From 895ae8b137bd25fc95e9edc57d1bde312e82dffb Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Fri, 3 Feb 2023 16:20:30 +0100
Subject: [PATCH] [core] use rdpPrivateKey and rdpCertificate

---
 libfreerdp/core/nego.c  |  4 +---
 libfreerdp/core/peer.c  | 21 -------------------
 libfreerdp/crypto/tls.c | 45 ++++++-----------------------------------
 3 files changed, 7 insertions(+), 63 deletions(-)

diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c
index cb18e84b8..8ef665651 100644
--- a/libfreerdp/core/nego.c
+++ b/libfreerdp/core/nego.c
@@ -1327,9 +1327,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
 				                                 ENCRYPTION_LEVEL_NONE))
 					return FALSE;
 			}
-			else if (!freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey) &&
-			         !freerdp_settings_get_string(settings, FreeRDP_PrivateKeyFile) &&
-			         !freerdp_settings_get_string(settings, FreeRDP_PrivateKeyContent))
+			else if (!freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey))
 			{
 				WLog_ERR(TAG, "Missing server certificate");
 				return FALSE;
diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c
index c851bf746..56dff9402 100644
--- a/libfreerdp/core/peer.c
+++ b/libfreerdp/core/peer.c
@@ -250,27 +250,6 @@ static BOOL freerdp_peer_initialize(freerdp_peer* client)
 	if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_INITIAL))
 		return FALSE;
 
-	if (settings->PrivateKeyFile)
-	{
-		settings->RdpServerRsaKey = freerdp_key_new_from_file(settings->PrivateKeyFile);
-
-		if (!settings->RdpServerRsaKey)
-		{
-			WLog_ERR(TAG, "invalid RDP key file %s", settings->PrivateKeyFile);
-			return FALSE;
-		}
-	}
-	else if (settings->PrivateKeyContent)
-	{
-		settings->RdpServerRsaKey = freerdp_key_new_from_pem(settings->PrivateKeyContent);
-
-		if (!settings->RdpServerRsaKey)
-		{
-			WLog_ERR(TAG, "invalid RDP key content");
-			return FALSE;
-		}
-	}
-
 	return TRUE;
 }
 
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 79ec55fab..9658e8946 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -42,6 +42,7 @@
 
 #include "opensslcompat.h"
 #include "certificate.h"
+#include "privatekey.h"
 
 #ifdef WINPR_HAVE_POLL_H
 #include <poll.h>
@@ -999,8 +1000,6 @@ TlsHandshakeResult freerdp_tls_accept_ex(rdpTls* tls, BIO* underlying, rdpSettin
 	WINPR_ASSERT(tls);
 
 	long options = 0;
-	BIO* bio;
-	EVP_PKEY* privkey;
 	int status;
 
 	/**
@@ -1051,35 +1050,14 @@ TlsHandshakeResult freerdp_tls_accept_ex(rdpTls* tls, BIO* underlying, rdpSettin
 	if (!tls_prepare(tls, underlying, methods, options, FALSE))
 		return TLS_HANDSHAKE_ERROR;
 
-	if (settings->PrivateKeyFile)
+	rdpPrivateKey* key = freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey);
+	if (!key)
 	{
-		bio = BIO_new_file(settings->PrivateKeyFile, "rb");
-
-		if (!bio)
-		{
-			WLog_ERR(TAG, "BIO_new_file failed for private key %s", settings->PrivateKeyFile);
-			return TLS_HANDSHAKE_ERROR;
-		}
-	}
-	else if (settings->PrivateKeyContent)
-	{
-		bio = BIO_new_mem_buf(settings->PrivateKeyContent, strlen(settings->PrivateKeyContent));
-
-		if (!bio)
-		{
-			WLog_ERR(TAG, "BIO_new_mem_buf failed for private key");
-			return TLS_HANDSHAKE_ERROR;
-		}
-	}
-	else
-	{
-		WLog_ERR(TAG, "no private key defined");
+		WLog_ERR(TAG, "invalid private key");
 		return TLS_HANDSHAKE_ERROR;
 	}
 
-	privkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
-	BIO_free_all(bio);
-
+	EVP_PKEY* privkey = freerdp_key_get_evp_pkey(key);
 	if (!privkey)
 	{
 		WLog_ERR(TAG, "invalid private key");
@@ -1099,17 +1077,7 @@ TlsHandshakeResult freerdp_tls_accept_ex(rdpTls* tls, BIO* underlying, rdpSettin
 		return TLS_HANDSHAKE_ERROR;
 	}
 
-	rdpCertificate* cert = NULL;
-	if (settings->CertificateFile)
-		cert = freerdp_certificate_new_from_file(settings->CertificateFile);
-	else if (settings->CertificateContent)
-		cert = freerdp_certificate_new_from_pem(settings->CertificateContent);
-	else
-	{
-		WLog_ERR(TAG, "no certificate defined");
-		return TLS_HANDSHAKE_ERROR;
-	}
-
+	rdpCertificate* cert = freerdp_settings_get_pointer(settings, FreeRDP_RdpServerCertificate);
 	if (!cert)
 	{
 		WLog_ERR(TAG, "invalid certificate");
@@ -1117,7 +1085,6 @@ TlsHandshakeResult freerdp_tls_accept_ex(rdpTls* tls, BIO* underlying, rdpSettin
 	}
 
 	status = SSL_use_certificate(tls->ssl, freerdp_certificate_get_x509(cert));
-	freerdp_certificate_free(cert);
 
 	if (status <= 0)
 	{