Commit Graph

539 Commits

Author SHA1 Message Date
akallabeth
71e78bedd7 [warnings] fixed sign and const
* fix various char/BYTE sign warnings
* fix various const warnings
* fix format string size_t
* remove unused CMake variables
2024-04-18 11:05:58 +02:00
Ilya Shipitsin
25edec803b libfreerdp/crypto/certificate.c: handle malloc error 2024-04-06 07:11:14 +02:00
akallabeth
31a131b9e4 [crypto,cert] follow up to #10002
Ensure we always compare the lowercase hostname when looking for a
stored certificate or calculating a hash.
2024-03-21 15:07:58 +01:00
akallabeth
f98d0dd60a [crypto,cert] allow NULL certificate
If a certificate can not be read and is NULL return NULL for all queries
on that NULL certificate. Fixes #10002
2024-03-21 14:26:37 +01:00
akallabeth
6a7c375831 [crypto,cert] add better logging of certificate read
add missing log entries for possible failures due to invalid data
received. This allows better debugging if a server sends garbage or the
crypto routines have direct RSA routine access disabled.
2024-03-07 14:59:32 +01:00
David Fort
aebe9742e0 [client,win32] Child session fixes
It seems like WaitFor[Single|Multiple]Object calls aren't reliable on pipes, especially
on the pipe opened for childSession access. The object can be marked as signaled even if
no data is available, making the connection laggy and unresponsive (nearly unusable in some
cases).
This patch works around that by using ReadFileEx() with overlapped instead of simple
ReadFile() and use asynchronous reads.
2024-03-01 09:46:53 +01:00
amazingfate
e21afefb86 fix build with openssl < 1.1.1 2024-02-23 12:45:36 +01:00
akallabeth
d7ebec5a65 [tidy] move loop variable declaration to loop 2024-02-22 12:31:50 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
akallabeth
207def5c56 [clang-tidy] readability-isolate-declaration 2024-02-15 11:49:16 +01:00
David Benjamin
72bc3578a0 clang-format 2024-02-07 07:53:37 +01:00
David Benjamin
7548be62c3 Support RSA-PSS certificates in x509_utils_get_signature_alg
RSA-PSS in X.509 is truly horrible, and OpenSSL does not expose very good APIs
to extract this, even though the library does handle it internally. Instead, we
must tediously unwrap RFC 4055's unnecessarily complicated encoding of
RFC 8017's unnecessarily flexible RSA-PSS definition.
2024-02-07 07:53:37 +01:00
David Benjamin
f987e304ee Add some tests for x509_utils_get_signature_alg
Temporarily disable the RSA-PSS tests for now, but this is enough for a
regression test for the previous issue.
2024-02-07 07:53:37 +01:00
David Benjamin
bee7f94e93 [crypto,x509] fix tls-server-end-point signature algorithm selection
This reverts commit 00baf58a71. That
change appears to have been incorrect. It's described as simplying
retrieving the "default signature digest", but it actually changed the
function's behavior entirely. The function wasn't retrieving defaults
previously.

A certificate contains, among other things, a public key and a
signature. The public key is the public key of the subject. However, the
signature was generated by the issuer. That is, if I get a certificate
from a CA, the public key will be my public key and the signature will
be my CA's signature over the certificate contents.

Now, the original code returned the digest used in the certificate's
signature. That is, it tells you which signature algorithm did my *CA*
use to sign my certificate.

The new code extracts the certificate's public key (my public key, not
the CA's). This doesn't necessarily tell you the signature algorithm, so
it then asks OpenSSL what the "default" signature algorithm would it use
with the key. This notion of "default" is ad-hoc and has changed over
time with OpenSSL releases. It doesn't correspond to any particular
protocol semantics. It's not necessarily the signature algorithm of the
certificate.

Now, looking at where this function is used, it's called by
freerdp_certificate_get_signature_alg, which is called by
tls_get_channel_binding to compute the tls-server-end-point channel
binding. That code cites RFC 5929, which discusses picking the hash
algorithm based on the certificate's signatureAlgorithm:

https://www.rfc-editor.org/rfc/rfc5929#section-4.1

That is, the old version of the code was correct and the
"simplification" broke it. Revert this and restore the original version.

