From f320f2bf634a0a0e3e08e41f01d83019dad2d24e Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 19:50:31 -0700 Subject: [PATCH] Added preprocessor #ifdef USE_SSL around every instance of OPENSSL_VERSION_NUMBER --- nix/proxytunnel.nix | 9 +++++++-- ntlm.c | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index 7272eec..7940719 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -1,10 +1,15 @@ { + use-ssl ? true, gnu-system ? true, set-proc-title ? true, pkgs, }: let - # TODO: Due to the way the OPENSSL_VERSION_NUMBER macro is checked, the -DUSE_SSL flag is NECESSARY - optflags = "-DUSE_SSL ${ + optflags = "${ + if use-ssl + then "-DUSE_SSL" + else "" + } + ${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" diff --git a/ntlm.c b/ntlm.c index 5159202..e33c437 100644 --- a/ntlm.c +++ b/ntlm.c @@ -28,6 +28,7 @@ #include "proxytunnel.h" #include #include +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #ifdef CYGWIN #include @@ -38,6 +39,7 @@ #include #include #endif +#endif /* USE_SSL */ #define TYPE1_DATA_SEG 8 #define TYPE2_BUF_SIZE 2048 @@ -73,6 +75,7 @@ uint32_t flags; unsigned char lm2digest[LM2_DIGEST_LEN]; void init_ntlm() { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L OSSL_PROVIDER *provider; provider = OSSL_PROVIDER_load(NULL, "default"); @@ -127,6 +130,7 @@ void init_ntlm() { md5alg = EVP_md5(); mdctx = EVP_MD_CTX_new(); #endif +#endif /* ifdef USE_SSL */ } void build_type1() { @@ -308,10 +312,12 @@ unsigned char* key; /* pointer to authentication key */ int key_len; /* length of authentication key */ unsigned char digest[16]; /* caller digest to be filled in */ { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD5_CTX context; #endif +#endif /* ifdef USE_SSL */ unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ unsigned char k_opad[65]; /* outer padding - key XORd with opad */ unsigned char tk[16]; @@ -319,6 +325,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); EVP_DigestUpdate(mdctx, key, key_len); @@ -328,6 +335,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, key, key_len); MD5_Final(tk, &context); #endif +#endif /* ifdef USE_SSL */ key = tk; key_len = 16; } @@ -356,6 +364,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ } /* perform inner MD5 */ +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); /* init context for 1st pass */ EVP_DigestUpdate(mdctx, k_ipad, 64); /* start with inner pad */ @@ -380,15 +389,18 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, digest, 16); /* then results of 1st hash */ MD5_Final(digest, &context); /* finish up 2nd pass */ #endif +#endif /* ifdef USE_SSL */ } void build_ntlm2_response() { int i, j; int passlen = 0; +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD4_CTX passcontext; #endif +#endif /* ifdef USE_SSL */ unsigned char passdigest[16]; unsigned char *userdom; int userdomlen; @@ -413,6 +425,7 @@ void build_ntlm2_response() { } } +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md4alg, NULL); EVP_DigestUpdate(mdctx, unipasswd, passlen); @@ -422,6 +435,7 @@ void build_ntlm2_response() { MD4_Update (&passcontext, unipasswd, passlen); MD4_Final (passdigest, &passcontext); #endif +#endif /* ifdef USE_SSL */ if( args_info.verbose_flag ) { message("NTLM: MD4 of password is: ");