random: use Curl_rand() for proper random data

The SASL/Digest previously used the current time's seconds +
microseconds to add randomness but it is much better to instead get more
d

random: use Curl_rand() for proper random data

The SASL/Digest previously used the current time's seconds +
microseconds to add randomness but it is much better to instead get more
data from Curl_rand().

It will also allow us to easier "fake" that for debug builds on demand
in a future.

show more ...

curl_sasl: Fixed copy/paste error of now.tv_sec in commit eefeb73af4

curl_sasl: Fixed compilation warning under DEBUGBUILD

curl_sasl: Extended native DIGEST-MD5 cnonce to be a 32-byte hex string

Rather than use a short 8-byte hex string, extended the cnonce to be
32-bytes long, like Windows SSPI does.

curl_sasl: Extended native DIGEST-MD5 cnonce to be a 32-byte hex string

Rather than use a short 8-byte hex string, extended the cnonce to be
32-bytes long, like Windows SSPI does.

Used a combination of random data as well as the current date and
time for the generation.

show more ...

sasl: Fixed missing qop in the client's challenge-response message

Whilst the qop directive isn't required to be present in a client's
response, as servers should assume a qop of "auth"

sasl: Fixed missing qop in the client's challenge-response message

Whilst the qop directive isn't required to be present in a client's
response, as servers should assume a qop of "auth" if it isn't
specified, some may return authentication failure if it is missing.

show more ...

sas: Added DIGEST-MD5 qop-option validation in native challange handling

Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages,

sas: Added DIGEST-MD5 qop-option validation in native challange handling

Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.

show more ...

sasl: Fixed compilation warning in SSPI builds

warning: 'sasl_digest_get_key_value' defined but not used

sasl: Post DIGEST-MD5 SSPI code tidy up

* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer

sasl: Added initial stub functions for SSPI DIGEST-MD support

sasl: Combined DIGEST-MD5 message decoding and generation

Updated copyright year for recent changes

vtls/nssg.h: fixed include references to moved file

vtls: renamed sslgen.[ch] to vtls.[ch]

vtls: created subdir, moved sslgen.[ch] there, updated all include lines

base64: Fixed compilation warnings when using Curl_base64_decode()

curl_sasl.c:294: warning: dereferencing type-punned pointer will break
strict-aliasing rules

getpart.c:201: wa

base64: Fixed compilation warnings when using Curl_base64_decode()

curl_sasl.c:294: warning: dereferencing type-punned pointer will break
strict-aliasing rules

getpart.c:201: warning: dereferencing type-punned pointer will break
strict-aliasing rules

show more ...

email: Post graceful SASL authentication cancellation tidy up

sasl: Updated create_digest_md5_message() to use a dynamic buffer

email: Added support for cancelling NTLM authentication

sasl: Removed unused variables from commit b87ba2c94217c0

email: Added support for cancelling DIGEST-MD5 authentication

email: Added support for canceling CRAM-MD5 authentication

email: Added references to SASL LOGIN authentication draft proposal

sasl: Fixed memory leak in OAUTH2 message creation

sasl: fix compiler warning

error: unused variable 'table16'

tests: Added POP3 DIGEST-MD5 authentication test