Rename of internal ssl_ wrapper functions/defines to
rdssl_ to prevent nameclashing with openssl library now when we link against ssl library. git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1665 423420c4-83ab-492f-b58f-81f9feb106b5
This commit is contained in:
parent
9e860a2144
commit
0f5824d414
22
licence.c
22
licence.c
@ -146,7 +146,7 @@ licence_process_demand(STREAM s)
|
|||||||
uint8 hwid[LICENCE_HWID_SIZE];
|
uint8 hwid[LICENCE_HWID_SIZE];
|
||||||
uint8 *licence_data;
|
uint8 *licence_data;
|
||||||
int licence_size;
|
int licence_size;
|
||||||
SSL_RC4 crypt_key;
|
RDSSL_RC4 crypt_key;
|
||||||
|
|
||||||
/* Retrieve the server random from the incoming packet */
|
/* Retrieve the server random from the incoming packet */
|
||||||
in_uint8p(s, server_random, SEC_RANDOM_SIZE);
|
in_uint8p(s, server_random, SEC_RANDOM_SIZE);
|
||||||
@ -164,8 +164,8 @@ licence_process_demand(STREAM s)
|
|||||||
sec_sign(signature, 16, g_licence_sign_key, 16, hwid, sizeof(hwid));
|
sec_sign(signature, 16, g_licence_sign_key, 16, hwid, sizeof(hwid));
|
||||||
|
|
||||||
/* Now encrypt the HWID */
|
/* Now encrypt the HWID */
|
||||||
ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
||||||
ssl_rc4_crypt(&crypt_key, hwid, hwid, sizeof(hwid));
|
rdssl_rc4_crypt(&crypt_key, hwid, hwid, sizeof(hwid));
|
||||||
|
|
||||||
#if WITH_DEBUG
|
#if WITH_DEBUG
|
||||||
DEBUG(("Sending licensing PDU (message type 0x%02x)\n", LICENCE_TAG_PRESENT));
|
DEBUG(("Sending licensing PDU (message type 0x%02x)\n", LICENCE_TAG_PRESENT));
|
||||||
@ -240,15 +240,15 @@ licence_process_authreq(STREAM s)
|
|||||||
uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
|
uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
|
||||||
uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
|
uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
|
||||||
uint8 out_sig[LICENCE_SIGNATURE_SIZE];
|
uint8 out_sig[LICENCE_SIGNATURE_SIZE];
|
||||||
SSL_RC4 crypt_key;
|
RDSSL_RC4 crypt_key;
|
||||||
|
|
||||||
/* Parse incoming packet and save the encrypted token */
|
/* Parse incoming packet and save the encrypted token */
|
||||||
licence_parse_authreq(s, &in_token, &in_sig);
|
licence_parse_authreq(s, &in_token, &in_sig);
|
||||||
memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
|
memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
|
||||||
|
|
||||||
/* Decrypt the token. It should read TEST in Unicode. */
|
/* Decrypt the token. It should read TEST in Unicode. */
|
||||||
ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
||||||
ssl_rc4_crypt(&crypt_key, in_token, decrypt_token, LICENCE_TOKEN_SIZE);
|
rdssl_rc4_crypt(&crypt_key, in_token, decrypt_token, LICENCE_TOKEN_SIZE);
|
||||||
|
|
||||||
/* Generate a signature for a buffer of token and HWID */
|
/* Generate a signature for a buffer of token and HWID */
|
||||||
licence_generate_hwid(hwid);
|
licence_generate_hwid(hwid);
|
||||||
@ -257,8 +257,8 @@ licence_process_authreq(STREAM s)
|
|||||||
sec_sign(out_sig, 16, g_licence_sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
|
sec_sign(out_sig, 16, g_licence_sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
|
||||||
|
|
||||||
/* Now encrypt the HWID */
|
/* Now encrypt the HWID */
|
||||||
ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
||||||
ssl_rc4_crypt(&crypt_key, hwid, crypt_hwid, LICENCE_HWID_SIZE);
|
rdssl_rc4_crypt(&crypt_key, hwid, crypt_hwid, LICENCE_HWID_SIZE);
|
||||||
|
|
||||||
#if WITH_DEBUG
|
#if WITH_DEBUG
|
||||||
DEBUG(("Sending licensing PDU (message type 0x%02x)\n", LICENCE_TAG_AUTHRESP));
