Milestone 5: deliver embedded RDP sessions and lifecycle hardening

third_party/FreeRDP/libfreerdp/crypto/test/CMakeLists.txt

@@ -0,0 +1,32 @@
+set(MODULE_NAME "TestFreeRDPCrypto")
+set(MODULE_PREFIX "TEST_FREERDP_CRYPTO")
+
+disable_warnings_for_directory(${CMAKE_CURRENT_BINARY_DIR})
+
+set(DRIVER ${MODULE_NAME}.c)
+
+set(TESTS TestKnownHosts.c TestBase64.c)
+
+if(BUILD_TESTING_INTERNAL)
+  list(APPEND TESTS Test_x509_utils.c)
+endif()
+
+create_test_sourcelist(SRCS ${DRIVER} ${TESTS})
+
+include_directories(SYSTEM ${OPENSSL_INCLUDE_DIR})
+
+add_executable(${MODULE_NAME} ${SRCS})
+
+set(TEST_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+
+add_compile_definitions(TEST_SOURCE_DIR="${TEST_PATH}")
+target_link_libraries(${MODULE_NAME} freerdp winpr ${OPENSSL_LIBRARIES})
+
+set_target_properties(${MODULE_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}")
+
+foreach(test ${TESTS})
+  get_filename_component(TestName ${test} NAME_WE)
+  add_test(${TestName} ${TESTING_OUTPUT_DIRECTORY}/${MODULE_NAME} ${TestName})
+endforeach()
+
+set_property(TARGET ${MODULE_NAME} PROPERTY FOLDER "FreeRDP/Test")

third_party/FreeRDP/libfreerdp/crypto/test/TestBase64.c

@@ -0,0 +1,178 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ *
+ * Copyright 2014 Thincast Technologies GmbH
+ * Copyright 2014 Hardening <contact@hardening-consulting.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <freerdp/crypto/crypto.h>
+
+struct Encode64test
+{
+	const char* input;
+	size_t len;
+	const char* output;
+};
+
+static const struct Encode64test encodeTests_base64[] = {
+	{ "\x00", 1, "AA==" },
+	{ "\x00\x00", 2, "AAA=" },
+	{ "\x00\x00\x00", 3, "AAAA" },
+	{ "0123456", 7, "MDEyMzQ1Ng==" },
+	{ "90123456", 8, "OTAxMjM0NTY=" },
+	{ "890123456", 9, "ODkwMTIzNDU2" },
+	{ "7890123456", 10, "Nzg5MDEyMzQ1Ng==" },
+
+	{ nullptr, -1, nullptr }, /*  /!\ last one  /!\ */
+};
+
+static const struct Encode64test encodeTests_base64url[] = {
+	{ "\x00", 1, "AA" },
+	{ "\x00\x00", 2, "AAA" },
+	{ "\x00\x00\x00", 3, "AAAA" },
+	{ "01?34>6", 7, "MDE_MzQ-Ng" },
+	{ "90123456", 8, "OTAxMjM0NTY" },
+	{ "890123456", 9, "ODkwMTIzNDU2" },
+	{ "78?01>3456", 10, "Nzg_MDE-MzQ1Ng" },
+
+	{ nullptr, -1, nullptr }, /*  /!\ last one  /!\ */
+};
+
+int TestBase64(int argc, char* argv[])
+{
+	int testNb = 0;
+	size_t outLen = 0;
+	BYTE* decoded = nullptr;
+	WINPR_UNUSED(argc);
+	WINPR_UNUSED(argv);
+	testNb++;
+	(void)fprintf(stderr, "%d:encode base64...", testNb);
+
+	for (int i = 0; encodeTests_base64[i].input; i++)
+	{
+		char* encoded = crypto_base64_encode((const BYTE*)encodeTests_base64[i].input,
+		                                     encodeTests_base64[i].len);
+
+		if (strcmp(encodeTests_base64[i].output, encoded) != 0)
+		{
+			(void)fprintf(stderr, "ko, error for string %d\n", i);
+			return -1;
+		}
+
+		free(encoded);
+	}
+
+	(void)fprintf(stderr, "ok\n");
+	testNb++;
+	(void)fprintf(stderr, "%d:encode base64url...", testNb);
+
+	for (int i = 0; encodeTests_base64url[i].input; i++)
+	{
+		char* encoded = crypto_base64url_encode((const BYTE*)encodeTests_base64url[i].input,
+		                                        encodeTests_base64url[i].len);
+
+		if (strcmp(encodeTests_base64url[i].output, encoded) != 0)
+		{
+			(void)fprintf(stderr, "ko, error for string %d\n", i);
+			return -1;
+		}
+
+		free(encoded);
+	}
+
+	(void)fprintf(stderr, "ok\n");
+	testNb++;
+	(void)fprintf(stderr, "%d:decode base64...", testNb);
+
+	for (int i = 0; encodeTests_base64[i].input; i++)
+	{
+		crypto_base64_decode(encodeTests_base64[i].output, strlen(encodeTests_base64[i].output),
+		                     &decoded, &outLen);
+
+		if (!decoded || (outLen != encodeTests_base64[i].len) ||
+		    memcmp(encodeTests_base64[i].input, decoded, outLen) != 0)
+		{
+			(void)fprintf(stderr, "ko, error for string %d\n", i);
+			return -1;
+		}
+
+		free(decoded);
+	}
+
+	(void)fprintf(stderr, "ok\n");
+	testNb++;
+	(void)fprintf(stderr, "%d:decode base64url...", testNb);
+
+	for (int i = 0; encodeTests_base64url[i].input; i++)
+	{
+		crypto_base64url_decode(encodeTests_base64url[i].output,
+		                        strlen(encodeTests_base64url[i].output), &decoded, &outLen);
+
+		if (!decoded || (outLen != encodeTests_base64url[i].len) ||
+		    memcmp(encodeTests_base64url[i].input, decoded, outLen) != 0)
+		{
+			(void)fprintf(stderr, "ko, error for string %d\n", i);
+			return -1;
+		}
+
+		free(decoded);
+	}
+
+	(void)fprintf(stderr, "ok\n");
+	testNb++;
+	(void)fprintf(stderr, "%d:decode base64 errors...", testNb);
+	crypto_base64_decode("000", 3, &decoded, &outLen);
+
+	if (decoded)
+	{
+		(void)fprintf(stderr, "ko, badly padded string\n");
+		return -1;
+	}
+
+	crypto_base64_decode("0=00", 4, &decoded, &outLen);
+
+	if (decoded)
+	{
+		(void)fprintf(stderr, "ko, = in a wrong place\n");
+		return -1;
+	}
+
+	crypto_base64_decode("00=0", 4, &decoded, &outLen);
+
+	if (decoded)
+	{
+		(void)fprintf(stderr, "ko, = in a wrong place\n");
+		return -1;
+	}
+	(void)fprintf(stderr, "ok\n");
+	testNb++;
+
+	/* test the encode_ex version that will add \r\n */
+	(void)fprintf(stderr, "%d:encode base64 with crLf...", testNb);
+	const char* longStr = "01234567890123456789012345678901234567890123456789";
+	const char* longStrExpected =
+	    "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3\r\nODk=\r\n";
+
+	char* encoded = crypto_base64_encode_ex((const BYTE*)longStr, strlen(longStr), TRUE);
+	if (!encoded || strcmp(encoded, longStrExpected) != 0)
+	{
+		(void)fprintf(stderr, "problem with encode with CRLF\n");
+		return -1;
+	}
+	free(encoded);
+	(void)fprintf(stderr, "ok\n");
+
+	return 0;
+}

