rugged 1.0.0 → 1.2.0

data/vendor/libgit2/deps/http-parser/CMakeLists.txt

@@ -1,5 +1,6 @@
-FILE(GLOB SRC_HTTP "*.c" "*.h")
+file(GLOB SRC_HTTP "*.c" "*.h")
+list(SORT SRC_HTTP)
 
-ADD_LIBRARY(http-parser OBJECT ${SRC_HTTP})
+add_library(http-parser OBJECT ${SRC_HTTP})
 
-ENABLE_WARNINGS(implicit-fallthrough=1)
+enable_warnings(implicit-fallthrough=1)

data/vendor/libgit2/deps/ntlmclient/CMakeLists.txt

@@ -1,23 +1,37 @@
-FILE(GLOB SRC_NTLMCLIENT "ntlm.c" "unicode_builtin.c" "util.c")
+FILE(GLOB SRC_NTLMCLIENT "ntlm.c" "ntlm.h" "util.c" "util.h")
+LIST(SORT SRC_NTLMCLIENT)
 
 ADD_DEFINITIONS(-DNTLM_STATIC=1)
 
 DISABLE_WARNINGS(implicit-fallthrough)
 
-IF (HTTPS_BACKEND STREQUAL "SecureTransport")
+IF(USE_ICONV)
+	ADD_DEFINITIONS(-DUNICODE_ICONV=1)
+	FILE(GLOB SRC_NTLMCLIENT_UNICODE "unicode_iconv.c" "unicode_iconv.h")
+ELSE()
+	ADD_DEFINITIONS(-DUNICODE_BUILTIN=1)
+	FILE(GLOB SRC_NTLMCLIENT_UNICODE "unicode_builtin.c" "unicode_builtin.h")
+ENDIF()
+
+IF(USE_HTTPS STREQUAL "SecureTransport")
 	ADD_DEFINITIONS(-DCRYPT_COMMONCRYPTO)
-	SET(SRC_NTLMCLIENT_CRYPTO "crypt_commoncrypto.c")
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_commoncrypto.c" "crypt_commoncrypto.h")
 	# CC_MD4 has been deprecated in macOS 10.15.
 	SET_SOURCE_FILES_PROPERTIES("crypt_commoncrypto.c" COMPILE_FLAGS "-Wno-deprecated")
-ELSEIF (HTTPS_BACKEND STREQUAL "OpenSSL")
+ELSEIF(USE_HTTPS STREQUAL "OpenSSL")
 	ADD_DEFINITIONS(-DCRYPT_OPENSSL)
 	INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
-	SET(SRC_NTLMCLIENT_CRYPTO "crypt_openssl.c")
-ELSEIF (HTTPS_BACKEND STREQUAL "mbedTLS")
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_openssl.c" "crypt_openssl.h")
+ELSEIF(USE_HTTPS STREQUAL "OpenSSL-Dynamic")
+	ADD_DEFINITIONS(-DCRYPT_OPENSSL)
+	ADD_DEFINITIONS(-DCRYPT_OPENSSL_DYNAMIC)
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_openssl.c" "crypt_openssl.h")
+ELSEIF(USE_HTTPS STREQUAL "mbedTLS")
 	ADD_DEFINITIONS(-DCRYPT_MBEDTLS)
-	SET(SRC_NTLMCLIENT_CRYPTO "crypt_mbedtls.c")
-ELSE ()
-	MESSAGE(FATAL_ERROR "Unable to use libgit2's HTTPS backend (${HTTPS_BACKEND}) for NTLM crypto")
+	INCLUDE_DIRECTORIES(${MBEDTLS_INCLUDE_DIR})
+	SET(SRC_NTLMCLIENT_CRYPTO "crypt_mbedtls.c" "crypt_mbedtls.h")
+ELSE()
+	MESSAGE(FATAL_ERROR "Unable to use libgit2's HTTPS backend (${USE_HTTPS}) for NTLM crypto")
 ENDIF()
 