|
DEBUG(("Sending licensing PDU (message type 0x%02x)\n", LICENCE_TAG_AUTHRESP));
|
||||||
@ -270,7 +270,7 @@ licence_process_authreq(STREAM s)
|
|||||||
static void
|
static void
|
||||||
licence_process_issue(STREAM s)
|
licence_process_issue(STREAM s)
|
||||||
{
|
{
|
||||||
SSL_RC4 crypt_key;
|
RDSSL_RC4 crypt_key;
|
||||||
uint32 length;
|
uint32 length;
|
||||||
uint16 check;
|
uint16 check;
|
||||||
int i;
|
int i;
|
||||||
@ -280,8 +280,8 @@ licence_process_issue(STREAM s)
|
|||||||
if (!s_check_rem(s, length))
|
if (!s_check_rem(s, length))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
|
||||||
ssl_rc4_crypt(&crypt_key, s->p, s->p, length);
|
rdssl_rc4_crypt(&crypt_key, s->p, s->p, length);
|
||||||
|
|
||||||
in_uint16(s, check);
|
in_uint16(s, check);
|
||||||
if (check != 0)
|
if (check != 0)
|
||||||
|
12
rdesktop.c
12
rdesktop.c
@ -1098,7 +1098,7 @@ generate_random(uint8 * random)
|
|||||||
{
|
{
|
||||||
struct stat st;
|
struct stat st;
|
||||||
struct tms tmsbuf;
|
struct tms tmsbuf;
|
||||||
SSL_MD5 md5;
|
RDSSL_MD5 md5;
|
||||||
uint32 *r;
|
uint32 *r;
|
||||||
int fd, n;
|
int fd, n;
|
||||||
|
|
||||||
@ -1130,11 +1130,11 @@ generate_random(uint8 * random)
|
|||||||
r[7] = st.st_ctime;
|
r[7] = st.st_ctime;
|
||||||
|
|
||||||
/* Hash both halves with MD5 to obscure possible patterns */
|
/* Hash both halves with MD5 to obscure possible patterns */
|
||||||
ssl_md5_init(&md5);
|
rdssl_md5_init(&md5);
|
||||||
ssl_md5_update(&md5, random, 16);
|
rdssl_md5_update(&md5, random, 16);
|
||||||
ssl_md5_final(&md5, random);
|
rdssl_md5_final(&md5, random);
|
||||||
ssl_md5_update(&md5, random + 16, 16);
|
rdssl_md5_update(&md5, random + 16, 16);
|
||||||
ssl_md5_final(&md5, random + 16);
|
rdssl_md5_final(&md5, random + 16);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* malloc; exit if out of memory */
|
/* malloc; exit if out of memory */
|
||||||
|
2
rdp.c
2
rdp.c
@ -474,7 +474,7 @@ rdp_send_logon_info(uint32 flags, char *domain, char *user,
|
|||||||
out_uint32_le(s, 28); /* cbLen */
|
out_uint32_le(s, 28); /* cbLen */
|
||||||
out_uint32_le(s, 1); /* Version */
|
out_uint32_le(s, 1); /* Version */
|
||||||
out_uint32_le(s, g_reconnect_logonid); /* LogonId */
|
out_uint32_le(s, g_reconnect_logonid); /* LogonId */
|
||||||
ssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random),
|
rdssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random),
|
||||||
g_client_random, SEC_RANDOM_SIZE, security_verifier);
|
g_client_random, SEC_RANDOM_SIZE, security_verifier);
|
||||||
out_uint8a(s, security_verifier, sizeof(security_verifier));
|
out_uint8a(s, security_verifier, sizeof(security_verifier));
|
||||||
}
|
}
|
||||||
|
160
secure.c
160
secure.c
@ -39,8 +39,8 @@ extern unsigned int g_num_channels;
|
|||||||
extern uint8 g_client_random[SEC_RANDOM_SIZE];
|
extern uint8 g_client_random[SEC_RANDOM_SIZE];
|
||||||
|
|
||||||
static int g_rc4_key_len;
|
static int g_rc4_key_len;
|
||||||
static SSL_RC4 g_rc4_decrypt_key;
|
static RDSSL_RC4 g_rc4_decrypt_key;
|
||||||
static SSL_RC4 g_rc4_encrypt_key;
|
static RDSSL_RC4 g_rc4_encrypt_key;
|
||||||
static uint32 g_server_public_key_len;
|
static uint32 g_server_public_key_len;
|
||||||
|
|
||||||
static uint8 g_sec_sign_key[16];
|
static uint8 g_sec_sign_key[16];
|
||||||
@ -75,25 +75,25 @@ sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt)
|
|||||||
{
|
{
|
||||||
uint8 shasig[20];
|
uint8 shasig[20];
|
||||||
uint8 pad[4];
|
uint8 pad[4];
|
||||||
SSL_SHA1 sha1;
|
RDSSL_SHA1 sha1;
|
||||||
SSL_MD5 md5;
|