third_party/FreeRDP/libfreerdp/crypto/test/TestKnownHosts.c

@@ -0,0 +1,394 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ *
+ * Copyright 2015 Thincast Technologies GmbH
+ * Copyright 2015 Armin Novak <armin.novak@thincast.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <winpr/path.h>
+#include <winpr/file.h>
+#include <winpr/sysinfo.h>
+
+#include <freerdp/crypto/certificate_store.h>
+
+/* Some certificates copied from /usr/share/ca-certificates */
+static const char pem1[] = "-----BEGIN CERTIFICATE-----\n"
+                           "MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH\n"
+                           "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n"
+                           "QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy\n"
+                           "MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl\n"
+                           "cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB\n"
+                           "AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM\n"
+                           "f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX\n"
+                           "mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7\n"
+                           "zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P\n"
+                           "fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc\n"
+                           "vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4\n"
+                           "Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp\n"
+                           "zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO\n"
+                           "Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW\n"
+                           "k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+\n"
+                           "DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF\n"
+                           "lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\n"
+                           "HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW\n"
+                           "Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1\n"
+                           "d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z\n"
+                           "XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR\n"
+                           "gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3\n"
+                           "d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv\n"
+                           "J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg\n"
+                           "DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM\n"
+                           "+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy\n"
+                           "F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9\n"
+                           "SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws\n"
+                           "E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl\n"
+                           "-----END CERTIFICATE-----";
+
+static const char pem2[] = "-----BEGIN CERTIFICATE-----\n"
+                           "MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH\n"
+                           "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n"
+                           "QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy\n"
+                           "MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl\n"
+                           "cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB\n"
+                           "AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv\n"
+                           "CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg\n"
+                           "GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu\n"
+                           "XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd\n"
+                           "re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu\n"
+                           "PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1\n"
+                           "mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K\n"
+                           "8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj\n"
+                           "x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR\n"
+                           "nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0\n"
+                           "kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok\n"
+                           "twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\n"
+                           "HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp\n"
+                           "8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT\n"
+                           "vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT\n"
+                           "z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA\n"
+                           "pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb\n"
+                           "pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB\n"
+                           "R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R\n"
+                           "RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk\n"
+                           "0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC\n"
+                           "5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF\n"
+                           "izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn\n"
+                           "yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC\n"
+                           "-----END CERTIFICATE-----";
+
+static const char pem3[] = "-----BEGIN CERTIFICATE-----\n"
+                           "MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw\n"
+                           "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n"
+                           "MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\n"
+                           "MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n"
+                           "Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA\n"
+                           "IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout\n"
+                           "736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A\n"
+                           "DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud\n"
+                           "DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk\n"
+                           "fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA\n"
+                           "njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd\n"
+                           "-----END CERTIFICATE-----";
+
+static const char pem4[] = "-----BEGIN CERTIFICATE-----\n"
+                           "MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw\n"
+                           "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n"
+                           "MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\n"
+                           "MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n"
+                           "Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA\n"
+                           "IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu\n"
+                           "hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l\n"
+                           "xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud\n"
+                           "DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0\n"
+                           "CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx\n"
+                           "sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w==\n"
+                           "-----END CERTIFICATE-----";
+
+static int prepare(const char* currentFileV2)
+{
+	int rc = -1;
+	const char* hosts[] = { "#somecomment\r\n"
+		                    "someurl 3389 ff:11:22:dd c3ViamVjdA== aXNzdWVy\r\n"
+		                    " \t#anothercomment\r\n"
+		                    "otherurl\t3389\taa:bb:cc:dd\tsubject2\tissuer2\r" };
+	FILE* fc = nullptr;
+	fc = winpr_fopen(currentFileV2, "w+");
+
+	if (!fc)
+		goto finish;
+
+	for (size_t i = 0; i < ARRAYSIZE(hosts); i++)
+	{
+		if (fwrite(hosts[i], strlen(hosts[i]), 1, fc) != 1)
+			goto finish;
+	}
+
+	rc = 0;
+finish:
+
+	if (fc)
+		(void)fclose(fc);
+
+	return rc;
+}
+
+static BOOL setup_config(rdpSettings** settings)
+{
+	BOOL rc = FALSE;
+	char* path = nullptr;
+	char sname[8192];
+	SYSTEMTIME systemTime;
+
+	if (!settings)
+		goto fail;
+	*settings = freerdp_settings_new(0);
+	if (!*settings)
+		goto fail;
+
+	GetSystemTime(&systemTime);
+	(void)sprintf_s(sname, sizeof(sname),
+	                "TestKnownHostsCurrent-%04" PRIu16 "%02" PRIu16 "%02" PRIu16 "%02" PRIu16
+	                "%02" PRIu16 "%02" PRIu16 "%04" PRIu16,
+	                systemTime.wYear, systemTime.wMonth, systemTime.wDay, systemTime.wHour,
+	                systemTime.wMinute, systemTime.wSecond, systemTime.wMilliseconds);
+
+	path = GetKnownSubPath(KNOWN_PATH_TEMP, sname);
+	if (!path)
+		goto fail;
+	if (!winpr_PathFileExists(path))
+	{
+		if (!CreateDirectoryA(path, nullptr))
+		{
+			(void)fprintf(stderr, "Could not create %s!\n", path);
+			goto fail;
+		}
+	}
+
+	rc = freerdp_settings_set_string(*settings, FreeRDP_ConfigPath, path);
+fail:
+	free(path);
+	return rc;
+}
+
+static BOOL equal(const char* a, const char* b)
+{
+	if (!a && !b)
+		return TRUE;
+	if (!a || !b)
+		return FALSE;
+	return strcmp(a, b) == 0;
+}
+
+static BOOL compare(const rdpCertificateData* data, const rdpCertificateData* stored)
+{
+	if (!data || !stored)
+		return FALSE;
+	if (!equal(freerdp_certificate_data_get_subject(data),
+	           freerdp_certificate_data_get_subject(stored)))
+		return FALSE;
+	if (!equal(freerdp_certificate_data_get_issuer(data),
+	           freerdp_certificate_data_get_issuer(stored)))
+		return FALSE;
+	if (!equal(freerdp_certificate_data_get_fingerprint(data),
+	           freerdp_certificate_data_get_fingerprint(stored)))
+		return FALSE;
+	return TRUE;
+}
+
+static BOOL pem_equal(const char* a, const char* b)
+{
+	return strcmp(a, b) == 0;
+}
+
+static BOOL compare_ex(const rdpCertificateData* data, const rdpCertificateData* stored)
+{
+	if (!compare(data, stored))
+		return FALSE;
+	if (!pem_equal(freerdp_certificate_data_get_pem(data),
+	               freerdp_certificate_data_get_pem(stored)))
+		return FALSE;
+
+	return TRUE;
+}
+
+static BOOL test_get_data(rdpCertificateStore* store, const rdpCertificateData* data)
+{
+	BOOL res = 0;
+	rdpCertificateData* stored = freerdp_certificate_store_load_data(
+	    store, freerdp_certificate_data_get_host(data), freerdp_certificate_data_get_port(data));
+	if (!stored)
+		return FALSE;
+
+	res = compare(data, stored);
+	freerdp_certificate_data_free(stored);
+	return res;
+}
+
+static BOOL test_get_data_ex(rdpCertificateStore* store, const rdpCertificateData* data)
+{
+	BOOL res = 0;
+	rdpCertificateData* stored = freerdp_certificate_store_load_data(
+	    store, freerdp_certificate_data_get_host(data), freerdp_certificate_data_get_port(data));
+	if (!stored)
+		return FALSE;
+
+	res = compare_ex(data, stored);
+	freerdp_certificate_data_free(stored);
+	return res;
+}
+
+static BOOL test_certs_dir(void)
+{
+	BOOL rc = FALSE;
+	rdpSettings* settings = nullptr;
+	rdpCertificateStore* store = nullptr;
+	rdpCertificateData* data1 = nullptr;
+	rdpCertificateData* data2 = nullptr;
+	rdpCertificateData* data3 = nullptr;
+	rdpCertificateData* data4 = nullptr;
+
+	printf("%s\n", __func__);
+	if (!setup_config(&settings))
+		goto fail;
+
+	printf("freerdp_certificate_store_new()\n");
+	store = freerdp_certificate_store_new(settings);
+	if (!store)
+		goto fail;
+
+	{
+		printf("freerdp_certificate_data_new()\n");
+		data1 = freerdp_certificate_data_new_from_pem("somehost", 1234, pem1, strlen(pem1));
+		data2 = freerdp_certificate_data_new_from_pem("otherhost", 4321, pem2, strlen(pem2));
+		data3 = freerdp_certificate_data_new_from_pem("otherhost4", 444, pem3, strlen(pem3));
+		data4 = freerdp_certificate_data_new_from_pem("otherhost", 4321, pem4, strlen(pem4));
+		if (!data1 || !data2 || !data3 || !data4)
+			goto fail;
+
+		/* Find non existing in empty store */
+		printf("freerdp_certificate_store_load_data on empty store\n");
+		if (test_get_data(store, data1))
+			goto fail;
+		if (test_get_data_ex(store, data1))
+			goto fail;
+		if (test_get_data(store, data2))
+			goto fail;
+		if (test_get_data_ex(store, data2))
+			goto fail;
+		if (test_get_data(store, data3))
+			goto fail;
+		if (test_get_data_ex(store, data3))
+			goto fail;
+
+		/* Add certificates */
+		printf("freerdp_certificate_store_save_data\n");
+		if (!freerdp_certificate_store_save_data(store, data1))
+			goto fail;
+		if (!freerdp_certificate_store_save_data(store, data2))
+			goto fail;
+
+		/* Find non existing in non empty store */
+		printf("freerdp_certificate_store_load_data on filled store, non existing value\n");
+		if (test_get_data(store, data3))
+			goto fail;
+		if (test_get_data_ex(store, data3))
+			goto fail;
+
+		/* Add remaining certs */
+		printf("freerdp_certificate_store_save_data\n");
+		if (!freerdp_certificate_store_save_data(store, data3))
+			goto fail;
+
+		/* Check existing can all be found */
+		printf("freerdp_certificate_store_load_data on filled store, existing value\n");
+		if (!test_get_data(store, data1))
+			goto fail;
+		if (!test_get_data_ex(store, data1))
+			goto fail;
+		if (!test_get_data(store, data2))
+			goto fail;
+		if (!test_get_data_ex(store, data2))
+			goto fail;
+		if (!test_get_data(store, data3))
+			goto fail;
+		if (!test_get_data_ex(store, data3))
+			goto fail;
+
+		/* Modify existing entry */
+		printf("freerdp_certificate_store_save_data modify data\n");
+		if (!freerdp_certificate_store_save_data(store, data4))
+			goto fail;
+
+		/* Check new data is in store */
+		printf("freerdp_certificate_store_load_data check modified data can be loaded\n");
+		if (!test_get_data(store, data4))
+			goto fail;
+		if (!test_get_data_ex(store, data4))
+			goto fail;
+
+		/* Check old data is no longer valid */
+		printf("freerdp_certificate_store_load_data check original data no longer there\n");
+		if (test_get_data(store, data2))
+			goto fail;
+		if (test_get_data_ex(store, data2))
+			goto fail;
+
+		/* Delete a cert */
+		printf("freerdp_certificate_store_remove_data\n");
+		if (!freerdp_certificate_store_remove_data(store, data3))
+			goto fail;
+		/* Delete non existing, should succeed */
+		printf("freerdp_certificate_store_remove_data missing value\n");
+		if (!freerdp_certificate_store_remove_data(store, data3))
+			goto fail;
+
+		printf("freerdp_certificate_store_load_data on filled store, existing value\n");
+		if (!test_get_data(store, data1))
+			goto fail;
+		if (!test_get_data_ex(store, data1))
+			goto fail;
+		if (!test_get_data(store, data4))
+			goto fail;
+		if (!test_get_data_ex(store, data4))
+			goto fail;
+
+		printf("freerdp_certificate_store_load_data on filled store, removed value\n");
+		if (test_get_data(store, data3))
+			goto fail;
+		if (test_get_data_ex(store, data3))
+			goto fail;
+	}
+
+	rc = TRUE;
+fail:
+	printf("freerdp_certificate_data_free %d\n", rc);
+	freerdp_certificate_data_free(data1);
+	freerdp_certificate_data_free(data2);
+	freerdp_certificate_data_free(data3);
+	freerdp_certificate_data_free(data4);
+	freerdp_certificate_store_free(store);
+	freerdp_settings_free(settings);
+	return rc;
+}
+
+int TestKnownHosts(int argc, char* argv[])
+{
+	WINPR_UNUSED(argc);
+	WINPR_UNUSED(argv);
+
+	if (!test_certs_dir())
+		return -1;
+	return 0;
+}

