digestauth: add log warning for empty random data - libmicrohttpd - HTTP/1.x server C library (MHD 1.x, stable)

commit 0d85695349b526afc897f770902e65672f3628e7
parent 067b6234073ee0c08d1b3d3c1022f8b4c8417a0d
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date:   Sun, 14 Aug 2022 14:23:02 +0300

digestauth: add log warning for empty random data

Diffstat:
M src/microhttpd/digestauth.c  | 9 +++++++++

1 file changed, 9 insertions(+), 0 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -1544,6 +1544,15 @@ calculate_add_nonce_with_retry (struct MHD_Connection *const connection,
   const uint64_t timestamp1 = MHD_monotonic_msec_counter ();
   const size_t realm_len = strlen (realm);
 
+#ifdef HAVE_MESSAGES
+  if (0 == MHD_get_master (connection->daemon)->digest_auth_rand_size)
+    MHD_DLOG (connection->daemon,
+              _ ("Random value was not initialised by " \
+                 "MHD_OPTION_DIGEST_AUTH_RANDOM or " \
+                 "MHD_OPTION_DIGEST_AUTH_RANDOM_COPY, generated nonces " \
+                 "are predictable.\n"));
+#endif
+
   if (! calculate_add_nonce (connection, timestamp1, realm, realm_len, da,
                              nonce))
   {

	libmicrohttpd HTTP/1.x server C library (MHD 1.x, stable)
	Log \| Files \| Refs \| Submodules \| README \| LICENSE