summaryrefslogtreecommitdiff
path: root/lib/curl_ntlm_core.c
Commit message (Collapse)AuthorAgeFilesLines
* openssl: interop with AWS-LCJim King2023-03-301-0/+4
| | | | | | | | | | | | | * Configure changes to detect AWS-LC * CMakeLists.txt changes to detect AWS-LC * Compile-time branches needed to support AWS-LC * Correctly set OSSL_VERSION and report AWS-LC release number * GitHub Actions script to build with autoconf and cmake against AWS-LC AWS-LC is a BoringSSL/OpenSSL derivative For more information see https://github.com/awslabs/aws-lc/ Closes #10320
* tls: fixes for wolfssl + openssl combo buildsViktor Szakats2023-02-011-6/+7
| | | | | | | | | | | | | | | | | | 1. Add `USE_WOLFSSL` to the TLS backend priority list in `lib/curl_ntlm_core.c`. 2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing it in sync with the above list and `lib/curl_ntlm_core.c` itself. Reported-by: Mark Roszko Ref: https://github.com/curl/curl/issues/10321 3. Allow enabling both wolfSSL and OpenSSL at the same time in `lib/Makefile.mk` bringing this in line with cmake/autotools builds. Update logic to select the crypto-specific lib for `ngtcp2`, which supports a single TLS backend at the same time. Closes #10322
* copyright: update all copyright lines and remove year rangesDaniel Stenberg2023-01-031-1/+1
| | | | | | | | | | | | - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
* ntlm: improve comment for encrypt_desDaniel Stenberg2022-11-161-3/+3
| | | | | | Reported-by: Andrei Rybak Fixes #9903 Closes #9925
* ntlm: silence ubsan warning about copying from null target_info pointer.Nathan Moinvaziri2022-11-131-1/+2
| | | | | | | runtime error: null pointer passed as argument 2, which is declared to never be null Closes #9898
* docs: update sourceforge project links [ci skip]Viktor Szakats2022-10-011-1/+1
| | | | | | | | | | | | | SourceForge projects can now choose between two hostnames, with .io and .net ending. Both support HTTPS by default now. Opening the other variant will perm-redirected to the one chosen by the project. The .io -> .net redirection is done insecurely. Let's update the URLs to point to the current canonical endpoints to avoid any redirects. Closes #9630
* Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip]Viktor Szakats2022-08-151-6/+6
| | | | | | | | | | | | | | | | | | | | | | Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl` was also enabled. `-ssl` meaning OpenSSL (and its forks). After 8a13be227eede2601c2b3b1c63e08b3dc9b35dd5 nghttp3/ngtcp2 can also be used together with wolfSSL. This patch adds the ability to enable `-nghttp3`/`-ngtcp2` independently from `-ssl` (OpenSSL), allowing to use it with wolfSSL or other, future TLS backends. Before this patch, it was fine to enable `-nghttp3`/`-ngtcp2` unconditionally. After this patch, this is no longer the case, and now it's the user's responsibility to enable `-nghttp3`/`-ngtcp2` only together with a compatible TLS backend. When using a TLS backend other than OpenSSL, the TLS-specific ngtcp2 library must be configured manually, e.g.: `export CURL_LDFLAG_EXTRAS=-lngtcp2_crypto_wolfssl` (or via `NGTCP2_LIBS`) Closes #9314
* copyright: make repository REUSE compliantmax.mehl2022-06-131-0/+2
| | | | | | | | | | | Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
* wolfSSL: explicitly use compatibility layerElms2022-05-171-3/+8
| | | | | | | | | | This change removes adding an include `$prefix/wolfssl` or similar to allow for openssl include aliasing. Include paths of `wolfssl/openssl/` are used to explicitly use wolfSSL includes. This fixes cmake builds as well as avoiding potentially using openSSL headers since include path order is not guaranteed. Closes #8864
* ntlm: remove unused feature definesMarcel Raad2022-02-151-7/+4
| | | | | | They're not used anymore and always supported. Closes https://github.com/curl/curl/pull/8453
* lib: remove support for CURL_DOES_CONVERSIONSDaniel Stenberg2022-02-041-27/+8
| | | | | | TPF was the only user and support for that was dropped. Closes #8378
* curl_ntlm_core: use OpenSSL only if DES is availableMarcel Raad2021-10-071-5/+12
| | | | | | | This selects another SSL backend then if available, or otherwise at least gives a meaningful error message. Closes https://github.com/curl/curl/pull/7808
