Commit cd15acd0 authored by Steve Holme's avatar Steve Holme
Browse files

ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 

Just like we do for mbed TLS, use our local implementation of MD4 when
OpenSSL doesn't support it. This allows a type-3 message to include the
NT response.
parent 7794cacf

lib/curl_md4.h

+3 −1
Original line number Diff line number Diff line
@@ -7,7 +7,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -25,11 +25,13 @@ 
#include "curl_setup.h"



#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \

    (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) \

    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))



void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len);



#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||

    (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) ||

    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */



#endif /* HEADER_CURL_MD4_H */

lib/curl_ntlm_core.c

+6 −0
Original line number Diff line number Diff line
@@ -57,6 +57,8 @@ 
#  include <openssl/des.h>

#  ifndef OPENSSL_NO_MD4

#    include <openssl/md4.h>

#  else

#    include "curl_md4.h"

#  endif

#  include <openssl/md5.h>

#  include <openssl/ssl.h>
@@ -568,10 +570,14 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, 
  {

    /* Create NT hashed password. */

#ifdef USE_OPENSSL

#if !defined(OPENSSL_NO_MD4)

    MD4_CTX MD4pw;

    MD4_Init(&MD4pw);

    MD4_Update(&MD4pw, pw, 2 * len);

    MD4_Final(ntbuffer, &MD4pw);

#else

    Curl_md4it(ntbuffer, pw, 2 * len);

#endif

#elif defined(USE_GNUTLS_NETTLE)

    struct md4_ctx MD4pw;

    md4_init(&MD4pw);

lib/curl_ntlm_core.h

+1 −3
Original line number Diff line number Diff line
@@ -7,7 +7,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -43,9 +43,7 @@ 


/* Define USE_NTRESPONSES in order to make the type-3 message include

 * the NT response message. */

#if !defined(USE_OPENSSL) || !defined(OPENSSL_NO_MD4)

#define USE_NTRESPONSES

#endif



/* Define USE_NTLM2SESSION in order to make the type-3 message include the

   NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a

lib/md4.c

+6 −2
Original line number Diff line number Diff line
@@ -38,9 +38,11 @@ 


#include "curl_setup.h"



/* The NSS, OS/400 and sometimes mbed TLS crypto libraries do not provide the

 * MD4 hash algorithm, so we have a local implementation of it */

/* The NSS, OS/400, and when not included, OpenSSL and mbed TLS crypto

 * libraries do not provide the MD4 hash algorithm, so we use this

 * implementation of it */

#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \

    (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) || \

    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))



#include "curl_md4.h"
@@ -304,5 +306,7 @@ void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len) 
  MD4_Update(&ctx, input, curlx_uztoui(len));

  MD4_Final(output, &ctx);

}



#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||

    (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) ||

    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */