Commit Graph

282 Commits

Author SHA1 Message Date
Ilya Shipitsin
a9ab65a935 resolve an issue found by cppcheck:
[libfreerdp/crypto/certificate.c:315] -> [libfreerdp/crypto/certificate.c:316]: (warning) Either the condition 'if(fingerprint&&fprint)' is redundant or there is possible null pointer dereference: fingerprint.
2017-06-01 00:05:51 +05:00
Armin Novak
4be62f7047 Fixed OpenSSL 1.1 no legacy compile issues. 2017-04-06 11:25:25 +02:00
Aric Belsito
70ab61c8e6
Support LibreSSL
Broken by the addition of OpenSSL 1.1.0 support.
2017-03-19 13:58:24 -07:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Norbert Federa
c6e6b44143 countless WLog/printf format specifier fixes 2016-11-25 17:06:25 +01:00
Norbert Federa
53bd98883e winpr/crypt api changes and memory leak fixes
- winpr_HMAC_New() now just returnes the opaque WINPR_HMAC_CTX* pointer
  which has to be passed to winpr_HMAC_Init() for (re)initialization
  and since winpr_HMAC_Final() no more frees the context you always have to
  use the new function winpr_HMAC_Free() once winpr_HMAC_New() has succeded

- winpr_Digest_New() now just returns the opaque WINPR_DIGEST_CTX* pointer
  which has to be passed to winpr_Digest_Init() for (re)initialization
  and since winpr_Digest_Final() no more frees the context you always have to
  use the new function winpr_Digest_Free() once winpr_Digest_New() has succeded
2016-11-24 18:27:29 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Martin Fleisz
e8fbdf503d crypto: Remove unneeded update (+) flag from file open mode 2016-10-17 14:49:26 +02:00
Armin Novak
c6ae62f700 Fixed memory leak in certificate check. 2016-10-10 13:34:57 +02:00
Armin Novak
f5fff7658a Made some functions static. 2016-10-06 13:43:12 +02:00
Marc-André Moreau
1ffbd774e9 freerdp: fix sending of TLS alert on NLA failure, add better handling of server-side NLA in shadow server 2016-07-21 17:53:20 -04:00
Marc-André Moreau
915b9a15b1 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	winpr/libwinpr/bcrypt/CMakeLists.txt
2016-05-11 11:05:17 -04:00
Bernhard Miklautz
221a292b04 Merge pull request #3263 from akallabeth/tofu
Added command line option /cert-tofu
2016-05-03 16:27:15 +02:00
akallabeth
a62d962bc7 Merge pull request #3250 from mfleisz/cssp_v3
core: Add support for CredSSP version 3
2016-04-26 09:59:40 +02:00
Armin Novak
53445768ed Added command line option /cert-tofu 2016-03-31 12:16:55 +02:00
Marc-André Moreau
cedf6d98e2 freerdp: more UWP porting 2016-03-29 20:34:52 -04:00
Bernhard Miklautz
9e8c6c99b6 First shot on fixing over linking
If a target is linked against libraries with cmake
(target_link_libraries) and the libraries are not marked as PRIVATE
they are "exported" and in case a other target is linked against this
target it is also linked against *all* (not private) libraries.