third_party/FreeRDP/libfreerdp/crypto/test/Test_x509_cert_info.pem

@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHNzCCBR+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwcDEqMCgGA1UEAwwhQURN
+SU5JU1RSQVRJT04gQ0VOVFJBTEUgREVTIFRFU1RTMQswCQYDVQQGEwJGUjEcMBoG
+A1UECgwTTUlOSVNURVJFIERFUyBURVNUUzEXMBUGA1UECwwOMDAwMiAxMTAwMTQw
+MTYwHhcNMTgwNTE4MDkyNTU1WhcNMTkwNTEzMDkyNTU1WjCBvzEkMCIGA1UEAwwb
+VEVTVEpFQU4gVEVTVE1BUlRJTiA5OTk5OTk5MQswCQYDVQQGEwJGUjEcMBoGA1UE
+CgwTTUlOSVNURVJFIERFUyBURVNUUzEXMBUGA1UECwwOMDAwMiAxMTAwMTQwMTYx
+EjAQBgNVBAsMCVBFUlNPTk5FUzEXMBUGCgmSJomT8ixkAQEMBzk5OTk5OTkxETAP
+BgNVBCoMCFRFU1RKRUFOMRMwEQYDVQQEDApURVNUTUFSVElOMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEA3yc22RDYc+Vc6F26/LONvaYkdTVDiCgbh9Ik
+6pLF5izNpfdQ/YZU25h/UPECdchYX31UEErVOYudOBOHtU4fNjTO0oK5Va/DoFln
+LnfwNpAlBZfogG+yy8fK4yLxG+raoSKDR/5P3hmTqKJqw1WpkwcVE2EDqkP1clMZ
+L5cvJj6gLJa2q0JCdoKe7NntZkgpIk5ZHUZm2JYC30xL7XHfvvb/i0OZLpPOIekT
+DCzxr9HTjbqe+BRZix2UiGpXzjIlDm6EEQNebZqf5kKgcbkxIDWcVraE0kO3TqJI
+P4FBUeuxLqGwQ0AMKrZ+j8U7KAoM9WUoIFcmm8nYGo4hT6ugNIQ9nwQSgyH3yGH1
+PU2k12Ovv2Ft8C/IFuusXxTOJprcFxtjE7qYZ44tmvlozlDOBOJYjLiURAh3r5LL
+TadgArZ3XVMyWlwlTEy9qX59izY9Zz27kd5H11DOz5ezopHAWwP6sgCvWeNDyx8Q
+I3jY8TYzJHahN2bknP2fqwwdGqFCrHItJx2DhDe2ruTk6vvbnwGgYqGzv+RtdNbW
+CL4IMEQQKG9AM40WCz9pu32/vOaQ+hrYyCQMCtli0DSauB+K2IFPsAcz5OAaITJv
+LenMt8mUP9NWHWfr5WYm0tuUCCU4dUT38MqkkdQv7oly1LHkvUdMU+Nk/Ki0Q83U
+9gMvaPcCAwEAAaOCAYkwggGFMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
+MDIGA1UdJQQrMCkGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYHKwYB
+BQIDBDAdBgNVHQ4EFgQUXs4RKN+vUVsZjEW/J6qo6EZTLZUwHwYDVR0jBBgwFoAU
+fUXj4k7OA3d8KylcprhMptiOL10wgbIGA1UdEQSBqjCBp6A9BgYrBgEFAgKgMzAx
+oBYbFGtwbi50ZXN0LmV4YW1wbGUuY29toRcwFRsTdGVzdGplYW4udGVzdG1hcnRp
+bqBABgorBgEEAYI3FAIDoDIMMHRlc3RqZWFuLnRlc3RtYXJ0aW4uOTk5OTk5OUB1
+cG4udGVzdC5leGFtcGxlLmNvbYEkdGVzdGplYW4udGVzdG1hcnRpbkB0ZXN0LmV4
+YW1wbGUuY29tMDEGA1UdEgQqMCiCEnJvb3RjYS5leGFtcGxlLmNvbYISaW50ZWNh
+LmV4YW1wbGUuY29tMAkGA1UdIAQCMAAwDQYJKoZIhvcNAQEFBQADggIBAKRDovf+
+CCnV2mtXnzH5JlduOjPWJmGB5a8HLPvakfAm4wQ0YyAViE1tar0V9lhG6nCogWWa
+28D+eM5vLPjVE8ebq5UjIv76x6gWoJkQ3HtfVJvn9UfXwax6IqT7hb1fAHBqu0rj
+uSnSxf1wIzPMp9Lb5x3jBu9ryNMiLUzeY1slBvosOXKlmprPhGWfPYYNCZo2bGJI
+1w5alGDgTBcWKl7icJjAIuCpyRTnKCsaN3kyDU7C5aUhsm9AriPiNErzRI+l5+eu
+Ywg3MZ7Yfjd3rXb6JleT0ZnCh/nFtVLIccWaI4phCrYTGz6odNIqrZ6X23Pt6Rx3
+ZbQjtj4ipMdvbvJbS90aFMrTyfqhVLOxHy+setDcmPOixUgXlx8ZjFI9vgFUeJbo
+OKrkLw4ITUduO+9MplBX7Kt/iCS/CbTfPlHMv03Xb6rbjqHxTJZCCu5QMNHiBeHV
+l8FK5R6gv+9FuCl8uPHwGh/jelQp51cVORlQWeKpqWdwTi0Q3VeVeQAG5RR34xgT
+cQa8h9AqkxYajhxKUmbUlaoYGd8TwUQLrS2jZxp/9geyApVQLAQ27CyAK5HyHSCA
+uqCKsM0gFQyCL4IbXQyFMWgjXZYaorHFjVuMhYEkgWui/9sv+7sMAV5JzROeAw3l
+4+D7yhywwuRzH2SzoavzGpWGMUveVsdLMRk9
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/Test_x509_utils.c

