mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
ntlm: support libnettle.
This commit is contained in:
parent
a300f1e47d
commit
c19d76c024
18
configure.ac
18
configure.ac
@ -339,11 +339,27 @@ then
|
|||||||
AC_LIBOBJ([http-ntlm])
|
AC_LIBOBJ([http-ntlm])
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
AC_CHECK_LIB(nettle, nettle_md4_init, [HAVE_NETTLE=yes], [HAVE_NETTLE=no; AC_MSG_WARN(*** libnettle was not found. You will not be able to use NTLM)])
|
||||||
|
AM_CONDITIONAL([HAVE_NETTLE], [test "x$HAVE_NETTLE" = "xyes"])
|
||||||
|
|
||||||
|
if test x"$HAVE_NETTLE" = xyes
|
||||||
|
then
|
||||||
|
AC_SUBST(NETTLE_LIBS, "-lnettle")
|
||||||
|
AC_DEFINE([HAVE_NETTLE], [1], [Use libnettle])
|
||||||
|
if test x"$ENABLE_NTLM" != xno
|
||||||
|
then
|
||||||
|
AC_DEFINE([ENABLE_NTLM], 1,
|
||||||
|
[Define if you want the NTLM authorization support compiled in.])
|
||||||
|
AC_LIBOBJ([http-ntlm])
|
||||||
|
LIBS="$NETTLE_LIBS $LIBS"
|
||||||
|
fi
|
||||||
|
else
|
||||||
dnl If SSL is unavailable and the user explicitly requested NTLM,
|
dnl If SSL is unavailable and the user explicitly requested NTLM,
|
||||||
dnl abort.
|
dnl abort.
|
||||||
if test x"$ENABLE_NTLM" = xyes
|
if test x"$ENABLE_NTLM" = xyes
|
||||||
then
|
then
|
||||||
AC_MSG_ERROR([NTLM authorization requested and OpenSSL not found; aborting])
|
AC_MSG_ERROR([NTLM authorization requested and SSL not enabled; aborting])
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1,8 +1,13 @@
|
|||||||
2013-07-13 Giuseppe Scrivano <gscrivano@gnu.org>
|
2013-07-13 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||||
|
|
||||||
* http.c (digest_authentication_encode): Fix a crash when the algorithm
|
* http.c (digest_authentication_encode): Fix a crash when the algorithm
|
||||||
is not specified in the server response. Free dynamic memory used by
|
is not specified in the server response. Free dynamic memory used by
|
||||||
the function when the function exits.
|
the function when the function exits.
|
||||||
|
* http-ntlm.c [HAVE_NETTLE]: Include <nettle/md4.h> and <nettle/des.h>.
|
||||||
|
(setup_des_key) [HAVE_NETTLE]: New function to deal with
|
||||||
|
libnettle.
|
||||||
|
(calc_resp) [HAVE_NETTLE]: Add support for libnettle.
|
||||||
|
(mkhash) [HAVE_NETTLE]: Likewise.
|
||||||
Reported by: Tim Ruehsen <tim.ruehsen@gmx.de>.
|
Reported by: Tim Ruehsen <tim.ruehsen@gmx.de>.
|
||||||
|
|
||||||
2013-07-13 Steven M. Schweda <sms@antinode.info>
|
2013-07-13 Steven M. Schweda <sms@antinode.info>
|
||||||
|
@ -42,27 +42,33 @@ as that of the covered work. */
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
#include <openssl/des.h>
|
|
||||||
#include <openssl/md4.h>
|
|
||||||
#include <openssl/opensslv.h>
|
|
||||||
|
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "http-ntlm.h"
|
#include "http-ntlm.h"
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x00907001L
|
#ifdef HAVE_NETTLE
|
||||||
#define DES_key_schedule des_key_schedule
|
# include <nettle/md4.h>
|
||||||
#define DES_cblock des_cblock
|
# include <nettle/des.h>
|
||||||
#define DES_set_odd_parity des_set_odd_parity
|
#else
|
||||||
#define DES_set_key des_set_key
|
# include <openssl/des.h>
|
||||||
#define DES_ecb_encrypt des_ecb_encrypt
|
# include <openssl/md4.h>
|
||||||
|
# include <openssl/opensslv.h>
|
||||||
|
|
||||||
|
# if OPENSSL_VERSION_NUMBER < 0x00907001L
|
||||||
|
# define DES_key_schedule des_key_schedule
|
||||||
|
# define DES_cblock des_cblock
|
||||||
|
# define DES_set_odd_parity des_set_odd_parity
|
||||||
|
# define DES_set_key des_set_key
|
||||||
|
# define DES_ecb_encrypt des_ecb_encrypt
|
||||||
|
|
||||||
/* This is how things were done in the old days */
|
/* This is how things were done in the old days */
|
||||||
#define DESKEY(x) x
|
# define DESKEY(x) x
|
||||||
#define DESKEYARG(x) x
|
# define DESKEYARG(x) x
|
||||||
#else
|
# else
|
||||||
/* Modern version */
|
/* Modern version */
|
||||||
#define DESKEYARG(x) *x
|
# define DESKEYARG(x) *x
|
||||||
#define DESKEY(x) &x
|
# define DESKEY(x) &x
|
||||||
|
# endif
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Define this to make the type-3 message include the NT response message */
|
/* Define this to make the type-3 message include the NT response message */
|
||||||
@ -176,6 +182,25 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
|
|||||||
* Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
|
* Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
|
||||||
* key schedule ks is also set.
|
* key schedule ks is also set.