-ADD_LIBRARY(ntlmclient OBJECT ${SRC_NTLMCLIENT} ${SRC_NTLMCLIENT_CRYPTO})
+ADD_LIBRARY(ntlmclient OBJECT ${SRC_NTLMCLIENT} ${SRC_NTLMCLIENT_UNICODE} ${SRC_NTLMCLIENT_CRYPTO})

data/vendor/libgit2/deps/ntlmclient/compat.h

@@ -21,33 +21,6 @@
 # include <stdbool.h>
 #endif
 
-#ifdef __linux__
-/* See man page endian(3) */
-# include <endian.h>
-# define htonll htobe64
-#elif defined(__OpenBSD__)
-/* See man page htobe64(3) */
-# include <endian.h>
-# define htonll htobe64
-#elif defined(__FreeBSD__)
-/* See man page bwaps64(9) */
-# include <sys/endian.h>
-# define htonll htobe64
-#elif defined(sun) || defined(__sun)
-/* See man page byteorder(3SOCKET) */
-# include <sys/types.h>
-# include <netinet/in.h>
-# include <inttypes.h>
-
-# if !defined(htonll)
-#  if defined(_BIG_ENDIAN)
-#   define htonll(x) (x)
-#  else
-#   define htonll(x) ((((uint64_t)htonl(x)) << 32) + htonl((uint64_t)(x) >> 32))
-#  endif
-# endif
-#endif
-
 #ifndef MIN
 # define MIN(x, y) (((x) < (y)) ? (x) : (y))
 #endif

data/vendor/libgit2/deps/ntlmclient/crypt.h

@@ -9,6 +9,9 @@
 #ifndef PRIVATE_CRYPT_COMMON_H__
 #define PRIVATE_CRYPT_COMMON_H__
 
+#include "ntlmclient.h"
+#include "ntlm.h"
+
 #if defined(CRYPT_OPENSSL)
 # include "crypt_openssl.h"
 #elif defined(CRYPT_MBEDTLS)
@@ -25,40 +28,42 @@
 
 typedef unsigned char ntlm_des_block[CRYPT_DES_BLOCKSIZE];
 
+typedef struct ntlm_crypt_ctx ntlm_crypt_ctx;
+
+extern bool ntlm_crypt_init(ntlm_client *ntlm);
+
 extern bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len);
 
 extern bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key);
 
 extern bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len);
 
-extern ntlm_hmac_ctx *ntlm_hmac_ctx_init(void);
-
-extern bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx);
-
 extern bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len);
 
 extern bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *data,
 	size_t data_len);
 
 extern bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx);
+	ntlm_client *ntlm);
 
-extern void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx);
+extern void ntlm_crypt_shutdown(ntlm_client *ntlm);
 
 #endif /* PRIVATE_CRYPT_COMMON_H__ */

data/vendor/libgit2/deps/ntlmclient/crypt_commoncrypto.c

@@ -18,9 +18,15 @@
 #include "ntlm.h"
 #include "crypt.h"
 
+bool ntlm_crypt_init(ntlm_client *ntlm)
+{
+	memset(&ntlm->crypt_ctx, 0, sizeof(ntlm_crypt_ctx));
+	return true;
+}
+
 bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len)
 {
 	int fd, ret;
@@ -49,11 +55,14 @@ bool ntlm_random_bytes(
 
 bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key)
 {
 	size_t written;
 
+	NTLM_UNUSED(ntlm);
+
 	CCCryptorStatus result = CCCrypt(kCCEncrypt,
 		kCCAlgorithmDES, kCCOptionECBMode,
 		key, sizeof(ntlm_des_block), NULL,
@@ -65,56 +74,47 @@ bool ntlm_des_encrypt(
 
 bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
+	NTLM_UNUSED(ntlm);
 	return !!CC_MD4(in, in_len, out);
 }
 
-ntlm_hmac_ctx *ntlm_hmac_ctx_init(void)
-{
-	return calloc(1, sizeof(ntlm_hmac_ctx));
-}
-
-bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx)
-{
-	memset(ctx, 0, sizeof(ntlm_hmac_ctx));
-	return true;
-}
-
 bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len)
 {
-	CCHmacInit(&ctx->native, kCCHmacAlgMD5, key, key_len);
+	CCHmacInit(&ntlm->crypt_ctx.hmac, kCCHmacAlgMD5, key, key_len);
 	return true;
 }
 
 bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *data,
 	size_t data_len)
 {
-	CCHmacUpdate(&ctx->native, data, data_len);
+	CCHmacUpdate(&ntlm->crypt_ctx.hmac, data, data_len);
 	return true;
 }
 
 bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx)
+	ntlm_client *ntlm)
 {
 	if (*out_len < CRYPT_MD5_DIGESTSIZE)
 		return false;
 