I suspect this went unnoticed because, almost all the time, both the old
and new code picked SHA-256 and it was fine. But if the certificate was,
say, signed with SHA-384, the new code would compute the wrong channel
binding.
2024-02-07 07:53:37 +01:00
akallabeth
2fffcd64b9 [winpr] use winpr_strerror instead of strerror
use the wrapper from WinPR to use the best implementation available.
2024-02-06 15:45:47 +01:00
akallabeth
ba8cf8cf21 [build] fix Wmismatched-deallocator warnings
With custom malloc function attributes the fail path in the _New
functions produces warnings due to allocator mismatches. Silence them.
2024-02-05 08:16:55 +01:00
akallabeth
bb42d425ed [gcc,clang] add support for attribute(malloc)
Mark all malloc like functions and add their appropriate free function
to let the compiler complain on mismatches
2024-02-02 15:10:40 +01:00
akallabeth
d5eecda8a3 [crypto,cert] log if empty certificate is read 2024-01-15 13:13:42 +01:00
Armin Novak
198774c035 [compat,libressl] fix compilation issues 2023-12-19 20:44:39 +01:00
Vic Lee
97ef5d09e9 [core,crypto] fix missing OpenSSL includes. 2023-12-11 08:51:59 +01:00
akallabeth
1b31852d32 [git] remove .gitignore
we do no longer allow in source builds, so remove all the .gitignore
files just hiding generated files
2023-11-28 12:14:55 +01:00
Armin Novak
6e6559c41a [settings] fix type mismatch warnings 2023-11-24 14:54:56 +01:00
akallabeth
cd4d77af86 [settings] add deprecation warnings
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
2023-11-24 14:54:56 +01:00
akallabeth
1163cc4d5c [core] add internal settings.h include 2023-11-24 14:54:56 +01:00
Armin Novak
32c65dbdfc [crypto,tls] only print fingerprint in log
printing the whole PEM to log is too verbose, just use the fingerprint
instead.
2023-10-25 13:15:35 +02:00
Armin Novak
53b65ff7bd [documentation] fix Wdocumentation warnings 2023-10-16 15:10:13 +02:00
akallabeth
d44f9528a1 [ssl] use proper names for TLS_*_method
only use deprecated SSLv23_*method on old versions of SSL
2023-10-10 19:35:27 +02:00
akallabeth
b9fdd88bd7 [crypto,tls] reset tls context before setting
clean up old tls context before setting a new one
2023-09-21 10:00:19 +02:00
akallabeth
9a460d38fc [crypto,tls] free tls bindings before set
Free possibly allocated bindings before setting new ones
2023-09-21 10:00:19 +02:00
akallabeth
d275e083ec [crypto,tls] free existing public key
before updating the public key free possible existing data.
2023-09-21 10:00:19 +02:00
Armin Novak
6399635abf [core] fix leaks reported in #9400 2023-09-19 09:35:52 +02:00
David Fort
8a39859612 [arm] various improvements
This patch moves the ARM configuration before starting the connection process, so
that we can do some provisioning of the FreeRDP settings with the items retrieved
from Azure.
Most notably that allows us to connect directly using RDSTLS security.
2023-09-04 10:24:56 +02:00
David Fort
361da15eed [crypto] extend base64 to output crLf when encoding
Some windows APIs do put \r\n every 64 characters of the output of a
base64 encoded blob. The extended version of crypto_base64_encode allows
to do the same.
2023-09-04 10:24:56 +02:00
Rubycat
68b1614b66 Do not fail on certificates without subject
It is possible to implement an rdp client that accepts certificates by
fingerprint by using VerifyCertificateEx. In case the server uses a
certificate without subject (which, apparently, is not mandated by X509)
freerdp_certificate_data_load_cache fails and the certificate is refused
even before calling VerifyCertificateEx. This commit changes
freerdp_certificate_data_load_cache to consider that missing subject is
the same as an empty string.

Also downgrade the log message complaining about missing subject and
issuer to a warning.
2023-08-21 16:03:36 +02:00
Marc-André Moreau
8c670b177b fix freerdp_key_generate for some versions of OpenSSL (null key->evp) 2023-08-15 15:00:49 +02:00
Armin Novak
0afa2e88b5 [crypto,cert] imrove logged warnings for certificates 2023-07-31 08:32:43 +02:00
Armin Novak
0bdb62e9b5 [libfreerdp] fix integere narrow warnings 2023-07-28 15:48:32 +02:00
Armin Novak
64f4fe397c [crypto,tls] fixed sign warnings 2023-07-27 21:05:43 +02:00
Armin Novak
e61880d077 [standard] replace __FUNCTION__ with __func__ 2023-07-27 20:02:43 +02:00
akallabeth
e03b6596c6 [build] fix unused but set variable warnings 2023-06-29 18:34:51 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
akallabeth
a64dd36073 [build] fixed const warnings 2023-06-12 16:32:23 +02:00
Armin Novak
b05eacb99e [build] fixed compilation warnings 2023-06-08 08:13:16 +02:00
Armin Novak
970f0c54e8 [stream] use const correct Stream_Pointer access 2023-06-08 08:09:33 +02:00
Armin Novak
a4c6b36a19 [build] fix memory sanitizer stack frame warnings 2023-06-07 09:14:45 +02:00
akallabeth
b8f7b59fff [warnings] fix casts and return 2023-05-24 08:24:32 +02:00
akallabeth
df76b59da7 [warnings] fix -Wshadow 2023-05-24 08:24:32 +02:00
akallabeth
066276a85a [warnings] fix -Wsometimes-uninitialized 2023-05-24 08:24:32 +02:00
akallabeth
3f6ed5ed84 [crypto,cert] fix debug print messages 2023-05-23 08:51:18 +02:00
Armin Novak
d684acb0a3 [crypto,cert] fix update_x509_from_info for OpenSSL3
loading a RSA public key from the parameters was broken, fix with this
commit.
2023-05-17 14:06:58 +02:00