[multiple] http_auth_digest_hex2bin -> li_hex2bin

move http_auth.c:http_auth_digest_hex2bin() to buffer.c:li_hex2bin() for reuse, e.g. for use by mod_secdownload, which is not mod_auth*
2021-05-22 16:19:37 -04:00 · 2021-05-22 16:19:37 -04:00 · e110b062be
parent 08c03cd450
commit e110b062be
9 changed files with 30 additions and 49 deletions
--- a/src/buffer.c
+++ b/src/buffer.c
@ -373,6 +373,25 @@ char hex2int(unsigned char hex) {
 	return li_cton(hex,n) ? (char)n : 0xFF;
 }

+int li_hex2bin (unsigned char * const bin, const size_t binlen, const char * const hexstr, const size_t len)
+{
+    /* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
+     * or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
+    if (len > (binlen << 1)) return -1;
+    for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
+        int hi = hexstr[i];
+        int lo = hexstr[i+1];
+        if ('0' <= hi && hi <= '9')                    hi -= '0';
+        else if ((uint32_t)(hi |= 0x20)-'a' <= 'f'-'a')hi += -'a' + 10;
+        else                                           return -1;
+        if ('0' <= lo && lo <= '9')                    lo -= '0';
+        else if ((uint32_t)(lo |= 0x20)-'a' <= 'f'-'a')lo += -'a' + 10;
+        else                                           return -1;
+        bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
+    }
+    return 0;
+}
+

 int buffer_eq_icase_ssn(const char * const a, const char * const b, const size_t len) {
    for (size_t i = 0; i < len; ++i) {
--- a/src/buffer.h
+++ b/src/buffer.h
@ -228,6 +228,8 @@ void buffer_to_upper(buffer *b);
 __attribute_const__
 char hex2int(unsigned char c);

+int li_hex2bin (unsigned char *bin, size_t binlen, const char *hexstr, size_t len);
+
 __attribute_pure__
 static inline int light_isdigit(int c);
 static inline int light_isdigit(int c) {
--- a/src/http_auth.c
+++ b/src/http_auth.c
@ -132,37 +132,3 @@ unsigned int http_auth_digest_len (int algo)

    return 0;
 }
-
-int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen)
-{
-    /* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
-     * or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
-    if (len > (binlen << 1)) return -1;
-    for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
-        int hi = hexstr[i];
-        int lo = hexstr[i+1];
-        if ('0' <= hi && hi <= '9')                    hi -= '0';
-        else if ((uint32_t)(hi |= 0x20)-'a' <= 'f'-'a')hi += -'a' + 10;
-        else                                           return -1;
-        if ('0' <= lo && lo <= '9')                    lo -= '0';
-        else if ((uint32_t)(lo |= 0x20)-'a' <= 'f'-'a')lo += -'a' + 10;
-        else                                           return -1;
-        bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
-    }
-    return 0;
-}
-
-#if 0
-int http_auth_md5_hex2lc (char *md5hex)
-{
-    /* validate and transform 32-byte MD5 hex string to lowercase */
-    int i;
-    for (i = 0; md5hex[i]; ++i) {
-        int c = md5hex[i];
-        if ('0' <= c && c <= '9')                      continue;
-        else if ((uint32_t)(c |= 0x20)-'a' <= 'f'-'a') md5hex[i] = c;
-        else                                           return -1;
-    }
-    return (32 == i) ? 0 : -1; /*(Note: char *md5hex must be a 32-char string)*/
-}
-#endif
--- a/src/http_auth.h
+++ b/src/http_auth.h
@ -90,6 +90,4 @@ void http_auth_backend_set (const http_auth_backend_t *backend);

 void http_auth_setenv(request_st *r, const char *username, size_t ulen, const char *auth_type, size_t alen);

-int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen);
-
 #endif
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@ -1324,8 +1324,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st

 	{
 		size_t resplen = strlen(respons);
-		if (0 != http_auth_digest_hex2bin(respons, resplen,
-						  rdigest, sizeof(rdigest))
+		if (0 != li_hex2bin(rdigest, sizeof(rdigest), respons, resplen)
 		    || resplen != (ai.dlen << 1)) {
 			log_error(r->conf.errh, __FILE__, __LINE__,
 			  "digest: (%s): invalid format", respons);
--- a/src/mod_authn_dbi.c
+++ b/src/mod_authn_dbi.c
@ -402,7 +402,7 @@ mod_authn_dbi_password_cmp (const char *userpw, unsigned long userpwlen, http_au

        /*(compare 16-byte MD5 binary instead of converting to hex strings
         * in order to then have to do case-insensitive hex str comparison)*/
-        return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
+        return (0 == li_hex2bin(md5pw, sizeof(md5pw), userpw, 32))
          ? ck_memeq_const_time_fixed_len(HA1, md5pw, sizeof(md5pw)) ? 0 : 1
          : -1;
    }
@ -422,7 +422,7 @@ mod_authn_dbi_password_cmp (const char *userpw, unsigned long userpwlen, http_au

        /*(compare 32-byte binary digest instead of converting to hex strings
         * in order to then have to do case-insensitive hex str comparison)*/
-        return (0 == http_auth_digest_hex2bin(userpw, 64, shapw, sizeof(shapw)))
+        return (0 == li_hex2bin(shapw, sizeof(shapw), userpw, 64))
          ? ck_memeq_const_time_fixed_len(HA1, shapw, sizeof(shapw)) ? 0 : 1
          : -1;
    }
@ -527,8 +527,7 @@ mod_authn_dbi_query (request_st * const r, void *p_d, http_auth_info_t * const a
            else {     /* used with HTTP Digest auth */
                /*(currently supports only single row, single digest algorithm)*/
                if (len == (ai->dlen << 1)
-                    && 0 == http_auth_digest_hex2bin(rpw, len, ai->digest,
-                                                     sizeof(ai->digest)))
+                    && 0 == li_hex2bin(ai->digest,sizeof(ai->digest),rpw,len))
                    rc = HANDLER_GO_ON;
            }
        }
--- a/src/mod_authn_file.c
+++ b/src/mod_authn_file.c
@ -249,8 +249,7 @@ static int mod_authn_file_htdigest_get_loop(const char *data, const buffer *auth
            if (f_pwd[pwd_len-1] == '\r') --pwd_len;

            if (pwd_len != (ai->dlen << 1)) continue;
-            return http_auth_digest_hex2bin(f_pwd, pwd_len,
-                                            ai->digest, sizeof(ai->digest));
+            return li_hex2bin(ai->digest, sizeof(ai->digest), f_pwd, pwd_len);
        }
    } while (*n && *(f_user = n+1));

--- a/src/mod_authn_mysql.c
+++ b/src/mod_authn_mysql.c
@ -316,7 +316,7 @@ static int mod_authn_mysql_password_cmp(const char *userpw, unsigned long userpw

        /*(compare 16-byte MD5 binary instead of converting to hex strings
         * in order to then have to do case-insensitive hex str comparison)*/
-        return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
+        return (0 == li_hex2bin(md5pw, sizeof(md5pw), userpw, 32))
          ? ck_memeq_const_time_fixed_len(HA1, md5pw, sizeof(md5pw)) ? 0 : 1
          : -1;
    }
@ -352,8 +352,8 @@ static int mod_authn_mysql_result(plugin_data *p, http_auth_info_t *ai, const ch
        else {          /* used with HTTP Digest auth */
            /*(currently supports only single row, single digest algorithm)*/
            if (lengths[0] == (ai->dlen << 1)) {
-                rc = http_auth_digest_hex2bin(row[0], lengths[0],
-                                              ai->digest, sizeof(ai->digest));
+                rc = li_hex2bin(ai->digest, sizeof(ai->digest),
+                                row[0], lengths[0]);
            }
        }
    }
--- a/src/mod_secdownload.c
+++ b/src/mod_secdownload.c
@ -5,7 +5,6 @@
 #include "buffer.h"
 #include "base64.h"
 #include "ck.h"
-#include "http_auth.h"

 #include "plugin.h"

@ -142,7 +141,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
 			unsigned char HA1[16];
 			unsigned char md5bin[16];

-			if (0 != http_auth_digest_hex2bin(mac, maclen, md5bin, sizeof(md5bin))) return 0;
+			if (0 != li_hex2bin(md5bin, sizeof(md5bin), mac, maclen)) return 0;

 			/* legacy message:
 			 *   protected_path := '/' <timestamp-hex> <rel-path>