-	CCHmacFinal(&ctx->native, out);
+	CCHmacFinal(&ntlm->crypt_ctx.hmac, out);
 
 	*out_len = CRYPT_MD5_DIGESTSIZE;
 	return true;
 }
 
-void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx)
+void ntlm_crypt_shutdown(ntlm_client *ntlm)
 {
-	free(ctx);
+	NTLM_UNUSED(ntlm);
 }

data/vendor/libgit2/deps/ntlmclient/crypt_commoncrypto.h

@@ -11,8 +11,8 @@
 
 #include <CommonCrypto/CommonCrypto.h>
 
-typedef struct {
-	CCHmacContext native;
-} ntlm_hmac_ctx;
+struct ntlm_crypt_ctx {
+	CCHmacContext hmac;
+};
 
 #endif /* PRIVATE_CRYPT_COMMONCRYPTO_H__ */

data/vendor/libgit2/deps/ntlmclient/crypt_mbedtls.c

@@ -17,9 +17,24 @@
 #include "ntlm.h"
 #include "crypt.h"
 
+bool ntlm_crypt_init(ntlm_client *ntlm)
+{
+	const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
+
+	mbedtls_md_init(&ntlm->crypt_ctx.hmac);
+
+	if (mbedtls_md_setup(&ntlm->crypt_ctx.hmac, info, 1) != 0) {
+		ntlm_client_set_errmsg(ntlm, "could not setup mbedtls digest");
+		return false;
+	}
+
+	return true;
+}
+
+
 bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len)
 {
 	mbedtls_ctr_drbg_context ctr_drbg;
@@ -51,6 +66,7 @@ bool ntlm_random_bytes(
 
 bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key)
 {
@@ -60,8 +76,10 @@ bool ntlm_des_encrypt(
 	mbedtls_des_init(&ctx);
 
 	if (mbedtls_des_setkey_enc(&ctx, *key) ||
-		mbedtls_des_crypt_ecb(&ctx, *plaintext, *out))
+	    mbedtls_des_crypt_ecb(&ctx, *plaintext, *out)) {
+		ntlm_client_set_errmsg(ntlm, "DES encryption failed");
 		goto done;
+	}
 
 	success = true;
 
@@ -72,11 +90,14 @@ done:
 
 bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
 	mbedtls_md4_context ctx;
 
+	NTLM_UNUSED(ntlm);
+
 	mbedtls_md4_init(&ctx);
 	mbedtls_md4_starts(&ctx);
 	mbedtls_md4_update(&ctx, in, in_len);
@@ -86,60 +107,40 @@ bool ntlm_md4_digest(
 	return true;
 }
 
-ntlm_hmac_ctx *ntlm_hmac_ctx_init(void)
-{
-	ntlm_hmac_ctx *ctx;
-	const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
-
-	if ((ctx = calloc(1, sizeof(ntlm_hmac_ctx))) == NULL)
-		return NULL;
-
-	mbedtls_md_init(&ctx->mbed);
-
-	if (mbedtls_md_setup(&ctx->mbed, info, 1) != 0) {
-		free(ctx);
-		return false;
-	}
-
-	return ctx;
-}
-
-bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx)
-{
-	return !mbedtls_md_hmac_reset(&ctx->mbed);
-}
-
 bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len)
 {
-	return !mbedtls_md_hmac_starts(&ctx->mbed, key, key_len);
+	if (ntlm->crypt_ctx.hmac_initialized) {
+		if (mbedtls_md_hmac_reset(&ntlm->crypt_ctx.hmac))
+			return false;
+	}
+
+	ntlm->crypt_ctx.hmac_initialized = !mbedtls_md_hmac_starts(&ntlm->crypt_ctx.hmac, key, key_len);
+	return ntlm->crypt_ctx.hmac_initialized;
 }
 
 bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
-	return !mbedtls_md_hmac_update(&ctx->mbed, in, in_len);
+	return !mbedtls_md_hmac_update(&ntlm->crypt_ctx.hmac, in, in_len);
 }
 
 bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx)
+	ntlm_client *ntlm)
 {
 	if (*out_len < CRYPT_MD5_DIGESTSIZE)
 		return false;
 