RDSSL_MD5 md5;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
for (i = 0; i < 3; i++)
|
for (i = 0; i < 3; i++)
|
||||||
{
|
{
|
||||||
memset(pad, salt + i, i + 1);
|
memset(pad, salt + i, i + 1);
|
||||||
|
|
||||||
ssl_sha1_init(&sha1);
|
rdssl_sha1_init(&sha1);
|
||||||
ssl_sha1_update(&sha1, pad, i + 1);
|
rdssl_sha1_update(&sha1, pad, i + 1);
|
||||||
ssl_sha1_update(&sha1, in, 48);
|
rdssl_sha1_update(&sha1, in, 48);
|
||||||
ssl_sha1_update(&sha1, salt1, 32);
|
rdssl_sha1_update(&sha1, salt1, 32);
|
||||||
ssl_sha1_update(&sha1, salt2, 32);
|
rdssl_sha1_update(&sha1, salt2, 32);
|
||||||
ssl_sha1_final(&sha1, shasig);
|
rdssl_sha1_final(&sha1, shasig);
|
||||||
|
|
||||||
ssl_md5_init(&md5);
|
rdssl_md5_init(&md5);
|
||||||
ssl_md5_update(&md5, in, 48);
|
rdssl_md5_update(&md5, in, 48);
|
||||||
ssl_md5_update(&md5, shasig, 20);
|
rdssl_md5_update(&md5, shasig, 20);
|
||||||
ssl_md5_final(&md5, &out[i * 16]);
|
rdssl_md5_final(&md5, &out[i * 16]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -103,13 +103,13 @@ sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt)
|
|||||||
void
|
void
|
||||||
sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
|
sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
|
||||||
{
|
{
|
||||||
SSL_MD5 md5;
|
RDSSL_MD5 md5;
|
||||||
|
|
||||||
ssl_md5_init(&md5);
|
rdssl_md5_init(&md5);
|
||||||
ssl_md5_update(&md5, in, 16);
|
rdssl_md5_update(&md5, in, 16);
|
||||||
ssl_md5_update(&md5, salt1, 32);
|
rdssl_md5_update(&md5, salt1, 32);
|
||||||
ssl_md5_update(&md5, salt2, 32);
|
rdssl_md5_update(&md5, salt2, 32);
|
||||||
ssl_md5_final(&md5, out);
|
rdssl_md5_final(&md5, out);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -118,11 +118,11 @@ sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
|
|||||||
void
|
void
|
||||||
sec_hash_sha1_16(uint8 * out, uint8 * in, uint8 * salt1)
|
sec_hash_sha1_16(uint8 * out, uint8 * in, uint8 * salt1)
|
||||||
{
|
{
|
||||||
SSL_SHA1 sha1;
|
RDSSL_SHA1 sha1;
|
||||||
ssl_sha1_init(&sha1);
|
rdssl_sha1_init(&sha1);
|
||||||
ssl_sha1_update(&sha1, in, 16);
|
rdssl_sha1_update(&sha1, in, 16);
|
||||||
ssl_sha1_update(&sha1, salt1, 16);
|
rdssl_sha1_update(&sha1, salt1, 16);
|
||||||
ssl_sha1_final(&sha1, out);
|
rdssl_sha1_final(&sha1, out);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* create string from hash */
|
/* create string from hash */
|
||||||
@ -188,8 +188,8 @@ sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size
|
|||||||
memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16);
|
memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16);
|
||||||
|
|
||||||
/* Initialise RC4 state arrays */
|
/* Initialise RC4 state arrays */
|
||||||
ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
|
rdssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
|
||||||
ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
|
rdssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
static uint8 pad_54[40] = {
|
static uint8 pad_54[40] = {
|
||||||
@ -223,23 +223,23 @@ sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 *
|
|||||||
uint8 shasig[20];
|
uint8 shasig[20];
|
||||||
uint8 md5sig[16];
|
uint8 md5sig[16];
|
||||||
uint8 lenhdr[4];
|
uint8 lenhdr[4];
|
||||||
SSL_SHA1 sha1;
|
RDSSL_SHA1 sha1;
|
||||||
SSL_MD5 md5;
|
RDSSL_MD5 md5;
|
||||||
|
|
||||||
buf_out_uint32(lenhdr, datalen);
|
buf_out_uint32(lenhdr, datalen);
|
||||||
|
|
||||||
ssl_sha1_init(&sha1);
|
rdssl_sha1_init(&sha1);
|
||||||
ssl_sha1_update(&sha1, session_key, keylen);
|
rdssl_sha1_update(&sha1, session_key, keylen);
