mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,185 Commits 6 Branches 74 Tags 84 MiB
12a2e55588
Commit Graph

485 Commits

Author SHA1 Message Date
Armin Novak
7b95014157 [winpr,crypto] Split crypto header renamed 
* Renamed custom winpr crypto function header
* Added compatiblity header
 2022-11-23 09:39:56 +01:00
akallabeth
13a58bd346 [crypto] Added sha3 define guards 
sha3 is only supported with OpenSSL 1.1.1a or later
 2022-11-22 12:09:39 +01:00
akarl10
3a10bcd36a [ntlm]: use rfc5929 binding hash algorithm 
rfc5929 mandates some specific hashes for the binding algorithm
 2022-11-21 13:27:08 +01:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU 
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
 2022-10-24 22:22:00 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254) 
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
 2022-09-29 14:55:27 +02:00
Armin Novak
21ccb75812 Replaced magic numbers with definitions 2022-09-20 15:52:14 +02:00
DVeron-RC
de16558344
Fix memory leak in tls.c (#8135) 
There was an issue in the reference count managment of the private
key and the X509 certificate.
 2022-08-18 15:51:30 +02:00
Martin Fleisz
693985b733 crypto: Fix compilation with OpenSSL versions older than 1.1.1 2022-08-17 14:20:14 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120) 
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
 2022-08-16 10:40:32 +02:00
David Véron
a3712521a8 TLS version control 
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
 2022-07-07 07:13:11 +00:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
Adrian Perez de Castro
81e8e28062 Fix building with LibreSSL 2.7.0 or newer 
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:

- BIO_meth_new() and related functions are now defined by LibreSSL, the
  versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
  functions should be used instead in winpr's hash.c.
 2022-06-27 12:42:06 +02:00
akallabeth
0563dae8b3 Cleanup tls_prepare 2022-06-23 09:18:37 +02:00
Siva Gudivada
7ce4d8b196 add a new flag to enforce tls1.2 2022-06-23 09:18:37 +02:00
akallabeth
3d9c972d5c
Replace direct rdpSettings access with getter/setter (#7867) 
* Replace direct rdpSettings access with getter/setter

* Fixed xf_gdi_update_screen const warning
 2022-05-02 10:55:44 +02:00
akallabeth
962c5c3ef0 Fixed dead store warnings 2022-04-28 12:37:19 +02:00
akallabeth
1dcc5a180a Fixed warnings 2022-04-28 11:24:51 +02:00
akallabeth
cc3e28f2f1 Fixed -Wdocumentation errors 2022-04-28 11:24:51 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796) 
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
 2022-04-19 14:29:17 +02:00
akallabeth
d3ae821477 Improved logging, compiler warning fixes 
* Improved logging in TPKT, TPDU, MCS, PER
* Proper use of rdpSettings functions
* Fixed missing return values
* Refactored rdp_server_transition_to_state
 2022-03-28 15:52:32 +02:00
akallabeth
14568872a9
Instance cleanup (#7738) 
* Cleaned up freerdp::autodetect

* Deprecate freerdp::input

* Deprecated freerdp::update

* Deprecated freerdp::settings

* Deprecated freerdp::autodetect

* Removed rdpTransport::settings

* Deprecated freerdp_per::update|settings|autodetect

* Fixed mac client and server compilation

* Fixed windows compilation

* Added deprecation warnings

* Fixed initialization of structs.

* Fixed android build

* Fixed freerdp_client_context_new const correctness

* Fixed checks for android implementation

Replaced checks with assertions where appropriate

* Fixed checks for windows client

Replaced checks with assertions where appropriate

* Fixed proxy client pointer dereference
 2022-03-23 13:18:35 +01:00
akallabeth
fa3cf9417f
Fixed #7696: Abort freerdp_connect if manually canceled (#7700) 
If freerdp_abort_connect is called, set FREERDP_ERROR_CONNECT_CANCELLED
This way freerdp_reconnect can distinguish between network issues and
user interaction and abort a retry attempt.
 2022-03-07 13:47:43 +01:00
akallabeth
3d38d2636c Decreased logging verbosity for INFO level 2022-03-04 09:34:02 +01:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
David Fort
0435b5a65d Implement smartcard logon 2022-02-24 08:52:25 +01:00
David Fort
cb351a099d Enable smartcard NLA logon 2022-02-24 08:52:25 +01:00
David Fort
d545ab66e1 tscredential: generate automatically the file from a parser 2022-02-24 08:52:25 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633) 
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
 2022-02-14 14:59:22 +01:00
Armin Novak
10e40147fb Fixed various const warnings 2022-02-01 10:25:37 +00:00
akallabeth
a71235be74
Cert update fix (#7382) 
* Fixed certificate thumbprint default format

