Commit Graph

5128 Commits

Author SHA1 Message Date
akallabeth
1aa8c97a67 [crypto,key] use EVP_PKEY_up_ref
The function is available since OpenSSL 1.1.0 instead of 3.0 for
EVP_PKEY_dup
2023-02-12 20:17:11 +01:00
akallabeth
1397f4c605 [crypto] added evp_pkey private getter 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
87b30958a6 [cyrpto] unify PEM read/write
use crypto_read_pem and crypto_write_pem in all places required
2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa [crypto] added PEM file read/write helpers 2023-02-12 20:17:11 +01:00
akallabeth
ac037327d5 [core,redirection] fix Wshadow 2023-02-12 20:17:11 +01:00
akallabeth
d1ddf7a6c7 [crypto,test] update to new cert/crypto API 2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a [crypot,tls] use new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
94b2f551b3 [core] update to new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
67bd1d08d3 [emu,scard] use rdpCertificate and rdpRsaKey 2023-02-12 20:17:11 +01:00
akallabeth
b5d1ea7138 [core,license] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43 [core,smartcardlogon] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
Martin Fleisz
35c24f208b core: Fix invalid string length 2023-02-09 12:49:47 +01:00
Martin Fleisz
4b9fb8fff9 proxy: Fix NLA to TLS fallback connection
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:

- freerdp_reconnect is used which requires an already established
  connection to work correctly. This is not the case since the NLA
  connectin attempt failed. This resulted in a seemingly working TLS
  connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
  in the instance's settings. However these settings have been already
  modified by the NLA connection attempt so we need to create a copy of
  the original connection settings before doing the first connect.

The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
2023-02-09 12:49:47 +01:00
Armin Novak
a7c0a8c5f1 [autodetect] expose AUTODETECT_STATE 2023-02-09 12:34:27 +01:00
akallabeth
db98f16e5b [core,fastpath] fix too verbose log
for fastpath_recv_update_synchronize only skip the available bytes as
older servers tend to send short packets. This avoids (too) verbose
logging.
2023-02-07 13:36:03 +01:00
akallabeth
2eda0aa2ea [core,settings] remove unused setting 2023-02-03 11:24:32 +01:00
akallabeth
d96860780f Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
51e71b3c48 Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
00f2679eda [core,security] refactor functions to check lengths 2023-02-03 11:09:59 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
da5080e557 [core] refactor rdp encryption lock 2023-02-03 11:09:59 +01:00
akallabeth
a082f2b78a [core] improve logging 2023-02-03 11:09:59 +01:00
akallabeth
5f8cc02cf3 [core,license] update length
In license_read_encrypted_premaster_secret_blob the length argument was
not set, fix that
2023-02-03 11:09:59 +01:00
akallabeth
936e239acb [core,license] replaced HWID_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
4b0fcb3dac [core,licensing] replaced WINPR_MD5_DIGEST_LENGTH with sizeof() 2023-02-03 11:09:59 +01:00
akallabeth
3c242bbe6a [core,license] replaced MAC_SALT_KEY_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
0f3d72e724 [core,license] replaced SESSION_KEY_BLOB_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
a738f0ec91 [core,license] replaced PREMASTER_SECRET_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
0c5afb923f [core,license] replaced MASTER_SECRET_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
cf539f33db [core,license] replaced SERVER_RANDOM_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
31695c94a1 [client random] refactor use
* use sizeof() instead of define length
* use settings getter/setter
2023-02-03 11:09:59 +01:00
akallabeth
54e5ff1e75 [core,gcc] fix server random length 2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2af9758173 [core,license] use rdpCertInfo
Use the struct rdpCertInfo for certificate related data instead of
declaring separate variables
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
cd48e17740 [gateway,settings] add GatewayAutoConsent option
with this option the client automatically accepts consent messages of
the gateway server.
2023-02-03 11:08:46 +01:00
Armin Novak
05c8a96fff [core,tcp] fix transport_bio_buffered_write
If the return value is <= 0 do not increment the buffer data.
2023-02-02 08:12:39 +01:00
Armin Novak
0c496681f5 [core,settings] fix use of FreeRDP_TargetNetPorts 2023-02-01 09:51:54 +01:00
akallabeth
818267bc80 [core] fixed missing BYTE to WCHAR casts 2023-02-01 09:51:54 +01:00
akallabeth
da42a2141e [core,settings] update getter/setter generation
fix issues with const and non const string pointer update
2023-02-01 09:51:54 +01:00
akallabeth
3f80e6a5ba [core,info] consume unsued byte of stream
The TPKT header length does not match the [MS-RDPBCGR] 2.2.1.11.1.1
Info Packet (TS_INFO_PACKET) and 2.2.1.11.1.1.1 Extended Info Packet
(TS_EXTENDED_INFO_PACKET) length. print a warning and consume the rest
of the data.
2023-01-27 16:01:33 +01:00
akallabeth
76525c2658 [core,peer] removed duplicate checks and logs 2023-01-27 16:01:33 +01:00
akallabeth
644870934e [core,server] do not rely on EarlyCapabilitiesFlags
Check settings that have been agreed upon by client and server and do
not directly use the flags.
2023-01-27 16:01:33 +01:00
akallabeth
56a01603bb [core,info] do not rely on EarlyCapabilitiesFlags
now rdp_write_extended_info_packet only adds the
cbDynamicDSTTimeZoneKeyName, dynamicDSTTimeZoneKeyName and
dynamicDaylightTimeDisabled fields if both, client and server support
the dynamic timezone settings.
2023-01-27 16:01:33 +01:00
akallabeth
1a87ba8fc2 [core,server] add state STATE_RUN_QUIT_SESSION
If a session is terminated indicate this by STATE_RUN_QUIT_SESSION
instead of setting STATE_RUN_FAILED which would imply some failure
2023-01-27 11:05:12 +01:00
akallabeth
b03f9cc8b8 [core,mcs] added return checks
Fix missing checks in mcs_send_disconnect_provider_ultimatum
2023-01-27 11:05:12 +01:00
akallabeth
22f3bf6f78 [core,nla] initialize stack variables 2023-01-27 10:07:01 +01:00
akallabeth
f5d759c979 [core,nla] unify SecBuffer to ASN1 string
use a helper function to convert the buffer to a ASN1 string
2023-01-27 10:07:01 +01:00