moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
Code Issues Releases Wiki Activity

md5/sha256: Updated the functions to allow non-string data to be hashed

Browse Source
This commit is contained in:
Steve Holme 2020-02-22 05:37:01 +00:00
parent 4959be810b
commit 37dc4df270
No known key found for this signature in database
GPG Key ID: 4059CB85CA7E8F19
7 changed files with 45 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/curl_md5.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -49,8 +49,8 @@ typedef struct {
extern const MD5_params Curl_DIGEST_MD5[1]; extern const MD5_params Curl_DIGEST_MD5[1];
extern const HMAC_params Curl_HMAC_MD5[1]; extern const HMAC_params Curl_HMAC_MD5[1];
void Curl_md5it(unsigned char *output, void Curl_md5it(unsigned char *output, const unsigned char *input,
const unsigned char *input); const size_t len);
MD5_context * Curl_MD5_init(const MD5_params *md5params); MD5_context * Curl_MD5_init(const MD5_params *md5params);
CURLcode Curl_MD5_update(MD5_context *context, CURLcode Curl_MD5_update(MD5_context *context,

3
lib/curl_sha256.h
View File

@ -27,7 +27,8 @@
#define SHA256_DIGEST_LENGTH 32 #define SHA256_DIGEST_LENGTH 32
void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input); void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
const size_t len);
#endif #endif

7
lib/md5.c
View File

@ -513,12 +513,13 @@ const MD5_params Curl_DIGEST_MD5[] = {
/* /*
* @unittest: 1601 * @unittest: 1601
*/ */
void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */ void Curl_md5it(unsigned char *outbuffer, const unsigned char *input,
const unsigned char *input) const size_t len)
{ {
MD5_CTX ctx; MD5_CTX ctx;
MD5_Init(&ctx); MD5_Init(&ctx);
MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input))); MD5_Update(&ctx, input, curlx_uztoui(len));
MD5_Final(outbuffer, &ctx); MD5_Final(outbuffer, &ctx);
} }

7
lib/sha256.c
View File

@ -259,12 +259,13 @@ static int SHA256_Final(unsigned char *out,
/* /*
* @unittest: 1610 * @unittest: 1610
*/ */
void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */ void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
const unsigned char *input) const size_t len)
{ {
SHA256_CTX ctx; SHA256_CTX ctx;
SHA256_Init(&ctx); SHA256_Init(&ctx);
SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input))); SHA256_Update(&ctx, input, curlx_uztoui(len));
SHA256_Final(outbuffer, &ctx); SHA256_Final(outbuffer, &ctx);
} }

46
lib/vauth/digest.c
View File

@ -62,7 +62,7 @@
what ultimately goes over the network. what ultimately goes over the network.
*/ */
#define CURL_OUTPUT_DIGEST_CONV(a, b) \ #define CURL_OUTPUT_DIGEST_CONV(a, b) \
result = Curl_convert_to_network(a, (char *)b, strlen((const char *)b)); \ result = Curl_convert_to_network(a, b, strlen(b)); \
if(result) { \ if(result) { \
free(b); \ free(b); \
return result; \ return result; \
@ -688,12 +688,12 @@ static CURLcode auth_create_digest_http_message(
struct digestdata *digest, struct digestdata *digest,
char **outptr, size_t *outlen, char **outptr, size_t *outlen,
void (*convert_to_ascii)(unsigned char *, unsigned char *), void (*convert_to_ascii)(unsigned char *, unsigned char *),
void (*hash)(unsigned char *, const unsigned char *)) void (*hash)(unsigned char *, const unsigned char *,
const size_t))
{ {
CURLcode result; CURLcode result;
unsigned char hashbuf[32]; /* 32 bytes/256 bits */ unsigned char hashbuf[32]; /* 32 bytes/256 bits */
unsigned char request_digest[65]; unsigned char request_digest[65];
unsigned char *hashthis;
unsigned char ha1[65]; /* 64 digits and 1 zero byte */ unsigned char ha1[65]; /* 64 digits and 1 zero byte */
unsigned char ha2[65]; /* 64 digits and 1 zero byte */ unsigned char ha2[65]; /* 64 digits and 1 zero byte */
char userh[65]; char userh[65];
@ -701,6 +701,7 @@ static CURLcode auth_create_digest_http_message(
size_t cnonce_sz = 0; size_t cnonce_sz = 0;
char *userp_quoted; char *userp_quoted;
char *response = NULL; char *response = NULL;
char *hashthis = NULL;
char *tmp = NULL; char *tmp = NULL;
if(!digest->nc) if(!digest->nc)
@ -722,12 +723,12 @@ static CURLcode auth_create_digest_http_message(
} }
if(digest->userhash) { if(digest->userhash) {
hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm); hashthis = aprintf("%s:%s", userp, digest->realm);
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis); CURL_OUTPUT_DIGEST_CONV(data, hashthis);
hash(hashbuf, hashthis); hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
convert_to_ascii(hashbuf, (unsigned char *)userh); convert_to_ascii(hashbuf, (unsigned char *)userh);
} }
@ -743,14 +744,13 @@ static CURLcode auth_create_digest_http_message(
unq(nonce-value) ":" unq(cnonce-value) unq(nonce-value) ":" unq(cnonce-value)
*/ */
hashthis = (unsigned char *) hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp,
aprintf("%s:%s:%s", digest->userhash ? userh : userp, digest->realm, passwdp);
digest->realm, passwdp);
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
hash(hashbuf, hashthis); hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
convert_to_ascii(hashbuf, ha1); convert_to_ascii(hashbuf, ha1);
@ -763,7 +763,7 @@ static CURLcode auth_create_digest_http_message(
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */ CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */
hash(hashbuf, (unsigned char *) tmp); hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
free(tmp); free(tmp);
convert_to_ascii(hashbuf, ha1); convert_to_ascii(hashbuf, ha1);
} }
@ -781,19 +781,19 @@ static CURLcode auth_create_digest_http_message(
5.1.1 of RFC 2616) 5.1.1 of RFC 2616)
*/ */
hashthis = (unsigned char *) aprintf("%s:%s", request, uripath); hashthis = aprintf("%s:%s", request, uripath);
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
if(digest->qop && strcasecompare(digest->qop, "auth-int")) { if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
/* We don't support auth-int for PUT or POST */ /* We don't support auth-int for PUT or POST */
char hashed[65]; char hashed[65];
unsigned char *hashthis2; char *hashthis2;
hash(hashbuf, (const unsigned char *)""); hash(hashbuf, (const unsigned char *)"", 0);
convert_to_ascii(hashbuf, (unsigned char *)hashed); convert_to_ascii(hashbuf, (unsigned char *)hashed);
hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed); hashthis2 = aprintf("%s:%s", hashthis, hashed);
free(hashthis); free(hashthis);
hashthis = hashthis2; hashthis = hashthis2;
} }
@ -802,31 +802,23 @@ static CURLcode auth_create_digest_http_message(
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
hash(hashbuf, hashthis); hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
convert_to_ascii(hashbuf, ha2); convert_to_ascii(hashbuf, ha2);
if(digest->qop) { if(digest->qop) {
hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s", hashthis = aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc,
ha1, digest->cnonce, digest->qop, ha2);
digest->nonce,
digest->nc,
digest->cnonce,
digest->qop,
ha2);
} }
else { else {
hashthis = (unsigned char *) aprintf("%s:%s:%s", hashthis = aprintf("%s:%s:%s", ha1, digest->nonce, ha2);
ha1,
digest->nonce,
ha2);
} }
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
hash(hashbuf, hashthis); hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
convert_to_ascii(hashbuf, request_digest); convert_to_ascii(hashbuf, request_digest);

