Armin Novak
8b6d05f90f
[crypto] fix key decrypt inconsistencies
2023-04-28 08:33:06 +02:00
akallabeth
6c38e20e4e
[crypto,cert] add openssl3 support
2023-04-28 08:33:06 +02:00
akallabeth
9ebbeeb2f6
[crypto,pkey] add openssl3 support
2023-04-28 08:33:06 +02:00
akallabeth
516668d02b
[fclose] ensure no invalid pointers are passed.
...
fclose has undefined behaviour for NULL pointers, so check for these.
2023-04-28 07:39:35 +02:00
Armin Novak
afc29ce777
[crypto,cert] fix cert_write_server_certificate_v2
2023-04-24 10:58:01 +02:00
Armin Novak
91b0f6d444
[crypto,cert] remove too strict assert
2023-04-24 10:58:01 +02:00
Armin Novak
50ce5b834d
[core,server] warn if cert not RDP security compatible
2023-03-28 17:19:03 +02:00
fifthdegree
304ce6d702
Test base64url en/decoding
...
Add tests for base64url and fix a bug discovered while doing that
2023-03-10 16:38:07 +01:00
fifthdegree
8d6c92c037
Implement base64url encoding/decoding
...
Tweak the base64 functions to allow for encoding and decoding base64url
as well
2023-03-10 16:38:07 +01:00
Armin Novak
3a6566d35e
[crypto,key] fix missing rdpCertInfo clone
2023-03-06 11:31:19 +01:00
Armin Novak
77943d4329
[warnings] Fixed missing-prototypes warnings
2023-03-06 10:04:59 +01:00
Armin Novak
3d8cb485f4
[warnings] Fixed strict-prototypes warnings
2023-03-06 10:04:59 +01:00
Armin Novak
e496771034
[warnings] fixed unused-variable warnings
2023-03-06 10:04:59 +01:00
Armin Novak
ae8f0106bd
[core,redirect] extract and check redirection cert
...
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
redirection target certificate without further user checks
2023-02-28 15:49:58 +01:00
David Fort
b8814e723a
fix some warning with the use of new crypto functions
2023-02-28 07:59:40 +01:00
akallabeth
392340d5fd
Fix #8702 : Disable sha3 and shake hashes for libressl
2023-02-22 11:47:37 +01:00
akallabeth
66245e7a00
[crypto,cert] remove rsa check
...
the rsa keys to be checked are on the deprecation list for most SSL
libraries so the function might fail unexpectedly
2023-02-16 10:06:17 +01:00
akallabeth
8b95030f5e
[cryto,cert] clean up code
2023-02-16 10:06:17 +01:00
akallabeth
a2b23a83ab
[crypto,cert] only extract server certificate
2023-02-16 10:06:17 +01:00
akallabeth
895ae8b137
[core] use rdpPrivateKey and rdpCertificate
2023-02-16 10:06:17 +01:00
Martin Fleisz
5f9db5a89c
core: Fix pointer corruption with d2i_X509
...
The `d2i_X509` function manipulates the passed pointer on success. This
resulted in a corrupted `rdpCertBlob` struct, crashing later on free.
2023-02-14 09:44:10 +01:00
Armin Novak
a7dac52a42
[license] updated copyright headers
2023-02-12 20:17:11 +01:00
Armin Novak
b77be1ad61
[emu,scard] use RSA struct instead of rdpCertInfo
...
rdpCertInfo has the RSA key in RDP specific format. Prefer direct
extraction from certificate or key
2023-02-12 20:17:11 +01:00
Armin Novak
91370e4437
[crypto,cert] use malloc for der certificate
2023-02-12 20:17:11 +01:00
akallabeth
c306ad4c51
[crypto,cert] add RSA key check
2023-02-12 20:17:11 +01:00
akallabeth
081e187db8
[crypto] add function to determine if RSA is in use
2023-02-12 20:17:11 +01:00
akallabeth
00baf58a71
[crypto,x509] simplify retrieval of default signature digest
2023-02-12 20:17:11 +01:00
akallabeth
e43b4bc091
[crypto,common] remove unused function
2023-02-12 20:17:11 +01:00
akallabeth
55b0af1993
[cryto,x509] cleaned up header
2023-02-12 20:17:11 +01:00
akallabeth
1aa8c97a67
[crypto,key] use EVP_PKEY_up_ref
...
The function is available since OpenSSL 1.1.0 instead of 3.0 for
EVP_PKEY_dup
2023-02-12 20:17:11 +01:00
akallabeth
1397f4c605
[crypto] added evp_pkey private getter
2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a
[crypto] rename rdpRsaKey to rdpPrivateKey
2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa
[crypto] added PEM file read/write helpers
2023-02-12 20:17:11 +01:00
akallabeth
d1ddf7a6c7
[crypto,test] update to new cert/crypto API
2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a
[crypot,tls] use new crypto/cert API
2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10
[core,crypto] refactor certificate management
...
* Properly split certificate_store, certificate_data, certificate and
private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
akallabeth
00f2679eda
[core,security] refactor functions to check lengths
2023-02-03 11:09:59 +01:00
akallabeth
7c1007b1b6
[core,crypto] removed rsa functions from public API
...
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab
[core,crypto] refactor rsa functions
...
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
Armin Novak
641022b795
[logging] remove __FUNCTION__ from actual message
...
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Armin Novak
e0a14edfbb
[core,crypto] log more parsing failures
2023-01-24 10:16:55 +01:00
Armin Novak
dd0d130f48
[crypto] make tls.h a private header
...
no need to uselessly export symbols that are not usable outside the
project
2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530
[core] Rename TLS functions
...
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
2023-01-14 08:50:26 +01:00
Armin Novak
8b9b2db44b
[winpr] use winpr_fopen
2023-01-12 22:54:25 +01:00
akallabeth
82ba9ede9c
[freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers
2023-01-10 17:38:00 +01:00
David Fort
07d9baad6d
crypto: export getSslMethod utility function
2022-12-23 08:42:45 +01:00
David Fort
b283daafd7
tls: cleanup and add some methods to do handshakes asynchronously
...
This patch does a few cleanups to allow creating TLS and DTLS contexts.
It also introduces tls_accept_ex and tls_connect_ex that can start the SSL handshake,
and it can be finished by calling tls_handshake
2022-12-19 10:46:06 +01:00
Bernhard Miklautz
e530999156
new [tls/server]: disable client side renegotiation
2022-12-15 11:06:19 +01:00
akallabeth
37ab25e19d
Fixed all Wdocumentation warnings
2022-12-12 14:24:55 +01:00
akallabeth
5799fb2018
Replace ConvertFromUnicode and ConvertToUnicode
...
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
2022-11-28 10:42:36 +01:00