[GNUnet-SVN] [gnurl] 06/254: mbedtls: enable NTLM (& SMB) even if MD4 su

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 06/254: mbedtls: enable NTLM (& SMB) even if MD4 su

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 06/254: mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
Date:	Sat, 17 Jun 2017 16:50:38 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.54.1
in repository gnurl.

commit 5f830eaba0b4c00dabf095cede048ddcea736d9d
Author: Dan Fandrich <address@hidden>
AuthorDate: Fri Apr 21 22:33:17 2017 +0200

    mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
    
    In that case, use libcurl's internal MD4 routine. This fixes tests 1013
    and 1014 which were failing due to configure assuming NTLM and SMB were
    always available whenever mbed TLS was in use (which is now true).
---
 lib/curl_md4.h       |  8 ++++----
 lib/curl_ntlm_core.c |  8 ++++++--
 lib/curl_setup.h     |  8 ++++----
 lib/md4.c            | 10 ++++++----
 4 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/lib/curl_md4.h b/lib/curl_md4.h
index 8c26d1222..e0690416d 100644
--- a/lib/curl_md4.h
+++ b/lib/curl_md4.h
@@ -24,12 +24,12 @@
 
 #include "curl_setup.h"
 
-/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so
- * that we have a local implementation of it */
-#if defined(USE_NSS) || defined(USE_OS400CRYPTO)
+#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \
+    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))
 
 void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len);
 
-#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */
+#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||
+    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */
 
 #endif /* HEADER_CURL_MD4_H */
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index fb43dda19..b15215b2f 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -80,6 +80,9 @@
 
 #  include <mbedtls/des.h>
 #  include <mbedtls/md4.h>
+#  if !defined(MBEDTLS_MD4_C)
+#    include "curl_md4.h"
+#  endif
 
 #elif defined(USE_NSS)
 
@@ -568,10 +571,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
     gcry_md_write(MD4pw, pw, 2 * len);
     memcpy(ntbuffer, gcry_md_read(MD4pw, 0), MD4_DIGEST_LENGTH);
     gcry_md_close(MD4pw);
+#elif defined(USE_NSS) || defined(USE_OS400CRYPTO) || \
+    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))
+    Curl_md4it(ntbuffer, pw, 2 * len);
 #elif defined(USE_MBEDTLS)
     mbedtls_md4(pw, 2 * len, ntbuffer);
-#elif defined(USE_NSS) || defined(USE_OS400CRYPTO)
-    Curl_md4it(ntbuffer, pw, 2 * len);
 #elif defined(USE_DARWINSSL)
     (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer);
 #elif defined(USE_WIN32_CRYPTO)
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 9d99f1394..dda1c751e 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -623,14 +623,14 @@ int netware_init(void);
 #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
 #if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
     defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \
-    defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
+    defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \
+    defined(USE_MBEDTLS)
 
 #define USE_NTLM
 
-#elif defined(USE_MBEDTLS)
+#  if defined(USE_MBEDTLS)
+/* Get definition of MBEDTLS_MD4_C */
 #  include <mbedtls/md4.h>
-#  if defined(MBEDTLS_MD4_C)
-#define USE_NTLM
 #  endif
 
 #endif
diff --git a/lib/md4.c b/lib/md4.c
index 1bdc9f367..b7ce26c79 100644
--- a/lib/md4.c
+++ b/lib/md4.c
@@ -37,9 +37,10 @@
 
 #include "curl_setup.h"
 
-/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so
- * that we have a local implementation of it */
-#if defined(USE_NSS) || defined(USE_OS400CRYPTO)
+/* The NSS, OS/400 and sometimes mbed TLS crypto libraries do not provide the
+ * MD4 hash algorithm, so we have a local implementation of it */
+#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \
+    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))
 
 #include "curl_md4.h"
 #include "warnless.h"
@@ -302,4 +303,5 @@ void Curl_md4it(unsigned char *output, const unsigned char 
*input, size_t len)
   MD4_Update(&ctx, input, curlx_uztoui(len));
   MD4_Final(output, &ctx);
 }
-#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */
+#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||
+    (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 28/254: url: declare get_protocol_family() static, (continued)
- [GNUnet-SVN] [gnurl] 28/254: url: declare get_protocol_family() static, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 62/254: transfer: fix minor buffer_size mistake, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 40/254: curl_rtmp: fix missing-variable-declarations warnings, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 49/254: getpart: use correct variable type, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 13/254: llist: fix a comment after cbae73e1dd9, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 11/254: multi: clarify condition in curl_multi_wait, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 08/254: llist: no longer uses malloc, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 66/254: krb5: use private buffer for temp string, not receive buffer, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 22/254: curl: set a 100K buffer size by default, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 34/254: http-proxy: removed unused argument in CURL_DISABLE_PROXY case, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 06/254: mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable, gnunet <=
- [GNUnet-SVN] [gnurl] 20/254: configure: stop prepending to LDFLAGS, CPPFLAGS, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 10/254: lib: fix maybe-uninitialized warnings, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 14/254: configure: fix the -ldl check for openssl, add -lpthread check, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 17/254: nss: adapt to the new Curl_llist API, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 35/254: test1443: test --remote-time, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 12/254: schannel: Don't treat encrypted partial record as pending data, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 58/254: http: don't clobber the receive buffer for timecond, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 15/254: RELEASE-NOTES: synced with c68fed875, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 16/254: curl-compilers.m4: accept -Og and -Ofast GCC flags, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 19/254: if2ip: fix -Wcast-align warning, gnunet, 2017/06/17

Prev by Date: [GNUnet-SVN] [gnurl] 34/254: http-proxy: removed unused argument in CURL_DISABLE_PROXY case
Next by Date: [GNUnet-SVN] [gnurl] 20/254: configure: stop prepending to LDFLAGS, CPPFLAGS
Previous by thread: [GNUnet-SVN] [gnurl] 34/254: http-proxy: removed unused argument in CURL_DISABLE_PROXY case
Next by thread: [GNUnet-SVN] [gnurl] 20/254: configure: stop prepending to LDFLAGS, CPPFLAGS
Index(es):
- Date
- Thread