[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 07/15: Added new MHD_OPTION_DIGEST_AUTH_RANDOM_COPY opti
From: |
gnunet |
Subject: |
[libmicrohttpd] 07/15: Added new MHD_OPTION_DIGEST_AUTH_RANDOM_COPY option |
Date: |
Sat, 30 Jul 2022 21:29:29 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 0ecad853eda97d3512b78e3c65dc501544761118
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Jul 26 20:54:21 2022 +0300
Added new MHD_OPTION_DIGEST_AUTH_RANDOM_COPY option
---
src/include/microhttpd.h | 20 ++++++++++++++++++--
src/microhttpd/daemon.c | 31 +++++++++++++++++++++++++++++++
src/microhttpd/internal.h | 5 +++++
3 files changed, 54 insertions(+), 2 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index d469b64d..44b5fe3e 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
* they are parsed as decimal numbers.
* Example: 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00097528
+#define MHD_VERSION 0x00097529
/* If generic headers don't work on your platform, include headers
which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -1760,6 +1760,7 @@ enum MHD_OPTION
* Note that the application must ensure that the buffer of the
* second argument remains allocated and unmodified while the
* daemon is running.
+ * @sa #MHD_OPTION_DIGEST_AUTH_RANDOM_COPY
*/
MHD_OPTION_DIGEST_AUTH_RANDOM = 17,
@@ -1927,7 +1928,22 @@ enum MHD_OPTION
* This option should be followed by an `int` argument.
* @note Available since #MHD_VERSION 0x00097207
*/
- MHD_OPTION_TLS_NO_ALPN = 34
+ MHD_OPTION_TLS_NO_ALPN = 34,
+
+ /**
+ * Memory pointer for the random values to be used by the Digest
+ * Auth module. This option should be followed by two arguments.
+ * First an integer of type `size_t` which specifies the size
+ * of the buffer pointed to by the second argument in bytes.
+ * The recommended size is between 8 and 32. If size is four or less
+ * then security could be lowered. Sizes more then 32 (or, probably
+ * more than 16 - debatable) will not increase security.
+ * An internal copy of the buffer will be made, the data do not
+ * need to be static.
+ * @sa #MHD_OPTION_DIGEST_AUTH_RANDOM
+ * @note Available since #MHD_VERSION 0x00097529
+ */
+ MHD_OPTION_DIGEST_AUTH_RANDOM_COPY = 35
} _MHD_FIXED_ENUM;
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 2f868bfb..cd89fa94 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -6236,10 +6236,16 @@ parse_options_va (struct MHD_Daemon *daemon,
#endif /* HTTPS_SUPPORT */
#ifdef DAUTH_SUPPORT
case MHD_OPTION_DIGEST_AUTH_RANDOM:
+ case MHD_OPTION_DIGEST_AUTH_RANDOM_COPY:
daemon->digest_auth_rand_size = va_arg (ap,
size_t);
daemon->digest_auth_random = va_arg (ap,
const char *);
+ if (MHD_OPTION_DIGEST_AUTH_RANDOM_COPY == opt)
+ /* Set to some non-NULL value just to indicate that copy is required.
*/
+ daemon->digest_auth_random_copy = daemon;
+ else
+ daemon->digest_auth_random_copy = NULL;
break;
case MHD_OPTION_NONCE_NC_SIZE:
daemon->nonce_nc_size = va_arg (ap,
@@ -6440,6 +6446,7 @@ parse_options_va (struct MHD_Daemon *daemon,
break;
/* options taking size_t-number followed by pointer */
case MHD_OPTION_DIGEST_AUTH_RANDOM:
+ case MHD_OPTION_DIGEST_AUTH_RANDOM_COPY:
if (MHD_NO == parse_options (daemon,
servaddr,
opt,
@@ -6913,6 +6920,24 @@ MHD_start_daemon_va (unsigned int flags,
}
#ifdef DAUTH_SUPPORT
+ if (NULL != daemon->digest_auth_random_copy)
+ {
+ mhd_assert (daemon == daemon->digest_auth_random_copy);
+ daemon->digest_auth_random_copy = malloc (daemon->digest_auth_rand_size);
+ if (NULL == daemon->digest_auth_random_copy)
+ {
+#ifdef HTTPS_SUPPORT
+ if (0 != (*pflags & MHD_USE_TLS))
+ gnutls_priority_deinit (daemon->priority_cache);
+#endif /* HTTPS_SUPPORT */
+ free (daemon);
+ return NULL;