@@ -0,0 +1,241 @@
+#include <winpr/file.h>
+#include <winpr/string.h>
+#include "../x509_utils.h"
+
+typedef char* (*get_field_pr)(const X509*);
+typedef struct
+{
+	enum
+	{
+		DISABLED,
+		ENABLED,
+	} status;
+	const char* field_description;
+	get_field_pr get_field;
+	const char* expected_result;
+} certificate_test_t;
+
+static char* x509_utils_subject_common_name_wo_length(const X509* xcert)
+{
+	size_t length = 0;
+	return x509_utils_get_common_name(xcert, &length);
+}
+
+static char* certificate_path(const char* filename)
+{
+	/*
+	Assume the .pem file is in the same directory as this source file.
+	Assume that __FILE__ will be a valid path to this file, even from the current working directory
+	where the tests are run. (ie. no chdir occurs between compilation and test running, or __FILE__
+	is an absolute path).
+	*/
+	static const char dirsep = '/';
+#ifdef TEST_SOURCE_DIR
+	const char* file = TEST_SOURCE_DIR;
+	const size_t flen = strlen(file) + sizeof(dirsep) + strlen(filename) + sizeof(char);
+	char* result = calloc(1, flen);
+	if (!result)
+		return nullptr;
+	(void)_snprintf(result, flen, "%s%c%s", file, dirsep, filename);
+	return result;
+#else
+	const char* file = __FILE__;
+	const char* last_dirsep = strrchr(file, dirsep);
+
+	if (last_dirsep)
+	{
+		const size_t filenameLen = strlen(filename);
+		const size_t dirsepLen = last_dirsep - file + 1;
+		char* result = malloc(dirsepLen + filenameLen + 1);
+		if (!result)
+			return nullptr;
+		strncpy(result, file, dirsepLen);
+		strncpy(result + dirsepLen, filename, filenameLen + 1);
+		return result;
+	}
+	else
+	{
+		/* No dirsep => relative path in same directory */
+		return _strdup(filename);
+	}
+#endif
+}
+
+static const certificate_test_t certificate_tests[] = {
+
+	{ ENABLED, "Certificate Common Name", x509_utils_subject_common_name_wo_length,
+	  "TESTJEAN TESTMARTIN 9999999" },
+
+	{ ENABLED, "Certificate subject", x509_utils_get_subject,
+	  "CN = TESTJEAN TESTMARTIN 9999999, C = FR, O = MINISTERE DES TESTS, OU = 0002 110014016, OU "
+	  "= PERSONNES, UID = 9999999, GN = TESTJEAN, SN = TESTMARTIN" },
+
+	{ DISABLED, "Kerberos principal name", nullptr, "testjean.testmartin@kpn.test.example.com" },
+
+	{ ENABLED, "Certificate e-mail", x509_utils_get_email, "testjean.testmartin@test.example.com"
+
+	},
+
+	{ ENABLED, "Microsoft's Universal Principal Name", x509_utils_get_upn,
+	  "testjean.testmartin.9999999@upn.test.example.com" },
+
+	{ ENABLED, "Certificate issuer", x509_utils_get_issuer,
+	  "CN = ADMINISTRATION CENTRALE DES TESTS, C = FR, O = MINISTERE DES TESTS, OU = 0002 "
+	  "110014016" },
+};
+
+static int TestCertificateFile(const char* certificate_path,
+                               const certificate_test_t* ccertificate_tests, size_t count)
+{
+	int success = 0;
+
+	X509* certificate = x509_utils_from_pem(certificate_path, strlen(certificate_path), TRUE);
+
+	if (!certificate)
+	{
+		printf("%s: failure: cannot read certificate file '%s'\n", __func__, certificate_path);
+		success = -1;
+		goto fail;
+	}
+
+	for (size_t i = 0; i < count; i++)
+	{
+		const certificate_test_t* test = &ccertificate_tests[i];
+		char* result = nullptr;
+
+		if (test->status == DISABLED)
+		{
+			continue;
+		}
+
+		result = (test->get_field ? test->get_field(certificate) : nullptr);
+
+		if (result)
+		{
+			printf("%s: crypto got %-40s -> \"%s\"\n", __func__, test->field_description, result);
+
+			if (0 != strcmp(result, test->expected_result))
+			{
+				printf("%s: failure: for %s, actual: \"%s\", expected \"%s\"\n", __func__,
+				       test->field_description, result, test->expected_result);
+				success = -1;
+			}
+
+			free(result);
+		}
+		else
+		{
+			printf("%s: failure: cannot get %s\n", __func__, test->field_description);
+		}
+	}
+
+fail:
+	X509_free(certificate);
+	return success;
+}
+
+/* clang-format off */
+/*
+These certificates were generated with the following commands:
+
+openssl ecparam -name P-256 -out /tmp/p256.pem
+openssl req -x509 -newkey ec:/tmp/p256.pem -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out ecdsa_sha1_cert.pem -sha1
+openssl req -x509 -newkey ec:/tmp/p256.pem -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out ecdsa_sha256_cert.pem -sha256
+openssl req -x509 -newkey ec:/tmp/p256.pem -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out ecdsa_sha384_cert.pem -sha384
+openssl req -x509 -newkey ec:/tmp/p256.pem -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out ecdsa_sha512_cert.pem -sha512
+
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pkcs1_sha1_cert.pem -sha1
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pkcs1_sha256_cert.pem -sha256
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pkcs1_sha384_cert.pem -sha384
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pkcs1_sha512_cert.pem -sha512
+
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pss_sha1_cert.pem -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pss_sha256_cert.pem -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pss_sha384_cert.pem -sha384 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pss_sha512_cert.pem -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+openssl req -x509 -newkey rsa:2048 -keyout /dev/null -days 3650 -nodes -subj "/CN=Test" -out rsa_pss_sha256_mgf1_sha384_cert.pem -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest -sigopt rsa_mgf1_md:sha384
