Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Centralise the TLS specific MD4 code away from the NTLM code #3780
Following curl://up 2019 I've finally started the task of making the NTLM code TLS backend agnostic. As this is a fairly chunky piece of work I have split it up into the following sub tasks:
As you will appreciate, this will probably (more than likely) be spanned across several releases - especially as it has taken me 4 years and several discussion with folk on the curl://team to actually start this :-P
In summary this patch set centralises the MD4 code for the TLS libraries into md4.c but it also:
Two TLS backends (SecureTransport and mbed TLS) support a single line function call when creating the MD4 hash. As the Curl_md4it() function implements an OpenSSL style API (calling multiple functions) we have to store the data to be encrypted and as such store that in a temporary buffer. The buffer is malloc'ed and as such will be slower for these two backend libraries.
md4.c and md5.c are a little different, from my point of view, in two areas:
Whilst I have compiled this on Windows using both OpenSSL and Schannel I cannot compile it for the other TLS, non OpenSSL style, backends (GNU TLS, mbed, SecureTransport, NSS, OS/400). As such I am relying on the automated build system and tests, as well as AppVeyor and Travis CI to let me know if there are any problems. I will of course update this patch set if and when they fail.
"The MD5 code, when using OpenSSL, has an Amiga OS specific pre-processor directive present (USE_AMISSL) from #3677. Do we need one in the MD4 code as well? The original NTLM code didn't have this so I'm not sure."
As long as it doesn't try to assign an OpenSSL function to a variable (and, as far as I can tell, it doesn't), you don't need to worry about this.
As the NTLM code no longer calls any of TLS libraries' specific MD4 functions, there is no need to call this function for each #ifdef.