moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 05:58:01 -05:00
Code Issues Releases Wiki Activity

ntlm: Removed the dependency on the TLS libaries when using MD5

Browse Source 
As we have our own MD5 implementation use the MD5 wrapper to remove the
TLS dependency.

Closes #4967
This commit is contained in:
Steve Holme 2020-02-22 14:31:26 +00:00
parent 37dc4df270
commit 2d432f7e49
No known key found for this signature in database
GPG Key ID: 4059CB85CA7E8F19
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/curl_ntlm_core.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -46,11 +46,9 @@
#define USE_NTRESPONSES #define USE_NTRESPONSES
/* Define USE_NTLM2SESSION in order to make the type-3 message include the /* Define USE_NTLM2SESSION in order to make the type-3 message include the
NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and
Crypto engine that we have curl_ssl_md5sum() for. */ MD5 support */
#if defined(USE_NTRESPONSES) && \ #if defined(USE_NTRESPONSES) && !defined(CURL_DISABLE_CRYPTO_AUTH)
(!defined(USE_WIN32_CRYPTO) || \
(defined(USE_SSL) && !defined(CURL_DISABLE_CRYPTO_AUTH)))
#define USE_NTLM2SESSION #define USE_NTLM2SESSION
#endif #endif

7
lib/vauth/ntlm.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -40,6 +40,7 @@
#include "curl_ntlm_core.h" #include "curl_ntlm_core.h"
#include "curl_gethostname.h" #include "curl_gethostname.h"
#include "curl_multibyte.h" #include "curl_multibyte.h"
#include "curl_md5.h"
#include "warnless.h" #include "warnless.h"
#include "rand.h" #include "rand.h"
#include "vtls/vtls.h" #include "vtls/vtls.h"
@ -621,8 +622,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
memcpy(tmp, &ntlm->nonce[0], 8); memcpy(tmp, &ntlm->nonce[0], 8);
memcpy(tmp + 8, entropy, 8); memcpy(tmp + 8, entropy, 8);
result = Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH); Curl_md5it(md5sum, tmp, 16);
if(!result)
/* We shall only use the first 8 bytes of md5sum, but the des code in /* We shall only use the first 8 bytes of md5sum, but the des code in
Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);