+*/
+/* clang-format on */
+
+typedef struct
+{
+	const char* filename;
+	WINPR_MD_TYPE expected;
+} signature_alg_test_t;
+
+static const signature_alg_test_t signature_alg_tests[] = {
+	{ "rsa_pkcs1_sha1_cert.pem", WINPR_MD_SHA1 },
+	{ "rsa_pkcs1_sha256_cert.pem", WINPR_MD_SHA256 },
+	{ "rsa_pkcs1_sha384_cert.pem", WINPR_MD_SHA384 },
+	{ "rsa_pkcs1_sha512_cert.pem", WINPR_MD_SHA512 },
+
+	{ "ecdsa_sha1_cert.pem", WINPR_MD_SHA1 },
+	{ "ecdsa_sha256_cert.pem", WINPR_MD_SHA256 },
+	{ "ecdsa_sha384_cert.pem", WINPR_MD_SHA384 },
+	{ "ecdsa_sha512_cert.pem", WINPR_MD_SHA512 },
+
+	{ "rsa_pss_sha1_cert.pem", WINPR_MD_SHA1 },
+	{ "rsa_pss_sha256_cert.pem", WINPR_MD_SHA256 },
+	{ "rsa_pss_sha384_cert.pem", WINPR_MD_SHA384 },
+	{ "rsa_pss_sha512_cert.pem", WINPR_MD_SHA512 },
+	/*
+	PSS may use different digests for the message hash and MGF-1 hash. In this case, RFC 5929
+	leaves the tls-server-end-point hash unspecified, so it should return WINPR_MD_NONE.
+	*/
+	{ "rsa_pss_sha256_mgf1_sha384_cert.pem", WINPR_MD_NONE },
+};
+
+static int TestSignatureAlgorithm(const signature_alg_test_t* test)
+{
+	int success = 0;
+	WINPR_MD_TYPE signature_alg = WINPR_MD_NONE;
+	char* path = certificate_path(test->filename);
+	X509* certificate = x509_utils_from_pem(path, strlen(path), TRUE);
+
+	if (!certificate)
+	{
+		printf("%s: failure: cannot read certificate file '%s'\n", __func__, path);
+		success = -1;
+		goto fail;
+	}
+
+	signature_alg = x509_utils_get_signature_alg(certificate);
+	if (signature_alg != test->expected)
+	{
+		const char* signature_alg_string =
+		    signature_alg == WINPR_MD_NONE ? "none" : winpr_md_type_to_string(signature_alg);
+		const char* expected_string =
+		    test->expected == WINPR_MD_NONE ? "none" : winpr_md_type_to_string(test->expected);
+		printf("%s: failure: for \"%s\", actual: %s, expected %s\n", __func__, test->filename,
+		       signature_alg_string, expected_string);
+		success = -1;
+		goto fail;
+	}
+
+fail:
+	X509_free(certificate);
+	free(path);
+	return success;
+}
+
+int Test_x509_utils(int argc, char* argv[])
+{
+	char* cert_path = certificate_path("Test_x509_cert_info.pem");
+	int ret = 0;
+	WINPR_UNUSED(argc);
+	WINPR_UNUSED(argv);
+
+	ret = TestCertificateFile(cert_path, certificate_tests, ARRAYSIZE(certificate_tests));
+	free(cert_path);
+	if (ret != 0)
+		return ret;
+
+	for (size_t i = 0; i < ARRAYSIZE(signature_alg_tests); i++)
+	{
+		ret = TestSignatureAlgorithm(&signature_alg_tests[i]);
+		if (ret != 0)
+			return ret;
+	}
+
+	return ret;
+}

third_party/FreeRDP/libfreerdp/crypto/test/ecdsa_sha1_cert.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBcjCCARigAwIBAgIUP9Q+so71qPtrK898RUJibDMRSYQwCQYHKoZIzj0EATAP
+MQ0wCwYDVQQDDARUZXN0MB4XDTI0MDIwNjAzMDkzNFoXDTM0MDIwMzAzMDkzNFow
+DzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHj9x4Vr
+7pGzpilUY799+mWmOsJwtxFZ3lPNRy+wsfxibRE6e2T0Gk2Ifysl8Vya6Ynwrd2d
+7ztAk+b6HF+1lgqjUzBRMB0GA1UdDgQWBBSX66LoFThh5RCXaeAS+sjGPmLxKTAf
+BgNVHSMEGDAWgBSX66LoFThh5RCXaeAS+sjGPmLxKTAPBgNVHRMBAf8EBTADAQH/
+MAkGByqGSM49BAEDSQAwRgIhAJf3H7PWAZ/5G2SbBKF5jzBVlmWLiVmfanLOvttf
+9DFUAiEA3CnntihpfkAGjUCav7CojYfz8hqe0d6F9ZStfzV4t3g=
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/ecdsa_sha256_cert.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdDCCARmgAwIBAgIUUDFppYHwhd7smJSH6W8QSLttoNEwCgYIKoZIzj0EAwIw
+DzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA5MzRaFw0zNDAyMDMwMzA5MzRa
+MA8xDTALBgNVBAMMBFRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATfQ2ox
+CF1xh6Dwcsi3BqyUIlKxgY3J2qOSmOzepOMLWhPpiDsneKskpKx4b5JM92mmIyiq
+UMMR7mXlclDHyQtro1MwUTAdBgNVHQ4EFgQUgoV/fxICc75gTRslwgvs/I1YbOUw
+HwYDVR0jBBgwFoAUgoV/fxICc75gTRslwgvs/I1YbOUwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAgNJADBGAiEAyVInWgy3JVEUPDSpjNseJKPie/hINfO6KbrK
+IqGQ0+ACIQDk/oXOIwFZr26TTghYKOn12aOuPCxOqeBu5ObeFMf91Q==
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/ecdsa_sha384_cert.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBczCCARmgAwIBAgIUDT9Rw/q4CH5WmNCTbGbNI964MQwwCgYIKoZIzj0EAwMw
+DzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA5MzRaFw0zNDAyMDMwMzA5MzRa
+MA8xDTALBgNVBAMMBFRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR0oA7y
+QeXAp65otDob8Uqmtthdub5T7fbzMr/qnUTxNYoUpXKnde28Cvan4QPCuepHmVPw
+sVx94UX8RIlrXAhdo1MwUTAdBgNVHQ4EFgQUFfghIBL0wxknjd9I8+Wub61VJk4w
+HwYDVR0jBBgwFoAUFfghIBL0wxknjd9I8+Wub61VJk4wDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAwNIADBFAiB66sAH30kMoOsMHu5vb1hUl3DPRLb30WbtVSBC
+ZHEDyQIhAK1xgDA005XqcC77o8gzQFFsxIkQrCHTqre2LEGndxLA
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/ecdsa_sha512_cert.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdDCCARmgAwIBAgIUfb77WvmuJ7r/9aLrhvfHymxssoQwCgYIKoZIzj0EAwQw
+DzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA5MzRaFw0zNDAyMDMwMzA5MzRa
+MA8xDTALBgNVBAMMBFRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARewOb8
+HMJXad76YWUSaPLMUH8IKpzO0iZkQ2d1SSCylEMdrPJKhi54r7/y6m5LXMejyQzi
+eB2eiNju1yfs1tkoo1MwUTAdBgNVHQ4EFgQUGSveQiJxuzwWX1jIRXdHCzdvj7Ew
+HwYDVR0jBBgwFoAUGSveQiJxuzwWX1jIRXdHCzdvj7EwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDBANJADBGAiEAspDRGKH6Nlp+XUxyHKc3IGN5WVIg5ezGHJDR
+9+Q8RAkCIQDVWMxflgAII4D+t2Z8nT4bavUImHD26kbaGtR2/DYPVw==
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/known_hosts/known_hosts

