Brent Collins
9ca9df1ead
Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override
...
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
2017-11-17 12:43:07 +01:00
Brent Collins
e21f9e359b
Initialize SSL directly in the sample server, instead of relying on the SSL initialize logic
...
in the tls code as it was removed in a previous patch due to its redundancy.
2017-11-17 12:43:07 +01:00
Brent Collins
922a0fa495
Fix checks for openssl version numbers around fips changes, they were using an incorrect version matching 1.1.0 and not 1.0.1
...
Simplify the logic to enable openssl fips mode
2017-11-17 12:43:07 +01:00
Brent Collins
e47123f05a
Do not initialize SSL in freerdp_context_new, it is too early to detect the fips enabled flag
...
and is redundant since it is initialized later before actually using SSL.
2017-11-17 12:43:07 +01:00
Brent Collins
a0526317ea
Fix the return values of the winpr_Digest_Init functions which were accidentally removed
...
during rework in previous checkin.
2017-11-17 12:43:07 +01:00
Brent Collins
1129634617
Move the disabling nla and setting the fips encryption mode based on fips
...
mode to happen after argument parsing to ensure it always enforced.
2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63
Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues.
2017-11-17 12:43:07 +01:00
Brent Collins
7aa9e7a97f
Fix variable definition placement to adhere to older C standard.
2017-11-17 12:43:06 +01:00
Brent Collins
5284100bb0
FIPS_mode() and FIPS_mode_set() does not exist in OpenSSL versions before 1.0.1
2017-11-17 12:43:06 +01:00
Brent Collins
2dddae738f
Change initialization of EVP_CIPHER_CTX to use API function instead of trying to calloc().
...
Fix some warnings noted from build output.
2017-11-17 12:43:06 +01:00
Brent Collins
497ba442be
Workaround for missing EVP_CIPH_FLAG_FIPS_NON_ALLOW flag in openssl 1.0.0.
2017-11-17 12:43:06 +01:00
Brent Collins
d98b88642b
Add new command-line option to force xfreerdp into a fips compliant mode.
...
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.
Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.
Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.
Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.
Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
David Fort
80cb1dd23c
Merge pull request #4242 from ccpp/afreerdp_versioncode_11
...
Increase APK versionCode for aFreeRDP 2.0-rc1
2017-11-17 09:36:50 +01:00
Christian Plattner
a5f67d1203
Increase versionCode for aFreeRDP 2.0-rc1
2017-11-17 08:58:07 +01:00
David Fort
6666564493
Merge pull request #4186 from RangeeGmbH/multimonitor_primary_fix
...
FreeRDP multimonitor: Use first command line element, then primary, …
2017-11-16 15:26:03 +01:00
David Fort
0d92c725c6
Merge pull request #4000 from akallabeth/ign_keyword_fix
...
Command line ignore empty if flag set
2017-11-16 13:26:01 +01:00
akallabeth
668e347814
Merge pull request #4034 from blino/wayland-keymap
...
Reuse evdev/X11 keymap for wayland
2017-11-16 12:07:07 +01:00
Armin Novak
ac0a912a20
Option to force password prompt before connection
...
The idea is based on #3257 .
If a non NLA connection is requested the password callbacks are not executed
and there is currently no way to read from stdin.
This extension of /from-stdin allows reading the passwords
before the connection is established.
2017-11-16 09:55:45 +01:00
Martin Fleisz
af0ac6daf1
Merge pull request #4237 from akallabeth/remove_atoi
...
Replaced atoi
2017-11-16 09:39:04 +01:00
Armin Novak
4ab26a334a
Fixed resource cleanup.
2017-11-15 15:56:25 +01:00
Armin Novak
77134d9def
Fixed formatting.
2017-11-15 15:56:25 +01:00
Armin Novak
f39346ebe5
Fixed leaks and formatting.
2017-11-15 15:56:25 +01:00
Armin Novak
ceda3d3f4a
Fixed color for drawing rectangles.
2017-11-15 15:56:25 +01:00
Armin Novak
536ffbc31f
Fixed missing function return check.
2017-11-15 15:56:25 +01:00
Armin Novak
dbe418062f
Fixed missing parameter checks.
2017-11-15 15:56:25 +01:00
Armin Novak
bd7e4cd35a
Fixed uninitialized variables.
2017-11-15 15:56:25 +01:00
Armin Novak
032c0164d1
Fixed missing error check.
2017-11-15 15:56:25 +01:00
Armin Novak
99f6c27488
Fixed uninitialized arguments.
2017-11-15 15:56:25 +01:00
Armin Novak
7b58495e7b
Fixed warnings and formatting.
2017-11-15 15:56:24 +01:00
Armin Novak
1fd6308ef5
Functions static, warnings fixed.
2017-11-15 15:56:24 +01:00
Armin Novak
90e1d39fec
Fixed formatting and warnings.
2017-11-15 15:56:24 +01:00
Armin Novak
44dfaf7841
Fixed dead store warning.
2017-11-15 15:56:24 +01:00
Armin Novak
3baba6f9c0
Removed unused argument.
2017-11-15 15:56:24 +01:00
Armin Novak
f24158fe07
Fixed missing function return check.
2017-11-15 15:56:24 +01:00
Armin Novak
0aa5a83536
Fixed multiple warnings in parser
2017-11-15 15:56:21 +01:00
Armin Novak
26d079e53b
Fixed compile warnings.
2017-11-15 15:54:38 +01:00
Armin Novak
7fd5b6f4a2
Fixed warnings and test return values.
2017-11-15 15:54:38 +01:00
Armin Novak
5ffde16883
Fixed NULL arguments and compile warnings.
2017-11-15 15:54:38 +01:00
Armin Novak
9859cfb736
Fixed dead store.
2017-11-15 15:54:38 +01:00
Armin Novak
4eb5b8e349
Replaced atoi
2017-11-15 15:52:16 +01:00
David Fort
7fe8648ab1
Merge pull request #3940 from akallabeth/custom_help_arguments
...
Added a new function to allow printing help with additional arguments.
2017-11-15 15:47:35 +01:00
David Fort
88ce5aa5fe
Merge pull request #4235 from akallabeth/avcodec_encode_video_fix
...
Added encoder path for libavcodec versions <1.0
2017-11-15 15:37:27 +01:00
Armin Novak
8c2bd951ae
Allow printing of custom arguments in help.
2017-11-15 15:25:34 +01:00
Armin Novak
e4873fe2c4
Added encoder path for libavcodec versions <1.0
2017-11-14 09:15:43 +01:00
David Fort
f4f23454c9
Merge pull request #4233 from akallabeth/kerberos_rebased
...
Kerberos rebased
2017-11-13 17:39:27 +01:00
David Fort
6f2b849f20
Merge pull request #4232 from akallabeth/ffmpeg_compat
...
Added compat define for missing format.
2017-11-13 17:09:48 +01:00
David Fort
7bbc3cb8b7
Fix logic in nla_read_ts_credentials
2017-11-13 16:20:57 +01:00
Armin Novak
65f4c560d3
Fixed uninitialized values and leaks.
2017-11-13 16:20:57 +01:00
dodo040
60406794ce
fix Kerberos flavour's detection (MIT/Heimdal) and double free for MIT<1.13
2017-11-13 16:20:56 +01:00
dodo040
2ed4acb0ac
fix typo
2017-11-13 16:20:56 +01:00