|
||||||
ssl_sha1_update(&sha1, pad_54, 40);
|
rdssl_sha1_update(&sha1, pad_54, 40);
|
||||||
ssl_sha1_update(&sha1, lenhdr, 4);
|
rdssl_sha1_update(&sha1, lenhdr, 4);
|
||||||
ssl_sha1_update(&sha1, data, datalen);
|
rdssl_sha1_update(&sha1, data, datalen);
|
||||||
ssl_sha1_final(&sha1, shasig);
|
rdssl_sha1_final(&sha1, shasig);
|
||||||
|
|
||||||
ssl_md5_init(&md5);
|
rdssl_md5_init(&md5);
|
||||||
ssl_md5_update(&md5, session_key, keylen);
|
rdssl_md5_update(&md5, session_key, keylen);
|
||||||
ssl_md5_update(&md5, pad_92, 48);
|
rdssl_md5_update(&md5, pad_92, 48);
|
||||||
ssl_md5_update(&md5, shasig, 20);
|
rdssl_md5_update(&md5, shasig, 20);
|
||||||
ssl_md5_final(&md5, md5sig);
|
rdssl_md5_final(&md5, md5sig);
|
||||||
|
|
||||||
memcpy(signature, md5sig, siglen);
|
memcpy(signature, md5sig, siglen);
|
||||||
}
|
}
|
||||||
@ -249,24 +249,24 @@ static void
|
|||||||
sec_update(uint8 * key, uint8 * update_key)
|
sec_update(uint8 * key, uint8 * update_key)
|
||||||
{
|
{
|
||||||
uint8 shasig[20];
|
uint8 shasig[20];
|
||||||
SSL_SHA1 sha1;
|
RDSSL_SHA1 sha1;
|
||||||
SSL_MD5 md5;
|
RDSSL_MD5 md5;
|
||||||
SSL_RC4 update;
|
RDSSL_RC4 update;
|
||||||
|
|
||||||
ssl_sha1_init(&sha1);
|
rdssl_sha1_init(&sha1);
|
||||||
ssl_sha1_update(&sha1, update_key, g_rc4_key_len);
|
rdssl_sha1_update(&sha1, update_key, g_rc4_key_len);
|
||||||
ssl_sha1_update(&sha1, pad_54, 40);
|
rdssl_sha1_update(&sha1, pad_54, 40);
|
||||||
ssl_sha1_update(&sha1, key, g_rc4_key_len);
|
rdssl_sha1_update(&sha1, key, g_rc4_key_len);
|
||||||
ssl_sha1_final(&sha1, shasig);
|
rdssl_sha1_final(&sha1, shasig);
|
||||||
|
|
||||||
ssl_md5_init(&md5);
|
rdssl_md5_init(&md5);
|
||||||
ssl_md5_update(&md5, update_key, g_rc4_key_len);
|
rdssl_md5_update(&md5, update_key, g_rc4_key_len);
|
||||||
ssl_md5_update(&md5, pad_92, 48);
|
rdssl_md5_update(&md5, pad_92, 48);
|
||||||
ssl_md5_update(&md5, shasig, 20);
|
rdssl_md5_update(&md5, shasig, 20);
|
||||||
ssl_md5_final(&md5, key);
|
rdssl_md5_final(&md5, key);
|
||||||
|
|
||||||
ssl_rc4_set_key(&update, key, g_rc4_key_len);
|
rdssl_rc4_set_key(&update, key, g_rc4_key_len);
|
||||||
ssl_rc4_crypt(&update, key, key, g_rc4_key_len);
|
rdssl_rc4_crypt(&update, key, key, g_rc4_key_len);
|
||||||
|
|
||||||
if (g_rc4_key_len == 8)
|
if (g_rc4_key_len == 8)
|
||||||
sec_make_40bit(key);
|
sec_make_40bit(key);
|
||||||
@ -279,11 +279,11 @@ sec_encrypt(uint8 * data, int length)
|
|||||||
if (g_sec_encrypt_use_count == 4096)
|
if (g_sec_encrypt_use_count == 4096)
|
||||||
{
|
{
|
||||||
sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key);
|
sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key);
|
||||||
ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
|
rdssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
|
||||||
g_sec_encrypt_use_count = 0;
|
g_sec_encrypt_use_count = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length);
|
rdssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length);
|
||||||
g_sec_encrypt_use_count++;
|
g_sec_encrypt_use_count++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -294,11 +294,11 @@ sec_decrypt(uint8 * data, int length)
|
|||||||
if (g_sec_decrypt_use_count == 4096)
|
if (g_sec_decrypt_use_count == 4096)
|
||||||
{
|
{
|
||||||
sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key);
|
sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key);
|
||||||
ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
|
rdssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
|
||||||
g_sec_decrypt_use_count = 0;
|