|
||||||
*/
|
*/
|
||||||
|
#ifdef HAVE_NETTLE
|
||||||
|
static void
|
||||||
|
setup_des_key(unsigned char *key_56,
|
||||||
|
struct des_ctx *des)
|
||||||
|
{
|
||||||
|
unsigned char key[8];
|
||||||
|
|
||||||
|
key[0] = key_56[0];
|
||||||
|
key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1);
|
||||||
|
key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2);
|
||||||
|
key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3);
|
||||||
|
key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4);
|
||||||
|
key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5);
|
||||||
|
key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6);
|
||||||
|
key[7] = (key_56[6] << 1) & 0xFF;
|
||||||
|
|
||||||
|
nettle_des_set_key(des, key);
|
||||||
|
}
|
||||||
|
#else
|
||||||
static void
|
static void
|
||||||
setup_des_key(unsigned char *key_56,
|
setup_des_key(unsigned char *key_56,
|
||||||
DES_key_schedule DESKEYARG(ks))
|
DES_key_schedule DESKEYARG(ks))
|
||||||
@ -194,6 +219,7 @@ setup_des_key(unsigned char *key_56,
|
|||||||
DES_set_odd_parity(&key);
|
DES_set_odd_parity(&key);
|
||||||
DES_set_key(&key, ks);
|
DES_set_key(&key, ks);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* takes a 21 byte array and treats it as 3 56-bit DES keys. The
|
* takes a 21 byte array and treats it as 3 56-bit DES keys. The
|
||||||
@ -203,6 +229,18 @@ setup_des_key(unsigned char *key_56,
|
|||||||
static void
|
static void
|
||||||
calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
|
calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
|
||||||
{
|
{
|
||||||
|
#ifdef HAVE_NETTLE
|
||||||
|
struct des_ctx des;
|
||||||
|
|
||||||
|
setup_des_key(keys, &des);
|
||||||
|
nettle_des_encrypt(&des, 8, results, plaintext);
|
||||||
|
|
||||||
|
setup_des_key(keys + 7, &des);
|
||||||
|
nettle_des_encrypt(&des, 8, results + 8, plaintext);
|
||||||
|
|
||||||
|
setup_des_key(keys + 14, &des);
|
||||||
|
nettle_des_encrypt(&des, 8, results + 16, plaintext);
|
||||||
|
#else
|
||||||
DES_key_schedule ks;
|
DES_key_schedule ks;
|
||||||
|
|
||||||
setup_des_key(keys, DESKEY(ks));
|
setup_des_key(keys, DESKEY(ks));
|
||||||
@ -216,6 +254,7 @@ calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
|
|||||||
setup_des_key(keys+14, DESKEY(ks));
|
setup_des_key(keys+14, DESKEY(ks));
|
||||||
DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
|
DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
|
||||||
DESKEY(ks), DES_ENCRYPT);
|
DESKEY(ks), DES_ENCRYPT);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -255,6 +294,15 @@ mkhash(const char *password,
|
|||||||
|
|
||||||
{
|
{
|
||||||
/* create LanManager hashed password */
|
/* create LanManager hashed password */
|
||||||
|
#ifdef HAVE_NETTLE
|
||||||
|
struct des_ctx des;
|
||||||
|
|
||||||
|
setup_des_key(pw, &des);
|
||||||
|
nettle_des_encrypt(&des, 8, lmbuffer, magic);
|
||||||
|
|
||||||
|
setup_des_key(pw + 7, &des);
|
||||||
|
nettle_des_encrypt(&des, 8, lmbuffer + 8, magic);
|
||||||
|
#else
|
||||||
DES_key_schedule ks;
|
DES_key_schedule ks;
|
||||||
|
|
||||||
setup_des_key(pw, DESKEY(ks));
|
setup_des_key(pw, DESKEY(ks));
|
||||||
@ -264,6 +312,7 @@ mkhash(const char *password,
|
|||||||
setup_des_key(pw+7, DESKEY(ks));
|
setup_des_key(pw+7, DESKEY(ks));
|
||||||
DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8),
|
DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8),
|
||||||
DESKEY(ks), DES_ENCRYPT);
|
DESKEY(ks), DES_ENCRYPT);
|
||||||
|
#endif
|
||||||
|
|
||||||
memset(lmbuffer+16, 0, 5);
|
memset(lmbuffer+16, 0, 5);
|
||||||
}
|
}
|
||||||
@ -272,8 +321,11 @@ mkhash(const char *password,
|
|||||||
|
|
||||||
#ifdef USE_NTRESPONSES
|
#ifdef USE_NTRESPONSES
|
||||||
{
|
{
|
||||||
/* create NT hashed password */
|
#ifdef HAVE_NETTLE
|
||||||
|
struct md4_ctx MD4;
|
||||||
|
#else
|
||||||
MD4_CTX MD4;
|
MD4_CTX MD4;
|
||||||
|
#endif
|
||||||
|
|
||||||
len = strlen(password);
|
len = strlen(password);
|
||||||
|
|
||||||
@ -282,9 +334,16 @@ mkhash(const char *password,
|
|||||||
pw[2*i+1] = 0;
|
pw[2*i+1] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_NETTLE
|
||||||
|
nettle_md4_init(&MD4);
|
||||||
|
nettle_md4_update(&MD4, 2*len, pw);
|
||||||
|
nettle_md4_digest(&MD4, MD4_DIGEST_SIZE, ntbuffer);
|
||||||
|
#else
|
||||||
|
/* create NT hashed password */
|
||||||
MD4_Init(&MD4);
|
MD4_Init(&MD4);
|
||||||
MD4_Update(&MD4, pw, 2*len);
|
MD4_Update(&MD4, pw, 2*len);
|
||||||
MD4_Final(ntbuffer, &MD4);
|
MD4_Final(ntbuffer, &MD4);
|
||||||
|
#endif
|
||||||
|
|
||||||
memset(ntbuffer+16, 0, 5);
|
memset(ntbuffer+16, 0, 5);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user