ntlmclient: update to ntlmclient 0.9.1

The ntlmclient dependency can now dynamically load OpenSSL.

Author: ethomson

deps/ntlmclient/CMakeLists.txt

@@ -1,25 +1,37 @@
-FILE(GLOB SRC_NTLMCLIENT "ntlm.c" "unicode_builtin.c" "util.c")
+FILE(GLOB SRC_NTLMCLIENT "ntlm.c" "ntlm.h" "util.c" "util.h")
 LIST(SORT SRC_NTLMCLIENT)
 
 ADD_DEFINITIONS(-DNTLM_STATIC=1)
 
 DISABLE_WARNINGS(implicit-fallthrough)
 
+IF(USE_ICONV)
+	ADD_DEFINITIONS(-DUNICODE_ICONV=1)
+	FILE(GLOB SRC_NTLMCLIENT_UNICODE "unicode_iconv.c" "unicode_iconv.h")
+ELSE()
+	ADD_DEFINITIONS(-DUNICODE_BUILTIN=1)
+	FILE(GLOB SRC_NTLMCLIENT_UNICODE "unicode_builtin.c" "unicode_builtin.h")
+ENDIF()
+
 IF(USE_HTTPS STREQUAL "SecureTransport")
 	ADD_DEFINITIONS(-DCRYPT_COMMONCRYPTO)
-	SET(SRC_NTLMCLIENT_CRYPTO "crypt_commoncrypto.c")
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_commoncrypto.c" "crypt_commoncrypto.h")
 	# CC_MD4 has been deprecated in macOS 10.15.
 	SET_SOURCE_FILES_PROPERTIES("crypt_commoncrypto.c" COMPILE_FLAGS "-Wno-deprecated")
 ELSEIF(USE_HTTPS STREQUAL "OpenSSL")
 	ADD_DEFINITIONS(-DCRYPT_OPENSSL)
 	INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
-	SET(SRC_NTLMCLIENT_CRYPTO "crypt_openssl.c")
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_openssl.c" "crypt_openssl.h")
+ELSEIF(USE_HTTPS STREQUAL "OpenSSL-Dynamic")
+	ADD_DEFINITIONS(-DCRYPT_OPENSSL)
+	ADD_DEFINITIONS(-DCRYPT_OPENSSL_DYNAMIC)
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_openssl.c" "crypt_openssl.h")
 ELSEIF(USE_HTTPS STREQUAL "mbedTLS")
 	ADD_DEFINITIONS(-DCRYPT_MBEDTLS)
 	INCLUDE_DIRECTORIES(${MBEDTLS_INCLUDE_DIR})
-	SET(SRC_NTLMCLIENT_CRYPTO "crypt_mbedtls.c")
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_mbedtls.c" "crypt_mbedtls.h")
 ELSE()
 	MESSAGE(FATAL_ERROR "Unable to use libgit2's HTTPS backend (${USE_HTTPS}) for NTLM crypto")
 ENDIF()
 
-ADD_LIBRARY(ntlmclient OBJECT ${SRC_NTLMCLIENT} ${SRC_NTLMCLIENT_CRYPTO})
+ADD_LIBRARY(ntlmclient OBJECT ${SRC_NTLMCLIENT} ${SRC_NTLMCLIENT_UNICODE} ${SRC_NTLMCLIENT_CRYPTO})

deps/ntlmclient/crypt.h

@@ -9,6 +9,9 @@
 #ifndef PRIVATE_CRYPT_COMMON_H__
 #define PRIVATE_CRYPT_COMMON_H__
 
+#include "ntlmclient.h"
+#include "ntlm.h"
+
 #if defined(CRYPT_OPENSSL)
 # include "crypt_openssl.h"
 #elif defined(CRYPT_MBEDTLS)
@@ -25,40 +28,42 @@
 
 typedef unsigned char ntlm_des_block[CRYPT_DES_BLOCKSIZE];
 
+typedef struct ntlm_crypt_ctx ntlm_crypt_ctx;
+
+extern bool ntlm_crypt_init(ntlm_client *ntlm);
+
 extern bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len);
 
 extern bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key);
 
 extern bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len);
 
-extern ntlm_hmac_ctx *ntlm_hmac_ctx_init(void);
-
-extern bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx);
-
 extern bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len);
 
 extern bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *data,
 	size_t data_len);
 
 extern bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx);
+	ntlm_client *ntlm);
 
-extern void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx);
+extern void ntlm_crypt_shutdown(ntlm_client *ntlm);
 
 #endif /* PRIVATE_CRYPT_COMMON_H__ */

deps/ntlmclient/crypt_commoncrypto.c

@@ -18,9 +18,15 @@
 #include "ntlm.h"
 #include "crypt.h"
 
+bool ntlm_crypt_init(ntlm_client *ntlm)
+{
+	memset(&ntlm->crypt_ctx, 0, sizeof(ntlm_crypt_ctx));
+	return true;
+}
+
 bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len)
 {
 	int fd, ret;
@@ -49,11 +55,14 @@ bool ntlm_random_bytes(
 
 bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key)
 {
 	size_t written;
 
+	NTLM_UNUSED(ntlm);
+
 	CCCryptorStatus result = CCCrypt(kCCEncrypt,
 		kCCAlgorithmDES, kCCOptionECBMode,
 		key, sizeof(ntlm_des_block), NULL,
@@ -65,56 +74,47 @@ bool ntlm_des_encrypt(
 
 bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
+	NTLM_UNUSED(ntlm);
 	return !!CC_MD4(in, in_len, out);
 }
 
-ntlm_hmac_ctx *ntlm_hmac_ctx_init(void)
-{
-	return calloc(1, sizeof(ntlm_hmac_ctx));
-}
-
-bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx)
-{
-	memset(ctx, 0, sizeof(ntlm_hmac_ctx));
-	return true;
-}
-
 bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len)
 {
-	CCHmacInit(&ctx->native, kCCHmacAlgMD5, key, key_len);
+	CCHmacInit(&ntlm->crypt_ctx.hmac, kCCHmacAlgMD5, key, key_len);
 	return true;
 }
 
 bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *data,
 	size_t data_len)
 {
-	CCHmacUpdate(&ctx->native, data, data_len);
+	CCHmacUpdate(&ntlm->crypt_ctx.hmac, data, data_len);
 	return true;
 }
 
 bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx)
+	ntlm_client *ntlm)
 {
 	if (*out_len < CRYPT_MD5_DIGESTSIZE)
 		return false;
 
-	CCHmacFinal(&ctx->native, out);
+	CCHmacFinal(&ntlm->crypt_ctx.hmac, out);
 
 	*out_len = CRYPT_MD5_DIGESTSIZE;
 	return true;
 }
 
-void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx)
+void ntlm_crypt_shutdown(ntlm_client *ntlm)
 {
-	free(ctx);
+	NTLM_UNUSED(ntlm);
 }

deps/ntlmclient/crypt_commoncrypto.h

@@ -11,8 +11,8 @@
 
 #include <CommonCrypto/CommonCrypto.h>
 
-typedef struct {
-	CCHmacContext native;
-} ntlm_hmac_ctx;
+struct ntlm_crypt_ctx {
+	CCHmacContext hmac;
+};
 
 #endif /* PRIVATE_CRYPT_COMMONCRYPTO_H__ */

deps/ntlmclient/crypt_mbedtls.c

@@ -17,9 +17,24 @@
 #include "ntlm.h"
 #include "crypt.h"
 
