Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | digestauth: avoid malloc() repeat by using the new function | Evgeny Grin (Karlson2k) | 2022-12-19 |
| | |||
* | Implemented support for hash calculation by GnuTLS lib functions | Evgeny Grin (Karlson2k) | 2022-09-25 |
| | |||
* | digestauth: refactored hashing asserts | Evgeny Grin (Karlson2k) | 2022-09-25 |
| | |||
* | digestauth: used weak pseudo-random generators to avoid nonces clashes | Evgeny Grin (Karlson2k) | 2022-09-25 |
| | | | | Added salt to produce more complicated numbers | ||
* | digestauth: changed "slot used" detection logic | Evgeny Grin (Karlson2k) | 2022-09-25 |
| | |||
* | digestauth: removed redundant check and report | Evgeny Grin (Karlson2k) | 2022-09-25 |
| | |||
* | md5: replaced public domain MD5 implementation with our own implementation | Evgeny Grin (Karlson2k) | 2022-09-25 |
| | |||
* | Fixed regression introduced by c3680cb737bcac2a4dc14cca5a80af6ca0de21e7 | Evgeny Grin (Karlson2k) | 2022-09-25 |
| | |||
* | digestauth: added support for SHA-512/256, made MD5 and SHA-256 optional | Evgeny Grin (Karlson2k) | 2022-09-11 |
| | | | | | Give more flexibility for custom builds: MD5, SHA-256 and SHA-512/256 may be disabled individually. | ||
* | Editorial doxy improvements | Evgeny Grin (Karlson2k) | 2022-09-05 |
| | |||
* | Digest Auth API: do not store 'userhash' in 'username' members | Evgeny Grin (Karlson2k) | 2022-09-05 |
| | | | | | | | While the 'username' is used to carry 'userhash' in headers, it is confusing as 'userhash' type of the data is different from type of the 'username'. To make a clear distinction, use dedicated members to store 'userhash'. | ||
* | Added new public functions for userhash and userdigest calculations | Evgeny Grin (Karlson2k) | 2022-09-04 |
| | | | | | These functions can be used when the new user is added to the users database. | ||
* | Modified public Digest Username struct to include the algorithm | Evgeny Grin (Karlson2k) | 2022-08-26 |
| | |||
* | digestauth: keep results of algo and QOP parsing, renamed public struct member | Evgeny Grin (Karlson2k) | 2022-08-25 |
| | |||
* | digestauth: removed unused static function | Evgeny Grin (Karlson2k) | 2022-08-16 |
| | |||
* | digestauth: fixed panic log message | Evgeny Grin (Karlson2k) | 2022-08-16 |
| | |||
* | digestauth: minor doxy correction for public API | Evgeny Grin (Karlson2k) | 2022-08-16 |
| | |||
* | calculate_nonce(): added comments, minor code corrections | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: updated the method of nonce generation in default mode | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: minor comment correction | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | Added MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE to control how to generate and | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | | | | check nonces for Digest Auth | ||
* | mhd_str: added function for bin to hex without zero-termination | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: added log messages if realm is rejected due to its size | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: do not use "algorithm" in response header in RFC2069 mode | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: warn about RFC2069 used with SHA-256 | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: corrected log message for RFC2069 mode | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: add log warning for empty random data | Evgeny Grin (Karlson2k) | 2022-08-15 |
| | |||
* | digestauth: use internal header for mutex instead of system header | Evgeny Grin (Karlson2k) | 2022-08-11 |
| | |||
* | digestauth: limit nonce-count to uint32_t | Evgeny Grin (Karlson2k) | 2022-08-09 |
| | |||
* | gen_auth: added support for two authorization headers in request | Evgeny Grin (Karlson2k) | 2022-08-09 |
| | |||
* | Internal refactoring: moved all request-related members to separate structure | Evgeny Grin (Karlson2k) | 2022-08-06 |
| | | | | This should improve readability of the code and simplify reset. | ||
* | -typo | Christian Grothoff | 2022-07-31 |
| | |||
* | -fix typos | Christian Grothoff | 2022-07-30 |
| | |||
* | MHD_digest_auth_check3(): return failed parameter if it is known | Evgeny Grin (Karlson2k) | 2022-07-30 |
| | |||
* | digestauth: implemented support for RFC 2069 | Evgeny Grin (Karlson2k) | 2022-07-30 |
| | | | | The old Digest Auth specification, but still supported by many clients. | ||
* | digestauth: added dynamic detection and use of the algo specified by client | Evgeny Grin (Karlson2k) | 2022-07-30 |
| | |||
* | Added MHD_queue_auth_required_response3(); Refactored public Digest Auth API v3 | Evgeny Grin (Karlson2k) | 2022-07-28 |
| | | | | | | | | | | | | | | | | | | Added brand new function with more complete support for RFC 7616 features. New function implemented from scratch. Old functions became wrappers for the new function, so fixes are inherited. Fixes: * All user values are properly quoted Features: * Added support for optional 'domain' Digest auth parameter * Realm now optional * Added userhash support * Added charset support For other Digest Auth v3 functions: * Added more parameters for complete control of Auth process from application side. | ||
* | Digest Auth public structs: removed redundant member | Evgeny Grin (Karlson2k) | 2022-07-28 |
| | | | | Added one more check for data validity. | ||
* | digestauth: term correction in comment | Evgeny Grin (Karlson2k) | 2022-07-25 |
| | |||
* | Updated doxy for old Digest Auth API function | Evgeny Grin (Karlson2k) | 2022-07-25 |
| | | | | | | This function supports new functionality now (extended notation) and this functionality is automatically available without rebuilding application. | ||
* | digest_auth_check(): added check for too large realm value | Evgeny Grin (Karlson2k) | 2022-07-25 |
| | |||
* | digest_auth_check(): added support for userhash | Evgeny Grin (Karlson2k) | 2022-07-25 |
| | |||
* | digest_auth_check(): reduced scope of one-time variable | Evgeny Grin (Karlson2k) | 2022-07-25 |
| | |||
* | digestauth: fixed copy-paste error in request algo parsing | Evgeny Grin (Karlson2k) | 2022-07-25 |
| | |||
* | digestauth: added support for extended notation for old API | Evgeny Grin (Karlson2k) | 2022-07-21 |
| | |||
* | digestauth: do not allocate extra space for extended notation | Evgeny Grin (Karlson2k) | 2022-07-21 |
| | |||
* | digestauth: fixed username extraction with the new API | Evgeny Grin (Karlson2k) | 2022-07-21 |
| | |||
* | digest_auth_check(): updated the order of parameters check | Evgeny Grin (Karlson2k) | 2022-07-21 |
| | | | | | | If more than one parameter is wrong, then the first checked wrong parameter will be reported, so check the most important parameters first. | ||
* | digest_auth_check(): added support for username in extended notation | Evgeny Grin (Karlson2k) | 2022-07-21 |
| | |||
* | digestauth: removed usage of variable-length arrays | Evgeny Grin (Karlson2k) | 2022-07-21 |
| | | | | | | | | This should improve efficiency, size and security: * Code works just fine with fixed size arrays. * The resulting binary size is smaller when fixed size arrays are used. * GCC stack protector cannot be used with functions with variable-length arrays. |