALSE;
|
||||
@ -497,7 +512,7 @@ BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate
|
||||
if (!((dwSigAlgId == SIGNATURE_ALG_RSA) && (dwKeyAlgId == KEY_EXCHANGE_ALG_RSA)))
|
||||
{
|
||||
WLog_ERR(TAG, "unsupported signature or key algorithm, dwSigAlgId=%"PRIu32" dwKeyAlgId=%"PRIu32"",
|
||||
dwSigAlgId, dwKeyAlgId);
|
||||
dwSigAlgId, dwKeyAlgId);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@ -549,7 +564,8 @@ BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (!certificate_process_server_public_signature(certificate, sigdata, sigdatalen, s, wSignatureBlobLen))
|
||||
if (!certificate_process_server_public_signature(certificate, sigdata, sigdatalen, s,
|
||||
wSignatureBlobLen))
|
||||
{
|
||||
WLog_ERR(TAG, "unable to parse server public signature");
|
||||
return FALSE;
|
||||
@ -604,16 +620,15 @@ BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate,
|
||||
{
|
||||
rdpCertInfo cert_info = { 0 };
|
||||
DEBUG_CERTIFICATE("License Server Certificate");
|
||||
|
||||
ret = certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &cert_info);
|
||||
|
||||
DEBUG_LICENSE("modulus length:%"PRIu32"", cert_info.ModulusLength);
|
||||
free(cert_info.Modulus);
|
||||
|
||||
if (!ret)
|
||||
{
|
||||
WLog_ERR(TAG, "failed to read License Server, content follows:");
|
||||
winpr_HexDump(TAG, WLOG_ERROR, certificate->x509_cert_chain->array[i].data, certificate->x509_cert_chain->array[i].length);
|
||||
winpr_HexDump(TAG, WLOG_ERROR, certificate->x509_cert_chain->array[i].data,
|
||||
certificate->x509_cert_chain->array[i].length);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
@ -621,7 +636,8 @@ BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate,
|
||||
{
|
||||
DEBUG_CERTIFICATE("Terminal Server Certificate");
|
||||
|
||||
if (!certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &certificate->cert_info))
|
||||
if (!certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i],
|
||||
&certificate->cert_info))
|
||||
return FALSE;
|
||||
|
||||
DEBUG_CERTIFICATE("modulus length:%"PRIu32"", certificate->cert_info.ModulusLength);
|
||||
@ -638,7 +654,8 @@ BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate,
|
||||
* @param length certificate length
|
||||
*/
|
||||
|
||||
BOOL certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, size_t length)
|
||||
BOOL certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert,
|
||||
size_t length)
|
||||
{
|
||||
BOOL ret;
|
||||
wStream* s;
|
||||
@ -677,20 +694,20 @@ BOOL certificate_read_server_certificate(rdpCertificate* certificate, BYTE* serv
|
||||
return ret;
|
||||
}
|
||||
|
||||
rdpRsaKey* key_new_from_content(const char *keycontent, const char *keyfile)
|
||||
rdpRsaKey* key_new_from_content(const char* keycontent, const char* keyfile)
|
||||
{
|
||||
BIO* bio = NULL;
|
||||
RSA* rsa = NULL;
|
||||
rdpRsaKey* key = NULL;
|
||||
const BIGNUM *rsa_e = NULL;
|
||||
const BIGNUM *rsa_n = NULL;
|
||||
const BIGNUM *rsa_d = NULL;
|
||||
const BIGNUM* rsa_e = NULL;
|
||||
const BIGNUM* rsa_n = NULL;
|
||||
const BIGNUM* rsa_d = NULL;
|
||||
key = (rdpRsaKey*) calloc(1, sizeof(rdpRsaKey));
|
||||
|
||||
if (!key)
|
||||
return NULL;
|
||||
|
||||
bio = BIO_new_mem_buf((void *)keycontent, strlen(keycontent));
|
||||
bio = BIO_new_mem_buf((void*)keycontent, strlen(keycontent));
|
||||
|
||||
if (!bio)
|
||||
goto out_free;
|
||||
@ -781,7 +798,7 @@ rdpRsaKey* key_new(const char* keyfile)
|
||||
if (_fseeki64(fp, 0, SEEK_SET) < 0)
|
||||
goto out_free;
|
||||
|
||||
buffer = (char *)malloc(length + 1);
|
||||
buffer = (char*)malloc(length + 1);
|
||||
|
||||
if (!buffer)
|
||||
goto out_free;
|
||||
@ -830,7 +847,8 @@ rdpCertificate* certificate_clone(rdpCertificate* certificate)
|
||||
if (!_certificate->cert_info.Modulus)
|
||||
goto out_fail;
|
||||
|
||||
CopyMemory(_certificate->cert_info.Modulus, certificate->cert_info.Modulus, certificate->cert_info.ModulusLength);
|
||||
CopyMemory(_certificate->cert_info.Modulus, certificate->cert_info.Modulus,
|
||||
certificate->cert_info.ModulusLength);
|
||||
_certificate->cert_info.ModulusLength = certificate->cert_info.ModulusLength;
|
||||
}
|
||||
|
||||
@ -845,18 +863,21 @@ rdpCertificate* certificate_clone(rdpCertificate* certificate)
|
||||
|
||||
if (certificate->x509_cert_chain->count)
|
||||
{
|
||||
_certificate->x509_cert_chain->array = (rdpCertBlob*) calloc(certificate->x509_cert_chain->count, sizeof(rdpCertBlob));
|
||||
_certificate->x509_cert_chain->array = (rdpCertBlob*) calloc(certificate->x509_cert_chain->count,
|
||||
sizeof(rdpCertBlob));
|
||||
|
||||
if (!_certificate->x509_cert_chain->array)
|
||||
goto out_fail;
|
||||
|
||||
for (index = 0; index < certificate->x509_cert_chain->count; index++)
|
||||
{
|
||||
_certificate->x509_cert_chain->array[index].length = certificate->x509_cert_chain->array[index].length;
|
||||
_certificate->x509_cert_chain->array[index].length =
|
||||
certificate->x509_cert_chain->array[index].length;
|
||||
|
||||
if (certificate->x509_cert_chain->array[index].length)
|
||||
{
|
||||
_certificate->x509_cert_chain->array[index].data = (BYTE*) malloc(certificate->x509_cert_chain->array[index].length);
|
||||
_certificate->x509_cert_chain->array[index].data = (BYTE*) malloc(
|
||||
certificate->x509_cert_chain->array[index].length);
|
||||
|
||||
if (!_certificate->x509_cert_chain->array[index].data)
|
||||
{
|
||||
@ -869,8 +890,9 @@ rdpCertificate* certificate_clone(rdpCertificate* certificate)
|
||||
goto out_fail;
|
||||
}
|
||||
|
||||
CopyMemory(_certificate->x509_cert_chain->array[index].data, certificate->x509_cert_chain->array[index].data,
|
||||
_certificate->x509_cert_chain->array[index].length);
|
||||
CopyMemory(_certificate->x509_cert_chain->array[index].data,
|
||||
certificate->x509_cert_chain->array[index].data,
|
||||
_certificate->x509_cert_chain->array[index].length);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user