{ "encryption-methods", COMMAND_LINE_VALUE_REQUIRED, "[40,][56,][128,][FIPS]", NULL, NULL, -1, NULL, "RDP standard security encryption methods" },
{ "f", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "Fullscreen mode" },
{ "fast-path", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, "Enable fast-path input/output" },
- { "fipsmode", COMMAND_LINE_VALUE_BOOL, NULL, NULL, NULL, -1, NULL, "Enable FIPS mode" },
+ { "fipsmode", COMMAND_LINE_VALUE_BOOL, NULL, NULL, NULL, -1, NULL, "Enable FIPS mode" },
{ "fonts", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueFalse, NULL, -1, NULL, "Enable smooth fonts (ClearType)" },
{ "frame-ack", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL, "Number of frame acknowledgement" },
{ "from-stdin", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "Read credentials from stdin, do not use defaults." },
WINPR_HMAC_CTX* winpr_HMAC_New(void)
{
WINPR_HMAC_CTX* ctx = NULL;
-
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac = NULL;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+
if (!(hmac = (HMAC_CTX*) calloc(1, sizeof(HMAC_CTX))))
return NULL;
+
HMAC_CTX_init(hmac);
#else
+
if (!(hmac = HMAC_CTX_new()))
return NULL;
+
#endif
ctx = (WINPR_HMAC_CTX*) hmac;
-
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* hmac;
+
if (!(hmac = (mbedtls_md_context_t*) calloc(1, sizeof(mbedtls_md_context_t))))
return NULL;
mbedtls_md_init(hmac);
-
ctx = (WINPR_HMAC_CTX*) hmac;
#endif
-
return ctx;
}
HMAC_Init_ex(hmac, key, keylen, evp, NULL); /* no return value on OpenSSL 0.9.x */
return TRUE;
#else
+
if (HMAC_Init_ex(hmac, key, keylen, evp, NULL) == 1)
return TRUE;
-#endif
+#endif
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* hmac = (mbedtls_md_context_t*) ctx;
mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
if (mbedtls_md_hmac_starts(hmac, key, keylen) == 0)
return TRUE;
-#endif
+#endif
return FALSE;
}
{
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac = (HMAC_CTX*) ctx;
-
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
HMAC_Update(hmac, input, ilen); /* no return value on OpenSSL 0.9.x */
return TRUE;
#else
+
if (HMAC_Update(hmac, input, ilen) == 1)
return TRUE;
-#endif
+#endif
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
+
if (mbedtls_md_hmac_update(mdctx, input, ilen) == 0)
return TRUE;
-#endif
+#endif
return FALSE;
}
HMAC_Final(hmac, output, NULL); /* no return value on OpenSSL 0.9.x */
return TRUE;
#else
+
if (HMAC_Final(hmac, output, NULL) == 1)
return TRUE;
-#endif
+#endif
#elif defined(WITH_MBEDTLS)
mdctx = (mbedtls_md_context_t*) ctx;
+
if (mbedtls_md_hmac_finish(mdctx, output) == 0)
return TRUE;
-#endif
+#endif
return FALSE;
}
{
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac = (HMAC_CTX*) ctx;
+
if (hmac)
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* hmac = (mbedtls_md_context_t*) ctx;
+
if (hmac)
{
mbedtls_md_free(hmac);
free(hmac);
}
+
#endif
}
BOOL winpr_HMAC(WINPR_MD_TYPE md, const BYTE* key, size_t keylen,
- const BYTE* input, size_t ilen, BYTE* output, size_t olen)
+ const BYTE* input, size_t ilen, BYTE* output, size_t olen)
{
BOOL result = FALSE;
- WINPR_HMAC_CTX *ctx = winpr_HMAC_New();
+ WINPR_HMAC_CTX* ctx = winpr_HMAC_New();
if (!ctx)
return FALSE;
if (!winpr_HMAC_Init(ctx, md, key, keylen))
goto out;
+
if (!winpr_HMAC_Update(ctx, input, ilen))
goto out;
+
if (!winpr_HMAC_Final(ctx, output, olen))
goto out;
WINPR_DIGEST_CTX* winpr_Digest_New(void)
{
WINPR_DIGEST_CTX* ctx = NULL;
-
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
mdctx = EVP_MD_CTX_new();
#endif
ctx = (WINPR_DIGEST_CTX*) mdctx;
-
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx;
mdctx = (mbedtls_md_context_t*) calloc(1, sizeof(mbedtls_md_context_t));
+
if (mdctx)
mbedtls_md_init(mdctx);
+
ctx = (WINPR_DIGEST_CTX*) mdctx;
#endif
-
return ctx;
}
/* Only MD5 is supported for FIPS allow override */
if (md != WINPR_MD_MD5)
return FALSE;
+
EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
