mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,846 Commits 6 Branches 74 Tags 84 MiB
a16479f5d5
Commit Graph

104 Commits

Author SHA1 Message Date
Armin Novak
7212621eae [proxy,config] PEM length must contain '\0' 2023-05-08 22:54:53 +02:00
akallabeth
516668d02b [fclose] ensure no invalid pointers are passed. 
fclose has undefined behaviour for NULL pointers, so check for these.
 2023-04-28 07:39:35 +02:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
Armin Novak
b77be1ad61 [emu,scard] use RSA struct instead of rdpCertInfo 
rdpCertInfo has the RSA key in RDP specific format. Prefer direct
extraction from certificate or key
 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa [crypto] added PEM file read/write helpers 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management 
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
 2023-02-12 20:17:11 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API 
should only be used internally
 2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions 
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
 2023-02-03 11:09:59 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message 
prefer the log formatter to provide that information.
 2023-01-25 16:26:39 +01:00
Armin Novak
7b95014157 [winpr,crypto] Split crypto header renamed 
* Renamed custom winpr crypto function header
* Added compatiblity header
 2022-11-23 09:39:56 +01:00
akallabeth
13a58bd346 [crypto] Added sha3 define guards 
sha3 is only supported with OpenSSL 1.1.1a or later
 2022-11-22 12:09:39 +01:00
akarl10
3a10bcd36a [ntlm]: use rfc5929 binding hash algorithm 
rfc5929 mandates some specific hashes for the binding algorithm
 2022-11-21 13:27:08 +01:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU 
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
 2022-10-24 22:22:00 +02:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
David Fort
cb351a099d Enable smartcard NLA logon 2022-02-24 08:52:25 +01:00
Armin Novak
10e40147fb Fixed various const warnings 2022-02-01 10:25:37 +00:00
akallabeth
a71235be74
Cert update fix (#7382) 
* Fixed certificate thumbprint default format

* Fixed VerifyChangedCertificateEx call arguments
 2021-10-21 09:07:52 +02:00
Armin Novak
13f54fc0dd Improved fingerprint hash comparison 
* Allow new hash format 11bbccdd along already supported 11:22:aa:BB
 2021-08-26 09:38:12 +02:00
Armin Novak
5fb59a23a9 Fixed lots of compilation warnings and type mismatches 2021-06-16 15:21:56 +02:00
akallabeth
8e43f90590 Fixed #7045: allow NULL isser and subjects in certificates 2021-05-28 09:25:33 +02:00
akallabeth
d4ebf8546f Cleaned up crypto API 2021-05-11 08:00:18 +02:00
akallabeth
b494a193db Refactored certificate API: 
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
 2021-05-11 08:00:18 +02:00
akallabeth
9e466abe6f Fixed #6989: Use X509_STORE_set_default_paths 2021-05-03 13:37:26 +02:00
Armin Novak
57b405ca26 Fixed compilation warnings. 2020-08-10 12:14:11 +02:00
akallabeth
02c5ec66e5 Fixed possible integer overflow in crypto_rsa_common 
Thanks @anticomputer for pointing this out
 2020-06-22 12:09:36 +02:00
akallabeth
d936402878 Fixed GHSL-2020-102 heap overflow 2020-05-20 15:10:07 +02:00
akallabeth
6a2785e359 Abort on first possible certificate validation error 
Only retry certificate validation if the purpose was wrong.
 2020-05-20 14:48:15 +02:00
akallabeth
5cfc3e8593 Fixed #6148: multiple ceritificate purposes 
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
 2020-05-12 15:36:48 +02:00
akallabeth
095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
Armin Novak
9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
Armin Novak
2f2ca9d93b Fixed leak in verify_cb. 2019-10-04 16:19:23 +02:00
Armin Novak
36c820a9d9 Extract whole certificate chain to PEM format. 2019-07-17 14:42:32 +02:00
Armin Novak
1da57d0b7e Fixed sign-compare warnings 2019-04-05 09:13:24 +02:00
Armin Novak
dd3276d664 Prefer VerifyX509Certificate and fixed const arguments 
If VerifyX509Certificate is set use it also when doing internal
certificate management. Added flags to ensure it is possible to
find out which type of connection is being made.
 2018-12-04 09:35:24 +01:00
Armin Novak
f3e1ffb121 Fix #4764: Second try, use X509_STORE_CTX_set_purpose 2018-11-28 12:08:42 +01:00
Armin Novak
77744200a8 Fix #4768: Set SSL verify purpose to ANY 
Should actually be SSL server but since we allowed broken
purpose up until now keep that for the 2.0 series.
 2018-11-26 11:58:29 +01:00
Armin Novak
a2cd934184 Fixed windows build warnings. 2018-11-15 09:01:53 +01:00
Armin Novak
5f4843191b Replaced BIO_free with BIO_free_all 
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
 2018-11-08 12:09:49 +01:00
Armin Novak
bdff1c96fd Fixed use after free and leak. 2018-09-20 11:08:12 +02:00
Armin Novak
5bc3993e3f Fixed buffer size and function name 2018-08-27 14:34:42 +02:00
Armin Novak
62c1696d4c Removed use of unchecked sprintf 2018-08-27 14:34:42 +02:00
Pascal J. Bourguignon
63d00f6f81 Corrected the compatibility function names: crypto_cert_subject_alt_name and crypto_cert_subject_alt_name_free. 2018-08-27 13:51:30 +02:00