NTLM: set a fake entropy for debug builds with CURL_ENTROPY set (e95ca7ce) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/curl_ntlm_core.c

+7 −12

Original line number	Diff line number	Diff line
		@@ -562,19 +562,14 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
		CURLcode res = CURLE_OK;

		/* Calculate the timestamp */
		#if defined(HAVE_LONGLONG)
		#if defined(DEBUGBUILD)
		#ifdef DEBUGBUILD
		char *force_timestamp = getenv("CURL_FORCETIME");
		if(force_timestamp)
		tw = 11644473600ULL * 10000000ULL;
		#else
		tw = ((long long)time(NULL) + 11644473600ULL) * 10000000ULL;
		#endif
		#else
		#if defined(DEBUGBUILD)
		tw = 11644473600ui64 * 10000000ui64;
		#else
		tw = ((__int64)time(NULL) + 11644473600ui64) * 10000000ui64;
		#endif
		else
		#endif
		tw = ((long long)time(NULL) + 11644473600ULL) * 10000000ULL;

		/* Calculate the response len */
		len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;

lib/curl_ntlm_msgs.c

+12 −14

Original line number	Diff line number	Diff line
		@@ -703,16 +703,11 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
		#if USE_NTRESPONSES
		if(ntlm->target_info_len) {
		unsigned char ntbuffer[0x18];
		unsigned char entropy[8];
		unsigned int entropy[2];
		unsigned char ntlmv2hash[0x18];

		#if defined(DEBUGBUILD)
		/* Use static client nonce in debug (Test Suite) builds */
		memcpy(entropy, "12345678", sizeof(entropy));
		#else
		/* Create an 8 byte random client nonce */
		Curl_ssl_random(data, entropy, sizeof(entropy));
		#endif
		entropy[0] = Curl_rand(data);
		entropy[1] = Curl_rand(data);

		res = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
		if(res)
		@@ -724,14 +719,16 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
		return res;

		/* LMv2 response */
		res = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, entropy, &ntlm->nonce[0],
		lmresp);
		res = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash,
		(unsigned char *)&entropy[0],
		&ntlm->nonce[0], lmresp);
		if(res)
		return res;

		/* NTLMv2 response */
		res = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, entropy, ntlm, &ntlmv2resp,
		&ntresplen);
		res = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash,
		(unsigned char *)&entropy[0],
		ntlm, &ntlmv2resp, &ntresplen);
		if(res)
		return res;

		@@ -746,10 +743,11 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
		unsigned char ntbuffer[0x18];
		unsigned char tmp[0x18];
		unsigned char md5sum[MD5_DIGEST_LENGTH];
		unsigned char entropy[8];
		unsigned int entropy[2];

		/* Need to create 8 bytes random data */
		Curl_ssl_random(data, entropy, sizeof(entropy));
		entropy[0] = Curl_rand(data);
		entropy[1] = Curl_rand(data);

		/* 8 bytes random data as challenge in lmresp */
		memcpy(lmresp, entropy, 8);

lib/curl_sasl.c

+29 −27

Original line number	Diff line number	Diff line
		@@ -411,19 +411,13 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
		char HA1_hex[2 * MD5_DIGEST_LEN + 1];
		char HA2_hex[2 * MD5_DIGEST_LEN + 1];
		char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];

		char nonce[64];
		char realm[128];
		char algorithm[64];
		char qop_options[64];
		int qop_values;

		char cnonce[33];
		unsigned int cnonce1 = 0;
		unsigned int cnonce2 = 0;
		unsigned int cnonce3 = 0;
		unsigned int cnonce4 = 0;

		unsigned int entropy[4];
		char nonceCount[] = "00000001";
		char method[] = "AUTHENTICATE";
		char qop[] = DIGEST_QOP_VALUE_STRING_AUTH;
		@@ -450,22 +444,22 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
		if(!(qop_values & DIGEST_QOP_VALUE_AUTH))
		return CURLE_BAD_CONTENT_ENCODING;

		#ifndef DEBUGBUILD
		/* Generate 16 bytes of random data */
		cnonce1 = Curl_rand(data);
		cnonce2 = Curl_rand(data);
		cnonce3 = Curl_rand(data);
		cnonce4 = Curl_rand(data);
		#endif
		entropy[0] = Curl_rand(data);
		entropy[1] = Curl_rand(data);
		entropy[2] = Curl_rand(data);
		entropy[3] = Curl_rand(data);

