Commit Graph

18422 Commits

Author SHA1 Message Date
Armin Novak
70f12ac871 [winpr,image] use fuzzy compare
* Add winpr_image_equal_ex to allow comparison of lossy compressed
  formats, ignoring color depth and alpha
* Adjust tests to utilize winpr_image_equal_ex
2024-02-14 19:04:50 +01:00
Martin Fleisz
2e5d4fbe06 gateway: Do not fail if unprocessed padding bytes are detected
Sometimes the RPC PDUs have unprocessed data (padding bytes) at their
end. In that case do not fail but just log a warning with the correct
amount of remaining bytes.
2024-02-14 16:25:41 +01:00
akallabeth
28a2bf0848 [winpr,crypto] simplify winpr_Digest_Init_Allow_FIPS 2024-02-13 19:54:25 +01:00
akallabeth
52b8fc0f46 [ci,tidy] add missing opencl library dependency 2024-02-13 17:27:03 +01:00
akallabeth
fe37bc80d4 [winpr,crypto] fix WITH_INTERNAL_MD5 handling
If WITH_INTERNAL_MD5=ON also use it with winpr_Digest_Init_Allow_FIPS
2024-02-13 17:27:03 +01:00
akallabeth
e2e6d09256 [cmake] use DEFAULT_DEBUG_OPTION for all 2024-02-13 17:06:00 +01:00
akallabeth
83b8acf897 [ci,tidy] enable all features/dependencies for build 2024-02-13 17:06:00 +01:00
akallabeth
b193f9ab59 [cmake] guard cmake_policy(CMP0091)
only set the policy to NEW if it is defined
2024-02-13 16:22:37 +01:00
akallabeth
bf72c307b0 [server,sample] add bounds checks
* test_peer_draw_icon should ignore requests if the resulting image is
  out of bounds of desktop size.
2024-02-12 17:01:16 +01:00
akallabeth
53d88c1c96 [server,sample] delay WTSVirtualChannelManagerCheckFileDescriptor
Only call WTSVirtualChannelManagerCheckFileDescriptor if there was a
event pending on WTSVirtualChannelManagerGetEventHandle
This ensures that the drdynvc channel is not opened before it is
initialized.
2024-02-12 14:06:51 +01:00
akallabeth
cbab66a249 [warnings] fix incompatible pointer types 2024-02-12 10:23:27 +01:00
akallabeth
8b9c8732f3 [warnings] fix void pointer used in arithmetic 2024-02-12 10:23:27 +01:00
akallabeth
0d68cb4f42 [build,attr] fix WINPR_ATTR_MALLOC
* do not use this attribute if the free function takes pointer to pointer
* audio_format_new must be freed by audio_formats_free
2024-02-12 10:23:27 +01:00
akallabeth
ff1565b7ea [channel,tsmf] fix clang-tidy warnings 2024-02-12 09:28:09 +01:00
akallabeth
94a29e7b2c [channel,tsmf] fix issue with oss backend 2024-02-12 09:28:09 +01:00
akallabeth
34d5462111 [ci,codeql] update to v3 2024-02-10 13:06:07 +01:00
akallabeth
24c901c898 [ci] fix merge commit extraction for ci 2024-02-10 12:58:28 +01:00
akallabeth
d710acbed5 [ci,tidy] run on pull request
* add required permission
2024-02-10 12:47:00 +01:00
akallabeth
83e067dacc [ci,tidy] upload artifacts 2024-02-10 12:47:00 +01:00
akallabeth
8a97ebbbc0 [ci,tidy] use .clang-tidy
* use .clang-tidy from project
* run on pull_request
2024-02-10 12:47:00 +01:00
akallabeth
625daf18a8 [clang,tidy] disable too verbose checks
* readability-identifier-length
* bugprone-easily-swappable-parameters
2024-02-10 12:47:00 +01:00
akallabeth
d7f5e529eb [ci,tidy] remove unsupported options
* workflow_dispatch does not work with plugin
* remove limited permissions
2024-02-10 09:33:56 +01:00
Armin Novak
cc558bd4c5 [client,sdl] add missing include 2024-02-10 06:57:34 +01:00
akallabeth
01b2c05359 [ci,rpm] disable asan for rpm builds 2024-02-09 19:43:31 +01:00
akallabeth
2822918102 [ci,nightly] update rpm dependencies 2024-02-09 15:14:13 +01:00
akallabeth
78818aec34 [client,sdl] enable screensaver
by default sdl disables screensaver.
2024-02-09 10:29:08 +01:00
akallabeth
a7fb0d5c75 [uwac] add missing library link 2024-02-09 10:29:08 +01:00
akallabeth
db8682648b Revert "[codec] encode messages considering endianness"
This reverts commit 6ba4aad9ab.
2024-02-09 10:29:08 +01:00
akallabeth
93649f62cd [ci] add workflow_dispatch to all
* Add an option to manually trigger a run of the workflow
* Trigger all on pull_request_target (less error prone, does not execute
  code from pull request but base branch)
* Remove scheduled run from CodeQL
2024-02-09 08:59:50 +01:00
akallabeth
8ba27a7992 [ci,tidy] add xsltproc and docbook-xsl to deps 2024-02-09 08:11:05 +01:00
akallabeth
119409a155 [ci] add image dependencies to workflow 2024-02-09 08:11:05 +01:00
matoro
e08c4acb50 [ci] add multiarch workflow 2024-02-09 08:11:05 +01:00
akallabeth
31942b0817 [ci,tidy] fix apt_packages 2024-02-08 22:47:11 +01:00
akallabeth
cad7e007f5 [ci] fix clang-tidy workflow 2024-02-08 20:37:49 +01:00
akallabeth
60e02aab8a [ci] fix clang-tidy package installation 2024-02-08 19:44:35 +01:00
akallabeth
44fcb3326d [ci] add clang-tidy 2024-02-08 15:12:37 +01:00
akallabeth
e8d1bc5f4b [server,sample] fix resource location
if binary versioning is enabled the installation path was wrong.
2024-02-08 09:47:56 +01:00
akallabeth
897f0adcae [client,mac] fix CAPS handling
* do not change capslock if state did not change (triggered by multiple
  flagsChanged calls while autorepeat of a pressed key)
* add debug log for flagsChanged
2024-02-07 14:14:21 +01:00
akallabeth
0cea2461c1 [server,sample] use wImage to load cursor icon
replace the custom PPM loader with the winpr_image* family of functions.
2024-02-07 13:14:02 +01:00
akallabeth
eb8b2828dc [server,sample] provide sample-icons formats
provide the cursor icon in different formats.
2024-02-07 13:14:02 +01:00
akallabeth
31763e2f80 [ci,nightly] enable image support for flatpak 2024-02-07 10:04:08 +01:00
akallabeth
ca3ec975cb [ci,nightly] enable image support for rpm 2024-02-07 10:04:08 +01:00
akallabeth
c315c80295 [ci,nightly] enable image support for debian 2024-02-07 10:04:08 +01:00
akallabeth
9a51830434 [codec,jpeg] use winpr image for jpeg 2024-02-07 10:04:08 +01:00
akallabeth
b5660035ae [winpr,image] add support for WebP, JPEG and libpng 2024-02-07 10:04:08 +01:00
akallabeth
5bb618330d [client,win] DesktopOrientaion is of type UINT16
Fixes #9841, use proper getter for settings key
2024-02-07 08:03:24 +01:00
David Benjamin
72bc3578a0 clang-format 2024-02-07 07:53:37 +01:00
David Benjamin
7548be62c3 Support RSA-PSS certificates in x509_utils_get_signature_alg
RSA-PSS in X.509 is truly horrible, and OpenSSL does not expose very good APIs
to extract this, even though the library does handle it internally. Instead, we
must tediously unwrap RFC 4055's unnecessarily complicated encoding of
RFC 8017's unnecessarily flexible RSA-PSS definition.
2024-02-07 07:53:37 +01:00
David Benjamin
f987e304ee Add some tests for x509_utils_get_signature_alg
Temporarily disable the RSA-PSS tests for now, but this is enough for a
regression test for the previous issue.
2024-02-07 07:53:37 +01:00
David Benjamin
bee7f94e93 [crypto,x509] fix tls-server-end-point signature algorithm selection
This reverts commit 00baf58a71. That
change appears to have been incorrect. It's described as simplying
retrieving the "default signature digest", but it actually changed the
function's behavior entirely. The function wasn't retrieving defaults
previously.