@@ -0,0 +1,2 @@
+someurl ff:11:22:dd
+otherurl aa:bb:cc:dd

third_party/FreeRDP/libfreerdp/crypto/test/known_hosts/known_hosts.v2

@@ -0,0 +1,2 @@
+someurl 3389 ff:11:22:dd
+otherurl 3389 aa:bb:cc:dd

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pkcs1_sha1_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUNveSXnRIoI24dM6PxYjhcXQhsgkwDQYJKoZIhvcNAQEF
+BQAwDzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA2MzVaFw0zNDAyMDMwMzA2
+MzVaMA8xDTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCy23VMgwiNO32ovOxt+7CJCR5Ep1qn1tV5//ONhLEoz+VhEbMTYQNHK1WY
+E9isGrcRUVLsBehIFP02ImgOGv1Yep/P1pY+A/fLpy4NhHoLYxmvdhAKQG3TB5P1
+s7GuXTaK4/Kp8CzVYP7xZu7zI2TWWolkCDYZvkewR5QOuyiAstvZp5IoIx0J9mo2
+rI5DqnSmK+zzaYTMaGyWFLXOQJZi+k+RUB3XUFZSid69thW0rfi7tC0fyUm7fP7H
+72/27aBmW1S/8hUYSfu88kCCmEEu+KGXbmyNPEVMJcM9cZ43TVMGUPodOXuDydm/
+IKnsZaRnGPi8IBzn0y6k/8ZdmJojAgMBAAGjUzBRMB0GA1UdDgQWBBRsqgoFZ83u
+IMZzUjsVI5N73Izq1DAfBgNVHSMEGDAWgBRsqgoFZ83uIMZzUjsVI5N73Izq1DAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCIFhCbHy6U6EYHogXE
+xnoHdtzitHTUU+mymWeQxWxSvZjWX8xdJdbWQyktSCChKrRnQE+P/e5+HOZFn9q5
+jwgj3HwZZwFqt/0nSX7pjEvTOmwEXTo/QBlyHaLSdrxbd85gahkXP1br6vI0yWcT
+kkKZCFiqbsGGqcoErRyZjYfJBgaZ5AMYXEKkKCgRJ59Sln+mW+fpta7dmgmnPIdX
+Jl/ovEHr0X+PgwLby8BxCb5pOyb6CQvUNWfngtzgm76vricszpmDl4HeBAb0IkZ1
+0hlnHEBNgP46/2EhPvD1QehYOmr5HRi2xSPC9gOW8pkbRRFuCDZwoSfav023xim6
+lOS3
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pkcs1_sha256_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUK9L1Ajn7PiMRVvR6YUoATBxgD2wwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA2MzVaFw0zNDAyMDMwMzA2
+MzVaMA8xDTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC73wUpONU4o0abFykUC08A2deojU/+SGomnN8V51VDVeC2BGUljLabjABm
+iluh/yUJ0zDHp6x1spr6wdDVzRMvjjxC/G2HVzYRn/3zXhZ0q9avPnCe1hgawHZY
+FG4vgysJ1jtPSR97E4MvSg6v6mATCU2ttvceENFwo5FQ6nfBv+rHpepRyOKUtfsa
+gxRCWU0uHwyahNsYzWOrbkEcpoQAowAoHZh9EbjyNNbCX0/C3yew/GX8mNBz1UOV
+X4taJsOW52LKQ2xgSwl31m6VYmNqqfzTA6pr96PpYqsuAT3WYBBnIk+XT+Yhq3Cs
+n96PvHAovUiBwWptvzsICvtAUwCjAgMBAAGjUzBRMB0GA1UdDgQWBBQGUaK7joEk
+yFR6FtsA4UjF+FPrRTAfBgNVHSMEGDAWgBQGUaK7joEkyFR6FtsA4UjF+FPrRTAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAkYpNiExDwuqfFCHpz
+jWFSkL9drTxMuasGfmq634FSe050TGKl8yUZhz215PoEDHcutGAw6JV59DJMI/wo
+Xq4MpJiCLlUu8BOixU41rlyc9XkV6twcnQlkVhYWV07390SP4uKGXRR03yGwjN7C
+RDv/4z4t9iMQhiIYkN0EXKvymjRMhb9GocfTQFSXq6vy0fr4MuwnuOkr6EcU41Hr
+pQ4nNLuj2P7cAaaFo5RaD/eXzsE4CfgoltmTp+Ir3deXG/RKrJ9V/YTx5d6pqssp
+5f7nDKmhiYn6wtF4TlOnujppT1Mr4UZF7lJAfwUX80bYQBbpfczHBKSYQ/Th5Mtx
+ediM
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pkcs1_sha384_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUHpfVpdCFW4e5gmPMyNN/CZou028wDQYJKoZIhvcNAQEM
+BQAwDzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA2MzVaFw0zNDAyMDMwMzA2
+MzVaMA8xDTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCMlHin4N8tMbfDqIahZlyOhBX392Pcyo4bUM7ipUEdLdz1SSCf7/gh4SgH
+ihCbN/NWiYoobnR7iS6vBgUMQgzdivwOia0jydcifpf2UR2D1KjBnolALqaRYpDB
+zdEOnJ4Nm21sOlfCM/QoiMdPWZlbzisXyGBYHR8E8G5Snfy13cRvfV+M9/epbvwV
+1o4m/wPu2H+Q+XVRHJY1H7jAtjUtLSUwii0jc134c9nHOdqXB9fgcn7etkQKXWPv
+w7Dg/OWXURpABGjflS6w4UhECzlPInmd9fBtLngf7n9Sa4b0rcdWEWcTbWORmEbj
+xoHyWNiRbdzIc0zUb42DFuFgeUcFAgMBAAGjUzBRMB0GA1UdDgQWBBRm5loY68pA
+VVlVVcIL3zTv1sCYWjAfBgNVHSMEGDAWgBRm5loY68pAVVlVVcIL3zTv1sCYWjAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBAQAJFNU9dUNpIbbsgyty
+RRd5SVD/4ziOOPoKO6jobBenPxNQNbaOQmENImW0WbgOHWW1kX15afCThMocibKl
+OIVoOf2tcrseAYdfsOzEMwDc1hI5y68vNRV32rJamix1223wPhs1xuoX8bn0t0VB
+RK4kgb9U1mxSKERjcgtp2Pph5DeflCQDeNayBGAA5PCL4ydO61DEKbVo1Cyqtw9n
+yhae7AUR4zzRnZEh1eePd06cXSIYwmTkiJLSF7ILsZnGcqy4bO8yJPrqXT01Iq0S
+RzQ2hgyldKD0kJ3EBmki3mIrnswCzNqyXux1CXIR1FjIA5SnwycqiiPUUPLckinq
+DtQX
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pkcs1_sha512_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUTAXZy2Zojh8wh4YSdc2vMBiytGIwDQYJKoZIhvcNAQEN
+BQAwDzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA2MzVaFw0zNDAyMDMwMzA2
+MzVaMA8xDTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDH2av9vKvlzlSB63ylb8OyacC6zkhoiH4ECkVt7DRvBBnHYX39eeXg1KNk
+yHBaLA+9ASXucckqAQ8hWlIW7y9KLYYsK8+ajDUnWkzPj+eOonSc2oTbSBtEP8V4
+3TihNGRgyLSZYj6HxUrFWW6pc0Kz7yAG83YNzR8uWCEZV8wYAdBqZDO1RAOd2tLr
+DFLI+DJwMtgDquT1Uo/xDsx0p9+tSGXm4eXjlZQguhA4tuP4eJP7qvwR+khJNN9X
+u2igfO3zMY26wX4m/kPdljxh5vRc2DVIePfKbTKLyfpsydQUSoKVzlSQG7QJAUmC
+jcqgIGQqYy8f6Nq4fRzgiSQOULmPAgMBAAGjUzBRMB0GA1UdDgQWBBQMYhVmmR0c
+9DJmJZOqHawdWDVFJDAfBgNVHSMEGDAWgBQMYhVmmR0c9DJmJZOqHawdWDVFJDAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBr2I9uvQ8Ccn5yw1Ig
+7k2Qmg/HOCFGh42Ufz1PAc9dc1CzBzMlFucJ42shES98Spyh4R+ZCJmlZ9PneViA
+s9NW+mHLAFJ2Fuct4XY8RnyDYqTne0in6eQykF33gl79sdYSPuBfAxMfJqUoQo+b
+tF0N0DA00i5z69wcF5LQJLRbeTh7T1qikkay3ODMJYpCDVb7GOhWCt4hOkxOszuL
+SoJ2gFMGoEKbt19IzcMctsSPgpQCNYZirU9x3l/Ptw5zgUQMEngwuutuhDMxb5Ht
+2QHTGt3jwzlOi+lvHFH1AMW3e8/XRZa7jFUa+KCr8vD3yfDimx9J0ESmlUrLxOZG
+ayG7
