Commit Graph

85 Commits

Author SHA1 Message Date
Armin Novak
3bb36f4caa Fixed clang-scanbuild warnings 2022-02-22 16:15:05 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633)
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
2022-02-14 14:59:22 +01:00
Ondrej Holy
fa73c6c8f1 winpr/crypto: Do not load legacy provider from RC4
This partially reverts commit 67f3fff2. The legacy provider is now loaded
from the `winpr_InitializeSSL` function, so it is not needed to load it from
the `winpr_RC4_New` function again.
2021-11-18 14:17:12 +01:00
Armin Novak
5eea7fc12d WINPR_UNUSED argc, argv for unit tests 2021-08-24 10:45:57 +02:00
Ondrej Holy
67f3fff2c8
winpr/crypto: Load legacy provider to fix rc4 with OpenSSL 3.0 (#7210)
* winpr/crypto: Exit cleanly when EVP_EncryptInit_ex fails

The `EVP_EncryptInit_ex` function may fail in certain configurations.
Consequently, FreeRDP segfaults in `EVP_CIPHER_CTX_set_key_length`.
Let's handle the `EVP_EncryptInit_ex` failures and exit cleanly in
such case.

* winpr/crypto: Load legacy provider to fix rc4 with OpenSSL 3.0

Currently, the `EVP_EncryptInit_ex` function fails for rc4 with OpenSSL 3.0.
This is becuase rc4 is provided by the legacy provider which is not loaded
by default. Let's explicitly load the legacy provider to make FreeRDP work
with OpenSSL 3.0.

Relates: https://github.com/openssl/openssl/issues/14392
Fixes: https://github.com/FreeRDP/FreeRDP/issues/6604
2021-08-03 15:28:58 +02:00
Armin Novak
610396e197 Fixed compilation warnings
Try to get the number of warnings down
2021-08-02 10:28:06 +02:00
Armin Novak
2e0d1cc33c Fixed integer warnings, fixed data types 2021-06-17 10:35:22 +02:00
Armin Novak
1af7ef2f1b Fixed compilation warnings and typos 2021-06-16 15:21:56 +02:00
Armin Novak
816e792e3f Fixed unit tests run under memory sanitizer 2020-09-07 10:42:28 +02:00
Armin Novak
8b85913ac0 Added winpr_md_type_from_string and winpr_md_type_to_string 2020-03-06 11:37:35 +01:00
Armin Novak
9d13729617 Added sha3 hashes for openssl. 2020-03-06 11:37:35 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
1fb716d864 Cleaned up TestCryptoHash 2019-10-29 12:58:06 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
Armin Novak
8e0565b2bd Fixed windows overlinking. 2019-03-18 15:10:21 +01:00
Kyle Evans
f8c391876f Pull in the LibreSSL compatibility patches from FreeBSD 2018-05-01 08:43:36 -05:00
Armin Novak
5903d5b375 Fixed winpr digest type. 2018-02-14 12:48:45 +01:00
Armin Novak
4fe12b0ea3 Fix #4247: warnings introduced with #3904 2017-11-20 10:18:15 +01:00
Armin Novak
1bb4f121b4 Fixed formatting. 2017-11-17 12:45:28 +01:00
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
2017-11-17 12:43:07 +01:00
Brent Collins
922a0fa495 Fix checks for openssl version numbers around fips changes, they were using an incorrect version matching 1.1.0 and not 1.0.1
Simplify the logic to enable openssl fips mode
2017-11-17 12:43:07 +01:00
Brent Collins
a0526317ea Fix the return values of the winpr_Digest_Init functions which were accidentally removed
during rework in previous checkin.
2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
7aa9e7a97f Fix variable definition placement to adhere to older C standard. 2017-11-17 12:43:06 +01:00
Brent Collins
2dddae738f Change initialization of EVP_CIPHER_CTX to use API function instead of trying to calloc().
Fix some warnings noted from build output.
2017-11-17 12:43:06 +01:00
Brent Collins
497ba442be Workaround for missing EVP_CIPH_FLAG_FIPS_NON_ALLOW flag in openssl 1.0.0. 2017-11-17 12:43:06 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
Armin Novak
4be62f7047 Fixed OpenSSL 1.1 no legacy compile issues. 2017-04-06 11:25:25 +02:00
Armin Novak
aa11a6c89c Fixed memory leak and return value check issue. 2017-03-28 17:56:44 +02:00
Armin Novak
09d43a66f4 Fixed tests and dead store warnings. 2017-03-28 16:49:56 +02:00
Aric Belsito
70ab61c8e6
Support LibreSSL
Broken by the addition of OpenSSL 1.1.0 support.
2017-03-19 13:58:24 -07:00
Norbert Federa
71ce3378da Merge pull request #3665 from realjiangms/fix_ssl_add_all_digests
Winpr/openssl: Fix digests initialization in multi-thread
2017-01-13 09:46:14 +01:00
zihao.jiang
a505a6cd27 Winpr/openssl: Fix digests initialization in multi-thread
SSL functions like OpenSSL_add_all_digests should be invoked at very beginning as they are not MT safe.
If not we might meet double free exception as following:

 #0  0x00007f23ddd71c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
 #1  0x00007f23ddd75028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
 #2  0x00007f23dddae2a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
 #3  0x00007f23dddba55e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
 #4  0x00007f23dc6ecfcd in CRYPTO_free () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #5  0x00007f23dc6ef8d1 in OBJ_NAME_add () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #6  0x00007f23dc77dcd8 in EVP_add_digest () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #7  0x00007f23dc782321 in OpenSSL_add_all_digests () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #8  0x00007f23c781da28 in winpr_openssl_get_evp_md (md=4) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:52
 #9  0x00007f23c781dccb in winpr_Digest_Init (ctx=0x7f22d064d470, md=<optimized out>) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:344
 #10 0x00007f23d486139b in security_salted_mac_signature (rdp=0x7f23859f5a20, data=0x7f238542d4fb "\004\204\022\004", length=4743, encryption=<optimized out>, output=0x7
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/security.c:378
 #11 0x00007f23d488d73f in fastpath_send_update_pdu (fastpath=<optimized out>, updateCode=4 '\004', s=0x7f23859f5f40, skipCompression=true)
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/fastpath.c:1076
 #12 0x00007f23d4891c4f in update_send_surface_frame_bits (context=0x7f23859f5540, cmd=0x7f22b2ffcc80, first=true, last=true, frameId=6)
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/update.c:1041

Related reports: https://rt.openssl.org/Ticket/Display.html?id=2216&user=guest&pass=guest
2016-12-28 03:48:40 +08:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Martin Fleisz
971c8538ec winpr: Fix compile error after #3615 2016-11-25 11:50:28 +01:00
Norbert Federa
53bd98883e winpr/crypt api changes and memory leak fixes
- winpr_HMAC_New() now just returnes the opaque WINPR_HMAC_CTX* pointer
  which has to be passed to winpr_HMAC_Init() for (re)initialization
  and since winpr_HMAC_Final() no more frees the context you always have to
  use the new function winpr_HMAC_Free() once winpr_HMAC_New() has succeded

- winpr_Digest_New() now just returns the opaque WINPR_DIGEST_CTX* pointer
  which has to be passed to winpr_Digest_Init() for (re)initialization
  and since winpr_Digest_Final() no more frees the context you always have to
  use the new function winpr_Digest_Free() once winpr_Digest_New() has succeded
2016-11-24 18:27:29 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Marc-André Moreau
ceefc4b099 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2016-03-07 10:19:50 -05:00
Armin Novak
227ecc4bd5 Fixed uninitialized variable. 2016-03-02 09:16:49 +01:00
Bernhard Miklautz
014f31db35 Merge pull request #3171 from akallabeth/crypto_simplification
Crypto simplification
2016-02-29 17:10:53 +01:00
Armin Novak
68c402ac58 Removed windows module.def files.
All symbols exported from libraries are declared
using *_API defines.
2016-02-29 15:18:47 +01:00
Armin Novak
4e4d2e11d4 Fixed crypto tests. 2016-02-29 14:45:03 +01:00
Armin Novak
19568c6e9b Fixed indentation. 2016-02-29 11:12:32 +01:00
Armin Novak
7e6501374d Fixed memory leak. 2016-02-29 11:10:15 +01:00
Armin Novak
b429d230cb Refactored crypto *_New functions. 2016-02-29 09:00:02 +01:00
Armin Novak
92c15783dc Updated RC4 API, fixed crashing bug. 2016-02-28 11:19:29 +01:00
Armin Novak
238ff3b315 Unified encryption functions. 2016-02-27 23:28:49 +01:00
Armin Novak
fe8f5dee82 Fixed indentation. 2016-02-26 09:32:17 +01:00