g_sec_decrypt_use_count = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length);
|
rdssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length);
|
||||||
g_sec_decrypt_use_count++;
|
g_sec_decrypt_use_count++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -307,7 +307,7 @@ static void
|
|||||||
sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
|
sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
|
||||||
uint8 * exponent)
|
uint8 * exponent)
|
||||||
{
|
{
|
||||||
ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent);
|
rdssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Initialise secure transport packet */
|
/* Initialise secure transport packet */
|
||||||
@ -525,7 +525,7 @@ sec_parse_public_sig(STREAM s, uint32 len, uint8 * modulus, uint8 * exponent)
|
|||||||
memset(signature, 0, sizeof(signature));
|
memset(signature, 0, sizeof(signature));
|
||||||
sig_len = len - 8;
|
sig_len = len - 8;
|
||||||
in_uint8a(s, signature, sig_len);
|
in_uint8a(s, signature, sig_len);
|
||||||
return ssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len,
|
return rdssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len,
|
||||||
signature, sig_len);
|
signature, sig_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -536,8 +536,8 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
|
|||||||
{
|
{
|
||||||
uint32 crypt_level, random_len, rsa_info_len;
|
uint32 crypt_level, random_len, rsa_info_len;
|
||||||
uint32 cacert_len, cert_len, flags;
|
uint32 cacert_len, cert_len, flags;
|
||||||
SSL_CERT *cacert, *server_cert;
|
RDSSL_CERT *cacert, *server_cert;
|
||||||
SSL_RKEY *server_public_key;
|
RDSSL_RKEY *server_public_key;
|
||||||
uint16 tag, length;
|
uint16 tag, length;
|
||||||
uint8 *next_tag, *end;
|
uint8 *next_tag, *end;
|
||||||
|
|
||||||
@ -613,12 +613,12 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
|
|||||||
for (; certcount > 2; certcount--)
|
for (; certcount > 2; certcount--)
|
||||||
{ /* ignore all the certificates between the root and the signing CA */
|
{ /* ignore all the certificates between the root and the signing CA */
|
||||||
uint32 ignorelen;
|
uint32 ignorelen;
|
||||||
SSL_CERT *ignorecert;
|
RDSSL_CERT *ignorecert;
|
||||||
|
|
||||||
DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
|
DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
|
||||||
in_uint32_le(s, ignorelen);
|
in_uint32_le(s, ignorelen);
|
||||||
DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
|
DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
|
||||||
ignorecert = ssl_cert_read(s->p, ignorelen);
|
ignorecert = rdssl_cert_read(s->p, ignorelen);
|
||||||
in_uint8s(s, ignorelen);
|
in_uint8s(s, ignorelen);
|
||||||
if (ignorecert == NULL)
|
if (ignorecert == NULL)
|
||||||
{ /* XXX: error out? */
|
{ /* XXX: error out? */
|
||||||
@ -627,7 +627,7 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
|
|||||||
|
|
||||||
#ifdef WITH_DEBUG_RDP5
|
#ifdef WITH_DEBUG_RDP5
|
||||||
DEBUG_RDP5(("cert #%d (ignored):\n", certcount));
|
DEBUG_RDP5(("cert #%d (ignored):\n", certcount));
|
||||||
ssl_cert_print_fp(stdout, ignorecert);
|
rdssl_cert_print_fp(stdout, ignorecert);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
/* Do da funky X.509 stuffy
|
/* Do da funky X.509 stuffy
|
||||||
@ -640,7 +640,7 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
|
|||||||
*/
|
*/
|
||||||
in_uint32_le(s, cacert_len);
|
in_uint32_le(s, cacert_len);
|
||||||
DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len));
|
DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len));
