Permalink
Browse files

SSL cleanup: use crypto functions through the sslgen layer

curl_ntlm_msgs.c would previously use an #ifdef maze and direct
SSL-library calls instead of using the SSL layer we have for this
purpose.
  • Loading branch information...
bagder committed Jun 26, 2012
1 parent 6d1ea38 commit 849179ba2739ab9a0ad079384b125d9c1745db5f
Showing with 139 additions and 89 deletions.
  1. +8 −86 lib/curl_ntlm_msgs.c
  2. +32 −0 lib/gtls.c
  3. +11 −1 lib/gtls.h
  4. +20 −0 lib/nss.c
  5. +12 −1 lib/nssg.h
  6. +15 −0 lib/sslgen.c
  7. +12 −0 lib/sslgen.h
  8. +20 −0 lib/ssluse.c
  9. +9 −1 lib/ssluse.h
View
@@ -33,56 +33,6 @@
#define DEBUG_ME 0
-#ifdef USE_SSLEAY
-
-# ifdef USE_OPENSSL
-# include <openssl/des.h>
-# ifndef OPENSSL_NO_MD4
-# include <openssl/md4.h>
-# endif
-# include <openssl/md5.h>
-# include <openssl/ssl.h>
-# include <openssl/rand.h>
-# else
-# include <des.h>
-# ifndef OPENSSL_NO_MD4
-# include <md4.h>
-# endif
-# include <md5.h>
-# include <ssl.h>
-# include <rand.h>
-# endif
-# include "ssluse.h"
-
-#elif defined(USE_GNUTLS_NETTLE)
-
-# include <nettle/md5.h>
-# include <gnutls/gnutls.h>
-# include <gnutls/crypto.h>
-# define MD5_DIGEST_LENGTH 16
-
-#elif defined(USE_GNUTLS)
-
-# include <gcrypt.h>
-# include "gtls.h"
-# define MD5_DIGEST_LENGTH 16
-# define MD4_DIGEST_LENGTH 16
-
-#elif defined(USE_NSS)
-
-# include <nss.h>
-# include <pk11pub.h>
-# include <hasht.h>
-# include "nssg.h"
-# include "curl_md4.h"
-# define MD5_DIGEST_LENGTH MD5_LENGTH
-
-#elif defined(USE_WINDOWS_SSPI)
-# include "curl_sspi.h"
-#else
-# error "Can't compile NTLM support without a crypto library."
-#endif
-
#include "urldata.h"
#include "non-ascii.h"
#include "sendf.h"
@@ -92,6 +42,12 @@
#include "curl_multibyte.h"
#include "curl_memory.h"
+#if defined(USE_WINDOWS_SSPI)
+# include "curl_sspi.h"
+#endif
+
+#include "sslgen.h"
+
#define BUILDING_CURL_NTLM_MSGS_C
#include "curl_ntlm_msgs.h"
@@ -727,23 +683,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
unsigned char entropy[8];
/* Need to create 8 bytes random data */
-#ifdef USE_SSLEAY
- MD5_CTX MD5pw;
- Curl_ossl_seed(data); /* Initiate the seed if not already done */
- RAND_bytes(entropy, 8);
-#elif defined(USE_GNUTLS_NETTLE)
- struct md5_ctx MD5pw;
- gnutls_rnd(GNUTLS_RND_RANDOM, entropy, 8);
-#elif defined(USE_GNUTLS)
- gcry_md_hd_t MD5pw;
- Curl_gtls_seed(data); /* Initiate the seed if not already done */
- gcry_randomize(entropy, 8, GCRY_STRONG_RANDOM);
-#elif defined(USE_NSS)
- PK11Context *MD5pw;
- unsigned int MD5len;
- Curl_nss_seed(data); /* Initiate the seed if not already done */
- PK11_GenerateRandom(entropy, 8);
-#endif
+ Curl_ssl_random(data, entropy, sizeof(entropy));
/* 8 bytes random data as challenge in lmresp */
memcpy(lmresp, entropy, 8);
@@ -755,25 +695,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
memcpy(tmp, &ntlm->nonce[0], 8);
memcpy(tmp + 8, entropy, 8);
-#ifdef USE_SSLEAY
- MD5_Init(&MD5pw);
- MD5_Update(&MD5pw, tmp, 16);
- MD5_Final(md5sum, &MD5pw);
-#elif defined(USE_GNUTLS_NETTLE)
- md5_init(&MD5pw);
- md5_update(&MD5pw, 16, tmp);
- md5_digest(&MD5pw, 16, md5sum);
-#elif defined(USE_GNUTLS)
- gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
- gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);