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pss_sha1_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUDZuL7xQULUgo1YKeDIJDFdsVCuMwDQYJKoZIhvcNAQEK
+MAAwDzENMAsGA1UEAwwEVGVzdDAeFw0yNDAyMDYwMzA2MzVaFw0zNDAyMDMwMzA2
+MzVaMA8xDTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCxLekSxv8aVwB5p9UImN+jipKNJUb8fOrtOVHjeO5jK9G920vneZsubpq/
+NngzpjT2A+HOkee9oNG92O8U7DGyGXiZugmeFE6kunPQ+GP5za3XfZqwvAu53+Pg
+oyrBGl5ssowRimRDXOH3/x7WSKD2lvQNgLWOS5NTIZethXx29Xj+/nKJ33im8ra/
+YcEB6CANHmo2bDCz8Q54iHjIOro+MiP10oQM2ERzuZREn/+xCFuYYGhXKb3fqy+r
+Ze/tIVqEr7yMVpp76RxFM3I4PadHt8T9Q5Oat9FXWaqG/1fBtBKXt6jElkqnd+vv
+KtRMEqQ4XNeMJi6Q4oyLsmxGB8q7AgMBAAGjUzBRMB0GA1UdDgQWBBQuCV/GISEn
+D18xN3d1KEOo13c/2zAfBgNVHSMEGDAWgBQuCV/GISEnD18xN3d1KEOo13c/2zAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCjAAA4IBAQA+nnvGYJwVP5byl+XB
+1KoFLv4SOS9kDypjv+4Mjo3/houn7DAf1+6ewfmAN7edkElTngpz6rGzJgARULbO
+djKi6AJDDqF9NzWbJZC/UEVqqVY1Znw1v8Hwz31YFaoARLWwuKQrKjLZUHphsMok
+iWdwusebfQ1SK9b8QTW7s8CncC+PbOHH1UnHhM1XWGz49sWZo/KnHCGL0pGROSro
+gT2zEDDk/bpslalcavEGcw2wttaBiYovdpgUHzOIcTxLz/yQGAfaCk/cO8x5mS9y
+w6CZVaH6K1TrmXGWBoHtLQ+JMC7msms3PmBZ4XCc8zAqjhVI4o71Jlbrd/Bag0lm
+X+89
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pss_sha256_cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAhugAwIBAgIUChf3gsm9kG9E05UbcYnEzQ/fSfkwQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF
+AKIDAgEgMA8xDTALBgNVBAMMBFRlc3QwHhcNMjQwMjA2MDMwNjM1WhcNMzQwMjAz
+MDMwNjM1WjAPMQ0wCwYDVQQDDARUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAtk22hPAmTxSTSs8MUJInf7N6byDo1LlEgw5juF8y1bVxhoF0U4Ug
+u0zqCVtar/JBPmcVofM4IU4+GoIRfI9qyyyD5EQup2e8exUn/Bku+7XTmlCSKfUI
+T4u/zpe/qJCyRwT6pLP4POtoqsmrRf+u7zVvS7VHafPioxLLrOIbB750AYmi7y/n
+h8MreJHrQ901IQV4Ktf2QgaFrjJFgXD307iTGoiRt+UxkmGsOOzFt+N91lM30ad+
+sCgmc1NVVyo6p4RByl7ilxlQGCATOQ9wTVwehgmtFGpU0denhqViNUU8yuPZ3pTD
+w1o9uWTAKdUuMySSUiKmmlE+qnlFfR9uPwIDAQABo1MwUTAdBgNVHQ4EFgQUQPus
+AuQ9cNE9E2+vZXKtKAtfDIUwHwYDVR0jBBgwFoAUQPusAuQ9cNE9E2+vZXKtKAtf
+DIUwDwYDVR0TAQH/BAUwAwEB/zBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAGpIH7ic
+GwD2vzTGgFhHrh4NkGu9OwI8WA342DKfJq0Cx+BjaFsglhjLVkbqP74XjgQUSqt+
+yp09xgrZdIP8yMJr7mjqQpV7tolB1yrD0h0jtoMe0Pc1+wVwjkMQjsewwSDJvV9O
+RjXqmzoIjUAXmASk5JdZ5oDBK6bg7m8/hJyEJnWdOuiVUJTyPz+Y1/6rpzwH/+xX
+x3sO6OaWMSIc/ovF1Y7kQ4mwgPjLuq1X8Dx7xM9rcJak5cGAwUwQqvOaD3y9ZQzg
+E+kH4mtWw29xRTejbiMSbnbfR8LfZdS2+10ESK66SXChVz3Q7shkR9Gs6kTJiXTu
+FUtRtO0G5aoSHeA=
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pss_sha256_mgf1_sha384_cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAhugAwIBAgIUVvhEAv0+q7jndH6xf2RJjaiaIVswQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIF
+AKIDAgEgMA8xDTALBgNVBAMMBFRlc3QwHhcNMjQwMjA2MDMwNjM2WhcNMzQwMjAz
+MDMwNjM2WjAPMQ0wCwYDVQQDDARUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsC6mgspqVdpZrhHUz5zoY4Sklg+spYAz8axxEyJf3Tdg427ildSH
+BLi62qZ+gTXLHgUvdkMWEv8NWODHY5DNuTiL65LjV0gN7eIzVbzc0alTdbp+nc7H
+HHZHBedD3CRT4LHqlK9LVTYcQk8qNtnKJ7vxNJHN3vpmr0zxxJf3nle7Ymnx2FiK
+mXDu3vQEDSU6eyOu5dk0IsEWlMOCYu5w8dpbdGaE4az3IaHXsDnmfLfIWUaILQxw
+Mj0UhNg+vnZsanB7CWiLZOIawEpa6dx2Zcasyi8V6lZV1sxYQrskRbAj9uGtDmtd
+kTKeCxtj7Bgj9e6aIN2rh7keH5+pqissxwIDAQABo1MwUTAdBgNVHQ4EFgQUpXlx
+cN8y7RSFQjPjO3Kb1x0GWcYwHwYDVR0jBBgwFoAUpXlxcN8y7RSFQjPjO3Kb1x0G
+WcYwDwYDVR0TAQH/BAUwAwEB/zBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCASADggEBAKcp+pEt
+hei70aV9+j+p/cjChDSqQyipIvyqt0wdHiM/5WwGO4LnR/JxWqHHGtlQjgphKVpV
+bjRMBivrbb//LNb0cx5z3o9hx2H6ITwpwrRA9dvfE1C+hOBbxhUYNtk4jpH1DneX
+8l/A9Lm6kmZ02KrJok8VEGthtZqypkRAQFxStY2EuopzWVzdceJYa4AOB26r7F0T
+Z5BzO/Piy39lQtZGyMZ2R71ppEDWXVrSaqxV64aFnh3/2aCgFUzuV2FYr1NZ+zQu
+EBJZIdd0IvhcgHkiUD6qtlYNJ1H7Jf9hSRDM7d7AblhgxVB1eRU+7Ve1o47LfQqz
+iVybceMUSCyMFLk=
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pss_sha384_cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAhugAwIBAgIUI7KZPJ4nCR/qFZWD2bagetWGJRQwQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIF
+AKIDAgEwMA8xDTALBgNVBAMMBFRlc3QwHhcNMjQwMjA2MDMwNjM2WhcNMzQwMjAz
+MDMwNjM2WjAPMQ0wCwYDVQQDDARUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA3/WFdrzn9QQjowwZqCmgIJcCWy+8aIjHLlE4OLWyv4rVAdQluFRA
+Af1lsKY+ZD6gvWOKhnSNT7z4WfH03vUNpkqOt1kqtjMsuRsy4Zh2n54LYM2IHkVh
++oZpq8dBESkffAHOLwkl6Be/iZE3t4Z2hdrzhFEt1iGxtfwduIcku/geciLKM0D0
+1UHtVzb0762hx94IX506vxAdvNAK48gTSobBBWQJhHz2a2tvt2ON3eRian41qwxW
+Nsl7OUyss6PmVXYS3JbmZgyzT0nSHQWEVlEcQOI3UxjNqeK2HMyMDYLgIvVD+IER
+1nMT4AUyWDGkRR6bFITS2BmW7JbxQ40ZiwIDAQABo1MwUTAdBgNVHQ4EFgQUn9rP
+CfGH3OFxdNXCFbAQrYlgXd4wHwYDVR0jBBgwFoAUn9rPCfGH3OFxdNXCFbAQrYlg
+Xd4wDwYDVR0TAQH/BAUwAwEB/zBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATADggEBADJ6+6Us
+KXbcpyzapxqQGr0rGkGOPf45Vo2EY0H2A0YY9CHYrU/jq2xijHgnw89I3z9Z3h4q
+kSD51Rr/3V/e5ffcYwRabC6S515anOgxtCE4cgHEqgIdzrwD3EFGm74D+MnJRTy8
+UpE5pZTaHNRno80rz1kRYN2MHO/sHqQCpFoZ8SI3+Nik5m3FSe2Umb3FLTvrOAcm
+biGgj4cF52w1D7XAAo/3bAH9Rt0/FRK46nULoEX54RJHlFN8f3kzBucNNfoHNPBR
+2lMQJM1VzpPkjR5rLOwAYKEfvIvwDVEgDMpD4+P5/FMX/fnSm4kVaiZMwLLrtJlX
+pS9N0mDlr4wk9hw=
+-----END CERTIFICATE-----