* NTLM: use DES_set_key_unchecked with OpenSSLDaniel Stenberg2021-09-271-1/+1
| | | | | | | | | | ... as the previously used function DES_set_key() will in some cases reject using a key that it deems "weak" which will cause curl to continue using the unitialized buffer content as key instead. Assisted-by: Harry Sintonen Fixes #7779 Closes #7781
* mbedtls: Remove unnecessary includeMAntoniak2021-07-161-1/+0
| | | | | | | | | | - curl_setup.h: all references to mbedtls_md4* functions and structures are in the md4.c. This file already includes the <mbedtls/md4.h> file along with the file existence control (defined (MBEDTLS_MD4_C)) - curl_ntlm_core.c: unnecessary include - repeated below Closes #7419
* Curl_ntlm_core_mk_nt_hash: fix OOM in error pathHarry Sintonen2021-06-011-9/+6
| | | | Closes #7164
* ntlm: support version 2 on 32-bit platformsPatrick Monnerat2021-04-091-11/+58
| | | | Closes #6849
* config: remove CURL_SIZEOF_CURL_OFF_T use only SIZEOF_CURL_OFF_TDaniel Stenberg2021-03-111-1/+1
| | | | | | | Make the code consistently use a single name for the size of the "curl_off_t" type. Closes #6702
* gnutls: assume nettle crypto supportDaniel Stenberg2021-02-181-65/+11
| | | | | | | nettle has been the default crypto library with GnuTLS since 2010. By dropping support for the previous libcrypto, we simplify code. Closes #6625
* ntlm: avoid malloc(0) on zero length user and domainDaniel Stenberg2020-11-291-6/+2
| | | | | | | | ... and simplify the too-long checks somewhat. Detected by OSS-Fuzz Closes #6264
* curl.se: new homeDaniel Stenberg2020-11-041-1/+1
| | | | Closes #6172
* ntlm: fix condition for curl_ntlm_core usageMarcel Raad2020-08-291-6/+2
| | | | | | | | | | | | `USE_WINDOWS_SSPI` without `USE_WIN32_CRYPTO` but with any other DES backend is fine, but was excluded before. This also fixes test 1013 as the condition for SMB support in configure.ac didn't match the condition in the source code. Now it does. Fixes https://github.com/curl/curl/issues/1262 Closes https://github.com/curl/curl/pull/5771
* ntlm: enable NTLM support with wolfSSLRuurd Beerstra2020-06-161-7/+10
| | | | | | | | | When wolfSSL is built with its OpenSSL API layer, it fetures the same DES* functions that OpenSSL has. This change take advantage of that. Co-authored-by: Daniel Stenberg Closes #5556 Fixes #5548
* windows: suppress UI in all CryptAcquireContext() callsViktor Szakats2020-03-171-1/+1
| | | | | | Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters Reviewed-by: Marc Hörsken Closes https://github.com/curl/curl/pull/5088
* ntlm: Moved the HMAC MD5 function into the HMAC module as a generic functionSteve Holme2020-02-241-29/+10
|
* md4: Use our own MD4 implementation when no crypto libraries are availableSteve Holme2019-08-041-5/+0
| | | | Closes #3780
* md4: No need to include Curl_md4.h for each TLS librarySteve Holme2019-08-041-7/+1
|
* md4: No need for the NTLM code to call Curl_md4it() for each TLS librarySteve Holme2019-08-041-20/+7
| | | | | As the NTLM code no longer calls any of TLS libraries' specific MD4 functions, there is no need to call this function for each #ifdef.
* md4: Move the mbed TLS MD4 implementation out of the NTLM codeSteve Holme2019-08-041-8/+1
|
* md4: Move the WinCrypt implementation out of the NTLM codeSteve Holme2019-08-041-12/+2
|
* md4: Move the SecureTransport implementation out of the NTLM codeSteve Holme2019-08-041-1/+2
|
* md4: Use the Curl_md4it() function for OpenSSL based NTLMSteve Holme2019-08-041-12/+1
|
* md4: Move the GNU TLS gcrypt MD4 implementation out of the NTLM codeSteve Holme2019-08-041-6/+2
|
* md4: Move the GNU TLS Nettle MD4 implementation out of the NTLM codeSteve Holme2019-08-041-5/+2
|
* ntlm: explicit type castinglufia2019-07-311-1/+1
|
* build: fix Codacy warningsMarcel Raad2019-06-051-2/+1
| | | | | | Reduce variable scopes and remove redundant variable stores. Closes https://github.com/curl/curl/pull/3975
* ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4Steve Holme2019-04-231-0/+6
| | | | | | Just like we do for mbed TLS, use our local implementation of MD4 when OpenSSL doesn't support it. This allows a type-3 message to include the NT response.
