Commit Graph

164 Commits

Author SHA1 Message Date
Norbert Federa
cdcdec99bc OpenSSL thread safety
freerdp/winpr had the following issues:
* The non reentrant SSL_library_init() was called concurrently (crash)
* Missing code/api to set the eventually required OpenSSL static and dynamic locking callbacks
* Missing code/api to free the application-global or thread-local OpenSSL data and tables

This commit creates two new winpr functions:

BOOL winpr_InitializeSSL(DWORD flags):

Use the flag WINPR_SSL_INIT_ALREADY_INITIALIZED if you want to tell winpr that
your application has already initialized OpenSSL.
If required use the flag WINPR_SSL_INIT_ENABLE_LOCKING to tell winpr that it
should set the OpenSSL static and dynamic locking callbacks.
Otherwise just call it with the flag WINPR_SSL_INIT_DEFAULT.

The recommended way is that your application calls this function once before
any threads are created. However, in order to support lazy OpenSSL library
initialization winpr_InitializeSSL() can also safely be called multiple times
and concurrently because it uses the new InitOnceExecuteOnce() function to
guarantee that the initialization is only performed successfully once during
the life time of the calling process.

BOOL winpr_CleanupSSL(DWORD flags):

If you create a thread that uses SSL you should call this function before the
thread returns using the flag WINPR_SSL_CLEANUP_THREAD in order to clean up
the thread-local OpenSSL data and tables.
Call the function with the flag WINPR_SSL_CLEANUP_GLOBAL before terminating
your application.

Note: This commit only replaced the current occurences of the
SSL_load_error_strings(); SSL_library_init(); pairs in the freerdp source
with winpr_InitializeSSL(). None of the server or client applications has been
changed according to the recommended usage described above (TBDL).
2014-07-28 21:55:57 +02:00
Daniel Bungert
625f7c3c22 Add arguments for managing tls ciphers & netmon
This adds 2 arguments:
    /tls-ciphers                List of permitted openssl ciphers - see ciphers(1)
    /tls-ciphers-netmon         Use tls ciphers that netmon can parse

With KB2919355, client/server negotiate the use of
TLS cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
which works fine except that netmon can't parse it.
By adding commandline /tls-ciphers-netmon, we restrict
the available ciphers to a list that netmon can
deal with.  Also adds /tls-ciphers, which
accepts a string arg, for further customization.
2014-07-17 06:59:06 -06:00
Vic Lee
8df60ecbe4 tls: fix some error handling. 2014-07-15 11:36:35 +08:00
Armin Novak
ad3255354d Added WITH_LIBRARY_VERSIONING, allowing to build shared libraries without
SOVERSION information. (required by Android)
2014-07-11 11:53:58 +02:00
Hardening
3fce288c66 Fix unclean SSL disconnection
This patch prevent an infinite loop when the remote peer disconnect
the socket without cleanly closing the SSL connection.
2014-07-10 23:35:11 +02:00
Bernhard Miklautz
6a49bcfe40 winpr: always build "monolitic"
winpr is now always build as single library.
The build option MONOLITHIC_BUILD doesn't influence this behavior anymore.

The only exception is winpr-makecert-tool which is still build as extra
library.