- memcpy(md5sum, gcry_md_read (MD5pw, 0), MD5_DIGEST_LENGTH);
- gcry_md_close(MD5pw);
-#elif defined(USE_NSS)
- MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
- PK11_DigestOp(MD5pw, tmp, 16);
- PK11_DigestFinal(MD5pw, md5sum, &MD5len, MD5_DIGEST_LENGTH);
- PK11_DestroyContext(MD5pw, PR_TRUE);
-#endif
+ Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);
/* We shall only use the first 8 bytes of md5sum, but the des
code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
View
@@ -1060,4 +1060,36 @@ int Curl_gtls_seed(struct SessionHandle *data)
return 0;
}
+void Curl_gtls_random(struct SessionHandle *data,
+ unsigned char *entropy,
+ size_t length)
+{
+#if defined(USE_GNUTLS_NETTLE)
+ (void)data;
+ gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
+#elif defined(USE_GNUTLS)
+ Curl_gtls_seed(data); /* Initiate the seed if not already done */
+ gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
+#endif
+}
+
+void Curl_gtls_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
+{
+#if defined(USE_GNUTLS_NETTLE)
+ struct md5_ctx MD5pw;
+ md5_init(&MD5pw);
+ md5_update(&MD5pw, tmplen, tmp);
+ md5_digest(&MD5pw, md5len, md5sum);
+#elif defined(USE_GNUTLS)
+ gcry_md_hd_t MD5pw;
+ gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
+ gcry_md_write(MD5pw, tmp, tmplen);
+ memcpy(md5sum, gcry_md_read (MD5pw, 0), md5len);
+ gcry_md_close(MD5pw);
+#endif
+}
+
#endif /* USE_GNUTLS */
View
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -47,6 +47,14 @@ size_t Curl_gtls_version(char *buffer, size_t size);
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
int Curl_gtls_seed(struct SessionHandle *data);
+void Curl_gtls_random(struct SessionHandle *data,
+ unsigned char *entropy,
+ size_t length);
+void Curl_gtls_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len);
+
/* API setup for GnuTLS */
#define curlssl_init Curl_gtls_init
#define curlssl_cleanup Curl_gtls_cleanup
@@ -62,6 +70,8 @@ int Curl_gtls_seed(struct SessionHandle *data);
#define curlssl_version Curl_gtls_version
#define curlssl_check_cxn(x) (x=x, -1)
#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+#define curlssl_random(x,y,z) Curl_gtls_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_gtls_md5sum(a,b,c,d)
#endif /* USE_GNUTLS */
#endif /* HEADER_CURL_GTLS_H */
View
@@ -1533,4 +1533,24 @@ int Curl_nss_seed(struct SessionHandle *data)
return 0;
}
+void Curl_nss_random(struct SessionHandle *data,
+ unsigned char *entropy,
+ size_t length)
+{
+ Curl_nss_seed(data); /* Initiate the seed if not already done */
+ PK11_GenerateRandom(entropy, length);
+}
+
+void Curl_nss_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
+{
+ PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
+ unsigned int MD5out;
+ PK11_DigestOp(MD5pw, tmp, tmplen);
+ PK11_DigestFinal(MD5pw, md5sum, &MD5out, md5len);
+ PK11_DestroyContext(MD5pw, PR_TRUE);
+}
+
#endif /* USE_NSS */
View
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -51,6 +51,15 @@ int Curl_nss_seed(struct SessionHandle *data);
/* initialize NSS library if not already */
CURLcode Curl_nss_force_init(struct SessionHandle *data);
+void Curl_nss_random(struct SessionHandle *data,
+ unsigned char *entropy,
+ size_t length);
+
+void Curl_nss_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len);
+
/* API setup for NSS */
