lib: remove function pointer typecasts for hmac/sha256/md5

Make sure we use functions with the correct prototype.

Closes #15289

lib/src: white space edits to comply better with code style

... as checksrc now finds and complains about these.

Closes #14921

lib: fix building with wolfSSL without DES support

E.g. with Homebrew wolfssl 5.7.2 on macOS:
```
In file included from _bld/lib/CMakeFiles/libcurl_static.dir/Unity/unity_0_c.c:85:

lib: fix building with wolfSSL without DES support

E.g. with Homebrew wolfssl 5.7.2 on macOS:
```
In file included from _bld/lib/CMakeFiles/libcurl_static.dir/Unity/unity_0_c.c:85:
lib/curl_ntlm_core.c:157:27: error: unknown type name 'DES_key_schedule'
DES_key_schedule DESKEYARG(ks))
^
lib/curl_ntlm_core.c:159:3: error: use of undeclared identifier 'DES_cblock'
DES_cblock key;
^
[...]
```

Earlier patch addressing this for OpenSSL:
802d8644500f5b18c895b77a23d85e029766d65e #7808

Cherry-picked from #14495
Closes #14512

show more ...

tidy-up: OS names

Use these words and casing more consistently across text, comments and
one curl tool output:
AIX, ALPN, ANSI, BSD, Cygwin, Darwin, FreeBSD, GitHub, HP-UX, Linux,

tidy-up: OS names

Use these words and casing more consistently across text, comments and
one curl tool output:
AIX, ALPN, ANSI, BSD, Cygwin, Darwin, FreeBSD, GitHub, HP-UX, Linux,
macOS, MS-DOS, MSYS, MinGW, NTLM, POSIX, Solaris, UNIX, Unix, Unicode,
WINE, WebDAV, Win32, winbind, WinIDN, Windows, Windows CE, Winsock.

Mostly OS names and a few more.

Also a couple of other minor text fixups.

Closes #14360

show more ...

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname
- file name => filename
- user name = username
- man page => manpage
- run-time => runtime
- set-up => setup
- back-end => backend
- a HTTP => an HTTP
- Two spaces after a period => one space after period

Closes #14073

show more ...

docs: misc language polish

- CURLINFO_FILETIME*: improve language
- add '32bit' and '64bit' as bad words, use 32-bit and 64-bit
- mksymbolsmanpage.pl: avoid "will"

Closes #1

docs: misc language polish

- CURLINFO_FILETIME*: improve language
- add '32bit' and '64bit' as bad words, use 32-bit and 64-bit
- mksymbolsmanpage.pl: avoid "will"

Closes #14070

show more ...

lib: tidy up types and casts

Cherry-picked from #13489
Closes #13862

openssl: fix building with v3 `no-deprecated` + add CI test

- build quictls with `no-deprecated` in CI to have test coverage for
this OpenSSL 3 configuration.

- don't call `Op

openssl: fix building with v3 `no-deprecated` + add CI test

- build quictls with `no-deprecated` in CI to have test coverage for
this OpenSSL 3 configuration.

- don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`.
The caller code is meant for OpenSSL 3, while these two functions were
only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3
if built with option `no-deprecated`, causing build errors:
```
vtls/openssl.c:4097:3: error: call to undeclared function 'OpenSSL_add_all_algorithms'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
vtls/openssl.c:4098:3: error: call to undeclared function 'OpenSSL_add_all_digests'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
```
Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?fullLog=true#L7667

Regression from b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030
Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669
Reviewed-by: Alex Bozarth

- vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with
`no-deprecated` quictls 3 builds.
Do it by moving an existing solution for this from `vtls/openssl.c`
to `vtls/openssl.h` and adjusting caller code.
```
vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function 'SSL_get_peer_certificate'; did you mean 'SSL_get1_peer_certificate'? [-Wimplicit-function-declaration]
```
Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#step:24:1178

- curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and
`-Wunused-function` when trying to build curl with NTLM enabled but
without the necessary TLS backend (with DES) support.

Closes #12384

show more ...

crypto: ensure crypto initialization works

Make sure that context initialization during hash setup works to avoid
going forward with the risk of a null pointer dereference.

Repo

crypto: ensure crypto initialization works

Make sure that context initialization during hash setup works to avoid
going forward with the risk of a null pointer dereference.

Reported-by: Philippe Antoine on HackerOne
Assisted-by: Jay Satiro
Assisted-by: Daniel Stenberg

Closes #11614

show more ...

nss: remove support for this TLS library

Closes #11459

openssl: interop with AWS-LC

* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_

openssl: interop with AWS-LC

* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_VERSION and report AWS-LC release number
* GitHub Actions script to build with autoconf and cmake against AWS-LC

AWS-LC is a BoringSSL/OpenSSL derivative
For more information see https://github.com/awslabs/aws-lc/

Closes #10320

show more ...

tls: fixes for wolfssl + openssl combo builds