third_party/FreeRDP/libfreerdp/crypto/test/rsa_pss_sha512_cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAhugAwIBAgIUCJHdINzBcxL45k+BWvKYcpH8vzQwQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMF
+AKIDAgFAMA8xDTALBgNVBAMMBFRlc3QwHhcNMjQwMjA2MDMwNjM2WhcNMzQwMjAz
+MDMwNjM2WjAPMQ0wCwYDVQQDDARUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA6jzuBGtb+D/0ZWRqZAcZh6bkClCbHdiz1yOPuh4APfyfsFGDSRBt
+ArMH+l2/Mr7TXeAfdDHX//bNBclPzu0mKWtVamh7s3WWoPBX+r10ie94YxErFY+6
+Po5pGDnSabVawdnXd5FqCdFVpmXP12Ii9qKuRD13XAPJML0Cz9z4pOL0ioWvvUqn
+MyWwa8zT8pfK4AJe4XGilQ2uxwJV922XQxv6rY8aOFuwozkNa0/ceN1A2EKIwShB
+P3/3Z+9maz4YMg/VgmJfEY/xekawDZ7MC8CY9G/alE1YqHERvR5BwekrnFHSErM4
+ArSUJnavXm7rdB1OCp4kAKXkLvu2H/8AMQIDAQABo1MwUTAdBgNVHQ4EFgQUrLTl
+C9kRXzElbsDUCc/ePO75qNkwHwYDVR0jBBgwFoAUrLTlC9kRXzElbsDUCc/ePO75
+qNkwDwYDVR0TAQH/BAUwAwEB/zBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AwUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAwUAogMCAUADggEBAGMyu2fZ
+NpvIJQxXPSfhgf8idvGwu7YFdZ/Ct0/HIHJ1h+j2WFwubr/Rcwqu+u6Nq09oMq+H
+5EWDtOona78WIQ/RrIs6ltVJBDpirIGjra0IKpYGqYHUEj00u1OZkiQzmMLRT80W
+jEe38fATXbpmLhXA8bqlOHuMot2OTWzKEtST4knAAYUCFPIS94mODR4faeqDBwIB
+JpYBj2sRwZDU4QbERvLTQMD27kE2ynF4duI4NB6k9w3fJSe60ki5m4avYmiQgj5/
+304UD/AEf+xlMCLh3R8ZGST10zV5M1Wm7czuQ0AKsv45pSltDvWl52OjL3W5CLAJ
+iu1eLWBVbFPTK68=
+-----END CERTIFICATE-----