+ }
+ memcpy (daemon->digest_auth_random_copy,
+ daemon->digest_auth_random,
+ daemon->digest_auth_rand_size);
+ daemon->digest_auth_random = daemon->digest_auth_random_copy;
+ }
if (daemon->nonce_nc_size > 0)
{
if ( ( (size_t) (daemon->nonce_nc_size * sizeof (struct MHD_NonceNc)))
@@ -6926,6 +6951,7 @@ MHD_start_daemon_va (unsigned int flags,
if (0 != (*pflags & MHD_USE_TLS))
gnutls_priority_deinit (daemon->priority_cache);
#endif /* HTTPS_SUPPORT */
+ free (daemon->digest_auth_random_copy);
free (daemon);
return NULL;
}
@@ -6942,6 +6968,7 @@ MHD_start_daemon_va (unsigned int flags,
if (0 != (*pflags & MHD_USE_TLS))
gnutls_priority_deinit (daemon->priority_cache);
#endif /* HTTPS_SUPPORT */
+ free (daemon->digest_auth_random_copy);
free (daemon);
return NULL;
}
@@ -6958,6 +6985,7 @@ MHD_start_daemon_va (unsigned int flags,
if (0 != (*pflags & MHD_USE_TLS))
gnutls_priority_deinit (daemon->priority_cache);
#endif /* HTTPS_SUPPORT */
+ free (daemon->digest_auth_random_copy);
free (daemon->nnc);
free (daemon);
return NULL;
@@ -7586,6 +7614,7 @@ MHD_start_daemon_va (unsigned int flags,
#ifdef DAUTH_SUPPORT
d->nnc = NULL;
d->nonce_nc_size = 0;
+ d->digest_auth_random_copy = NULL;
#if defined(MHD_USE_THREADS)
memset (&d->nnc_lock, 1, sizeof(d->nnc_lock));
#endif /* MHD_USE_THREADS */
@@ -7706,6 +7735,7 @@ free_and_fail:
#endif /* HTTPS_SUPPORT && UPGRADE_SUPPORT */
#endif /* EPOLL_SUPPORT */
#ifdef DAUTH_SUPPORT
+ free (daemon->digest_auth_random_copy);
free (daemon->nnc);
#if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS)
MHD_mutex_destroy_chk_ (&daemon->nnc_lock);
@@ -8102,6 +8132,7 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
#endif /* HTTPS_SUPPORT */
#ifdef DAUTH_SUPPORT
+ free (daemon->digest_auth_random_copy);
free (daemon->nnc);
#if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS)
MHD_mutex_destroy_chk_ (&daemon->nnc_lock);
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 6906e1bb..fa243a34 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -2148,6 +2148,11 @@ struct MHD_Daemon
*/
const char *digest_auth_random;
+ /**
+ * The malloc'ed copy of the @a digest_auth_random.
+ */
+ void *digest_auth_random_copy;
+
/**
* An array that contains the map nonce-nc.
*/
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (9eb7b4de -> 34059c30), gnunet, 2022/07/30
- [libmicrohttpd] 03/15: configure: report in summary whether static and shared version will be built, gnunet, 2022/07/30
- [libmicrohttpd] 02/15: configure: cosmetics, gnunet, 2022/07/30
- [libmicrohttpd] 05/15: microhttpd: improved description for MHD_OPTION_NONCE_NC_SIZE, gnunet, 2022/07/30
- [libmicrohttpd] 07/15: Added new MHD_OPTION_DIGEST_AUTH_RANDOM_COPY option,
gnunet <=
- [libmicrohttpd] 10/15: test_digestauth2: added testing of 'userdigest', gnunet, 2022/07/30
- [libmicrohttpd] 01/15: digestauth: added dynamic detection and use of the algo specified by client, gnunet, 2022/07/30
- [libmicrohttpd] 15/15: MHD_digest_auth_check3(): return failed parameter if it is known, gnunet, 2022/07/30
- [libmicrohttpd] 14/15: microhttpd.h: sorted Digest Auth functions and enums, gnunet, 2022/07/30
- [libmicrohttpd] 04/15: configure: control more parameters with 'build-type', gnunet, 2022/07/30
- [libmicrohttpd] 06/15: microhttpd: improved description for MHD_OPTION_DIGEST_AUTH_RANDOM, gnunet, 2022/07/30
- [libmicrohttpd] 08/15: daemon.c: changed fill value for unused members, gnunet, 2022/07/30
- [libmicrohttpd] 11/15: test_digestauth2: added testing of Auth v2 API, gnunet, 2022/07/30
- [libmicrohttpd] 13/15: test_digestauth2: added testing of RFC2069 mode, gnunet, 2022/07/30
- [libmicrohttpd] 12/15: digestauth: implemented support for RFC 2069, gnunet, 2022/07/30