mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,430 Commits 6 Branches 74 Tags 84 MiB
71e38a4ce7
Commit Graph

2251 Commits

Author SHA1 Message Date
akallabeth
71e38a4ce7
Merge pull request #4267 from ondrejholy/autofips 
Enable FIPS mode automatically
 2017-11-23 10:49:15 +01:00
Ondrej Holy
6973b14eed Enable FIPS mode automatically 
FreeRDP aborts if OpenSSL operates in FIPS mode and +fipsmode is not
manually specified. Let's prevent the abortion and enable the necessary
options in that case automatically.
 2017-11-23 10:09:17 +01:00
Armin Novak
4fe12b0ea3 Fix #4247: warnings introduced with #3904 2017-11-20 10:18:15 +01:00
akallabeth
b156b937fe
Merge pull request #3904 from bjcollins/master 
FIPS Mode support for xfreerdp
 2017-11-17 13:31:43 +01:00
Martin Fleisz
4ff1251488
Merge pull request #4236 from akallabeth/scan_fix_remastered 
Scanbuild warning fixes
 2017-11-17 13:02:46 +01:00
Armin Novak
1bb4f121b4 Fixed formatting. 2017-11-17 12:45:28 +01:00
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override 
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
 2017-11-17 12:43:07 +01:00
Brent Collins
922a0fa495 Fix checks for openssl version numbers around fips changes, they were using an incorrect version matching 1.1.0 and not 1.0.1 
Simplify the logic to enable openssl fips mode
 2017-11-17 12:43:07 +01:00
Brent Collins
a0526317ea Fix the return values of the winpr_Digest_Init functions which were accidentally removed 
during rework in previous checkin.
 2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
7aa9e7a97f Fix variable definition placement to adhere to older C standard. 2017-11-17 12:43:06 +01:00
Brent Collins
5284100bb0 FIPS_mode() and FIPS_mode_set() does not exist in OpenSSL versions before 1.0.1 2017-11-17 12:43:06 +01:00
Brent Collins
2dddae738f Change initialization of EVP_CIPHER_CTX to use API function instead of trying to calloc(). 
Fix some warnings noted from build output.
 2017-11-17 12:43:06 +01:00
Brent Collins
497ba442be Workaround for missing EVP_CIPH_FLAG_FIPS_NON_ALLOW flag in openssl 1.0.0. 2017-11-17 12:43:06 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
David Fort
0d92c725c6
Merge pull request #4000 from akallabeth/ign_keyword_fix 
Command line ignore empty if flag set
 2017-11-16 13:26:01 +01:00
Armin Novak
7b58495e7b Fixed warnings and formatting. 2017-11-15 15:56:24 +01:00
Armin Novak
1fd6308ef5 Functions static, warnings fixed. 2017-11-15 15:56:24 +01:00
Armin Novak
90e1d39fec Fixed formatting and warnings. 2017-11-15 15:56:24 +01:00
Armin Novak
44dfaf7841 Fixed dead store warning. 2017-11-15 15:56:24 +01:00
Armin Novak
3baba6f9c0 Removed unused argument. 2017-11-15 15:56:24 +01:00
Armin Novak
f24158fe07 Fixed missing function return check. 2017-11-15 15:56:24 +01:00
Armin Novak
0aa5a83536 Fixed multiple warnings in parser 2017-11-15 15:56:21 +01:00
Armin Novak
26d079e53b Fixed compile warnings. 2017-11-15 15:54:38 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Armin Novak
8c2bd951ae Allow printing of custom arguments in help. 2017-11-15 15:25:34 +01:00
Armin Novak
65f4c560d3 Fixed uninitialized values and leaks. 2017-11-13 16:20:57 +01:00
dodo040
60406794ce fix Kerberos flavour's detection (MIT/Heimdal) and double free for MIT<1.13 2017-11-13 16:20:56 +01:00
dodo040
1d97286a76 fix undeclared identifier on Windows 2017-11-13 16:20:56 +01:00
dodo040
335de159b0 use SSIZE_T instead of ssize_t 2017-11-13 16:20:56 +01:00
dodo040
9adb971181 handle missing ssize_t on Windows 2017-11-13 16:20:56 +01:00
dodo040
3e897a63cb remove useless includes 2017-11-13 16:20:56 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
David Fort
de7d7e43c9 serial redirection: implement event char 
The signotec signature device requires the eventChar support to work properly in
serial redirection mode. This implementation is basic but does the job for this
device.

Sponsored by: Rangee GmbH (http://www.rangee.de)
 2017-11-06 22:26:17 +01:00
Armin Novak
269c78802d Fixed #4199: ConvertFindDataAToW string length 2017-10-31 16:52:08 +01:00
Mike Gilbert
5cd230ac74 winpr: _IoCreateDeviceEx: fix mkdir error check 
The mkdir(2) function returns 0 on success, and -1 on error.

This resolves an error in TestIoDevice when /tmp/.device/ does not
exist.

Bug: https://bugs.gentoo.org/635838
 2017-10-30 11:59:35 -04:00
Roman Kalashnikov
612e8b0710
Update semaphore.c 2017-10-28 11:59:23 +03:00
Roman Kalashnikov
4db363f107
Fixed Expression 'pComm != NULL' is always true 
pComm was checked earlier in 1363 string:
`if (pComm == NULL)`
 2017-10-28 01:48:41 +03:00
Roman Kalashnikov
67a97612e6
Fixed duplicated assigne 2017-10-28 01:46:06 +03:00
Armin Novak
3840b27945 Fixed file timestamps. 2017-10-12 11:28:07 +02:00
Bernhard Miklautz
1aec784f75 feat: add support for .source_version 
When building packages, especially when source packages are used, git is
not necessarily available or the source isn't provided in git. In those
cases it wasn't possible to set the GIT_REVISION and --version shows
"n/a" for the git revision.

If the file .source_version is available now the content of it is used
as GIT_REVISION. Packagers might want to add a .source_version file
when they don't build the packages from git.

Possible breaking change:

The variable PRODUCT_VERSION isn't available anymore. Use GIT_REVISION
instead.
 2017-10-06 15:02:23 +02:00
Armin Novak
bcfa434da2 Fixed resizing of PubSub 2017-09-25 13:33:04 +02:00
David Fort
babeb34d88 Merge pull request #4060 from akallabeth/icu_support 
Using ICU instead of custom unicode conversion.
 2017-09-25 09:33:58 +02:00
Bernhard Miklautz
3626676ac6 winpr/makecert: fix linking against libcrypto 
Use OPENSSL_CRYPTO_LIBRARIES instead of linking against crypto directly.
 2017-09-23 14:13:39 +02:00
Bernhard Miklautz
bbd11eef1d Merge pull request #4045 from akallabeth/drive_fixes_overlayfs 
Drive fixes overlayfs
 2017-09-22 17:22:00 +02:00
David Fort
5115ecd948 Merge pull request #4063 from akallabeth/auth_fixes 
Fixed leaks, certificate comparison and channel context cleanup
 2017-08-30 10:19:12 +02:00
Bernhard Miklautz
52fbfb7b12 fix clang warnings, directly include wtypes.h (#4097) 
* build: clang use -Wno-unused-command-line-argument

With clang 5.0 builds are quite noisy otherwise.

* Directly include wtypes.h

Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
 2017-08-29 09:09:38 +02:00
Armin Novak
7e32e90d4c Fixed RSA generation for OpenSSL >= 1.1 2017-08-17 13:16:32 +02:00
Armin Novak
f143fcc298 Fixed data type, eliminate warning. 2017-08-16 15:45:11 +02:00