|
||||||
cacert = ssl_cert_read(s->p, cacert_len);
|
cacert = rdssl_cert_read(s->p, cacert_len);
|
||||||
in_uint8s(s, cacert_len);
|
in_uint8s(s, cacert_len);
|
||||||
if (NULL == cacert)
|
if (NULL == cacert)
|
||||||
{
|
{
|
||||||
@ -649,47 +649,47 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
|
|||||||
}
|
}
|
||||||
in_uint32_le(s, cert_len);
|
in_uint32_le(s, cert_len);
|
||||||
DEBUG_RDP5(("Certificate length is %d\n", cert_len));
|
DEBUG_RDP5(("Certificate length is %d\n", cert_len));
|
||||||
server_cert = ssl_cert_read(s->p, cert_len);
|
server_cert = rdssl_cert_read(s->p, cert_len);
|
||||||
in_uint8s(s, cert_len);
|
in_uint8s(s, cert_len);
|
||||||
if (NULL == server_cert)
|
if (NULL == server_cert)
|
||||||
{
|
{
|
||||||
ssl_cert_free(cacert);
|
rdssl_cert_free(cacert);
|
||||||
error("Couldn't load Certificate from server\n");
|
error("Couldn't load Certificate from server\n");
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
if (!ssl_certs_ok(server_cert, cacert))
|
if (!rdssl_certs_ok(server_cert, cacert))
|
||||||
{
|
{
|
||||||
ssl_cert_free(server_cert);
|
rdssl_cert_free(server_cert);
|
||||||
ssl_cert_free(cacert);
|
rdssl_cert_free(cacert);
|
||||||
error("Security error CA Certificate invalid\n");
|
error("Security error CA Certificate invalid\n");
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
ssl_cert_free(cacert);
|
rdssl_cert_free(cacert);
|
||||||
in_uint8s(s, 16); /* Padding */
|
in_uint8s(s, 16); /* Padding */
|
||||||
server_public_key = ssl_cert_to_rkey(server_cert, &g_server_public_key_len);
|
server_public_key = rdssl_cert_to_rkey(server_cert, &g_server_public_key_len);
|
||||||
if (NULL == server_public_key)
|
if (NULL == server_public_key)
|
||||||
{
|
{
|
||||||
DEBUG_RDP5(("Didn't parse X509 correctly\n"));
|
DEBUG_RDP5(("Didn't parse X509 correctly\n"));
|
||||||
ssl_cert_free(server_cert);
|
rdssl_cert_free(server_cert);
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
ssl_cert_free(server_cert);
|
rdssl_cert_free(server_cert);
|
||||||
if ((g_server_public_key_len < SEC_MODULUS_SIZE) ||
|
if ((g_server_public_key_len < SEC_MODULUS_SIZE) ||
|
||||||
(g_server_public_key_len > SEC_MAX_MODULUS_SIZE))
|
(g_server_public_key_len > SEC_MAX_MODULUS_SIZE))
|
||||||
{
|
{
|
||||||
error("Bad server public key size (%u bits)\n",
|
error("Bad server public key size (%u bits)\n",
|
||||||
g_server_public_key_len * 8);
|
g_server_public_key_len * 8);
|
||||||
ssl_rkey_free(server_public_key);
|
rdssl_rkey_free(server_public_key);
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
if (ssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE,
|
if (rdssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE,
|
||||||
modulus, SEC_MAX_MODULUS_SIZE) != 0)
|
modulus, SEC_MAX_MODULUS_SIZE) != 0)
|
||||||
{
|
{
|
||||||
error("Problem extracting RSA exponent, modulus");
|
error("Problem extracting RSA exponent, modulus");
|
||||||
ssl_rkey_free(server_public_key);
|
rdssl_rkey_free(server_public_key);
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
ssl_rkey_free(server_public_key);
|
rdssl_rkey_free(server_public_key);
|
||||||
return True; /* There's some garbage here we don't care about */
|
return True; /* There's some garbage here we don't care about */
|
||||||
}
|
}
|
||||||
return s_check_end(s);
|
return s_check_end(s);
|
||||||
|
46
ssl.c
46
ssl.c
@ -22,49 +22,49 @@
|
|||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_sha1_init(SSL_SHA1 * sha1)
|
rdssl_sha1_init(RDSSL_SHA1 * sha1)
|
||||||
{
|
{
|
||||||
SHA1_Init(sha1);
|