1. Add `USE_WOLFSSL` to the TLS backend priority list in
`lib/curl_ntlm_core.c`.

2. Fix `lib/curl_ntlm_core.h` to respect TLS ba

tls: fixes for wolfssl + openssl combo builds

1. Add `USE_WOLFSSL` to the TLS backend priority list in
`lib/curl_ntlm_core.c`.

2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing
it in sync with the above list and `lib/curl_ntlm_core.c` itself.

Reported-by: Mark Roszko
Ref: https://github.com/curl/curl/issues/10321

3. Allow enabling both wolfSSL and OpenSSL at the same time in
`lib/Makefile.mk` bringing this in line with cmake/autotools builds.
Update logic to select the crypto-specific lib for `ngtcp2`, which
supports a single TLS backend at the same time.

Closes #10322

show more ...

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

ntlm: improve comment for encrypt_des

Reported-by: Andrei Rybak
Fixes #9903
Closes #9925

ntlm: silence ubsan warning about copying from null target_info pointer.

runtime error: null pointer passed as argument 2, which is declared to
never be null

Closes #9898

docs: update sourceforge project links [ci skip]

SourceForge projects can now choose between two hostnames, with .io and
.net ending. Both support HTTPS by default now. Opening the other

docs: update sourceforge project links [ci skip]

SourceForge projects can now choose between two hostnames, with .io and
.net ending. Both support HTTPS by default now. Opening the other variant
will perm-redirected to the one chosen by the project.

The .io -> .net redirection is done insecurely.

Let's update the URLs to point to the current canonical endpoints to
avoid any redirects.

Closes #9630

show more ...

Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip]

Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl`
was also enabled. `-ssl` meaning OpenSSL (and its forks)

Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip]

Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl`
was also enabled. `-ssl` meaning OpenSSL (and its forks). After
8a13be227eede2601c2b3b1c63e08b3dc9b35dd5 nghttp3/ngtcp2 can also be
used together with wolfSSL. This patch adds the ability to enable
`-nghttp3`/`-ngtcp2` independently from `-ssl` (OpenSSL), allowing to
use it with wolfSSL or other, future TLS backends.

Before this patch, it was fine to enable `-nghttp3`/`-ngtcp2`
unconditionally. After this patch, this is no longer the case, and now
it's the user's responsibility to enable `-nghttp3`/`-ngtcp2` only
together with a compatible TLS backend.

When using a TLS backend other than OpenSSL, the TLS-specific ngtcp2
library must be configured manually, e.g.:
`export CURL_LDFLAG_EXTRAS=-lngtcp2_crypto_wolfssl`

(or via `NGTCP2_LIBS`)

Closes #9314

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

wolfSSL: explicitly use compatibility layer

This change removes adding an include `$prefix/wolfssl` or similar to
allow for openssl include aliasing. Include paths of `wolfssl/openssl/`

wolfSSL: explicitly use compatibility layer

This change removes adding an include `$prefix/wolfssl` or similar to
allow for openssl include aliasing. Include paths of `wolfssl/openssl/`
are used to explicitly use wolfSSL includes. This fixes cmake builds as
well as avoiding potentially using openSSL headers since include path
order is not guaranteed.

Closes #8864

show more ...

ntlm: remove unused feature defines

They're not used anymore and always supported.

Closes https://github.com/curl/curl/pull/8453

lib: remove support for CURL_DOES_CONVERSIONS

TPF was the only user and support for that was dropped.

Closes #8378

curl_ntlm_core: use OpenSSL only if DES is available

This selects another SSL backend then if available, or otherwise at
least gives a meaningful error message.

Closes https://g

curl_ntlm_core: use OpenSSL only if DES is available

This selects another SSL backend then if available, or otherwise at
least gives a meaningful error message.

Closes https://github.com/curl/curl/pull/7808

show more ...

NTLM: use DES_set_key_unchecked with OpenSSL

... as the previously used function DES_set_key() will in some cases
reject using a key that it deems "weak" which will cause curl to
con

NTLM: use DES_set_key_unchecked with OpenSSL

... as the previously used function DES_set_key() will in some cases
reject using a key that it deems "weak" which will cause curl to
continue using the unitialized buffer content as key instead.

Assisted-by: Harry Sintonen
Fixes #7779
Closes #7781

show more ...

mbedtls: Remove unnecessary include

- curl_setup.h: all references to mbedtls_md4* functions and structures
are in the md4.c. This file already includes the <mbedtls/md4.h> file

mbedtls: Remove unnecessary include

- curl_setup.h: all references to mbedtls_md4* functions and structures
are in the md4.c. This file already includes the <mbedtls/md4.h> file
along with the file existence control (defined (MBEDTLS_MD4_C))

- curl_ntlm_core.c: unnecessary include - repeated below

Closes #7419

show more ...

Curl_ntlm_core_mk_nt_hash: fix OOM in error path

Closes #7164