diff options
-rw-r--r-- | src/microhttpd/digestauth.c | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 5fc9c588..3b6d94f7 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -216,14 +216,15 @@ digest_calc_ha1_from_digest (const char *alg, | |||
216 | const char *nonce, | 216 | const char *nonce, |
217 | const char *cnonce) | 217 | const char *cnonce) |
218 | { | 218 | { |
219 | const unsigned int digest_size = da->digest_size; | ||
219 | if ( (MHD_str_equal_caseless_ (alg, | 220 | if ( (MHD_str_equal_caseless_ (alg, |
220 | "md5-sess")) || | 221 | "md5-sess")) || |
221 | (MHD_str_equal_caseless_ (alg, | 222 | (MHD_str_equal_caseless_ (alg, |
222 | "sha-256-sess")) ) | 223 | "sha-256-sess")) ) |
223 | { | 224 | { |
224 | uint8_t dig[VLA_ARRAY_LEN_DIGEST (da->digest_size)]; | 225 | uint8_t dig[VLA_ARRAY_LEN_DIGEST (digest_size)]; |
225 | 226 | ||
226 | VLA_CHECK_LEN_DIGEST (da->digest_size); | 227 | VLA_CHECK_LEN_DIGEST (digest_size); |
227 | da->init (da->ctx); | 228 | da->init (da->ctx); |
228 | da->update (da->ctx, | 229 | da->update (da->ctx, |
229 | digest, | 230 | digest, |
@@ -243,13 +244,13 @@ digest_calc_ha1_from_digest (const char *alg, | |||
243 | da->digest (da->ctx, | 244 | da->digest (da->ctx, |
244 | dig); | 245 | dig); |
245 | cvthex (dig, | 246 | cvthex (dig, |
246 | sizeof (dig), | 247 | digest_size, |
247 | da->sessionkey); | 248 | da->sessionkey); |
248 | } | 249 | } |
249 | else | 250 | else |
250 | { | 251 | { |
251 | cvthex (digest, | 252 | cvthex (digest, |
252 | da->digest_size, | 253 | digest_size, |
253 | da->sessionkey); | 254 | da->sessionkey); |
254 | } | 255 | } |
255 | } | 256 | } |
@@ -334,11 +335,12 @@ digest_calc_response (const char *ha1, | |||
334 | const char *hentity, | 335 | const char *hentity, |
335 | struct DigestAlgorithm *da) | 336 | struct DigestAlgorithm *da) |
336 | { | 337 | { |
337 | unsigned char ha2[VLA_ARRAY_LEN_DIGEST (da->digest_size)]; | 338 | const unsigned int digest_size = da->digest_size; |
338 | unsigned char resphash[VLA_ARRAY_LEN_DIGEST (da->digest_size)]; | 339 | unsigned char ha2[VLA_ARRAY_LEN_DIGEST (digest_size)]; |
340 | unsigned char resphash[VLA_ARRAY_LEN_DIGEST (digest_size)]; | ||
339 | (void) hentity; /* Unused. Silence compiler warning. */ | 341 | (void) hentity; /* Unused. Silence compiler warning. */ |
340 | 342 | ||
341 | VLA_CHECK_LEN_DIGEST (da->digest_size); | 343 | VLA_CHECK_LEN_DIGEST (digest_size); |
342 | da->init (da->ctx); | 344 | da->init (da->ctx); |
343 | da->update (da->ctx, | 345 | da->update (da->ctx, |
344 | (const unsigned char *) method, | 346 | (const unsigned char *) method, |
@@ -367,13 +369,13 @@ digest_calc_response (const char *ha1, | |||
367 | da->digest (da->ctx, | 369 | da->digest (da->ctx, |
368 | ha2); | 370 | ha2); |
369 | cvthex (ha2, | 371 | cvthex (ha2, |
370 | da->digest_size, | 372 | digest_size, |
371 | da->sessionkey); | 373 | da->sessionkey); |
372 | da->init (da->ctx); | 374 | da->init (da->ctx); |
373 | /* calculate response */ | 375 | /* calculate response */ |
374 | da->update (da->ctx, | 376 | da->update (da->ctx, |
375 | (const unsigned char *) ha1, | 377 | (const unsigned char *) ha1, |
376 | da->digest_size * 2); | 378 | digest_size * 2); |
377 | da->update (da->ctx, | 379 | da->update (da->ctx, |
378 | (const unsigned char *) ":", | 380 | (const unsigned char *) ":", |
379 | 1); | 381 | 1); |
@@ -406,11 +408,11 @@ digest_calc_response (const char *ha1, | |||
406 | } | 408 | } |
407 | da->update (da->ctx, | 409 | da->update (da->ctx, |
408 | (const unsigned char *) da->sessionkey, | 410 | (const unsigned char *) da->sessionkey, |
409 | da->digest_size * 2); | 411 | digest_size * 2); |
410 | da->digest (da->ctx, | 412 | da->digest (da->ctx, |
411 | resphash); | 413 | resphash); |
412 | cvthex (resphash, | 414 | cvthex (resphash, |
