[multiple] http_auth_digest_hex2bin -> li_hex2bin
move http_auth.c:http_auth_digest_hex2bin() to buffer.c:li_hex2bin() for reuse, e.g. for use by mod_secdownload, which is not mod_auth*
This commit is contained in:
parent
08c03cd450
commit
e110b062be
19
src/buffer.c
19
src/buffer.c
|
@ -373,6 +373,25 @@ char hex2int(unsigned char hex) {
|
|||
return li_cton(hex,n) ? (char)n : 0xFF;
|
||||
}
|
||||
|
||||
int li_hex2bin (unsigned char * const bin, const size_t binlen, const char * const hexstr, const size_t len)
|
||||
{
|
||||
/* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
|
||||
* or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
|
||||
if (len > (binlen << 1)) return -1;
|
||||
for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
|
||||
int hi = hexstr[i];
|
||||
int lo = hexstr[i+1];
|
||||
if ('0' <= hi && hi <= '9') hi -= '0';
|
||||
else if ((uint32_t)(hi |= 0x20)-'a' <= 'f'-'a')hi += -'a' + 10;
|
||||
else return -1;
|
||||
if ('0' <= lo && lo <= '9') lo -= '0';
|
||||
else if ((uint32_t)(lo |= 0x20)-'a' <= 'f'-'a')lo += -'a' + 10;
|
||||
else return -1;
|
||||
bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int buffer_eq_icase_ssn(const char * const a, const char * const b, const size_t len) {
|
||||
for (size_t i = 0; i < len; ++i) {
|
||||
|
|
|
@ -228,6 +228,8 @@ void buffer_to_upper(buffer *b);
|
|||
__attribute_const__
|
||||
char hex2int(unsigned char c);
|
||||
|
||||
int li_hex2bin (unsigned char *bin, size_t binlen, const char *hexstr, size_t len);
|
||||
|
||||
__attribute_pure__
|
||||
static inline int light_isdigit(int c);
|
||||
static inline int light_isdigit(int c) {
|
||||
|
|
|
@ -132,37 +132,3 @@ unsigned int http_auth_digest_len (int algo)
|
|||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen)
|
||||
{
|
||||
/* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
|
||||
* or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
|
||||
if (len > (binlen << 1)) return -1;
|
||||
for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
|
||||
int hi = hexstr[i];
|
||||
int lo = hexstr[i+1];
|
||||
if ('0' <= hi && hi <= '9') hi -= '0';
|
||||
else if ((uint32_t)(hi |= 0x20)-'a' <= 'f'-'a')hi += -'a' + 10;
|
||||
else return -1;
|
||||
if ('0' <= lo && lo <= '9') lo -= '0';
|
||||
else if ((uint32_t)(lo |= 0x20)-'a' <= 'f'-'a')lo += -'a' + 10;
|
||||
else return -1;
|
||||
bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if 0
|
||||
int http_auth_md5_hex2lc (char *md5hex)
|
||||
{
|
||||
/* validate and transform 32-byte MD5 hex string to lowercase */
|
||||
int i;
|
||||
for (i = 0; md5hex[i]; ++i) {
|
||||
int c = md5hex[i];
|
||||
if ('0' <= c && c <= '9') continue;
|
||||
else if ((uint32_t)(c |= 0x20)-'a' <= 'f'-'a') md5hex[i] = c;
|
||||
else return -1;
|
||||
}
|
||||
return (32 == i) ? 0 : -1; /*(Note: char *md5hex must be a 32-char string)*/
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -90,6 +90,4 @@ void http_auth_backend_set (const http_auth_backend_t *backend);
|
|||
|
||||
void http_auth_setenv(request_st *r, const char *username, size_t ulen, const char *auth_type, size_t alen);
|
||||
|
||||
int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1324,8 +1324,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st
|
|||
|
||||
{
|
||||
size_t resplen = strlen(respons);
|
||||
if (0 != http_auth_digest_hex2bin(respons, resplen,
|
||||
rdigest, sizeof(rdigest))
|
||||
if (0 != li_hex2bin(rdigest, sizeof(rdigest), respons, resplen)
|
||||
|| resplen != (ai.dlen << 1)) {
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
"digest: (%s): invalid format", respons);
|
||||
|
|
|
@ -402,7 +402,7 @@ mod_authn_dbi_password_cmp (const char *userpw, unsigned long userpwlen, http_au
|
|||
|
||||
/*(compare 16-byte MD5 binary instead of converting to hex strings
|
||||
* in order to then have to do case-insensitive hex str comparison)*/
|
||||
return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
|
||||
return (0 == li_hex2bin(md5pw, sizeof(md5pw), userpw, 32))
|
||||
? ck_memeq_const_time_fixed_len(HA1, md5pw, sizeof(md5pw)) ? 0 : 1
|
||||
: -1;
|
||||
}
|
||||
|
@ -422,7 +422,7 @@ mod_authn_dbi_password_cmp (const char *userpw, unsigned long userpwlen, http_au
|
|||
|
||||
/*(compare 32-byte binary digest instead of converting to hex strings
|
||||
* in order to then have to do case-insensitive hex str comparison)*/
|
||||
return (0 == http_auth_digest_hex2bin(userpw, 64, shapw, sizeof(shapw)))
|
||||
return (0 == li_hex2bin(shapw, sizeof(shapw), userpw, 64))
|
||||
? ck_memeq_const_time_fixed_len(HA1, shapw, sizeof(shapw)) ? 0 : 1
|
||||
: -1;
|
||||
}
|
||||
|
@ -527,8 +527,7 @@ mod_authn_dbi_query (request_st * const r, void *p_d, http_auth_info_t * const a
|
|||
else { /* used with HTTP Digest auth */
|
||||
/*(currently supports only single row, single digest algorithm)*/
|
||||
if (len == (ai->dlen << 1)
|
||||
&& 0 == http_auth_digest_hex2bin(rpw, len, ai->digest,
|
||||
sizeof(ai->digest)))
|
||||
&& 0 == li_hex2bin(ai->digest,sizeof(ai->digest),rpw,len))
|
||||
rc = HANDLER_GO_ON;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -249,8 +249,7 @@ static int mod_authn_file_htdigest_get_loop(const char *data, const buffer *auth
|
|||
if (f_pwd[pwd_len-1] == '\r') --pwd_len;
|
||||
|
||||
if (pwd_len != (ai->dlen << 1)) continue;
|
||||
return http_auth_digest_hex2bin(f_pwd, pwd_len,
|
||||
ai->digest, sizeof(ai->digest));
|
||||
return li_hex2bin(ai->digest, sizeof(ai->digest), f_pwd, pwd_len);
|
||||
}
|
||||
} while (*n && *(f_user = n+1));
|
||||
|
||||
|
|
|
@ -316,7 +316,7 @@ static int mod_authn_mysql_password_cmp(const char *userpw, unsigned long userpw
|
|||
|
||||
/*(compare 16-byte MD5 binary instead of converting to hex strings
|
||||
* in order to then have to do case-insensitive hex str comparison)*/
|
||||
return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
|
||||
return (0 == li_hex2bin(md5pw, sizeof(md5pw), userpw, 32))
|
||||
? ck_memeq_const_time_fixed_len(HA1, md5pw, sizeof(md5pw)) ? 0 : 1
|
||||
: -1;
|
||||
}
|
||||
|
@ -352,8 +352,8 @@ static int mod_authn_mysql_result(plugin_data *p, http_auth_info_t *ai, const ch
|
|||
else { /* used with HTTP Digest auth */
|
||||
/*(currently supports only single row, single digest algorithm)*/
|
||||
if (lengths[0] == (ai->dlen << 1)) {
|
||||
rc = http_auth_digest_hex2bin(row[0], lengths[0],
|
||||
ai->digest, sizeof(ai->digest));
|
||||
rc = li_hex2bin(ai->digest, sizeof(ai->digest),
|
||||
row[0], lengths[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
#include "buffer.h"
|
||||
#include "base64.h"
|
||||
#include "ck.h"
|
||||
#include "http_auth.h"
|
||||
|
||||
#include "plugin.h"
|
||||
|
||||
|
@ -142,7 +141,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
|
|||
unsigned char HA1[16];
|
||||
unsigned char md5bin[16];
|
||||
|
||||
if (0 != http_auth_digest_hex2bin(mac, maclen, md5bin, sizeof(md5bin))) return 0;
|
||||
if (0 != li_hex2bin(md5bin, sizeof(md5bin), mac, maclen)) return 0;
|
||||
|
||||
/* legacy message:
|
||||
* protected_path := '/' <timestamp-hex> <rel-path>
|
||||
|
|
Loading…
Reference in New Issue