openssl: fix building with v3 no-deprecated + add CI test

- build quictls with `no-deprecated` in CI to have test coverage for this OpenSSL 3 configuration. - don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`. The caller code is meant for OpenSSL 3, while these two functions were only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3 if built with option `no-deprecated`, causing build errors: ``` vtls/openssl.c:4097:3: error: call to undeclared function 'OpenSSL_add_all_algorithms'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] vtls/openssl.c:4098:3: error: call to undeclared function 'OpenSSL_add_all_digests'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] ``` Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?fullLog=true#L7667 Regression from b6e6d4ff8f #12030 Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669 Reviewed-by: Alex Bozarth - vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with `no-deprecated` quictls 3 builds. Do it by moving an existing solution for this from `vtls/openssl.c` to `vtls/openssl.h` and adjusting caller code. ``` vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function 'SSL_get_peer_certificate'; did you mean 'SSL_get1_peer_certificate'? [-Wimplicit-function-declaration] ``` Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#step:24:1178 - curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and `-Wunused-function` when trying to build curl with NTLM enabled but without the necessary TLS backend (with DES) support. Closes #12384
2026-04-14 22:41:40 +03:00 · 2023-11-22 15:08:09 +00:00 · 2023-11-22 15:08:09 +00:00 · 006977859d
commit 006977859d
parent 2c4c780472
5 changed files with 20 additions and 10 deletions
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@ -111,6 +111,7 @@
 #  include <wincrypt.h>
 #else
 #  error "Can't compile NTLM support without a crypto library with DES."
+#  define CURL_NTLM_NOT_SUPPORTED
 #endif

 #include "urldata.h"
@ -130,6 +131,7 @@
 #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00"
 #define NTLMv2_BLOB_LEN       (44 -16 + ntlm->target_info_len + 4)

+#if !defined(CURL_NTLM_NOT_SUPPORTED)
 /*
 * Turns a 56-bit key into being 64-bit wide.
 */
@ -144,6 +146,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key)
  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
 }
+#endif

 #if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL)
 /*
@ -337,6 +340,10 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
  encrypt_des(plaintext, results, keys);
  encrypt_des(plaintext, results + 8, keys + 7);
  encrypt_des(plaintext, results + 16, keys + 14);
+#else
+  (void)keys;
+  (void)plaintext;
+  (void)results;
 #endif
 }

@ -347,9 +354,11 @@ CURLcode Curl_ntlm_core_mk_lm_hash(const char *password,
                                   unsigned char *lmbuffer /* 21 bytes */)
 {
  unsigned char pw[14];
+#if !defined(CURL_NTLM_NOT_SUPPORTED)
  static const unsigned char magic[] = {
    0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
  };
+#endif
  size_t len = CURLMIN(strlen(password), 14);

  Curl_strntoupper((char *)pw, password, len);