return winpr_Digest_Init_Internal(ctx, md, evp);
#elif defined(WITH_MBEDTLS)
+
/* Only MD5 is supported for FIPS allow override */
if (md != WINPR_MD_MD5)
- return FALSE;
+ return FALSE;
+
return winpr_Digest_Init_Internal(ctx, md);
#endif
}
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
+
if (EVP_DigestUpdate(mdctx, input, ilen) != 1)
return FALSE;
+
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
+
if (mbedtls_md_update(mdctx, input, ilen) != 0)
return FALSE;
+
#endif
return TRUE;
}
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
+
if (EVP_DigestFinal_ex(mdctx, output, NULL) == 1)
return TRUE;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
+
if (mbedtls_md_finish(mdctx, output) == 0)
return TRUE;
-#endif
+#endif
return FALSE;
}
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
+
if (mdctx)
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
+
if (mdctx)
{
mbedtls_md_free(mdctx);
free(mdctx);
}
+
#endif
}
BOOL winpr_Digest_Allow_FIPS(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen)
{
BOOL result = FALSE;
- WINPR_DIGEST_CTX *ctx = winpr_Digest_New();
+ WINPR_DIGEST_CTX* ctx = winpr_Digest_New();
if (!ctx)
return FALSE;
if (!winpr_Digest_Init_Allow_FIPS(ctx, md))
goto out;
+
if (!winpr_Digest_Update(ctx, input, ilen))
goto out;
+
if (!winpr_Digest_Final(ctx, output, olen))
goto out;
BOOL winpr_Digest(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen)
{
BOOL result = FALSE;
- WINPR_DIGEST_CTX *ctx = winpr_Digest_New();
+ WINPR_DIGEST_CTX* ctx = winpr_Digest_New();
if (!ctx)
return FALSE;
if (!winpr_Digest_Init(ctx, md))
goto out;
+
if (!winpr_Digest_Update(ctx, input, ilen))
goto out;
+
if (!winpr_Digest_Final(ctx, output, olen))
goto out;
return dynlock;
}
-static void _winpr_openssl_dynlock_lock(int mode, struct CRYPTO_dynlock_value* dynlock, const char* file, int line)
+static void _winpr_openssl_dynlock_lock(int mode, struct CRYPTO_dynlock_value* dynlock,
+ const char* file, int line)
{
if (mode & CRYPTO_LOCK)
{
}
}
-static void _winpr_openssl_dynlock_destroy(struct CRYPTO_dynlock_value* dynlock, const char* file, int line)
+static void _winpr_openssl_dynlock_destroy(struct CRYPTO_dynlock_value* dynlock, const char* file,
+ int line)
{
CloseHandle(dynlock->mutex);
free(dynlock);
/* OpenSSL dynamic locking */
if (CRYPTO_get_dynlock_create_callback() ||
- CRYPTO_get_dynlock_lock_callback() ||
- CRYPTO_get_dynlock_destroy_callback())
+ CRYPTO_get_dynlock_lock_callback() ||
+ CRYPTO_get_dynlock_destroy_callback())
{
WLog_WARN(TAG, "dynamic locking callbacks are already set");
}
}
#ifdef WINPR_OPENSSL_LOCKING_REQUIRED
+
if (flags & WINPR_SSL_INIT_ENABLE_LOCKING)
{
if (!_winpr_openssl_initialize_locking())
return FALSE;
}
}
+
#endif
/* SSL_load_error_strings() is void */
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
#else
+
if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
- OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
- OPENSSL_INIT_ADD_ALL_CIPHERS |
- OPENSSL_INIT_ADD_ALL_DIGESTS |
- OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL) != 1)
+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
+ OPENSSL_INIT_ADD_ALL_CIPHERS |
+ OPENSSL_INIT_ADD_ALL_DIGESTS |
+ OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL) != 1)
return FALSE;
+
#endif
g_winpr_openssl_initialized_by_winpr = TRUE;
WLog_ERR(TAG, "Openssl fips mode ENable not available on openssl versions less than 1.0.1!");
#else
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
+
if (FIPS_mode() != 1)
{
if (FIPS_mode_set(1))
- WLog_INFO(TAG, "Openssl fips mode ENabled!");
+ WLog_INFO(TAG, "Openssl fips mode ENabled!");
else
WLog_ERR(TAG, "Openssl fips mode ENable failed!");
}
+
#endif
}
+
return TRUE;
}
}
#ifdef WINPR_OPENSSL_LOCKING_REQUIRED
+
if (flags & WINPR_SSL_CLEANUP_THREAD)
{
#if (OPENSSL_VERSION_NUMBER < 0x10000000L) || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state(NULL);
#endif
}
+
#endif
return TRUE;
}