SHA1_Init(sha1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len)
|
rdssl_sha1_update(RDSSL_SHA1 * sha1, uint8 * data, uint32 len)
|
||||||
{
|
{
|
||||||
SHA1_Update(sha1, data, len);
|
SHA1_Update(sha1, data, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data)
|
rdssl_sha1_final(RDSSL_SHA1 * sha1, uint8 * out_data)
|
||||||
{
|
{
|
||||||
SHA1_Final(out_data, sha1);
|
SHA1_Final(out_data, sha1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_md5_init(SSL_MD5 * md5)
|
rdssl_md5_init(RDSSL_MD5 * md5)
|
||||||
{
|
{
|
||||||
MD5_Init(md5);
|
MD5_Init(md5);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len)
|
rdssl_md5_update(RDSSL_MD5 * md5, uint8 * data, uint32 len)
|
||||||
{
|
{
|
||||||
MD5_Update(md5, data, len);
|
MD5_Update(md5, data, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_md5_final(SSL_MD5 * md5, uint8 * out_data)
|
rdssl_md5_final(RDSSL_MD5 * md5, uint8 * out_data)
|
||||||
{
|
{
|
||||||
MD5_Final(out_data, md5);
|
MD5_Final(out_data, md5);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len)
|
rdssl_rc4_set_key(RDSSL_RC4 * rc4, uint8 * key, uint32 len)
|
||||||
{
|
{
|
||||||
RC4_set_key(rc4, len, key);
|
RC4_set_key(rc4, len, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
|
rdssl_rc4_crypt(RDSSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
|
||||||
{
|
{
|
||||||
RC4(rc4, len, in_data, out_data);
|
RC4(rc4, len, in_data, out_data);
|
||||||
}
|
}
|
||||||
@ -84,7 +84,7 @@ reverse(uint8 * p, int len)
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
|
rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
|
||||||
uint8 * exponent)
|
uint8 * exponent)
|
||||||
{
|
{
|
||||||
BN_CTX *ctx;
|
BN_CTX *ctx;
|
||||||
@ -119,26 +119,26 @@ ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * m
|
|||||||
BN_CTX_free(ctx);
|
BN_CTX_free(ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* returns newly allocated SSL_CERT or NULL */
|
/* returns newly allocated RDSSL_CERT or NULL */
|
||||||
SSL_CERT *
|
RDSSL_CERT *
|
||||||
ssl_cert_read(uint8 * data, uint32 len)
|
rdssl_cert_read(uint8 * data, uint32 len)
|
||||||
{
|
{
|
||||||
/* this will move the data pointer but we don't care, we don't use it again */
|
/* this will move the data pointer but we don't care, we don't use it again */
|
||||||
return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
|
return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_cert_free(SSL_CERT * cert)
|
rdssl_cert_free(RDSSL_CERT * cert)
|
||||||
{
|
{
|
||||||
X509_free(cert);
|
X509_free(cert);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* returns newly allocated SSL_RKEY or NULL */
|
/* returns newly allocated RDSSL_RKEY or NULL */
|
||||||
SSL_RKEY *
|
RDSSL_RKEY *
|
||||||
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
|
rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
|
||||||
{
|
{
|
||||||
EVP_PKEY *epk = NULL;
|
EVP_PKEY *epk = NULL;
|
||||||
SSL_RKEY *lkey;
|
RDSSL_RKEY *lkey;
|
||||||
int nid;
|
int nid;
|
||||||
|
|
||||||
/* By some reason, Microsoft sets the OID of the Public RSA key to
|
/* By some reason, Microsoft sets the OID of the Public RSA key to
|
||||||
@ -168,7 +168,7 @@ ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len)
|
|||||||
|
|
||||||
/* returns boolean */
|
/* returns boolean */
|
||||||
RD_BOOL
|
RD_BOOL
|
||||||
ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
|
rdssl_certs_ok(RDSSL_CERT * server_cert, RDSSL_CERT * cacert)
|
||||||
{
|
{
|
||||||
/* Currently, we don't use the CA Certificate.
|
/* Currently, we don't use the CA Certificate.