#define curlssl_init Curl_nss_init
#define curlssl_cleanup Curl_nss_cleanup
@@ -68,6 +77,8 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data);
#define curlssl_version Curl_nss_version
#define curlssl_check_cxn(x) Curl_nss_check_cxn(x)
#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+#define curlssl_random(x,y,z) Curl_nss_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_nss_md5sum(a,b,c,d)
#endif /* USE_NSS */
#endif /* HEADER_CURL_NSSG_H */
View
@@ -521,4 +521,19 @@ void Curl_ssl_free_certinfo(struct SessionHandle *data)
ci->num_of_certs = 0;
}
}
+
+void Curl_ssl_random(struct SessionHandle *data,
+ unsigned char *entropy,
+ size_t length)
+{
+ curlssl_random(data, entropy, length);
+}
+
+void Curl_ssl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
+{
+ curlssl_md5sum(tmp, tmplen, md5sum, md5len);
+}
#endif /* USE_SSL */
View
@@ -23,6 +23,10 @@
***************************************************************************/
#include "setup.h"
+#ifndef MD5_DIGEST_LENGTH
+#define MD5_DIGEST_LENGTH 16 /* fixed size */
+#endif
+
bool Curl_ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle);
bool Curl_clone_ssl_config(struct ssl_config_data* source,
@@ -69,6 +73,14 @@ void Curl_ssl_kill_session(struct curl_ssl_session *session);
/* delete a session from the cache */
void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid);
+/* get N random bytes into the buffer */
+void Curl_ssl_random(struct SessionHandle *data, unsigned char *buffer,
+ size_t length);
+void Curl_ssl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len);
+
#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
#else
View
@@ -62,6 +62,7 @@
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/err.h>
+#include <openssl/md5.h>
#else
#include <rand.h>
#include <x509v3.h>
@@ -2786,4 +2787,23 @@ size_t Curl_ossl_version(char *buffer, size_t size)
#endif /* YASSL_VERSION */
}
+
+void Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
+ size_t length)
+{
+ Curl_ossl_seed(data); /* Initiate the seed if not already done */
+ RAND_bytes(entropy, length);
+}
+
+void Curl_ossl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum /* output */,
+ size_t unused)
+{
+ MD5_CTX MD5pw;
+ (void)unused;
+ MD5_Init(&MD5pw);
+ MD5_Update(&MD5pw, tmp, tmplen);
+ MD5_Final(md5sum, &MD5pw);
+}
#endif /* USE_SSLEAY */
View
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -66,6 +66,12 @@ int Curl_ossl_seed(struct SessionHandle *data);
int Curl_ossl_shutdown(struct connectdata *conn, int sockindex);
bool Curl_ossl_data_pending(const struct connectdata *conn,
int connindex);
+void Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
+ size_t length);
+void Curl_ossl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum /* output */,
+ size_t unused);
/* API setup for OpenSSL */
#define curlssl_init Curl_ossl_init
@@ -82,6 +88,8 @@ bool Curl_ossl_data_pending(const struct connectdata *conn,
#define curlssl_version Curl_ossl_version
#define curlssl_check_cxn Curl_ossl_check_cxn
#define curlssl_data_pending(x,y) Curl_ossl_data_pending(x,y)
+#define curlssl_random(x,y,z) Curl_ossl_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_ossl_md5sum(a,b,c,d)
#endif /* USE_SSLEAY */
#endif /* HEADER_CURL_SSLUSE_H */

0 comments on commit 849179b

Please sign in to comment.