mirror of
https://github.com/morgan9e/FreeRDP
synced 2026-04-15 00:44:19 +09:00
[crypto,cert] log all possible failure branches
When reading a RSA server certificate log all possible failing SSL library functions to allow better debugging.
This commit is contained in:
akallabeth
@@ -200,23 +200,36 @@ X509* x509_from_rsa(const RSA* rsa)
|
||||
#endif
|
||||
);
|
||||
if (!bio)
|
||||
{
|
||||
WLog_ERR(TAG, "BIO_new() failed");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const int rc = PEM_write_bio_RSA_PUBKEY(bio, (RSA*)rsa);
|
||||
if (rc != 1)
|
||||
{
|
||||
WLog_ERR(TAG, "PEM_write_bio_RSA_PUBKEY(bio, (RSA*)rsa) failed");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
pubkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
|
||||
if (!pubkey)
|
||||
{
|
||||
WLog_ERR(TAG, "PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL) failed");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
x509 = X509_new();
|
||||
if (!x509)
|
||||
{
|
||||
WLog_ERR(TAG, "X509_new() failed");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
const int res = X509_set_pubkey(x509, pubkey);
|
||||
if (res != 1)
|
||||
{
|
||||
WLog_ERR(TAG, "X509_set_pubkey(x509, pubkey) failed");
|
||||
X509_free(x509);
|
||||
x509 = NULL;
|
||||
goto fail;
|
||||
|
||||
@@ -482,22 +482,39 @@ static OSSL_PARAM* get_params(const BIGNUM* e, const BIGNUM* mod)
|
||||
OSSL_PARAM* parameters = NULL;
|
||||
OSSL_PARAM_BLD* param = OSSL_PARAM_BLD_new();
|
||||
if (!param)
|
||||
{
|
||||
WLog_ERR(TAG, "OSSL_PARAM_BLD_new() failed");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const int bits = BN_num_bits(e);
|
||||
if ((bits < 0) || (bits > 32))
|
||||
{
|
||||
WLog_ERR(TAG, "BN_num_bits(e) out of range: 0 <= %d <= 32", bits);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
UINT ie = 0;
|
||||
const int ne = BN_bn2nativepad(e, (BYTE*)&ie, sizeof(ie));
|
||||
if ((ne < 0) || (ne > 4))
|
||||
{
|
||||
WLog_ERR(TAG, "BN_bn2nativepad(e, (BYTE*)&ie, sizeof(ie)) out of range: 0<= %d <= 4", ne);
|
||||
goto fail;
|
||||
}
|
||||
if (OSSL_PARAM_BLD_push_BN(param, OSSL_PKEY_PARAM_RSA_N, mod) != 1)
|
||||
{
|
||||
WLog_ERR(TAG, "OSSL_PARAM_BLD_push_BN(param, OSSL_PKEY_PARAM_RSA_N, mod) failed");
|
||||
goto fail;
|
||||
}
|
||||
if (OSSL_PARAM_BLD_push_uint(param, OSSL_PKEY_PARAM_RSA_E, ie) != 1)
|
||||
{
|
||||
WLog_ERR(TAG, "OSSL_PARAM_BLD_push_uint(param, OSSL_PKEY_PARAM_RSA_E, ie) failed");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
parameters = OSSL_PARAM_BLD_to_param(param);
|
||||
if (!parameters)
|
||||
WLog_ERR(TAG, "OSSL_PARAM_BLD_to_param(param) failed");
|
||||
fail:
|
||||
OSSL_PARAM_BLD_free(param);
|
||||
|
||||
@@ -521,33 +538,55 @@ static BOOL update_x509_from_info(rdpCertificate* cert)
|
||||
#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
|
||||
RSA* rsa = RSA_new();
|
||||
if (!rsa)
|
||||
{
|
||||
WLog_ERR(TAG, "RSA_new() failed");
|
||||
goto fail;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!mod || !e)
|
||||
{
|
||||
WLog_ERR(TAG, "failure: mod=%p, e=%p", mod, e);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
WINPR_ASSERT(info->ModulusLength <= INT_MAX);
|
||||
if (!BN_bin2bn(info->Modulus, (int)info->ModulusLength, mod))
|
||||
{
|
||||
WLog_ERR(TAG, "BN_bin2bn(info->Modulus, (int)info->ModulusLength, mod) failed");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (!BN_bin2bn(info->exponent, (int)sizeof(info->exponent), e))
|
||||
{
|
||||
WLog_ERR(TAG, "BN_bin2bn(info->exponent, (int)sizeof(info->exponent), e) failed");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
|
||||
const int rec = RSA_set0_key(rsa, mod, e, NULL);
|
||||
if (rec != 1)
|
||||
{
|
||||
WLog_ERR(TAG, "RSA_set0_key(rsa, mod, e, NULL) failed");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
cert->x509 = x509_from_rsa(rsa);
|
||||
#else
|
||||
EVP_PKEY* pkey = NULL;
|
||||
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
|
||||
if (!ctx)
|
||||
{
|
||||
WLog_ERR(TAG, "EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL) failed");
|
||||
goto fail2;
|
||||
}
|
||||
const int xx = EVP_PKEY_fromdata_init(ctx);
|
||||
if (xx != 1)
|
||||
{
|
||||
WLog_ERR(TAG, "EVP_PKEY_fromdata_init(ctx) failed");
|
||||
goto fail2;
|
||||
}
|
||||
|
||||
OSSL_PARAM* parameters = get_params(e, mod);
|
||||
if (!parameters)
|
||||
goto fail2;
|
||||
@@ -555,13 +594,21 @@ static BOOL update_x509_from_info(rdpCertificate* cert)
|
||||
const int rc2 = EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, parameters);
|
||||
OSSL_PARAM_free(parameters);
|
||||
if (rc2 <= 0)
|
||||
{
|
||||
WLog_ERR(TAG, "EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, parameters) failed");
|
||||
goto fail2;
|
||||
}
|
||||
|
||||
cert->x509 = X509_new();
|
||||
if (!cert->x509)
|
||||
{
|
||||
WLog_ERR(TAG, "X509_new() failed");
|
||||
goto fail2;
|
||||
}
|
||||
|
||||
if (X509_set_pubkey(cert->x509, pkey) != 1)
|
||||
{
|
||||
WLog_ERR(TAG, "X509_set_pubkey(cert->x509, pkey) failed");
|
||||
X509_free(cert->x509);
|
||||
cert->x509 = NULL;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user