| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_VERSION and report AWS-LC release number
* GitHub Actions script to build with autoconf and cmake against AWS-LC
AWS-LC is a BoringSSL/OpenSSL derivative
For more information see https://github.com/awslabs/aws-lc/
Closes #10320
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Add `USE_WOLFSSL` to the TLS backend priority list in
`lib/curl_ntlm_core.c`.
2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing
it in sync with the above list and `lib/curl_ntlm_core.c` itself.
Reported-by: Mark Roszko
Ref: https://github.com/curl/curl/issues/10321
3. Allow enabling both wolfSSL and OpenSSL at the same time in
`lib/Makefile.mk` bringing this in line with cmake/autotools builds.
Update logic to select the crypto-specific lib for `ngtcp2`, which
supports a single TLS backend at the same time.
Closes #10322
|
|
|
|
|
|
|
|
|
|
|
|
| |
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
checksrc is updated to allow non-year using copyright statements
Closes #10205
|
|
|
|
|
|
| |
Reported-by: Andrei Rybak
Fixes #9903
Closes #9925
|
|
|
|
|
|
|
| |
runtime error: null pointer passed as argument 2, which is declared to
never be null
Closes #9898
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SourceForge projects can now choose between two hostnames, with .io and
.net ending. Both support HTTPS by default now. Opening the other variant
will perm-redirected to the one chosen by the project.
The .io -> .net redirection is done insecurely.
Let's update the URLs to point to the current canonical endpoints to
avoid any redirects.
Closes #9630
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl`
was also enabled. `-ssl` meaning OpenSSL (and its forks). After
8a13be227eede2601c2b3b1c63e08b3dc9b35dd5 nghttp3/ngtcp2 can also be
used together with wolfSSL. This patch adds the ability to enable
`-nghttp3`/`-ngtcp2` independently from `-ssl` (OpenSSL), allowing to
use it with wolfSSL or other, future TLS backends.
Before this patch, it was fine to enable `-nghttp3`/`-ngtcp2`
unconditionally. After this patch, this is no longer the case, and now
it's the user's responsibility to enable `-nghttp3`/`-ngtcp2` only
together with a compatible TLS backend.
When using a TLS backend other than OpenSSL, the TLS-specific ngtcp2
library must be configured manually, e.g.:
`export CURL_LDFLAG_EXTRAS=-lngtcp2_crypto_wolfssl`
(or via `NGTCP2_LIBS`)
Closes #9314
|
|
|
|
|
|
|
|
|
|
|
| |
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.
This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.
Closes #8869
|
|
|
|
|
|
|
|
|
|
| |
This change removes adding an include `$prefix/wolfssl` or similar to
allow for openssl include aliasing. Include paths of `wolfssl/openssl/`
are used to explicitly use wolfSSL includes. This fixes cmake builds as
well as avoiding potentially using openSSL headers since include path
order is not guaranteed.
Closes #8864
|
|
|
|
|
|
| |
They're not used anymore and always supported.
Closes https://github.com/curl/curl/pull/8453
|
|
|
|
|
|
| |
TPF was the only user and support for that was dropped.
Closes #8378
|
|
|
|
|
|
|
| |
This selects another SSL backend then if available, or otherwise at
least gives a meaningful error message.
Closes https://github.com/curl/curl/pull/7808
|
|
|
|
|
|
|
|
|
|
| |
... as the previously used function DES_set_key() will in some cases
reject using a key that it deems "weak" which will cause curl to
continue using the unitialized buffer content as key instead.
Assisted-by: Harry Sintonen
Fixes #7779
Closes #7781
|
|
|
|
|
|
|
|
|
|
| |
- curl_setup.h: all references to mbedtls_md4* functions and structures
are in the md4.c. This file already includes the <mbedtls/md4.h> file
along with the file existence control (defined (MBEDTLS_MD4_C))
- curl_ntlm_core.c: unnecessary include - repeated below
Closes #7419
|
|
|
|
| |
Closes #7164
|
|
|
|
| |
Closes #6849
|
|
|
|
|
|
|
| |
Make the code consistently use a single name for the size of the
"curl_off_t" type.
Closes #6702
|
|
|
|
|
|
|
| |
nettle has been the default crypto library with GnuTLS since 2010. By
dropping support for the previous libcrypto, we simplify code.
Closes #6625
|
|
|
|
|
|
|
|
| |
... and simplify the too-long checks somewhat.