|
||||||
FIXME:
|
FIXME:
|
||||||
@ -183,20 +183,20 @@ ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert)
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
ssl_cert_print_fp(FILE * fp, SSL_CERT * cert)
|
rdssl_cert_print_fp(FILE * fp, RDSSL_CERT * cert)
|
||||||
{
|
{
|
||||||
return X509_print_fp(fp, cert);
|
return X509_print_fp(fp, cert);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_rkey_free(SSL_RKEY * rkey)
|
rdssl_rkey_free(RDSSL_RKEY * rkey)
|
||||||
{
|
{
|
||||||
RSA_free(rkey);
|
RSA_free(rkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* returns error */
|
/* returns error */
|
||||||
int
|
int
|
||||||
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
|
rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
|
||||||
uint32 max_mod_len)
|
uint32 max_mod_len)
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
@ -215,7 +215,7 @@ ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint
|
|||||||
|
|
||||||
/* returns boolean */
|
/* returns boolean */
|
||||||
RD_BOOL
|
RD_BOOL
|
||||||
ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
|
rdssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
|
||||||
uint8 * signature, uint32 sig_len)
|
uint8 * signature, uint32 sig_len)
|
||||||
{
|
{
|
||||||
/* Currently, we don't check the signature
|
/* Currently, we don't check the signature
|
||||||
@ -226,7 +226,7 @@ ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
|
|||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md)
|
rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md)
|
||||||
{
|
{
|
||||||
HMAC_CTX ctx;
|
HMAC_CTX ctx;
|
||||||
HMAC_CTX_init(&ctx);
|
HMAC_CTX_init(&ctx);
|
||||||
|
52
ssl.h
52
ssl.h
@ -18,8 +18,8 @@
|
|||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _SSL_H
|
#ifndef _RDSSL_H
|
||||||
#define _SSL_H
|
#define _RDSSL_H
|
||||||
|
|
||||||
#include <openssl/rc4.h>
|
#include <openssl/rc4.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
@ -28,40 +28,40 @@
|
|||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
#include <openssl/hmac.h>
|
#include <openssl/hmac.h>
|
||||||
|
|
||||||
#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f)
|
#if defined(OPENRDSSL_VERSION_NUMBER) && (OPENRDSSL_VERSION_NUMBER >= 0x0090800f)
|
||||||
#define D2I_X509_CONST const
|
#define D2I_X509_CONST const
|
||||||
#else
|
#else
|
||||||
#define D2I_X509_CONST
|
#define D2I_X509_CONST
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define SSL_RC4 RC4_KEY
|
#define RDSSL_RC4 RC4_KEY
|
||||||
#define SSL_SHA1 SHA_CTX
|
#define RDSSL_SHA1 SHA_CTX
|
||||||
#define SSL_MD5 MD5_CTX
|
#define RDSSL_MD5 MD5_CTX
|
||||||
#define SSL_CERT X509
|
#define RDSSL_CERT X509
|
||||||
#define SSL_RKEY RSA
|
#define RDSSL_RKEY RSA
|
||||||
|
|
||||||
void ssl_sha1_init(SSL_SHA1 * sha1);
|
void rdssl_sha1_init(RDSSL_SHA1 * sha1);
|
||||||
void ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len);
|
void rdssl_sha1_update(RDSSL_SHA1 * sha1, uint8 * data, uint32 len);
|
||||||
void ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data);
|
void rdssl_sha1_final(RDSSL_SHA1 * sha1, uint8 * out_data);
|
||||||
void ssl_md5_init(SSL_MD5 * md5);
|
void rdssl_md5_init(RDSSL_MD5 * md5);
|
||||||
void ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len);
|
void rdssl_md5_update(RDSSL_MD5 * md5, uint8 * data, uint32 len);
|
||||||
void ssl_md5_final(SSL_MD5 * md5, uint8 * out_data);
|
void rdssl_md5_final(RDSSL_MD5 * md5, uint8 * out_data);
|
||||||
void ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len);
|
void rdssl_rc4_set_key(RDSSL_RC4 * rc4, uint8 * key, uint32 len);
|
||||||
void ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len);
|
void rdssl_rc4_crypt(RDSSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len);
|
||||||
void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
|
void rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
|
||||||
uint8 * exponent);
|
uint8 * exponent);
|
||||||
SSL_CERT *ssl_cert_read(uint8 * data, uint32 len);
|
RDSSL_CERT *rdssl_cert_read(uint8 * data, uint32 len);
|
||||||
void ssl_cert_free(SSL_CERT * cert);
|
void rdssl_cert_free(RDSSL_CERT * cert);
|
||||||
SSL_RKEY *ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len);
|
RDSSL_RKEY *rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len);
|
||||||
RD_BOOL ssl_certs_ok(SSL_CERT * server_cert, SSL_CERT * cacert);
|
RD_BOOL rdssl_certs_ok(RDSSL_CERT * server_cert, RDSSL_CERT * cacert);
|
||||||
int ssl_cert_print_fp(FILE * fp, SSL_CERT * cert);
|
int rdssl_cert_print_fp(FILE * fp, RDSSL_CERT * cert);
|
||||||
void ssl_rkey_free(SSL_RKEY * rkey);
|
void rdssl_rkey_free(RDSSL_RKEY * rkey);
|
||||||
int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
|
int rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus,
|
||||||
uint32 max_mod_len);
|
uint32 max_mod_len);
|
||||||
RD_BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
|
RD_BOOL rdssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len,
|
||||||
uint8 * signature, uint32 sig_len);
|
uint8 * signature, uint32 sig_len);
|
||||||
|
|
||||||
void ssl_hmac_md5(const void *key, int key_len,
|
void rdssl_hmac_md5(const void *key, int key_len,
|
||||||
const unsigned char *msg, int msg_len, unsigned char *md);
|
const unsigned char *msg, int msg_len, unsigned char *md);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user