-	return !mbedtls_md_hmac_finish(&ctx->mbed, out);
+	return !mbedtls_md_hmac_finish(&ntlm->crypt_ctx.hmac, out);
 }
 
-void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx)
+void ntlm_crypt_shutdown(ntlm_client *ntlm)
 {
-	if (ctx) {
-		mbedtls_md_free(&ctx->mbed);
-		free(ctx);
-	}
+	mbedtls_md_free(&ntlm->crypt_ctx.hmac);
 }

data/vendor/libgit2/deps/ntlmclient/crypt_mbedtls.h

@@ -11,8 +11,9 @@
 
 #include "mbedtls/md.h"
 
-typedef struct {
-	mbedtls_md_context_t mbed;
-} ntlm_hmac_ctx;
+struct ntlm_crypt_ctx {
+	mbedtls_md_context_t hmac;
+	unsigned int hmac_initialized : 1;
+};
 
 #endif /* PRIVATE_CRYPT_MBEDTLS_H__ */

data/vendor/libgit2/deps/ntlmclient/crypt_openssl.c

@@ -9,26 +9,166 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include <openssl/rand.h>
-#include <openssl/des.h>
-#include <openssl/md4.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
+#ifdef CRYPT_OPENSSL_DYNAMIC
+# include <dlfcn.h>
+#else
+# include <openssl/rand.h>
+# include <openssl/des.h>
+# include <openssl/md4.h>
+# include <openssl/hmac.h>
+# include <openssl/err.h>
+#endif
 