Detected by OSS-Fuzz
Closes #6264
|
|
|
|
| |
Closes #6172
|
|
|
|
|
|
|
|
|
|
|
|
| |
`USE_WINDOWS_SSPI` without `USE_WIN32_CRYPTO` but with any other DES
backend is fine, but was excluded before.
This also fixes test 1013 as the condition for SMB support in
configure.ac didn't match the condition in the source code. Now it
does.
Fixes https://github.com/curl/curl/issues/1262
Closes https://github.com/curl/curl/pull/5771
|
|
|
|
|
|
|
|
|
| |
When wolfSSL is built with its OpenSSL API layer, it fetures the same DES*
functions that OpenSSL has. This change take advantage of that.
Co-authored-by: Daniel Stenberg
Closes #5556
Fixes #5548
|
|
|
|
|
|
| |
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters
Reviewed-by: Marc Hörsken
Closes https://github.com/curl/curl/pull/5088
|
| |
|
|
|
|
| |
Closes #3780
|
| |
|
|
|
|
|
| |
As the NTLM code no longer calls any of TLS libraries' specific MD4
functions, there is no need to call this function for each #ifdef.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Reduce variable scopes and remove redundant variable stores.
Closes https://github.com/curl/curl/pull/3975
|
|
|
|
|
|
| |
Just like we do for mbed TLS, use our local implementation of MD4 when
OpenSSL doesn't support it. This allows a type-3 message to include the
NT response.
|
|
|
|
|
|
|
|
| |
Everyone calls it Secure Transport, now we do too.
Reviewed-by: Nick Zitzmann
Closes #3619
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
urlapi: turn three local-only functions into statics
conncache: make conncache_find_first_connection static
multi: make detach_connnection static
connect: make getaddressinfo static
curl_ntlm_core: make hmac_md5 static
http2: make two functions static
http: make http_setup_conn static
connect: make tcpnodelay static
tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds
... and mark Curl_shuffle_addr accordingly.
url: make up_free static
setopt: make vsetopt static
curl_endian: make write32_le static
rtsp: make rtsp_connisdead static
warnless: remove unused functions
memdebug: remove one unused function, made another static
|
|
|
|
|
|
|
|
|
|
|
| |
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.
Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib/curl_ntlm.c had code that read as follows:
#ifdef USE_OPENSSL
# ifdef USE_OPENSSL
# else
# ..
# endif
#endif
Remove the redundant USE_OPENSSL along with #else (it's not possible to
reach it anyway). The removed construction is a leftover from when the
SSLeay support was removed.
Closes #3269
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
|
|
|
|
|
| |
... since it would cause an integer overflow if longer than (max size_t
/ 2).
This is CVE-2018-14618
Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
|
|
|
|
|
|
|
|
|
|
| |
When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.
Closes https://github.com/curl/curl/pull/2497
|
|
|
|
|
|
|
|
| |
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com
Closes #2408
|
| |
|
|
|
|
|
|
|
|
|
| |
Reported-by: Alex Nichols
Assisted-by: Kamil Dudka and Max Dymond
CVE-2017-8816
Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
|
|
|
|
|
|
|
|
|
|
| |
It triggers an assert() when built with memdebug since malloc(0) may
return NULL *or* a valid pointer.
Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054
Assisted-by: Max Dymond
Closes #2054
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the recently introduced MultiSSL support multiple SSL backends
can be compiled into cURL That means that now the order of the SSL
One option would be to use the same SSL backend as was configured
via `curl_global_sslset()`, however, NTLMv2 support would appear
to be available only with some SSL backends. For example, when
eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced
support for NTLMv1 using Windows' Crypt API, it specifically did
*not* introduce NTLMv2 support using Crypt API at the same time.
So let's select one specific SSL backend for NTLM support when
compiled with multiple SSL backends, using a priority order such
that we support NTLMv2 even if only one compiled-in SSL backend can
be used for that.
Ref: https://github.com/curl/curl/pull/1848
|
| |
|
|
|
|
|
|
| |
This was the only remaining use of toupper in the entire source code.
Suggested-by: Daniel Stenberg
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, clang on Cygwin64 warns:
curl_ntlm_core.c:525:35: error: array subscript is of type 'char'
[-Werror,-Wchar-subscripts]
dest[2 * i] = (unsigned char)(toupper(src[i]));
^~~~~~~~~~~~~~~
/usr/include/ctype.h:152:25: note: expanded from macro 'toupper'
(void) __CTYPE_PTR[__x]; (toupper) (__x);})
^~~~
|