aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRuurd Beerstra <ruurd.beerstra@infor.com>2020-06-11 17:14:43 +0200
committerDaniel Stenberg <daniel@haxx.se>2020-06-16 09:06:19 +0200
commitd80d419d3e3bf0e5f0dea160df5609c57cb3c5df (patch)
tree103835ad95ff8c5ef1d4c6d72032fe548dde22c9
parente15e51384a423be31318b3c9c7d612a1aae661fd (diff)
ntlm: enable NTLM support with wolfSSL
When wolfSSL is built with its OpenSSL API layer, it fetures the same DES* functions that OpenSSL has. This change take advantage of that. Co-authored-by: Daniel Stenberg Closes #5556 Fixes #5548
-rw-r--r--lib/curl_ntlm_core.c17
-rw-r--r--lib/curl_ntlm_core.h6
-rw-r--r--lib/curl_setup.h9
-rw-r--r--lib/vauth/ntlm.c5
-rw-r--r--lib/vtls/vtls.h6
5 files changed, 24 insertions, 19 deletions
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index 32e29a933..0eefb1587 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -52,13 +52,18 @@
#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+
+#ifdef USE_WOLFSSL
+#include <wolfssl/options.h>
+#endif
# include <openssl/des.h>
# include <openssl/md5.h>
# include <openssl/ssl.h>
# include <openssl/rand.h>
-# if (OPENSSL_VERSION_NUMBER < 0x00907001L)
+# if (defined(OPENSSL_VERSION_NUMBER) && \
+ (OPENSSL_VERSION_NUMBER < 0x00907001L)) && !defined(USE_WOLFSSL)
# define DES_key_schedule des_key_schedule
# define DES_cblock des_cblock
# define DES_set_odd_parity des_set_odd_parity
@@ -78,14 +83,12 @@
#elif defined(USE_GNUTLS)
# include <gcrypt.h>
-# define MD5_DIGEST_LENGTH 16
#elif defined(USE_NSS)
# include <nss.h>
# include <pk11pub.h>
# include <hasht.h>
-# define MD5_DIGEST_LENGTH MD5_LENGTH
#elif defined(USE_MBEDTLS)
@@ -138,7 +141,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key)
key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
}
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
/*
* Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
* key schedule ks is also set.
@@ -387,7 +390,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
const unsigned char *plaintext,
unsigned char *results)
{
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
DES_key_schedule ks;
setup_des_key(keys, DESKEY(ks));
@@ -462,7 +465,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
{
/* Create LanManager hashed password. */
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
DES_key_schedule ks;
setup_des_key(pw, DESKEY(ks));
diff --git a/lib/curl_ntlm_core.h b/lib/curl_ntlm_core.h
index e1643d627..7895b6470 100644
--- a/lib/curl_ntlm_core.h
+++ b/lib/curl_ntlm_core.h
@@ -29,6 +29,7 @@
/* If NSS is the first available SSL backend (see order in curl_ntlm_core.c)
then it must be initialized to be used by NTLM. */
#if !defined(USE_OPENSSL) && \
+ !defined(USE_WOLFSSL) && \
!defined(USE_GNUTLS_NETTLE) && \
!defined(USE_GNUTLS) && \
defined(USE_NSS)
@@ -37,7 +38,10 @@
#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+#ifdef USE_WOLFSSL
+# include <wolfssl/options.h>
+#endif
# include <openssl/ssl.h>
#endif
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index a86a235b3..82b962b89 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -633,10 +633,11 @@ int netware_init(void);
/* Single point where USE_NTLM definition might be defined */
#if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
-#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
- defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) || \
- defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \
- defined(USE_MBEDTLS)
+#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
+ defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) || \
+ defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \
+ defined(USE_MBEDTLS) || \
+ (defined(USE_WOLFSSL) && defined(HAVE_WOLFSSL_DES_SET_ODD_PARITY))
#define USE_NTLM
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index 8f9103806..3b46e1a46 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -600,11 +600,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
#endif
#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
+
+#define CURL_MD5_DIGEST_LENGTH 16 /* fixed size */
+
/* We don't support NTLM2 if we don't have USE_NTRESPONSES */
if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) {
unsigned char ntbuffer[0x18];
unsigned char tmp[0x18];
- unsigned char md5sum[MD5_DIGEST_LENGTH];
+ unsigned char md5sum[CURL_MD5_DIGEST_LENGTH];
unsigned char entropy[8];
/* Need to create 8 bytes random data */
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index 92f5acd9d..bcc844416 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -113,12 +113,6 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
#define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */
#endif
-#ifndef MD5_DIGEST_LENGTH
-#ifndef LIBWOLFSSL_VERSION_HEX /* because WolfSSL borks this */
-#define MD5_DIGEST_LENGTH 16 /* fixed size */
-#endif
-#endif
-
#ifndef CURL_SHA256_DIGEST_LENGTH
#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
#endif