Without declaring private libraries PRIVATE a lot of over linking
(linking against unneeded libraries) was done.
2016-03-29 18:14:34 +02:00
Martin Fleisz
1c2d315354 core: Add support for CredSSP version 3 2016-03-18 13:32:13 +01:00
Bernhard Miklautz
014f31db35 Merge pull request #3171 from akallabeth/crypto_simplification
Crypto simplification
2016-02-29 17:10:53 +01:00
Armin Novak
238ff3b315 Unified encryption functions. 2016-02-27 23:28:49 +01:00
Armin Novak
5805ba8e52 Removed crypto_nonce. 2016-02-27 22:40:43 +01:00
Armin Novak
1036f1e296 Fixed default visibility.
When nothing is declared, only export symbols defined
with WINPR_API or FREERDP_API defined.
Override this setting if BUILD_TESTING to allow tests
access to internal functions usually not exposed.
2016-02-26 19:44:14 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
Armin Novak
4ca6b9bf10 Unified random functions and remaining MD5. 2016-02-24 20:41:01 +01:00
Armin Novak
ada2b16c50 Unified RC4 functions. 2016-02-24 17:04:03 +01:00
Armin Novak
06da644007 Unified md5 functions. 2016-02-24 16:46:25 +01:00
Armin Novak
0e4ea3943a Unified sha1 functions. 2016-02-24 16:36:15 +01:00
Hardening
2a3e9996b3 Merge pull request #2710 from akallabeth/cert_temp_accept_v2
Extended certificate callbacks.
2016-02-15 13:52:47 +01:00
Armin Novak
f4568295e9 Fixed API for old openssl versions < 1.0.0 2016-02-05 11:52:07 +01:00
Armin Novak
0e2208e942 Fixed warning. 2016-02-05 02:04:57 +01:00
Armin Novak
cbf2892ccc Implemented temporary certificate accept.
Certificates can now be accepted temporarily.
The callbacks for certificate validation have been
modified to extend the information presented to the user.
2016-02-05 02:04:57 +01:00
Armin Novak
16699000c4 Fixed allocation issue with common_name. 2016-02-05 02:04:00 +01:00
Armin Novak
3b0f5b5b48 Removed obsolete APPLE preprocessor switch. 2016-02-04 12:55:11 +01:00
Christian Plattner
c0226d686c Enable support for SNI on client side 2016-02-04 08:34:51 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
Bernhard Miklautz
aa80f63b4a tls: enable tls 1+
Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
To be able to also use TLS 1.1 and later use SSLv23_client_method
instead. To make sure SSLv2 or SSLv3 isn't used disable them.
2016-01-12 17:43:14 +01:00
Bernhard Miklautz
d03b38765a Merge pull request #2816 from akallabeth/known_hosts_locking
Known hosts locking
2015-12-16 19:03:15 +01:00
Armin Novak
65062633c2 Fixed memory leak. 2015-12-10 13:57:05 +01:00
Armin Novak
df528cefc5 Using locking winpr file functions for known hosts. 2015-12-09 18:29:41 +01:00
Armin Novak
75ae38dff2 Silenced VerifyX509Certificate logging.
Now only writing log entries if something was an actual
error, otherwise stay silent.
2015-10-16 11:04:42 +02:00
Marc-André Moreau
87780a850d Merge branch 'master' of github.com:FreeRDP/FreeRDP into mbedtls 2015-10-09 15:58:50 -04:00
Marc-André Moreau
9c35b73fb6 libfreerdp-core: fix gateway connectivity on Windows 2015-09-17 14:32:40 -04:00
Marc-André Moreau
8e3baed882 cmake: add mbed TLS detection 2015-09-15 20:52:46 -04:00
Marc-André Moreau
c0a887da17 libfreerdp-crypto: add locking of operations dealing with SSL* 2015-09-15 19:59:41 -04:00
Marc-André Moreau
3f2915eb78 libfreerdp-core: alternative RDG BIO fix 2015-09-15 13:03:11 -04:00
Marc-André Moreau
12ce635b34 libfreerdp-core: fix code style 2015-09-15 10:37:57 -04:00
Denis Vincent
6d55635ed0 libfreerdp-core: Gateway RDP8 BIO correction. Fixes connection losses. 2015-09-15 09:03:39 -04:00
Armin Novak
dfa7ac6434 Ensure output of crypto_base64_decode is NULL terminated. 2015-08-27 09:34:33 +02:00
Armin Novak
fc929fbc7f Using lowercase hostname for comparison now.
fixed argument mixup.
2015-07-13 15:52:06 +02:00
Armin Novak
ca7c34ff35 Fixed comparison bug, cleanup and error handling. 2015-07-13 14:16:04 +02:00