		/* Convert the random data into a 32 byte hex string */
		snprintf(cnonce, sizeof(cnonce), "%08x%08x%08x%08x",
		cnonce1, cnonce2, cnonce3, cnonce4);
		entropy[0], entropy[1], entropy[2], entropy[3]);

		/* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
		ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
		if(!ctxt)
		return CURLE_OUT_OF_MEMORY;
		if(!ctxt) {
		result = CURLE_OUT_OF_MEMORY;
		goto fail;
		}

		Curl_MD5_update(ctxt, (const unsigned char *) userp,
		curlx_uztoui(strlen(userp)));
		@@ -478,8 +472,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
		Curl_MD5_final(ctxt, digest);

		ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
		if(!ctxt)
		return CURLE_OUT_OF_MEMORY;
		if(!ctxt) {
		result = CURLE_OUT_OF_MEMORY;
		goto fail;
		}

		Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
		Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
		@@ -499,8 +495,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,

		/* Calculate H(A2) */
		ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
		if(!ctxt)
		return CURLE_OUT_OF_MEMORY;
		if(!ctxt) {
		result = CURLE_OUT_OF_MEMORY;
		goto fail;
		}

		Curl_MD5_update(ctxt, (const unsigned char *) method,
		curlx_uztoui(strlen(method)));
		@@ -514,8 +512,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,

		/* Now calculate the response hash */
		ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
		if(!ctxt)
		return CURLE_OUT_OF_MEMORY;
		if(!ctxt) {
		result = CURLE_OUT_OF_MEMORY;
		goto fail;
		}

		Curl_MD5_update(ctxt, (const unsigned char ) HA1_hex, 2 MD5_DIGEST_LEN);
		Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
		@@ -544,16 +544,18 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
		"cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s,"
		"qop=%s",
		userp, realm, nonce,
		cnonce, nonceCount, uri, resp_hash_hex,
		qop);
		if(!response)
		return CURLE_OUT_OF_MEMORY;
		cnonce, nonceCount, uri, resp_hash_hex);
		if(!response) {
		result = CURLE_OUT_OF_MEMORY;
		goto fail;
		}

		/* Base64 encode the response */
		result = Curl_base64_encode(data, response, 0, outptr, outlen);

		Curl_safefree(response);
		fail:

		free(response);
		return result;
		}
		#endif /* USE_WINDOWS_SSPI */

lib/vtls/vtls.c

+1 −13

Original line number	Diff line number	Diff line
		@@ -209,7 +209,6 @@ unsigned int Curl_rand(struct SessionHandle *data)
		}
		else
		randseed++;

		return randseed;
		}
		#endif
		@@ -218,7 +217,7 @@ unsigned int Curl_rand(struct SessionHandle *data)
		(void)data;
		#else
		if(data) {
		Curl_ssl_random(data, (unsigned char *)&r, sizeof(r));
		curlssl_random(data, (unsigned char *)&r, sizeof(r));
		return r;
		}
		#endif
		@@ -682,17 +681,6 @@ CURLcode Curl_ssl_push_certinfo(struct SessionHandle *data,
		return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
		}

		/* these functions are only provided by some SSL backends */

		#ifdef have_curlssl_random
		void Curl_ssl_random(struct SessionHandle *data,
		unsigned char *entropy,
		size_t length)
		{
		curlssl_random(data, entropy, length);
		}
		#endif

		#ifdef have_curlssl_md5sum
		void Curl_ssl_md5sum(unsigned char tmp, / input */
		size_t tmplen,

lib/vtls/vtls.h

+1 −3

Original line number	Diff line number	Diff line
		@@ -7,7 +7,7 @@
		* \| (__\| \|_\| \| _ <\| \|___
		* \___\|\___/\|_\| \_\_____\|
		*
		* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
		* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		*
		* This software is licensed as described in the file COPYING, which
		* you should have received as part of this distribution. The terms
		@@ -89,8 +89,6 @@ void Curl_ssl_kill_session(struct curl_ssl_session *session);
		void Curl_ssl_delsessionid(struct connectdata conn, void ssl_sessionid);

		/* get N random bytes into the buffer */
		void Curl_ssl_random(struct SessionHandle data, unsigned char buffer,
		size_t length);
		void Curl_ssl_md5sum(unsigned char tmp, / input */
		size_t tmplen,
		unsigned char md5sum, / output */