Browse Source

[mod_auth] http_auth_digest_hex2bin()

replace http_auth_md5_hex2bin() with more generic function to handle
digests of different lengths
personal/stbuehler/ci-build
Glenn Strauss 3 years ago
parent
commit
07fef25867
  1. 15
      src/http_auth.c
  2. 2
      src/http_auth.h
  3. 3
      src/mod_authn_file.c
  4. 5
      src/mod_authn_mysql.c
  5. 2
      src/mod_secdownload.c

15
src/http_auth.c

@ -137,20 +137,21 @@ void http_auth_setenv(connection *con, const char *username, size_t ulen, const
http_header_env_set(con, CONST_STR_LEN("AUTH_TYPE"), auth_type, alen);
}
int http_auth_md5_hex2bin (const char *md5hex, size_t len, unsigned char md5bin[16])
int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen)
{
/* validate and transform 32-byte MD5 hex string to 16-byte binary MD5 */
if (32 != len) return -1; /*(Note: char *md5hex must be a 32-char string)*/
for (int i = 0; i < 32; i+=2) {
int hi = md5hex[i];
int lo = md5hex[i+1];
/* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
* or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
if (len > (binlen << 1)) return -1;
for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
int hi = hexstr[i];
int lo = hexstr[i+1];
if ('0' <= hi && hi <= '9') hi -= '0';
else if ((hi |= 0x20), 'a' <= hi && hi <= 'f') hi += -'a' + 10;
else return -1;
if ('0' <= lo && lo <= '9') lo -= '0';
else if ((lo |= 0x20), 'a' <= lo && lo <= 'f') lo += -'a' + 10;
else return -1;
md5bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
}
return 0;
}

2
src/http_auth.h

@ -47,6 +47,6 @@ int http_auth_const_time_memeq (const char *a, size_t alen, const char *b, size_
void http_auth_setenv(connection *con, const char *username, size_t ulen, const char *auth_type, size_t alen);
int http_auth_md5_hex2bin (const char *md5hex, size_t len, unsigned char md5bin[16]);
int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen);
#endif

3
src/mod_authn_file.c

@ -257,7 +257,8 @@ static int mod_authn_file_htdigest_get(server *srv, const buffer *auth_fn, const
fclose(fp);
return http_auth_md5_hex2bin(f_pwd, pwd_len, HA1);
return http_auth_digest_hex2bin(f_pwd, pwd_len,
HA1, sizeof(HA1));
}
}

5
src/mod_authn_mysql.c

@ -379,7 +379,7 @@ static int mod_authn_mysql_password_cmp(const char *userpw, unsigned long userpw
/*(compare 16-byte MD5 binary instead of converting to hex strings
* in order to then have to do case-insensitive hex str comparison)*/
return (0 == http_auth_md5_hex2bin(userpw, 32 /*(userpwlen)*/, md5pw))
return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
? memcmp(HA1, md5pw, sizeof(md5pw))
: -1;
}
@ -413,7 +413,8 @@ static int mod_authn_mysql_result(server *srv, plugin_data *p, const char *pw, u
rc = mod_authn_mysql_password_cmp(row[0], lengths[0], pw);
}
else { /* used with HTTP Digest auth */
rc = http_auth_md5_hex2bin(row[0], lengths[0], HA1);
rc = http_auth_digest_hex2bin(row[0], lengths[0],
HA1, sizeof(HA1));
}
}
else if (0 == num_rows) {

2
src/mod_secdownload.c

@ -158,7 +158,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
unsigned char HA1[16];
unsigned char md5bin[16];
if (0 != http_auth_md5_hex2bin(mac, maclen, md5bin)) return 0;
if (0 != http_auth_digest_hex2bin(mac, maclen, md5bin, sizeof(md5bin))) return 0;
/* legacy message:
* protected_path := '/' <timestamp-hex> <rel-path>

Loading…
Cancel
Save