This obsoletes complex_libraries for winpr.
2014-07-10 11:10:58 +02:00
Hardening
542811291c Use poll() instead of select() when available
select() has the major drawback that it cannot handle file descriptor
that are bigger than 1024. This patch makes use of poll() instead of
select() when poll() support is available.
2014-07-03 15:26:49 +02:00
Hardening
462a26c8c3 Don't leak cert in case of failure 2014-06-03 15:19:00 +02:00
Hardening
a607b4553d Fix certificate leak
There were a leak when doing TLS in server mode
2014-06-03 14:59:58 +02:00
Hardening
4f1b77408a Fix NLA authentication for server-side
This patch make copies of the server public key so that the NLA
authentication can be performed server-side.
2014-06-03 11:04:35 +02:00
Marc-André Moreau
04968b18c4 libfreerdp-core: replace all OpenSSL built-in BIOs by new full duplex BIOs 2014-06-01 21:37:20 -04:00
Marc-André Moreau
b1416af362 libfreerdp-core: add locks to disable full duplex BIOs (currently unsafe) 2014-05-30 14:53:10 -04:00
Marc-André Moreau
d2ad5f698b libfreerdp-core: fix VerifyX509Certificate to make distinction between gateway and direct connection 2014-05-30 14:36:18 -04:00
Benoît LeBlanc
f57c694a3b tls_prepare: suppressed a warning on Mac 2014-05-28 21:33:30 -04:00
Marc-André Moreau
c0ec800bfd freerdp: fix incorrect copyright headers 2014-05-22 15:56:47 -04:00
Hardening
2b1a27b9b6 Add .gitignore files for test generated files 2014-05-21 22:18:38 +02:00
Hardening
dd6d829550 Allow transport_write calls to be non-blocking
This big patch allows to have non-blocking writes. To achieve
this, it slightly changes the way transport is handled. The misc transport
layers are handled with OpenSSL BIOs. In the chain we insert a
bufferedBIO that will bufferize write calls that couldn't be honored.

For an access with Tls security the BIO chain would look like this:
  FreeRdp Code ===> SSL bio ===> buffered BIO ===> socket BIO

The buffered BIO will store bytes that couldn't be send because of
blocking write calls.

This patch also rework TSG so that it would look like this in the
case of SSL security with TSG:
                                         (TSG in)
                              > SSL BIO => buffered BIO ==> socket BIO
                             /
FreeRdp => SSL BIO => TSG BIO
                             \
                              > SSL BIO => buffered BIO ==> socket BIO
                                        (TSG out)

So from the FreeRDP point of view sending something is only BIO_writing
on the frontBio (last BIO on the left).
2014-05-21 17:42:31 +02:00
Hardening
c0087832ad Merge pull request #1839 from hardening/base64
Changes for base64
2014-05-20 11:17:47 +02:00
Hardening
729c24cedb Adds some support for valgrind helpers
This patch adds an option to compile freerdp in a valgrind compliant way.
The purpose is to ease memchecking when connecting with TLS. We mark bytes
retrieved from SSL_read() as plainly defined to prevent the undefined contamination.
With the patch and the option activated you get a single warning at connection
during the handshake, and nothing after.
2014-05-12 18:01:29 +02:00
Hardening
9f1d0201ec Changes for base64
This patch changes the prototype for decode_base64 so that the encode / decode
method are consistant (encode(BYTE *) => char* and decode(char*) => BYTE*).
It also does some improvements with unrolling loops so that end conditions are
tested only at the end.
The patch also adds some unitary tests.
Before the patch base64_decode() made valgrind complain about uninitialized
bits, after valgrind is happy and very quiet.
2014-05-11 22:49:10 +02:00
Hardening
50f1f0df6f Add some const modifiers
This allows these functions to be used with const buffers.
2014-05-09 22:36:50 +02:00
Vic Lee
02595df976 tls: WSAGetLastError should be used on Windows to check system socket error. 2014-04-29 23:05:30 +08:00
Vic Lee
c8848fe4c8 tls: do not kill the connection for non-fatal openssl error codes. 2014-04-29 21:48:11 +08:00
Bernhard Miklautz
b817e92e5e cmake: mark required libraries for export 2014-04-23 10:16:02 +02:00
Marc-André Moreau
94f2a52196 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-04-14 14:17:37 -04:00
Hardening
1d1844aabd Treat OOM cases 2014-04-09 16:07:06 +02:00
Benoit LeBlanc
6f99f252d9 Fix windows compilation 2014-04-04 10:08:44 -04:00
Marc-André Moreau
feea87b42f libfreerdp-crypto: make distinction between TLS connection error and user cancellation 2014-04-01 16:23:27 -04:00
Hardening
ac7507ab8d Adds some check to treat OOM problems + RDP security fix
Malloc can fail so it will, this patch adds some check in some places
where malloc/strdup results were not checked.

