From cd15acd0ecc19401af0002fb8128b53bdc99bb68 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sat, 13 Apr 2019 21:47:56 +0100 Subject: [PATCH] ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 Just like we do for mbed TLS, use our local implementation of MD4 when OpenSSL doesn't support it. This allows a type-3 message to include the NT response. --- lib/curl_md4.h | 4 +++- lib/curl_ntlm_core.c | 6 ++++++ lib/curl_ntlm_core.h | 4 +--- lib/md4.c | 8 ++++++-- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/curl_md4.h b/lib/curl_md4.h index e0690416d..dafbbed29 100644 --- a/lib/curl_md4.h +++ b/lib/curl_md4.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,11 +25,13 @@ #include "curl_setup.h" #if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \ + (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) \ (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len); #endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) || + (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) || (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */ #endif /* HEADER_CURL_MD4_H */ diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index e7060eb29..b6df38f71 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -57,6 +57,8 @@ # include # ifndef OPENSSL_NO_MD4 # include +# else +# include "curl_md4.h" # endif # include # include @@ -568,10 +570,14 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, { /* Create NT hashed password. */ #ifdef USE_OPENSSL +#if !defined(OPENSSL_NO_MD4) MD4_CTX MD4pw; MD4_Init(&MD4pw); MD4_Update(&MD4pw, pw, 2 * len); MD4_Final(ntbuffer, &MD4pw); +#else + Curl_md4it(ntbuffer, pw, 2 * len); +#endif #elif defined(USE_GNUTLS_NETTLE) struct md4_ctx MD4pw; md4_init(&MD4pw); diff --git a/lib/curl_ntlm_core.h b/lib/curl_ntlm_core.h index 07ef5deae..3b4b8053c 100644 --- a/lib/curl_ntlm_core.h +++ b/lib/curl_ntlm_core.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -43,9 +43,7 @@ /* Define USE_NTRESPONSES in order to make the type-3 message include * the NT response message. */ -#if !defined(USE_OPENSSL) || !defined(OPENSSL_NO_MD4) #define USE_NTRESPONSES -#endif /* Define USE_NTLM2SESSION in order to make the type-3 message include the NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a diff --git a/lib/md4.c b/lib/md4.c index dc9228689..9dfaabc22 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -38,9 +38,11 @@ #include "curl_setup.h" -/* The NSS, OS/400 and sometimes mbed TLS crypto libraries do not provide the - * MD4 hash algorithm, so we have a local implementation of it */ +/* The NSS, OS/400, and when not included, OpenSSL and mbed TLS crypto + * libraries do not provide the MD4 hash algorithm, so we use this + * implementation of it */ #if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \ + (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) || \ (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) #include "curl_md4.h" @@ -304,5 +306,7 @@ void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len) MD4_Update(&ctx, input, curlx_uztoui(len)); MD4_Final(output, &ctx); } + #endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) || + (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) || (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */