diff --git a/libfreerdp/crypto/cert_common.c b/libfreerdp/crypto/cert_common.c index bd0abad60..17a0d4850 100644 --- a/libfreerdp/crypto/cert_common.c +++ b/libfreerdp/crypto/cert_common.c @@ -200,23 +200,36 @@ X509* x509_from_rsa(const RSA* rsa) #endif ); if (!bio) + { + WLog_ERR(TAG, "BIO_new() failed"); return NULL; + } const int rc = PEM_write_bio_RSA_PUBKEY(bio, (RSA*)rsa); if (rc != 1) + { + WLog_ERR(TAG, "PEM_write_bio_RSA_PUBKEY(bio, (RSA*)rsa) failed"); goto fail; + } pubkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); if (!pubkey) + { + WLog_ERR(TAG, "PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL) failed"); goto fail; + } x509 = X509_new(); if (!x509) + { + WLog_ERR(TAG, "X509_new() failed"); goto fail; + } const int res = X509_set_pubkey(x509, pubkey); if (res != 1) { + WLog_ERR(TAG, "X509_set_pubkey(x509, pubkey) failed"); X509_free(x509); x509 = NULL; goto fail; diff --git a/libfreerdp/crypto/certificate.c b/libfreerdp/crypto/certificate.c index 5b6590a43..a56fbf3e3 100644 --- a/libfreerdp/crypto/certificate.c +++ b/libfreerdp/crypto/certificate.c @@ -482,22 +482,39 @@ static OSSL_PARAM* get_params(const BIGNUM* e, const BIGNUM* mod) OSSL_PARAM* parameters = NULL; OSSL_PARAM_BLD* param = OSSL_PARAM_BLD_new(); if (!param) + { + WLog_ERR(TAG, "OSSL_PARAM_BLD_new() failed"); return NULL; + } const int bits = BN_num_bits(e); if ((bits < 0) || (bits > 32)) + { + WLog_ERR(TAG, "BN_num_bits(e) out of range: 0 <= %d <= 32", bits); goto fail; + } UINT ie = 0; const int ne = BN_bn2nativepad(e, (BYTE*)&ie, sizeof(ie)); if ((ne < 0) || (ne > 4)) + { + WLog_ERR(TAG, "BN_bn2nativepad(e, (BYTE*)&ie, sizeof(ie)) out of range: 0<= %d <= 4", ne); goto fail; + } if (OSSL_PARAM_BLD_push_BN(param, OSSL_PKEY_PARAM_RSA_N, mod) != 1) + { + WLog_ERR(TAG, "OSSL_PARAM_BLD_push_BN(param, OSSL_PKEY_PARAM_RSA_N, mod) failed"); goto fail; + } if (OSSL_PARAM_BLD_push_uint(param, OSSL_PKEY_PARAM_RSA_E, ie) != 1) + { + WLog_ERR(TAG, "OSSL_PARAM_BLD_push_uint(param, OSSL_PKEY_PARAM_RSA_E, ie) failed"); goto fail; + } parameters = OSSL_PARAM_BLD_to_param(param); + if (!parameters) + WLog_ERR(TAG, "OSSL_PARAM_BLD_to_param(param) failed"); fail: OSSL_PARAM_BLD_free(param); @@ -521,33 +538,55 @@ static BOOL update_x509_from_info(rdpCertificate* cert) #if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3) RSA* rsa = RSA_new(); if (!rsa) + { + WLog_ERR(TAG, "RSA_new() failed"); goto fail; + } #endif if (!mod || !e) + { + WLog_ERR(TAG, "failure: mod=%p, e=%p", mod, e); goto fail; + } WINPR_ASSERT(info->ModulusLength <= INT_MAX); if (!BN_bin2bn(info->Modulus, (int)info->ModulusLength, mod)) + { + WLog_ERR(TAG, "BN_bin2bn(info->Modulus, (int)info->ModulusLength, mod) failed"); goto fail; + } if (!BN_bin2bn(info->exponent, (int)sizeof(info->exponent), e)) + { + WLog_ERR(TAG, "BN_bin2bn(info->exponent, (int)sizeof(info->exponent), e) failed"); goto fail; + } #if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3) const int rec = RSA_set0_key(rsa, mod, e, NULL); if (rec != 1) + { + WLog_ERR(TAG, "RSA_set0_key(rsa, mod, e, NULL) failed"); goto fail; + } cert->x509 = x509_from_rsa(rsa); #else EVP_PKEY* pkey = NULL; EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (!ctx) + { + WLog_ERR(TAG, "EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL) failed"); goto fail2; + } const int xx = EVP_PKEY_fromdata_init(ctx); if (xx != 1) + { + WLog_ERR(TAG, "EVP_PKEY_fromdata_init(ctx) failed"); goto fail2; + } + OSSL_PARAM* parameters = get_params(e, mod); if (!parameters) goto fail2; @@ -555,13 +594,21 @@ static BOOL update_x509_from_info(rdpCertificate* cert) const int rc2 = EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, parameters); OSSL_PARAM_free(parameters); if (rc2 <= 0) + { + WLog_ERR(TAG, "EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, parameters) failed"); goto fail2; + } cert->x509 = X509_new(); if (!cert->x509) + { + WLog_ERR(TAG, "X509_new() failed"); goto fail2; + } + if (X509_set_pubkey(cert->x509, pkey) != 1) { + WLog_ERR(TAG, "X509_set_pubkey(cert->x509, pkey) failed"); X509_free(cert->x509); cert->x509 = NULL; }