 #include "ntlm.h"
 #include "compat.h"
 #include "util.h"
 #include "crypt.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(CRYPT_OPENSSL_DYNAMIC)
+
+static inline HMAC_CTX *HMAC_CTX_new(void)
+{
+	return calloc(1, sizeof(HMAC_CTX));
+}
+
+static inline int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+	ntlm_memzero(ctx, sizeof(HMAC_CTX));
+	return 1;
+}
+
+static inline void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+	free(ctx);
+}
+
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(CRYPT_OPENSSL_DYNAMIC)
+
+static inline void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+{
+	NTLM_UNUSED(ctx);
+}
+
+#endif
+
+
+#ifdef CRYPT_OPENSSL_DYNAMIC
+
+static bool ntlm_crypt_init_functions(ntlm_client *ntlm)
+{
+	void *handle;
+
+	if ((handle = dlopen("libssl.so.1.1", RTLD_NOW)) == NULL &&
+	    (handle = dlopen("libssl.1.1.dylib", RTLD_NOW)) == NULL &&
+	    (handle = dlopen("libssl.so.1.0.0", RTLD_NOW)) == NULL &&
+	    (handle = dlopen("libssl.1.0.0.dylib", RTLD_NOW)) == NULL &&
+	    (handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL) {
+		ntlm_client_set_errmsg(ntlm, "could not open libssl");
+		return false;
+	}
+
+	ntlm->crypt_ctx.des_set_key_fn = dlsym(handle, "DES_set_key");
+	ntlm->crypt_ctx.des_ecb_encrypt_fn = dlsym(handle, "DES_ecb_encrypt");
+	ntlm->crypt_ctx.err_get_error_fn = dlsym(handle, "ERR_get_error");
+	ntlm->crypt_ctx.err_lib_error_string_fn = dlsym(handle, "ERR_lib_error_string");
+	ntlm->crypt_ctx.evp_md5_fn = dlsym(handle, "EVP_md5");
+	ntlm->crypt_ctx.hmac_ctx_new_fn = dlsym(handle, "HMAC_CTX_new");
+	ntlm->crypt_ctx.hmac_ctx_free_fn = dlsym(handle, "HMAC_CTX_free");
+	ntlm->crypt_ctx.hmac_ctx_reset_fn = dlsym(handle, "HMAC_CTX_reset");
+	ntlm->crypt_ctx.hmac_init_ex_fn = dlsym(handle, "HMAC_Init_ex");
+	ntlm->crypt_ctx.hmac_update_fn = dlsym(handle, "HMAC_Update");
+	ntlm->crypt_ctx.hmac_final_fn = dlsym(handle, "HMAC_Final");
+	ntlm->crypt_ctx.md4_fn = dlsym(handle, "MD4");
+	ntlm->crypt_ctx.rand_bytes_fn = dlsym(handle, "RAND_bytes");
+
+	if (!ntlm->crypt_ctx.des_set_key_fn ||
+	    !ntlm->crypt_ctx.des_ecb_encrypt_fn ||
+	    !ntlm->crypt_ctx.err_get_error_fn ||
+	    !ntlm->crypt_ctx.err_lib_error_string_fn ||
+	    !ntlm->crypt_ctx.evp_md5_fn ||
+	    !ntlm->crypt_ctx.hmac_init_ex_fn ||
+	    !ntlm->crypt_ctx.hmac_update_fn ||
+	    !ntlm->crypt_ctx.hmac_final_fn ||
+	    !ntlm->crypt_ctx.md4_fn ||
+	    !ntlm->crypt_ctx.rand_bytes_fn) {
+		ntlm_client_set_errmsg(ntlm, "could not load libssl functions");
+		dlclose(handle);
+		return false;
+	}
+
+	/* Toggle legacy HMAC context functions */
+	if (ntlm->crypt_ctx.hmac_ctx_new_fn &&
+	    ntlm->crypt_ctx.hmac_ctx_free_fn &&
+	    ntlm->crypt_ctx.hmac_ctx_reset_fn) {
+		ntlm->crypt_ctx.hmac_ctx_cleanup_fn = HMAC_CTX_cleanup;
+	} else {
+		ntlm->crypt_ctx.hmac_ctx_cleanup_fn = dlsym(handle, "HMAC_CTX_cleanup");
+
+		if (!ntlm->crypt_ctx.hmac_ctx_cleanup_fn) {
+			ntlm_client_set_errmsg(ntlm, "could not load legacy libssl functions");
+			dlclose(handle);
+			return false;
+		}
+
+		ntlm->crypt_ctx.hmac_ctx_new_fn = HMAC_CTX_new;
+		ntlm->crypt_ctx.hmac_ctx_free_fn = HMAC_CTX_free;
+		ntlm->crypt_ctx.hmac_ctx_reset_fn = HMAC_CTX_reset;
+	}
+
+	ntlm->crypt_ctx.openssl_handle = handle;
+	return true;
+}
+
+#else /* CRYPT_OPENSSL_DYNAMIC */
+
+static bool ntlm_crypt_init_functions(ntlm_client *ntlm)
+{
+	ntlm->crypt_ctx.des_set_key_fn = DES_set_key;
+	ntlm->crypt_ctx.des_ecb_encrypt_fn = DES_ecb_encrypt;
+	ntlm->crypt_ctx.err_get_error_fn = ERR_get_error;
+	ntlm->crypt_ctx.err_lib_error_string_fn = ERR_lib_error_string;
+	ntlm->crypt_ctx.evp_md5_fn = EVP_md5;
+	ntlm->crypt_ctx.hmac_ctx_new_fn = HMAC_CTX_new;
+	ntlm->crypt_ctx.hmac_ctx_free_fn = HMAC_CTX_free;
+	ntlm->crypt_ctx.hmac_ctx_reset_fn = HMAC_CTX_reset;
+	ntlm->crypt_ctx.hmac_ctx_cleanup_fn = HMAC_CTX_cleanup;
+	ntlm->crypt_ctx.hmac_init_ex_fn = HMAC_Init_ex;
+	ntlm->crypt_ctx.hmac_update_fn = HMAC_Update;
+	ntlm->crypt_ctx.hmac_final_fn = HMAC_Final;
+	ntlm->crypt_ctx.md4_fn = MD4;
+	ntlm->crypt_ctx.rand_bytes_fn = RAND_bytes;
+
+	return true;
+}
+
+#endif /* CRYPT_OPENSSL_DYNAMIC */
+
+bool ntlm_crypt_init(ntlm_client *ntlm)
+{
+	if (!ntlm_crypt_init_functions(ntlm))
+		return false;
+
+	ntlm->crypt_ctx.hmac = ntlm->crypt_ctx.hmac_ctx_new_fn();
+
+	if (ntlm->crypt_ctx.hmac == NULL) {
+		ntlm_client_set_errmsg(ntlm, "out of memory");
+		return false;
+	}
+
+	return true;
+}
+
 bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len)
 {
-	int rc = RAND_bytes(out, len);
+	int rc = ntlm->crypt_ctx.rand_bytes_fn(out, len);
 
