mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,922 Commits 6 Branches 74 Tags 84 MiB
fb60145685
Commit Graph

472 Commits

Author SHA1 Message Date
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert 
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
 2023-02-28 15:49:58 +01:00
David Fort
b8814e723a fix some warning with the use of new crypto functions 2023-02-28 07:59:40 +01:00
akallabeth
392340d5fd Fix #8702: Disable sha3 and shake hashes for libressl 2023-02-22 11:47:37 +01:00
akallabeth
66245e7a00 [crypto,cert] remove rsa check 
the rsa keys to be checked are on the deprecation list for most SSL
libraries so the function might fail unexpectedly
 2023-02-16 10:06:17 +01:00
akallabeth
8b95030f5e [cryto,cert] clean up code 2023-02-16 10:06:17 +01:00
akallabeth
a2b23a83ab [crypto,cert] only extract server certificate 2023-02-16 10:06:17 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
Martin Fleisz
5f9db5a89c core: Fix pointer corruption with d2i_X509 
The `d2i_X509` function manipulates the passed pointer on success. This
resulted in a corrupted `rdpCertBlob` struct, crashing later on free.
 2023-02-14 09:44:10 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
Armin Novak
b77be1ad61 [emu,scard] use RSA struct instead of rdpCertInfo 
rdpCertInfo has the RSA key in RDP specific format. Prefer direct
extraction from certificate or key
 2023-02-12 20:17:11 +01:00
Armin Novak
91370e4437 [crypto,cert] use malloc for der certificate 2023-02-12 20:17:11 +01:00
akallabeth
c306ad4c51 [crypto,cert] add RSA key check 2023-02-12 20:17:11 +01:00
akallabeth
081e187db8 [crypto] add function to determine if RSA is in use 2023-02-12 20:17:11 +01:00
akallabeth
00baf58a71 [crypto,x509] simplify retrieval of default signature digest 2023-02-12 20:17:11 +01:00
akallabeth
e43b4bc091 [crypto,common] remove unused function 2023-02-12 20:17:11 +01:00
akallabeth
55b0af1993 [cryto,x509] cleaned up header 2023-02-12 20:17:11 +01:00
akallabeth
1aa8c97a67 [crypto,key] use EVP_PKEY_up_ref 
The function is available since OpenSSL 1.1.0 instead of 3.0 for
EVP_PKEY_dup
 2023-02-12 20:17:11 +01:00
akallabeth
1397f4c605 [crypto] added evp_pkey private getter 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa [crypto] added PEM file read/write helpers 2023-02-12 20:17:11 +01:00
akallabeth
d1ddf7a6c7 [crypto,test] update to new cert/crypto API 2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a [crypot,tls] use new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management 
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
 2023-02-12 20:17:11 +01:00
akallabeth
00f2679eda [core,security] refactor functions to check lengths 2023-02-03 11:09:59 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API 
should only be used internally
 2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions 
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
 2023-02-03 11:09:59 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message 
prefer the log formatter to provide that information.
 2023-01-25 16:26:39 +01:00
Armin Novak
e0a14edfbb [core,crypto] log more parsing failures 2023-01-24 10:16:55 +01:00
Armin Novak
dd0d130f48 [crypto] make tls.h a private header 
no need to uselessly export symbols that are not usable outside the
project
 2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530 [core] Rename TLS functions 
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
 2023-01-14 08:50:26 +01:00
Armin Novak
8b9b2db44b [winpr] use winpr_fopen 2023-01-12 22:54:25 +01:00
akallabeth
82ba9ede9c [freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers 2023-01-10 17:38:00 +01:00
David Fort
07d9baad6d crypto: export getSslMethod utility function 2022-12-23 08:42:45 +01:00
David Fort
b283daafd7 tls: cleanup and add some methods to do handshakes asynchronously 
This patch does a few cleanups to allow creating TLS and DTLS contexts.
It also introduces tls_accept_ex and tls_connect_ex that can start the SSL handshake,
and it can be finished by calling tls_handshake
 2022-12-19 10:46:06 +01:00
Bernhard Miklautz
e530999156 new [tls/server]: disable client side renegotiation 2022-12-15 11:06:19 +01:00
akallabeth
37ab25e19d Fixed all Wdocumentation warnings 2022-12-12 14:24:55 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode 
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
 2022-11-28 10:42:36 +01:00
Armin Novak
7b95014157 [winpr,crypto] Split crypto header renamed 
* Renamed custom winpr crypto function header
* Added compatiblity header
 2022-11-23 09:39:56 +01:00
akallabeth
13a58bd346 [crypto] Added sha3 define guards 
sha3 is only supported with OpenSSL 1.1.1a or later
 2022-11-22 12:09:39 +01:00
akarl10
3a10bcd36a [ntlm]: use rfc5929 binding hash algorithm 
rfc5929 mandates some specific hashes for the binding algorithm
 2022-11-21 13:27:08 +01:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU 
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
 2022-10-24 22:22:00 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254) 
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
 2022-09-29 14:55:27 +02:00
Armin Novak
21ccb75812 Replaced magic numbers with definitions 2022-09-20 15:52:14 +02:00
DVeron-RC
de16558344
Fix memory leak in tls.c (#8135) 
There was an issue in the reference count managment of the private
key and the X509 certificate.
 2022-08-18 15:51:30 +02:00
Martin Fleisz
693985b733 crypto: Fix compilation with OpenSSL versions older than 1.1.1 2022-08-17 14:20:14 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120) 
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
 2022-08-16 10:40:32 +02:00
David Véron
a3712521a8 TLS version control 
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
 2022-07-07 07:13:11 +00:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
Adrian Perez de Castro
81e8e28062 Fix building with LibreSSL 2.7.0 or newer 
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:

- BIO_meth_new() and related functions are now defined by LibreSSL, the
  versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
  functions should be used instead in winpr's hash.c.
 2022-06-27 12:42:06 +02:00