* Fixed VerifyChangedCertificateEx call arguments
 2021-10-21 09:07:52 +02:00
Armin Novak
103ff6a758 Fixed certificate store double free. 2021-10-06 09:49:07 +02:00
akallabeth
1c84690c2f
Fixes from tests (#7308) 
* Fixed memory leak in tls_verify_certificate

* Fixed missing NULL checks

* Fixed missing checks for FreeRDP_DeactivateClientDecoding

* Added WINPR_ASSERT for client common new/free

* Added /disable-output switch to deactivate client decoding

Allows low resource remote connections that do not require visual
feedback. (e.g. load testing/...)
 2021-09-21 09:56:56 +02:00
akallabeth
75e6f443b5 Fixed possible leak in tls_prepare 
If the function fails, the 'underlying' BIO was leaking as
tls_free did not clean it up if 'tls->bio' was not successfully
allocated.
 2021-09-20 10:59:59 +02:00
Armin Novak
976c3c2ab9 Refactored proxy and proxy-modules: 
* Split out proxy headers and moved to public API to allow external
  modules to be built.
* Split proxy into proxy library and proxy binary. The library
  can be used by other applications and provides a simple API
* Improved channel passthrough, now all channels including dynamic
  channels work.
* Extended module API to hook more events, improved module samples
* Cleaned up proxy code, removed global static variables used,
  added WINPR_ASSERT
 2021-09-09 08:53:20 +02:00
Armin Novak
68f24477f6 Fixed compilation warnings on mac 2021-08-26 15:08:28 +02:00
Armin Novak
13f54fc0dd Improved fingerprint hash comparison 
* Allow new hash format 11bbccdd along already supported 11:22:aa:BB
 2021-08-26 09:38:12 +02:00
Armin Novak
5afa592244 Fixed cast-qual warnings 2021-08-24 11:10:51 +02:00
Armin Novak
f515bd4560 Fixed shadowing and type errors 2021-08-24 10:45:57 +02:00
Armin Novak
610396e197 Fixed compilation warnings 
Try to get the number of warnings down
 2021-08-02 10:28:06 +02:00
Armin Novak
4b7aa61abd Fixed tls_write_all, abort if blocked 
If data to be read is blocking the socket abort.
 2021-07-29 15:09:53 +02:00
akallabeth
534d30beb3
No deprecated (#7107) 
* Removed cmake options disabling compiler warnings

