diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/curl_ntlm_core.c | 19 | ||||
| -rw-r--r-- | lib/curl_ntlm_msgs.c | 26 | ||||
| -rw-r--r-- | lib/curl_sasl.c | 56 | ||||
| -rw-r--r-- | lib/vtls/vtls.c | 14 | ||||
| -rw-r--r-- | lib/vtls/vtls.h | 4 |
5 files changed, 50 insertions, 69 deletions
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index 4f30cc6e7..b01162624 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -562,19 +562,14 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, CURLcode res = CURLE_OK; /* Calculate the timestamp */ -#if defined(HAVE_LONGLONG) -#if defined(DEBUGBUILD) - tw = 11644473600ULL * 10000000ULL; -#else - tw = ((long long)time(NULL) + 11644473600ULL) * 10000000ULL; -#endif -#else -#if defined(DEBUGBUILD) - tw = 11644473600ui64 * 10000000ui64; -#else - tw = ((__int64)time(NULL) + 11644473600ui64) * 10000000ui64; -#endif +#ifdef DEBUGBUILD + char *force_timestamp = getenv("CURL_FORCETIME"); + if(force_timestamp) + tw = 11644473600ULL * 10000000ULL; + else #endif + tw = ((long long)time(NULL) + 11644473600ULL) * 10000000ULL; + /* Calculate the response len */ len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN; diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c index 969e6bf78..42bab2e59 100644 --- a/lib/curl_ntlm_msgs.c +++ b/lib/curl_ntlm_msgs.c @@ -703,16 +703,11 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, #if USE_NTRESPONSES if(ntlm->target_info_len) { unsigned char ntbuffer[0x18]; - unsigned char entropy[8]; + unsigned int entropy[2]; unsigned char ntlmv2hash[0x18]; -#if defined(DEBUGBUILD) - /* Use static client nonce in debug (Test Suite) builds */ - memcpy(entropy, "12345678", sizeof(entropy)); -#else - /* Create an 8 byte random client nonce */ - Curl_ssl_random(data, entropy, sizeof(entropy)); -#endif + entropy[0] = Curl_rand(data); + entropy[1] = Curl_rand(data); res = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); if(res) @@ -724,14 +719,16 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, return res; /* LMv2 response */ - res = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, entropy, &ntlm->nonce[0], - lmresp); + res = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, + (unsigned char *)&entropy[0], + &ntlm->nonce[0], lmresp); if(res) return res; /* NTLMv2 response */ - res = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, entropy, ntlm, &ntlmv2resp, - &ntresplen); + res = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, + (unsigned char *)&entropy[0], + ntlm, &ntlmv2resp, &ntresplen); if(res) return res; @@ -746,10 +743,11 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, unsigned char ntbuffer[0x18]; unsigned char tmp[0x18]; unsigned char md5sum[MD5_DIGEST_LENGTH]; - unsigned char entropy[8]; + unsigned int entropy[2]; /* Need to create 8 bytes random data */ - Curl_ssl_random(data, entropy, sizeof(entropy)); + entropy[0] = Curl_rand(data); + entropy[1] = Curl_rand(data); /* 8 bytes random data as challenge in lmresp */ memcpy(lmresp, entropy, 8); diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index b0ac9b6d5..13592cfd7 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -411,19 +411,13 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, char HA1_hex[2 * MD5_DIGEST_LEN + 1]; char HA2_hex[2 * MD5_DIGEST_LEN + 1]; char resp_hash_hex[2 * MD5_DIGEST_LEN + 1]; - char nonce[64]; char realm[128]; char algorithm[64]; char qop_options[64]; int qop_values; - char cnonce[33]; - unsigned int cnonce1 = 0; - unsigned int cnonce2 = 0; - unsigned int cnonce3 = 0; - unsigned int cnonce4 = 0; - + unsigned int entropy[4]; char nonceCount[] = "00000001"; char method[] = "AUTHENTICATE"; char qop[] = DIGEST_QOP_VALUE_STRING_AUTH; @@ -450,22 +444,22 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, if(!(qop_values & DIGEST_QOP_VALUE_AUTH)) return CURLE_BAD_CONTENT_ENCODING; -#ifndef DEBUGBUILD /* Generate 16 bytes of random data */ - cnonce1 = Curl_rand(data); - cnonce2 = Curl_rand(data); - cnonce3 = Curl_rand(data); - cnonce4 = Curl_rand(data); -#endif + entropy[0] = Curl_rand(data); + entropy[1] = Curl_rand(data); + entropy[2] = Curl_rand(data); + entropy[3] = Curl_rand(data); /* Convert the random data into a 32 byte hex string */ snprintf(cnonce, sizeof(cnonce), "%08x%08x%08x%08x", - cnonce1, cnonce2, cnonce3, cnonce4); + entropy[0], entropy[1], entropy[2], entropy[3]); /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) userp, curlx_uztoui(strlen(userp))); @@ -478,8 +472,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, Curl_MD5_final(ctxt, digest); ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN); Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); @@ -499,8 +495,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Calculate H(A2) */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) method, curlx_uztoui(strlen(method))); @@ -514,8 +512,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Now calculate the response hash */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN); Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); @@ -544,16 +544,18 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s," "qop=%s", userp, realm, nonce, - cnonce, nonceCount, uri, resp_hash_hex, - qop); - if(!response) - return CURLE_OUT_OF_MEMORY; + cnonce, nonceCount, uri, resp_hash_hex); + if(!response) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } /* Base64 encode the response */ result = Curl_base64_encode(data, response, 0, outptr, outlen); - Curl_safefree(response); + fail: + free(response); return result; } #endif /* USE_WINDOWS_SSPI */ diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 58295a4de..6c2295a45 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -209,7 +209,6 @@ unsigned int Curl_rand(struct SessionHandle *data) } else randseed++; - return randseed; } #endif @@ -218,7 +217,7 @@ unsigned int Curl_rand(struct SessionHandle *data) (void)data; #else if(data) { - Curl_ssl_random(data, (unsigned char *)&r, sizeof(r)); + curlssl_random(data, (unsigned char *)&r, sizeof(r)); return r; } #endif @@ -682,17 +681,6 @@ CURLcode Curl_ssl_push_certinfo(struct SessionHandle *data, return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen); } -/* these functions are only provided by some SSL backends */ - -#ifdef have_curlssl_random -void Curl_ssl_random(struct SessionHandle *data, - unsigned char *entropy, - size_t length) -{ - curlssl_random(data, entropy, length); -} -#endif - #ifdef have_curlssl_md5sum void Curl_ssl_md5sum(unsigned char *tmp, /* input */ size_t tmplen, diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index 8f977a3d4..d309da6e4 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -89,8 +89,6 @@ void Curl_ssl_kill_session(struct curl_ssl_session *session); void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); /* get N random bytes into the buffer */ -void Curl_ssl_random(struct SessionHandle *data, unsigned char *buffer, - size_t length); void Curl_ssl_md5sum(unsigned char *tmp, /* input */ size_t tmplen, unsigned char *md5sum, /* output */ |