A certificate contains, among other things, a public key and a
signature. The public key is the public key of the subject. However, the
signature was generated by the issuer. That is, if I get a certificate
from a CA, the public key will be my public key and the signature will
be my CA's signature over the certificate contents.

Now, the original code returned the digest used in the certificate's
signature. That is, it tells you which signature algorithm did my *CA*
use to sign my certificate.

The new code extracts the certificate's public key (my public key, not
the CA's). This doesn't necessarily tell you the signature algorithm, so
it then asks OpenSSL what the "default" signature algorithm would it use
with the key. This notion of "default" is ad-hoc and has changed over
time with OpenSSL releases. It doesn't correspond to any particular
protocol semantics. It's not necessarily the signature algorithm of the
certificate.

Now, looking at where this function is used, it's called by
freerdp_certificate_get_signature_alg, which is called by
tls_get_channel_binding to compute the tls-server-end-point channel
binding. That code cites RFC 5929, which discusses picking the hash
algorithm based on the certificate's signatureAlgorithm:

https://www.rfc-editor.org/rfc/rfc5929#section-4.1

That is, the old version of the code was correct and the
"simplification" broke it. Revert this and restore the original version.

I suspect this went unnoticed because, almost all the time, both the old
and new code picked SHA-256 and it was fine. But if the certificate was,
say, signed with SHA-384, the new code would compute the wrong channel
binding.
2024-02-07 07:53:37 +01:00