413 | sizeof(resphash), | 415 | digest_size, |
414 | da->sessionkey); | 416 | da->sessionkey); |
415 | } | 417 | } |
416 | 418 | ||
@@ -680,10 +682,11 @@ calculate_nonce (uint32_t nonce_time, | |||
680 | char *nonce) | 682 | char *nonce) |
681 | { | 683 | { |
682 | unsigned char timestamp[TIMESTAMP_BIN_SIZE]; | 684 | unsigned char timestamp[TIMESTAMP_BIN_SIZE]; |
683 | unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST (da->digest_size)]; | 685 | const unsigned int digest_size = da->digest_size; |
686 | unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST (digest_size)]; | ||
684 | char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1]; | 687 | char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1]; |
685 | 688 | ||
686 | VLA_CHECK_LEN_DIGEST (da->digest_size); | 689 | VLA_CHECK_LEN_DIGEST (digest_size); |
687 | da->init (da->ctx); | 690 | da->init (da->ctx); |
688 | timestamp[0] = (unsigned char) ((nonce_time & 0xff000000) >> 0x18); | 691 | timestamp[0] = (unsigned char) ((nonce_time & 0xff000000) >> 0x18); |
689 | timestamp[1] = (unsigned char) ((nonce_time & 0x00ff0000) >> 0x10); | 692 | timestamp[1] = (unsigned char) ((nonce_time & 0x00ff0000) >> 0x10); |
@@ -720,7 +723,7 @@ calculate_nonce (uint32_t nonce_time, | |||
720 | da->digest (da->ctx, | 723 | da->digest (da->ctx, |
721 | tmpnonce); | 724 | tmpnonce); |
722 | cvthex (tmpnonce, | 725 | cvthex (tmpnonce, |
723 | sizeof (tmpnonce), | 726 | digest_size, |
724 | nonce); | 727 | nonce); |
725 | cvthex (timestamp, | 728 | cvthex (timestamp, |
726 | sizeof (timestamp), | 729 | sizeof (timestamp), |
@@ -868,19 +871,20 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
868 | const char *header; | 871 | const char *header; |
869 | char nonce[MAX_NONCE_LENGTH]; | 872 | char nonce[MAX_NONCE_LENGTH]; |
870 | char cnonce[MAX_NONCE_LENGTH]; | 873 | char cnonce[MAX_NONCE_LENGTH]; |
871 | char ha1[VLA_ARRAY_LEN_DIGEST (da->digest_size) * 2 + 1]; | 874 | const unsigned int digest_size = da->digest_size; |
875 | char ha1[VLA_ARRAY_LEN_DIGEST (digest_size) * 2 + 1]; | ||
872 | char qop[15]; /* auth,auth-int */ | 876 | char qop[15]; /* auth,auth-int */ |
873 | char nc[20]; | 877 | char nc[20]; |
874 | char response[MAX_AUTH_RESPONSE_LENGTH]; | 878 | char response[MAX_AUTH_RESPONSE_LENGTH]; |
875 | const char *hentity = NULL; /* "auth-int" is not supported */ | 879 | const char *hentity = NULL; /* "auth-int" is not supported */ |
876 | char noncehashexp[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (da->digest_size)) + 1]; | 880 | char noncehashexp[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (digest_size)) + 1]; |
877 | uint32_t nonce_time; | 881 | uint32_t nonce_time; |
878 | uint32_t t; | 882 | uint32_t t; |
879 | size_t left; /* number of characters left in 'header' for 'uri' */ | 883 | size_t left; /* number of characters left in 'header' for 'uri' */ |
880 | uint64_t nci; | 884 | uint64_t nci; |
881 | char *qmark; | 885 | char *qmark; |
882 | 886 | ||
883 | VLA_CHECK_LEN_DIGEST (da->digest_size); | 887 | VLA_CHECK_LEN_DIGEST (digest_size); |
884 | if (MHD_NO == MHD_lookup_connection_value_n (connection, | 888 | if (MHD_NO == MHD_lookup_connection_value_n (connection, |
885 | MHD_HEADER_KIND, | 889 | MHD_HEADER_KIND, |
886 | MHD_HTTP_HEADER_AUTHORIZATION, | 890 | MHD_HTTP_HEADER_AUTHORIZATION, |
@@ -1081,7 +1085,7 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1081 | } | 1085 | } |
1082 | memcpy (ha1, | 1086 | memcpy (ha1, |
1083 | da->sessionkey, | 1087 | da->sessionkey, |
1084 | sizeof (ha1)); | 1088 | digest_size * 2 + 1); |
1085 | /* This will initialize da->sessionkey (respexp) */ | 1089 | /* This will initialize da->sessionkey (respexp) */ |
1086 | digest_calc_response (ha1, | 1090 | digest_calc_response (ha1, |
1087 | nonce, | 1091 | nonce, |