diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-09-16 10:42:23 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-09-25 18:39:44 +0300 |
commit | ebe7f8d26c67d218dbb08788b0d07b01d824c12a (patch) | |
tree | 99106307030b1faee6284162e226e5f95d2d5082 /src/microhttpd | |
parent | f26b806199a9ec0eb72fa217f855c9a4cff78983 (diff) | |
download | libmicrohttpd-ebe7f8d26c67d218dbb08788b0d07b01d824c12a.tar.gz libmicrohttpd-ebe7f8d26c67d218dbb08788b0d07b01d824c12a.zip |
digestauth: used weak pseudo-random generators to avoid nonces clashes
Added salt to produce more complicated numbers
Diffstat (limited to 'src/microhttpd')
-rw-r--r-- | src/microhttpd/digestauth.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index eb9f34d7..bc466d87 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1619,16 +1619,29 @@ calculate_add_nonce_with_retry (struct MHD_Connection *const connection, | |||
1619 | { | 1619 | { |
1620 | /* The timestamps are equal, need to generate some arbitrary | 1620 | /* The timestamps are equal, need to generate some arbitrary |
1621 | * difference for nonce. */ | 1621 | * difference for nonce. */ |
1622 | /* As the number is needed only to differentiate clients, weak | ||
1623 | * pseudo-random generators could be used. Seeding is not needed. */ | ||
1622 | uint64_t base1; | 1624 | uint64_t base1; |
1623 | uint32_t base2; | 1625 | uint32_t base2; |
1624 | uint16_t base3; | 1626 | uint16_t base3; |
1625 | uint8_t base4; | 1627 | uint8_t base4; |
1626 | base1 = (uint64_t) (uintptr_t) nonce2; | 1628 | #ifdef HAVE_RANDOM |
1629 | base1 = ((uint64_t) random ()) ^ UINT64_C (0x54a5acff5be47e63); | ||
1630 | base4 = 0xb8; | ||
1631 | #elif defined(HAVE_RAND) | ||
1632 | base1 = ((uint64_t) rand ()) ^ UINT64_C (0xc4bcf553b12f3965); | ||
1633 | base4 = 0x92; | ||
1634 | #else | ||
1635 | /* Monotonic msec counter alone does not really help here as it is already | ||
1636 | known that this value is not unique. */ | ||
1637 | base1 = ((uint64_t) (uintptr_t) nonce2) ^ UINT64_C (0xf2e1b21bc6c92655); | ||
1627 | base2 = ((uint32_t) (base1 >> 32)) ^ ((uint32_t) base1); | 1638 | base2 = ((uint32_t) (base1 >> 32)) ^ ((uint32_t) base1); |
1628 | base2 = _MHD_ROTL32 (base2, 4); | 1639 | base2 = _MHD_ROTR32 (base2, 4); |
1629 | base3 = ((uint16_t) (base2 >> 16)) ^ ((uint16_t) base2); | 1640 | base3 = ((uint16_t) (base2 >> 16)) ^ ((uint16_t) base2); |
1630 | base4 = ((uint8_t) (base3 >> 8)) ^ ((uint8_t) base3); | 1641 | base4 = ((uint8_t) (base3 >> 8)) ^ ((uint8_t) base3); |
1631 | base1 = (uint64_t) (uintptr_t) connection; | 1642 | base1 = ((uint64_t) MHD_monotonic_msec_counter ()) |
1643 | ^ UINT64_C (0xccab93f72cf5b15); | ||
1644 | #endif | ||
1632 | base2 = ((uint32_t) (base1 >> 32)) ^ ((uint32_t) base1); | 1645 | base2 = ((uint32_t) (base1 >> 32)) ^ ((uint32_t) base1); |
1633 | base2 = _MHD_ROTL32 (base2, (((base4 >> 4) ^ base4) % 32)); | 1646 | base2 = _MHD_ROTL32 (base2, (((base4 >> 4) ^ base4) % 32)); |
1634 | base3 = ((uint16_t) (base2 >> 16)) ^ ((uint16_t) base2); | 1647 | base3 = ((uint16_t) (base2 >> 16)) ^ ((uint16_t) base2); |