mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,925 Commits 6 Branches 74 Tags 84 MiB
0633623b6d
Commit Graph

264 Commits

Author SHA1 Message Date
akallabeth
53d8e0f203
[crypto,tls] fix missing return 2024-05-25 09:17:06 +02:00
akallabeth
ef86df9a26
[crypto,tls] log BIO_do_handshake errors 
add proper logging to make details of failures auditable
 2024-05-23 14:48:39 +02:00
David Fort
aebe9742e0 [client,win32] Child session fixes 
It seems like WaitFor[Single|Multiple]Object calls aren't reliable on pipes, especially
on the pipe opened for childSession access. The object can be marked as signaled even if
no data is available, making the connection laggy and unresponsive (nearly unusable in some
cases).
This patch works around that by using ReadFileEx() with overlapped instead of simple
ReadFile() and use asynchronous reads.
 2024-03-01 09:46:53 +01:00
amazingfate
e21afefb86 fix build with openssl < 1.1.1 2024-02-23 12:45:36 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
Armin Novak
198774c035 [compat,libressl] fix compilation issues 2023-12-19 20:44:39 +01:00
Armin Novak
6e6559c41a [settings] fix type mismatch warnings 2023-11-24 14:54:56 +01:00
akallabeth
cd4d77af86 [settings] add deprecation warnings 
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
 2023-11-24 14:54:56 +01:00
akallabeth
1163cc4d5c [core] add internal settings.h include 2023-11-24 14:54:56 +01:00
Armin Novak
32c65dbdfc [crypto,tls] only print fingerprint in log 
printing the whole PEM to log is too verbose, just use the fingerprint
instead.
 2023-10-25 13:15:35 +02:00
akallabeth
d44f9528a1 [ssl] use proper names for TLS_*_method 
only use deprecated SSLv23_*method on old versions of SSL
 2023-10-10 19:35:27 +02:00
akallabeth
b9fdd88bd7 [crypto,tls] reset tls context before setting 
clean up old tls context before setting a new one
 2023-09-21 10:00:19 +02:00
akallabeth
9a460d38fc [crypto,tls] free tls bindings before set 
Free possibly allocated bindings before setting new ones
 2023-09-21 10:00:19 +02:00
akallabeth
d275e083ec [crypto,tls] free existing public key 
before updating the public key free possible existing data.
 2023-09-21 10:00:19 +02:00
Armin Novak
0afa2e88b5 [crypto,cert] imrove logged warnings for certificates 2023-07-31 08:32:43 +02:00
Armin Novak
64f4fe397c [crypto,tls] fixed sign warnings 2023-07-27 21:05:43 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
akallabeth
516668d02b [fclose] ensure no invalid pointers are passed. 
fclose has undefined behaviour for NULL pointers, so check for these.
 2023-04-28 07:39:35 +02:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert 
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
 2023-02-28 15:49:58 +01:00
David Fort
b8814e723a fix some warning with the use of new crypto functions 2023-02-28 07:59:40 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a [crypot,tls] use new crypto/cert API 2023-02-12 20:17:11 +01:00
Armin Novak
dd0d130f48 [crypto] make tls.h a private header 
no need to uselessly export symbols that are not usable outside the
project
 2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530 [core] Rename TLS functions 
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
 2023-01-14 08:50:26 +01:00
Armin Novak
8b9b2db44b [winpr] use winpr_fopen 2023-01-12 22:54:25 +01:00
akallabeth
82ba9ede9c [freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers 2023-01-10 17:38:00 +01:00
David Fort
07d9baad6d crypto: export getSslMethod utility function 2022-12-23 08:42:45 +01:00
David Fort
b283daafd7 tls: cleanup and add some methods to do handshakes asynchronously 
This patch does a few cleanups to allow creating TLS and DTLS contexts.
It also introduces tls_accept_ex and tls_connect_ex that can start the SSL handshake,
and it can be finished by calling tls_handshake
 2022-12-19 10:46:06 +01:00
Bernhard Miklautz
e530999156 new [tls/server]: disable client side renegotiation 2022-12-15 11:06:19 +01:00
akarl10
3a10bcd36a [ntlm]: use rfc5929 binding hash algorithm 
rfc5929 mandates some specific hashes for the binding algorithm
 2022-11-21 13:27:08 +01:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254) 
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
 2022-09-29 14:55:27 +02:00
DVeron-RC
de16558344
Fix memory leak in tls.c (#8135) 
There was an issue in the reference count managment of the private
key and the X509 certificate.
 2022-08-18 15:51:30 +02:00
Martin Fleisz
693985b733 crypto: Fix compilation with OpenSSL versions older than 1.1.1 2022-08-17 14:20:14 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120) 
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
 2022-08-16 10:40:32 +02:00
David Véron
a3712521a8 TLS version control 
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
 2022-07-07 07:13:11 +00:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
akallabeth
0563dae8b3 Cleanup tls_prepare 2022-06-23 09:18:37 +02:00
Siva Gudivada
7ce4d8b196 add a new flag to enforce tls1.2 2022-06-23 09:18:37 +02:00
akallabeth
962c5c3ef0 Fixed dead store warnings 2022-04-28 12:37:19 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796) 
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
 2022-04-19 14:29:17 +02:00
akallabeth
14568872a9
Instance cleanup (#7738) 
* Cleaned up freerdp::autodetect

* Deprecate freerdp::input

* Deprecated freerdp::update

* Deprecated freerdp::settings

* Deprecated freerdp::autodetect

* Removed rdpTransport::settings

* Deprecated freerdp_per::update|settings|autodetect

* Fixed mac client and server compilation

* Fixed windows compilation

* Added deprecation warnings

* Fixed initialization of structs.

* Fixed android build

* Fixed freerdp_client_context_new const correctness

* Fixed checks for android implementation

Replaced checks with assertions where appropriate

* Fixed checks for windows client

Replaced checks with assertions where appropriate

* Fixed proxy client pointer dereference
 2022-03-23 13:18:35 +01:00
akallabeth
fa3cf9417f
Fixed #7696: Abort freerdp_connect if manually canceled (#7700) 
If freerdp_abort_connect is called, set FREERDP_ERROR_CONNECT_CANCELLED
This way freerdp_reconnect can distinguish between network issues and
user interaction and abort a retry attempt.
 2022-03-07 13:47:43 +01:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633) 
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
 2022-02-14 14:59:22 +01:00
akallabeth
a71235be74
Cert update fix (#7382) 
* Fixed certificate thumbprint default format

* Fixed VerifyChangedCertificateEx call arguments
 2021-10-21 09:07:52 +02:00
akallabeth
1c84690c2f
Fixes from tests (#7308) 
* Fixed memory leak in tls_verify_certificate

* Fixed missing NULL checks

* Fixed missing checks for FreeRDP_DeactivateClientDecoding

* Added WINPR_ASSERT for client common new/free

* Added /disable-output switch to deactivate client decoding

Allows low resource remote connections that do not require visual
feedback. (e.g. load testing/...)
 2021-09-21 09:56:56 +02:00
akallabeth
75e6f443b5 Fixed possible leak in tls_prepare 
If the function fails, the 'underlying' BIO was leaking as
tls_free did not clean it up if 'tls->bio' was not successfully
allocated.
 2021-09-20 10:59:59 +02:00