* Secure Transport: no more "darwinssl"Daniel Stenberg2019-02-281-6/+6
| | | | | | | | Everyone calls it Secure Transport, now we do too. Reviewed-by: Nick Zitzmann Closes #3619
* cleanup: make local functions staticDaniel Stenberg2019-02-101-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | urlapi: turn three local-only functions into statics conncache: make conncache_find_first_connection static multi: make detach_connnection static connect: make getaddressinfo static curl_ntlm_core: make hmac_md5 static http2: make two functions static http: make http_setup_conn static connect: make tcpnodelay static tests: make UNITTEST a thing to mark functions with, so they can be static for normal builds and non-static for unit test builds ... and mark Curl_shuffle_addr accordingly. url: make up_free static setopt: make vsetopt static curl_endian: make write32_le static rtsp: make rtsp_connisdead static warnless: remove unused functions memdebug: remove one unused function, made another static
* snprintf: renamed and we now only use msnprintf()Daniel Stenberg2018-11-231-6/+6
| | | | | | | | | | | The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
* ntlm: Remove redundant ifdef USE_OPENSSLpkubaj2018-11-201-16/+6
| | | | | | | | | | | | | | | | | | | lib/curl_ntlm.c had code that read as follows: #ifdef USE_OPENSSL # ifdef USE_OPENSSL # else # .. # endif #endif Remove the redundant USE_OPENSSL along with #else (it's not possible to reach it anyway). The removed construction is a leftover from when the SSLeay support was removed. Closes #3269 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* Curl_ntlm_core_mk_nt_hash: return error on too long passwordDaniel Stenberg2018-09-031-1/+4
| | | | | | | | | | | ... since it would cause an integer overflow if longer than (max size_t / 2). This is CVE-2018-14618 Bug: https://curl.haxx.se/docs/CVE-2018-14618.html Closes #2756 Reported-by: Zhaoyang Wu
* all: Refactor malloc+memset to use callocDaniel Gustafsson2018-04-151-3/+1
| | | | | | | | | | When a zeroed out allocation is required, use calloc() rather than malloc() followed by an explicit memset(). The result will be the same, but using calloc() everywhere increases consistency in the codebase and avoids the risk of subtle bugs when code is injected between malloc and memset by accident. Closes https://github.com/curl/curl/pull/2497
* vauth/cleartext: fix integer overflow checkDaniel Stenberg2018-03-201-10/+1
| | | | | | | | Make the integer overflow check not rely on the undefined behavior that a size_t wraps around on overflow. Detected by lgtm.com Closes #2408
* curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if providedDaniel Stenberg2017-11-271-0/+3
|
* ntlm: avoid integer overflow for malloc sizeDaniel Stenberg2017-11-271-2/+18
| | | | | | | | | Reported-by: Alex Nichols Assisted-by: Kamil Dudka and Max Dymond CVE-2017-8816 Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
* ntlm: avoid malloc(0) for zero length passwordsDaniel Stenberg2017-11-041-1/+1
| | | | | | | | | | It triggers an assert() when built with memdebug since malloc(0) may return NULL *or* a valid pointer. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 Assisted-by: Max Dymond Closes #2054
* ntlm: use strict order for SSL backend #if branchesViktor Szakats2017-09-221-32/+56
| | | | | | | | | | | | | | | | | | | With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848
* code style: use spaces around plusesDaniel Stenberg2017-09-111-2/+2
|
* curl_ntlm_core: use Curl_raw_toupper instead of toupperMarcel Raad2017-06-051-1/+1
| | | | | | This was the only remaining use of toupper in the entire source code. Suggested-by: Daniel Stenberg
* curl_ntlm_core: pass unsigned char to toupperMarcel Raad2017-06-041-1/+1
| | | | | | | | | | | Otherwise, clang on Cygwin64 warns: curl_ntlm_core.c:525:35: error: array subscript is of type 'char' [-Werror,-Wchar-subscripts] dest[2 * i] = (unsigned char)(toupper(src[i])); ^~~~~~~~~~~~~~~ /usr/include/ctype.h:152:25: note: expanded from macro 'toupper' (void) __CTYPE_PTR[__x]; (toupper) (__x);}) ^~~~
View Lorry Controller Status