20
tests/unit/unit1601.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -36,18 +36,20 @@ static void unit_stop(void)
UNITTEST_START UNITTEST_START
#ifndef CURL_DISABLE_CRYPTO_AUTH #ifndef CURL_DISABLE_CRYPTO_AUTH
unsigned char output[16]; const char string1[] = "1";
const char string2[] = "hello-you-fool";
unsigned char output[MD5_DIGEST_LEN];
unsigned char *testp = output; unsigned char *testp = output;
Curl_md5it(output, (const unsigned char *)"1");
/* !checksrc! disable LONGLINE 2 */ Curl_md5it(output, (const unsigned char *) string1, strlen(string1));
verify_memory(testp,
"\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f\x75\x84\x9b", 16);
Curl_md5it(output, (const unsigned char *)"hello-you-fool"); verify_memory(testp, "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f"
"\x75\x84\x9b", MD5_DIGEST_LEN);
verify_memory(testp, Curl_md5it(output, (const unsigned char *) string2, strlen(string2));
"\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82\x87\x5f\x22", 16);
verify_memory(testp, "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82"
"\x87\x5f\x22", MD5_DIGEST_LEN);
#endif #endif

4
tests/unit/unit1610.c
View File

@ -41,14 +41,14 @@ UNITTEST_START
unsigned char output[SHA256_DIGEST_LENGTH]; unsigned char output[SHA256_DIGEST_LENGTH];
unsigned char *testp = output; unsigned char *testp = output;
Curl_sha256it(output, (const unsigned char *) string1); Curl_sha256it(output, (const unsigned char *) string1, strlen(string1));
verify_memory(testp, verify_memory(testp,
"\x6b\x86\xb2\x73\xff\x34\xfc\xe1\x9d\x6b\x80\x4e\xff\x5a\x3f" "\x6b\x86\xb2\x73\xff\x34\xfc\xe1\x9d\x6b\x80\x4e\xff\x5a\x3f"
"\x57\x47\xad\xa4\xea\xa2\x2f\x1d\x49\xc0\x1e\x52\xdd\xb7\x87" "\x57\x47\xad\xa4\xea\xa2\x2f\x1d\x49\xc0\x1e\x52\xdd\xb7\x87"
"\x5b\x4b", SHA256_DIGEST_LENGTH); "\x5b\x4b", SHA256_DIGEST_LENGTH);
Curl_sha256it(output, (const unsigned char *) string2); Curl_sha256it(output, (const unsigned char *) string2, strlen(string2));
verify_memory(testp, verify_memory(testp,
"\xcb\xb1\x6a\x8a\xb9\xcb\xb9\x35\xa8\xcb\xa0\x2e\x28\xc0\x26" "\xcb\xb1\x6a\x8a\xb9\xcb\xb9\x35\xa8\xcb\xa0\x2e\x28\xc0\x26"