* Added deprecation compile options

* Fixed android client use of deprecated symbols

* Removed obsolete callback
 2021-06-22 14:39:10 +02:00
Armin Novak
09111c9270 libfreerdp: Fixed warnings, added assertions 2021-06-18 11:32:16 +02:00
Armin Novak
5fb59a23a9 Fixed lots of compilation warnings and type mismatches 2021-06-16 15:21:56 +02:00
Armin Novak
d36d94766e Replaced assert with WINPR_ASSERT 2021-06-14 09:37:07 +02:00
akallabeth
6b36c6d417
Replace fopen and path functions with wrappers (#7043) 
Functions like fopen, PathFileExists, PathMakePath need to call
the wide character versions on windows for utf-8 support.
 2021-05-31 11:42:03 +02:00
akallabeth
8e43f90590 Fixed #7045: allow NULL isser and subjects in certificates 2021-05-28 09:25:33 +02:00
Theo Buehler
9914dbc770 Fix build for upcoming LibreSSL version 
SSL will become opaque in LibreSSL 3.4.x, hence the code reaching inside
it will result in build breakage. This was done at the time for lack of
BIO_up_ref() support, which has been available since LibreSSL 2.7.0, so
adjust the relevant #ifdefs accordingly.
 2021-05-25 10:06:32 +02:00
Armin Novak
2b19576fc7 Fixed compiler warnings, function arguments and const parameter 2021-05-18 13:37:34 +02:00
akallabeth
d4ebf8546f Cleaned up crypto API 2021-05-11 08:00:18 +02:00
akallabeth
b494a193db Refactored certificate API: 
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
 2021-05-11 08:00:18 +02:00
akallabeth
c3171b90cb Removed unit tests for legacy known_hosts file 2021-05-11 08:00:18 +02:00
akallabeth
384f997aa7 Removed support for obsolete known_hosts file. 2021-05-11 08:00:18 +02:00
akallabeth
9e466abe6f Fixed #6989: Use X509_STORE_set_default_paths 2021-05-03 13:37:26 +02:00
akallabeth
187946e965 Removed duplicated escape 2021-04-27 11:48:39 +02:00
akallabeth
e2fd9db0b5 Added const to function arguments 2021-02-17 11:29:56 +01:00
akallabeth
70881d3957 Fixed #6442: Use cmake to provide source directory for test pem 2020-08-25 09:48:29 +02:00
Armin Novak
57b405ca26 Fixed compilation warnings. 2020-08-10 12:14:11 +02:00
Armin Novak
76d10561bb Set BIO data NULL on cleanup 
Recursive BIO free could double free, if the BIO data is not set
NULL when removed.
 2020-07-23 10:48:39 +02:00
akallabeth
02c5ec66e5 Fixed possible integer overflow in crypto_rsa_common 
Thanks @anticomputer for pointing this out
 2020-06-22 12:09:36 +02:00
akallabeth
d936402878 Fixed GHSL-2020-102 heap overflow 2020-05-20 15:10:07 +02:00
akallabeth
6a2785e359 Abort on first possible certificate validation error 
Only retry certificate validation if the purpose was wrong.
 2020-05-20 14:48:15 +02:00
akallabeth
7890833af8 Replaced strtok with strtok_s 2020-05-18 11:39:22 +02:00
akallabeth
5cfc3e8593 Fixed #6148: multiple ceritificate purposes 
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
 2020-05-12 15:36:48 +02:00
akallabeth
095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
akallabeth
b094d52d0b Fixed #6099: Add a flag for legacy hash entries 
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
 2020-04-22 18:14:39 +02:00
Linus Heckemann
89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
Armin Novak
5b9b7f331b Fixed memory leak in tls_get_channel_bindings 2020-03-06 11:37:35 +01:00
Armin Novak
9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak
00fa84b514 Check cert against CertificateAcceptedFingerprints 
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
 2020-03-06 11:37:35 +01:00
Armin Novak
ac4bb3c103 End connection before user callbacks if aborted. 
If somewhere in freerdp_connect freerdp_abort_connect was called
the user callbacks Authenticate, GatewayAuthenticate and
Verify[Changed|X509]Certificate[Ex] must not be called.
 2020-02-19 16:44:42 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak
993b79f1bd Removed strcpy use. 2019-10-29 11:58:43 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
asapelkin
82eadad4a4 Fix some static analizer warnings 2019-10-22 15:39:54 +02:00
Armin Novak
2f2ca9d93b Fixed leak in verify_cb. 2019-10-04 16:19:23 +02:00
Armin Novak
2778cbce8c Fixed type of sk_* macro. 2019-08-22 10:40:25 +02:00
Armin Novak
36c820a9d9 Extract whole certificate chain to PEM format. 2019-07-17 14:42:32 +02:00
Armin Novak
0c17c3871b Pass on cert validation failure, set freerdp error in all use cases. 2019-07-15 15:51:46 +02:00
Armin Novak
ca4a1d19a5 Silenced some unused parameter warnings. 2019-05-08 12:21:31 +02:00
Armin Novak
29c920c568 Fixed review remarks. 2019-04-05 09:14:35 +02:00
Armin Novak
1da57d0b7e Fixed sign-compare warnings 2019-04-05 09:13:24 +02:00
cerg2010cerg2010
7abc86ffae Close file handle correctly. (#5310) 2019-03-18 14:57:00 +01:00
Armin Novak
4ad0770a7e Silenced function pointer cast warnings for BIO_callback_ctrl 2019-02-21 13:53:51 +01:00
David Fort
05d9d89796
Merge pull request #5149 from akallabeth/cert_deny 
New option to disable user certificate dialog
 2019-01-25 16:59:33 +01:00
Armin Novak
0c83efa753 Fix #5170: Disable custom TLS alert for libressl > 2.8.3 2019-01-07 14:20:16 +01:00
Simon Legner
ff375d238b
fix(crypto/tls): typo 2019-01-02 08:18:07 +01:00
Armin Novak
b60045af27 New option to disable user certificate dialog 
The new option +cert-deny aborts a connection automatically if
the certificate can not be validated by OpenSSL or via known hosts.
 2018-12-14 10:17:52 +01:00
Armin Novak
6906efa354 Fixed return value for already accepted certificate. 2018-12-14 09:52:25 +01:00
Armin Novak
d2ac7acdd9 Fixed certificate accept 
certificate_data_replace can only replace an existing entry,
use certificate_data_print for new ones.
 2018-12-10 12:03:55 +01:00
Armin Novak
d05217454f Fix #5115: Cast PEM data from BYTE* to char* to silence warnings. 2018-12-07 12:36:18 +01:00
Armin Novak
0aaf14bed7 Fixe accidental removal of certificate_data_replace 2018-12-06 09:39:50 +01:00
Armin Novak
b27470405c Duplicate PEM when accepted. 2018-12-04 09:35:24 +01:00
Armin Novak
e04c319d21 Added new default certificate callbacks with extended information. 
The extended information provided by VerifyCertificateEx and
VerifyChangedCertificateEx is now exploited by the new functions
client_cli_verify_certificate_ex and client_cli_verify_changed_certificate_ex.

The old callbacks now print out deprecation warnings to inform the
user and developer about this deprecation.
 2018-12-04 09:35:24 +01:00
Armin Novak
a8823fdf95 Cleaned up certificate verification code. 2018-12-04 09:35:24 +01:00
Armin Novak
7ab07ab980 Added certificate callbacks with source indications. 2018-12-04 09:35:24 +01:00