Armin Novak
a7dac52a42
[license] updated copyright headers
2023-02-12 20:17:11 +01:00
Armin Novak
b77be1ad61
[emu,scard] use RSA struct instead of rdpCertInfo
...
rdpCertInfo has the RSA key in RDP specific format. Prefer direct
extraction from certificate or key
2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a
[crypto] rename rdpRsaKey to rdpPrivateKey
2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa
[crypto] added PEM file read/write helpers
2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10
[core,crypto] refactor certificate management
...
* Properly split certificate_store, certificate_data, certificate and
private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
akallabeth
7c1007b1b6
[core,crypto] removed rsa functions from public API
...
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab
[core,crypto] refactor rsa functions
...
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
Armin Novak
641022b795
[logging] remove __FUNCTION__ from actual message
...
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Armin Novak
7b95014157
[winpr,crypto] Split crypto header renamed
...
* Renamed custom winpr crypto function header
* Added compatiblity header
2022-11-23 09:39:56 +01:00
akallabeth
13a58bd346
[crypto] Added sha3 define guards
...
sha3 is only supported with OpenSSL 1.1.1a or later
2022-11-22 12:09:39 +01:00
akarl10
3a10bcd36a
[ntlm]: use rfc5929 binding hash algorithm
...
rfc5929 mandates some specific hashes for the binding algorithm
2022-11-21 13:27:08 +01:00
fifthdegree
cbd310df52
Check smartcard certificates for correct EKU
...
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
2022-10-24 22:22:00 +02:00
akallabeth
51f4c374c4
Clear OpenSSL error queue before BIO_read/BIO_write
2022-07-02 16:32:50 +02:00
Armin Novak
4d03d7c0bf
Freerdp remove #ifdef HAVE_CONFIG_H
2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809
Reorganized FreeRDP headers
2022-03-03 11:26:48 +01:00
David Fort
cb351a099d
Enable smartcard NLA logon
2022-02-24 08:52:25 +01:00
Armin Novak
10e40147fb
Fixed various const warnings
2022-02-01 10:25:37 +00:00
akallabeth
a71235be74
Cert update fix ( #7382 )
...
* Fixed certificate thumbprint default format
* Fixed VerifyChangedCertificateEx call arguments
2021-10-21 09:07:52 +02:00
Armin Novak
13f54fc0dd
Improved fingerprint hash comparison
...
* Allow new hash format 11bbccdd along already supported 11:22:aa:BB
2021-08-26 09:38:12 +02:00
Armin Novak
5fb59a23a9
Fixed lots of compilation warnings and type mismatches
2021-06-16 15:21:56 +02:00
akallabeth
8e43f90590
Fixed #7045 : allow NULL isser and subjects in certificates
2021-05-28 09:25:33 +02:00
akallabeth
d4ebf8546f
Cleaned up crypto API
2021-05-11 08:00:18 +02:00
akallabeth
b494a193db
Refactored certificate API:
...
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
2021-05-11 08:00:18 +02:00
akallabeth
9e466abe6f
Fixed #6989 : Use X509_STORE_set_default_paths
2021-05-03 13:37:26 +02:00
Armin Novak
57b405ca26
Fixed compilation warnings.
2020-08-10 12:14:11 +02:00
akallabeth
02c5ec66e5
Fixed possible integer overflow in crypto_rsa_common
...
Thanks @anticomputer for pointing this out
2020-06-22 12:09:36 +02:00
akallabeth
d936402878
Fixed GHSL-2020-102 heap overflow
2020-05-20 15:10:07 +02:00
akallabeth
6a2785e359
Abort on first possible certificate validation error
...
Only retry certificate validation if the purpose was wrong.
2020-05-20 14:48:15 +02:00
akallabeth
5cfc3e8593
Fixed #6148 : multiple ceritificate purposes
...
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
2020-05-12 15:36:48 +02:00
akallabeth
095d24934c
Fixed #6122 : Allow SSL server and client purpose
2020-04-25 08:06:00 +02:00
Armin Novak
9c999b7135
Added raw function wrapping X509_digest
2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f
Let ssl backend handle hash checks.
2020-03-06 11:37:35 +01:00
Armin Novak
7c243da6e1
Remove symbols exported by accident.
2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c
Reformatted to new style
2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6
Fixed strnlen issues.
2019-11-05 14:55:33 +01:00
Armin Novak
f01e042211
Code cleanups (strlen, casts, size_t, ...)
2019-10-29 11:58:43 +01:00
Armin Novak
2f2ca9d93b
Fixed leak in verify_cb.
2019-10-04 16:19:23 +02:00
Armin Novak
36c820a9d9
Extract whole certificate chain to PEM format.
2019-07-17 14:42:32 +02:00
Armin Novak
1da57d0b7e
Fixed sign-compare warnings
2019-04-05 09:13:24 +02:00
Armin Novak
dd3276d664
Prefer VerifyX509Certificate and fixed const arguments
...
If VerifyX509Certificate is set use it also when doing internal
certificate management. Added flags to ensure it is possible to
find out which type of connection is being made.
2018-12-04 09:35:24 +01:00
Armin Novak
f3e1ffb121
Fix #4764 : Second try, use X509_STORE_CTX_set_purpose
2018-11-28 12:08:42 +01:00
Armin Novak
77744200a8
Fix #4768 : Set SSL verify purpose to ANY
...
Should actually be SSL server but since we allowed broken
purpose up until now keep that for the 2.0 series.
2018-11-26 11:58:29 +01:00
Armin Novak
a2cd934184
Fixed windows build warnings.
2018-11-15 09:01:53 +01:00
Armin Novak
5f4843191b
Replaced BIO_free with BIO_free_all
...
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
2018-11-08 12:09:49 +01:00
Armin Novak
bdff1c96fd
Fixed use after free and leak.
2018-09-20 11:08:12 +02:00
Armin Novak
5bc3993e3f
Fixed buffer size and function name
2018-08-27 14:34:42 +02:00
Armin Novak
62c1696d4c
Removed use of unchecked sprintf
2018-08-27 14:34:42 +02:00
Pascal J. Bourguignon
63d00f6f81
Corrected the compatibility function names: crypto_cert_subject_alt_name and crypto_cert_subject_alt_name_free.
2018-08-27 13:51:30 +02:00
Pascal J. Bourguignon
79d2294a23
Put back deprecated function names crypto_cert_get_alt_names and crypto_cert_alt_names_free for FREERDP_API compatibility.
2018-08-24 15:20:03 +02:00
Pascal J. Bourguignon
98b8602663
Use C comment syntax instead of C++; added static declaration for local functions.
2018-08-24 15:05:50 +02:00