 	if (rc != 1) {
-		ntlm_client_set_errmsg(ntlm, ERR_lib_error_string(ERR_get_error()));
+		ntlm_client_set_errmsg(ntlm, ntlm->crypt_ctx.err_lib_error_string_fn(ntlm->crypt_ctx.err_get_error_fn()));
 		return false;
 	}
 
@@ -37,94 +177,81 @@ bool ntlm_random_bytes(
 
 bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key)
 {
 	DES_key_schedule keysched;
 
+	NTLM_UNUSED(ntlm);
+
 	memset(out, 0, sizeof(ntlm_des_block));
 
-	DES_set_key(key, &keysched);
-	DES_ecb_encrypt(plaintext, out, &keysched, DES_ENCRYPT);
+	ntlm->crypt_ctx.des_set_key_fn(key, &keysched);
+	ntlm->crypt_ctx.des_ecb_encrypt_fn(plaintext, out, &keysched, DES_ENCRYPT);
 
 	return true;
 }
 
 bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
-	MD4(in, in_len, out);
+	ntlm->crypt_ctx.md4_fn(in, in_len, out);
 	return true;
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-static inline void HMAC_CTX_free(HMAC_CTX *ctx)
-{
-	if (ctx)
-		HMAC_CTX_cleanup(ctx);
-
-	free(ctx);
-}
-
-static inline int HMAC_CTX_reset(HMAC_CTX *ctx)
-{
-	HMAC_CTX_cleanup(ctx);
-	memzero(ctx, sizeof(HMAC_CTX));
-	return 1;
-}
-
-static inline HMAC_CTX *HMAC_CTX_new(void)
-{
-	return calloc(1, sizeof(HMAC_CTX));
-}
-#endif
-
-ntlm_hmac_ctx *ntlm_hmac_ctx_init(void)
-{
-	return HMAC_CTX_new();
-}
-
-bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx)
-{
-	return HMAC_CTX_reset(ctx);
-}
-
 bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len)
 {
-	return HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);
+	const EVP_MD *md5 = ntlm->crypt_ctx.evp_md5_fn();
+
+	ntlm->crypt_ctx.hmac_ctx_cleanup_fn(ntlm->crypt_ctx.hmac);
+
+	return ntlm->crypt_ctx.hmac_ctx_reset_fn(ntlm->crypt_ctx.hmac) &&
+	       ntlm->crypt_ctx.hmac_init_ex_fn(ntlm->crypt_ctx.hmac, key, key_len, md5, NULL);
 }
 
 bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
-	return HMAC_Update(ctx, in, in_len);
+	return ntlm->crypt_ctx.hmac_update_fn(ntlm->crypt_ctx.hmac, in, in_len);
 }
 
 bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx)
+	ntlm_client *ntlm)
 {
 	unsigned int len;
 
 	if (*out_len < CRYPT_MD5_DIGESTSIZE)
 		return false;
 
-	if (!HMAC_Final(ctx, out, &len))
+	if (!ntlm->crypt_ctx.hmac_final_fn(ntlm->crypt_ctx.hmac, out, &len))
 		return false;
 
 	*out_len = len;
 	return true;
 }
 
-void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx)
+void ntlm_crypt_shutdown(ntlm_client *ntlm)
 {
-	HMAC_CTX_free(ctx);
+	if (ntlm->crypt_ctx.hmac) {
+		ntlm->crypt_ctx.hmac_ctx_cleanup_fn(ntlm->crypt_ctx.hmac);
+		ntlm->crypt_ctx.hmac_ctx_free_fn(ntlm->crypt_ctx.hmac);
+	}
+
+#ifdef CRYPT_OPENSSL_DYNAMIC
+	if (ntlm->crypt_ctx.openssl_handle)
+		dlclose(ntlm->crypt_ctx.openssl_handle);
+#endif
+
+	memset(&ntlm->crypt_ctx, 0, sizeof(ntlm_crypt_ctx));
 }