+bool ntlm_crypt_init(ntlm_client *ntlm)
+{
+	const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
+
+	mbedtls_md_init(&ntlm->crypt_ctx.hmac);
+
+	if (mbedtls_md_setup(&ntlm->crypt_ctx.hmac, info, 1) != 0) {
+		ntlm_client_set_errmsg(ntlm, "could not setup mbedtls digest");
+		return false;
+	}
+
+	return true;
+}
+
+
 bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len)
 {
 	mbedtls_ctr_drbg_context ctr_drbg;
@@ -51,6 +66,7 @@ bool ntlm_random_bytes(
 
 bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key)
 {
@@ -60,8 +76,10 @@ bool ntlm_des_encrypt(
 	mbedtls_des_init(&ctx);
 
 	if (mbedtls_des_setkey_enc(&ctx, *key) ||
-		mbedtls_des_crypt_ecb(&ctx, *plaintext, *out))
+	    mbedtls_des_crypt_ecb(&ctx, *plaintext, *out)) {
+		ntlm_client_set_errmsg(ntlm, "DES encryption failed");
 		goto done;
+	}
 
 	success = true;
 
@@ -72,11 +90,14 @@ bool ntlm_des_encrypt(
 
 bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
 	mbedtls_md4_context ctx;
 
+	NTLM_UNUSED(ntlm);
+
 	mbedtls_md4_init(&ctx);
 	mbedtls_md4_starts(&ctx);
 	mbedtls_md4_update(&ctx, in, in_len);
@@ -86,60 +107,40 @@ bool ntlm_md4_digest(
 	return true;
 }
 
-ntlm_hmac_ctx *ntlm_hmac_ctx_init(void)
-{
-	ntlm_hmac_ctx *ctx;
-	const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
-
-	if ((ctx = calloc(1, sizeof(ntlm_hmac_ctx))) == NULL)
-		return NULL;
-
-	mbedtls_md_init(&ctx->mbed);
-
-	if (mbedtls_md_setup(&ctx->mbed, info, 1) != 0) {
-		free(ctx);
-		return false;
-	}
-
-	return ctx;
-}
-
-bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx)
-{
-	return !mbedtls_md_hmac_reset(&ctx->mbed);
-}
-
 bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len)
 {
-	return !mbedtls_md_hmac_starts(&ctx->mbed, key, key_len);
+	if (ntlm->crypt_ctx.hmac_initialized) {
+		if (mbedtls_md_hmac_reset(&ntlm->crypt_ctx.hmac))
+			return false;
+	}
+
+	ntlm->crypt_ctx.hmac_initialized = !mbedtls_md_hmac_starts(&ntlm->crypt_ctx.hmac, key, key_len);
+	return ntlm->crypt_ctx.hmac_initialized;
 }
 
 bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
-	return !mbedtls_md_hmac_update(&ctx->mbed, in, in_len);
+	return !mbedtls_md_hmac_update(&ntlm->crypt_ctx.hmac, in, in_len);
 }
 
 bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx)
+	ntlm_client *ntlm)
 {
 	if (*out_len < CRYPT_MD5_DIGESTSIZE)
 		return false;
 
-	return !mbedtls_md_hmac_finish(&ctx->mbed, out);
+	return !mbedtls_md_hmac_finish(&ntlm->crypt_ctx.hmac, out);
 }
 
-void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx)
+void ntlm_crypt_shutdown(ntlm_client *ntlm)
 {
-	if (ctx) {
-		mbedtls_md_free(&ctx->mbed);
-		free(ctx);
-	}
+	mbedtls_md_free(&ntlm->crypt_ctx.hmac);
 }

deps/ntlmclient/crypt_mbedtls.h

@@ -11,8 +11,9 @@
 
 #include "mbedtls/md.h"
 
-typedef struct {
-	mbedtls_md_context_t mbed;
-} ntlm_hmac_ctx;
+struct ntlm_crypt_ctx {
+	mbedtls_md_context_t hmac;
+	unsigned int hmac_initialized : 1;
+};
 
 #endif /* PRIVATE_CRYPT_MBEDTLS_H__ */