ntlm: enable NTLM support with wolfSSL

When wolfSSL is built with its OpenSSL API layer, it fetures the same DES* functions that OpenSSL has. This change take advantage of that. Co-authored-by: Daniel Stenberg Closes #5556 Fixes #5548
2025-02-28 09:21:50 -05:00 · 2020-06-11 17:14:43 +02:00 · 2020-06-11 17:14:43 +02:00 · d80d419d3e
commit d80d419d3e
parent e15e51384a
5 changed files with 24 additions and 19 deletions
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@ -52,13 +52,18 @@

 #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)

-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+
+#ifdef USE_WOLFSSL
+#include <wolfssl/options.h>
+#endif

 #  include <openssl/des.h>
 #  include <openssl/md5.h>
 #  include <openssl/ssl.h>
 #  include <openssl/rand.h>
-#  if (OPENSSL_VERSION_NUMBER < 0x00907001L)
+#  if (defined(OPENSSL_VERSION_NUMBER) && \
+       (OPENSSL_VERSION_NUMBER < 0x00907001L)) && !defined(USE_WOLFSSL)
 #    define DES_key_schedule des_key_schedule
 #    define DES_cblock des_cblock
 #    define DES_set_odd_parity des_set_odd_parity
@ -78,14 +83,12 @@
 #elif defined(USE_GNUTLS)

 #  include <gcrypt.h>
-#  define MD5_DIGEST_LENGTH 16

 #elif defined(USE_NSS)

 #  include <nss.h>
 #  include <pk11pub.h>
 #  include <hasht.h>
-#  define MD5_DIGEST_LENGTH MD5_LENGTH

 #elif defined(USE_MBEDTLS)

@ -138,7 +141,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key)
  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
 }

-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
 /*
 * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
 * key schedule ks is also set.
@ -387,7 +390,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
                            const unsigned char *plaintext,
                            unsigned char *results)
 {
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
  DES_key_schedule ks;

  setup_des_key(keys, DESKEY(ks));
@ -462,7 +465,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
  {
    /* Create LanManager hashed password. */

-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
    DES_key_schedule ks;

    setup_des_key(pw, DESKEY(ks));
--- a/lib/curl_ntlm_core.h
+++ b/lib/curl_ntlm_core.h
@ -29,6 +29,7 @@
 /* If NSS is the first available SSL backend (see order in curl_ntlm_core.c)
   then it must be initialized to be used by NTLM. */
 #if !defined(USE_OPENSSL) && \
+    !defined(USE_WOLFSSL) && \
    !defined(USE_GNUTLS_NETTLE) && \
    !defined(USE_GNUTLS) && \
    defined(USE_NSS)
@ -37,7 +38,10 @@

 #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)

-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+#ifdef USE_WOLFSSL
+#  include <wolfssl/options.h>
+#endif
 #  include <openssl/ssl.h>
 #endif

--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@ -633,10 +633,11 @@ int netware_init(void);

 /* Single point where USE_NTLM definition might be defined */
 #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
-#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
-    defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) || \
-    defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \
-    defined(USE_MBEDTLS)
+#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) ||                \
+  defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) ||  \
+  defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) ||              \
+  defined(USE_MBEDTLS) ||                                               \
+  (defined(USE_WOLFSSL) && defined(HAVE_WOLFSSL_DES_SET_ODD_PARITY))

 #define USE_NTLM

--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@ -600,11 +600,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
 #endif

 #if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
+
+#define CURL_MD5_DIGEST_LENGTH 16 /* fixed size */
+
  /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
  if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) {
    unsigned char ntbuffer[0x18];
    unsigned char tmp[0x18];
-    unsigned char md5sum[MD5_DIGEST_LENGTH];
+    unsigned char md5sum[CURL_MD5_DIGEST_LENGTH];
    unsigned char entropy[8];

    /* Need to create 8 bytes random data */
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@ -113,12 +113,6 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
 #define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */
 #endif

-#ifndef MD5_DIGEST_LENGTH
-#ifndef LIBWOLFSSL_VERSION_HEX /* because WolfSSL borks this */
-#define MD5_DIGEST_LENGTH 16 /* fixed size */
-#endif
-#endif
-
 #ifndef CURL_SHA256_DIGEST_LENGTH
 #define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
 #endif