[multiple] http_auth_digest_hex2bin -> li_hex2bin

move http_auth.c:http_auth_digest_hex2bin() to buffer.c:li_hex2bin()
for reuse, e.g. for use by mod_secdownload, which is not mod_auth*
This commit is contained in:
Glenn Strauss 2021-05-22 16:19:37 -04:00
parent 08c03cd450
commit e110b062be
9 changed files with 30 additions and 49 deletions

View File

@ -373,6 +373,25 @@ char hex2int(unsigned char hex) {
return li_cton(hex,n) ? (char)n : 0xFF;
}
int li_hex2bin (unsigned char * const bin, const size_t binlen, const char * const hexstr, const size_t len)
{
/* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
* or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
if (len > (binlen << 1)) return -1;
for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
int hi = hexstr[i];
int lo = hexstr[i+1];
if ('0' <= hi && hi <= '9') hi -= '0';
else if ((uint32_t)(hi |= 0x20)-'a' <= 'f'-'a')hi += -'a' + 10;
else return -1;
if ('0' <= lo && lo <= '9') lo -= '0';
else if ((uint32_t)(lo |= 0x20)-'a' <= 'f'-'a')lo += -'a' + 10;
else return -1;
bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
}
return 0;
}
int buffer_eq_icase_ssn(const char * const a, const char * const b, const size_t len) {
for (size_t i = 0; i < len; ++i) {

View File

@ -228,6 +228,8 @@ void buffer_to_upper(buffer *b);
__attribute_const__
char hex2int(unsigned char c);
int li_hex2bin (unsigned char *bin, size_t binlen, const char *hexstr, size_t len);
__attribute_pure__
static inline int light_isdigit(int c);
static inline int light_isdigit(int c) {

View File

@ -132,37 +132,3 @@ unsigned int http_auth_digest_len (int algo)
return 0;
}
int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen)
{
/* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
* or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
if (len > (binlen << 1)) return -1;
for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
int hi = hexstr[i];
int lo = hexstr[i+1];
if ('0' <= hi && hi <= '9') hi -= '0';
else if ((uint32_t)(hi |= 0x20)-'a' <= 'f'-'a')hi += -'a' + 10;
else return -1;
if ('0' <= lo && lo <= '9') lo -= '0';
else if ((uint32_t)(lo |= 0x20)-'a' <= 'f'-'a')lo += -'a' + 10;
else return -1;
bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
}
return 0;
}
#if 0
int http_auth_md5_hex2lc (char *md5hex)
{
/* validate and transform 32-byte MD5 hex string to lowercase */
int i;
for (i = 0; md5hex[i]; ++i) {
int c = md5hex[i];
if ('0' <= c && c <= '9') continue;
else if ((uint32_t)(c |= 0x20)-'a' <= 'f'-'a') md5hex[i] = c;
else return -1;
}
return (32 == i) ? 0 : -1; /*(Note: char *md5hex must be a 32-char string)*/
}
#endif

View File

@ -90,6 +90,4 @@ void http_auth_backend_set (const http_auth_backend_t *backend);
void http_auth_setenv(request_st *r, const char *username, size_t ulen, const char *auth_type, size_t alen);
int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen);
#endif

View File

@ -1324,8 +1324,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st
{
size_t resplen = strlen(respons);
if (0 != http_auth_digest_hex2bin(respons, resplen,
rdigest, sizeof(rdigest))
if (0 != li_hex2bin(rdigest, sizeof(rdigest), respons, resplen)
|| resplen != (ai.dlen << 1)) {
log_error(r->conf.errh, __FILE__, __LINE__,
"digest: (%s): invalid format", respons);

View File

@ -402,7 +402,7 @@ mod_authn_dbi_password_cmp (const char *userpw, unsigned long userpwlen, http_au
/*(compare 16-byte MD5 binary instead of converting to hex strings
* in order to then have to do case-insensitive hex str comparison)*/
return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
return (0 == li_hex2bin(md5pw, sizeof(md5pw), userpw, 32))
? ck_memeq_const_time_fixed_len(HA1, md5pw, sizeof(md5pw)) ? 0 : 1
: -1;
}
@ -422,7 +422,7 @@ mod_authn_dbi_password_cmp (const char *userpw, unsigned long userpwlen, http_au
/*(compare 32-byte binary digest instead of converting to hex strings
* in order to then have to do case-insensitive hex str comparison)*/
return (0 == http_auth_digest_hex2bin(userpw, 64, shapw, sizeof(shapw)))
return (0 == li_hex2bin(shapw, sizeof(shapw), userpw, 64))
? ck_memeq_const_time_fixed_len(HA1, shapw, sizeof(shapw)) ? 0 : 1
: -1;
}
@ -527,8 +527,7 @@ mod_authn_dbi_query (request_st * const r, void *p_d, http_auth_info_t * const a
else { /* used with HTTP Digest auth */
/*(currently supports only single row, single digest algorithm)*/
if (len == (ai->dlen << 1)
&& 0 == http_auth_digest_hex2bin(rpw, len, ai->digest,
sizeof(ai->digest)))
&& 0 == li_hex2bin(ai->digest,sizeof(ai->digest),rpw,len))
rc = HANDLER_GO_ON;
}
}

View File

@ -249,8 +249,7 @@ static int mod_authn_file_htdigest_get_loop(const char *data, const buffer *auth
if (f_pwd[pwd_len-1] == '\r') --pwd_len;
if (pwd_len != (ai->dlen << 1)) continue;
return http_auth_digest_hex2bin(f_pwd, pwd_len,
ai->digest, sizeof(ai->digest));
return li_hex2bin(ai->digest, sizeof(ai->digest), f_pwd, pwd_len);
}
} while (*n && *(f_user = n+1));

View File

@ -316,7 +316,7 @@ static int mod_authn_mysql_password_cmp(const char *userpw, unsigned long userpw
/*(compare 16-byte MD5 binary instead of converting to hex strings
* in order to then have to do case-insensitive hex str comparison)*/
return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
return (0 == li_hex2bin(md5pw, sizeof(md5pw), userpw, 32))
? ck_memeq_const_time_fixed_len(HA1, md5pw, sizeof(md5pw)) ? 0 : 1
: -1;
}
@ -352,8 +352,8 @@ static int mod_authn_mysql_result(plugin_data *p, http_auth_info_t *ai, const ch
else { /* used with HTTP Digest auth */
/*(currently supports only single row, single digest algorithm)*/
if (lengths[0] == (ai->dlen << 1)) {
rc = http_auth_digest_hex2bin(row[0], lengths[0],
ai->digest, sizeof(ai->digest));
rc = li_hex2bin(ai->digest, sizeof(ai->digest),
row[0], lengths[0]);
}
}
}

View File

@ -5,7 +5,6 @@
#include "buffer.h"
#include "base64.h"
#include "ck.h"
#include "http_auth.h"
#include "plugin.h"
@ -142,7 +141,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
unsigned char HA1[16];
unsigned char md5bin[16];
if (0 != http_auth_digest_hex2bin(mac, maclen, md5bin, sizeof(md5bin))) return 0;
if (0 != li_hex2bin(md5bin, sizeof(md5bin), mac, maclen)) return 0;
/* legacy message:
* protected_path := '/' <timestamp-hex> <rel-path>