This patch also contains a server side fix for RDP security (credit to nfedera).
The signature len was badly set in the GCC packet. And some other RDP security
oriented fixes are also there.
2014-03-25 23:13:08 +01:00
Marc-André Moreau
14b75d1b27 libfreerdp-core: fix build warnings and windows broken build 2014-03-25 15:19:52 -04:00
Benoît LeBlanc
3e1dfc6311 updated context error messages. utility macros for getting error code CLASS/TYPE 2014-03-21 13:45:43 -04:00
Benoît LeBlanc
d1b9565f51 Added context-specific error management.
Added error codes to replace connectErrorCode.
2014-03-20 18:19:54 -04:00
Benoît LeBlanc
557c082458 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 2014-03-05 16:35:22 -05:00
Marc-André Moreau
951368a1ce Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-02-27 13:58:29 -05:00
Christian Hofstaedtler
5a74bd7bdb Fix assertion abort when no CN is present in certificate
Triggered by Windows Server 2012 Admin-Mode with MS-recommended AD CA
Certificate setup, which would cause the CN to be absent, and a single
subjectAltName to be present.
2014-02-14 15:25:48 +01:00
Marc-André Moreau
cdcd290c44 wfreerdp: fix most build warnings 2014-02-10 22:12:13 -05:00
Benoît LeBlanc
44e7d2f36c error handling in rpc and transport functions 2013-12-20 17:56:59 -05:00
Marc-André Moreau
51ad85e0ee libfreerdp-core: send Access Denied TLS alert when server-side NLA fails 2013-12-18 19:44:18 -05:00
Marc-André Moreau
9d745cc038 Merge branch 'master' of github.com:mrthebunny/FreeRDP 2013-12-11 12:22:33 -05:00
Marc-André Moreau
62199fc46a Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-12-10 11:54:03 -05:00
Benoît LeBlanc
8c1f836ac8 - SSL verification callback: send correct hostname and port
- Gateway Authentication callback.
- Handling “use same credentials”
2013-12-06 22:15:45 -05:00
Bernhard Miklautz
6763e059c3 tls: handle the case if endpoint has disconnected 2013-12-04 15:36:25 +01:00
Benoît LeBlanc
6a60f79e07 Merge branch 'master' of git://github.com/awakecoding/FreeRDP
# By Bernhard Miklautz (10) and others
# Via Marc-André Moreau (10) and Martin Fleisz (1)
* 'master' of git://github.com/awakecoding/FreeRDP: (32 commits)
  libfreerdp-crypto: add robustness checks for VerifyX509Certificate
  mfreerdp: fix possible crash on gdi termination
  channels/cliprdr: add callback for data request response
  channels/cliprdr: fix conflict with CLIPRDR_HEADER
  fix a gdi leak bug.
  channels/cliprdr: implement more of the callback interface
  channels/cliprdr: start implementing clean callback interface
  channels/rdpsnd: initial attempt at adding GSM610 support
  winpr-thread: fixed bugs in _CreateProcessExA
  ffmpeg-2 -- CodecID
  ffmpeg-2 -- dsp_mask
  ffmpeg-2 -- AVCODEC_MAX_AUDIO_FRAME_SIZE
  check return value.
  reformat coding styles.
  fix name length to copy.
  fix memory realloc size error.
  libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error
  channels/rdpsnd: add wlog debug output
  android toolchain: support for ndk r9b
  android toolchain: fixed cmake syntax warning
  ...
2013-11-25 14:40:01 -05:00
Benoît LeBlanc
56c517170f Added hostname and port to callback function for SSL certification verification. 2013-11-25 14:30:43 -05:00
Marc-André Moreau
4987f2b0e1 libfreerdp-crypto: add robustness checks for VerifyX509Certificate 2013-11-25 12:08:58 -05:00
Marc-André Moreau
690a6b624d libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error 2013-11-20 15:21:29 -05:00
Marc-André Moreau
b0369cf284 libfreerdp-core: add external certificate management, pass X509 PEM certificate through client callback 2013-11-18 13:54:33 -05:00
Armin Novak
6f43252c9a Fixed argument check in <tls_disconnect> 2013-11-14 10:09:40 +01:00
Marc-André Moreau
1fc2d780f7 libfreerdp-core: fix memory leaks reported by valgrind 2013-10-31 23:35:24 -04:00
Marc-André Moreau
55565e056c freerdp: export targets 2013-10-28 23:06:39 -04:00