[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 145/282: md5/sha256: Updated the functions to allow non-string d
From: |
gnunet |
Subject: |
[gnurl] 145/282: md5/sha256: Updated the functions to allow non-string data to be hashed |
Date: |
Wed, 01 Apr 2020 14:30:10 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 37dc4df270b0080442a9e36f9ea13855db9253e6
Author: Steve Holme <address@hidden>
AuthorDate: Sat Feb 22 05:37:01 2020 +0000
md5/sha256: Updated the functions to allow non-string data to be hashed
---
lib/curl_md5.h | 6 +++---
lib/curl_sha256.h | 3 ++-
lib/md5.c | 7 ++++---
lib/sha256.c | 7 ++++---
lib/vauth/digest.c | 46 +++++++++++++++++++---------------------------
tests/unit/unit1601.c | 20 +++++++++++---------
tests/unit/unit1610.c | 4 ++--
7 files changed, 45 insertions(+), 48 deletions(-)
diff --git a/lib/curl_md5.h b/lib/curl_md5.h
index aaf25f61b..dd464416a 100644
--- a/lib/curl_md5.h
+++ b/lib/curl_md5.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -49,8 +49,8 @@ typedef struct {
extern const MD5_params Curl_DIGEST_MD5[1];
extern const HMAC_params Curl_HMAC_MD5[1];
-void Curl_md5it(unsigned char *output,
- const unsigned char *input);
+void Curl_md5it(unsigned char *output, const unsigned char *input,
+ const size_t len);
MD5_context * Curl_MD5_init(const MD5_params *md5params);
CURLcode Curl_MD5_update(MD5_context *context,
diff --git a/lib/curl_sha256.h b/lib/curl_sha256.h
index 922e501da..35d286ceb 100644
--- a/lib/curl_sha256.h
+++ b/lib/curl_sha256.h
@@ -27,7 +27,8 @@
#define SHA256_DIGEST_LENGTH 32
-void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input);
+void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
+ const size_t len);
#endif
diff --git a/lib/md5.c b/lib/md5.c
index 8741bd225..f6fdb48ac 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -513,12 +513,13 @@ const MD5_params Curl_DIGEST_MD5[] = {
/*
* @unittest: 1601
*/
-void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
- const unsigned char *input)
+void Curl_md5it(unsigned char *outbuffer, const unsigned char *input,
+ const size_t len)
{
MD5_CTX ctx;
+
MD5_Init(&ctx);
- MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
+ MD5_Update(&ctx, input, curlx_uztoui(len));
MD5_Final(outbuffer, &ctx);
}
diff --git a/lib/sha256.c b/lib/sha256.c
index 5127a9edd..656f9894a 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -259,12 +259,13 @@ static int SHA256_Final(unsigned char *out,
/*
* @unittest: 1610
*/
-void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */
- const unsigned char *input)
+void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
+ const size_t len)
{
SHA256_CTX ctx;
+
SHA256_Init(&ctx);
- SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
+ SHA256_Update(&ctx, input, curlx_uztoui(len));
SHA256_Final(outbuffer, &ctx);
}
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index ec8d83ac4..a8835705f 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -62,7 +62,7 @@
what ultimately goes over the network.
*/
#define CURL_OUTPUT_DIGEST_CONV(a, b) \
- result = Curl_convert_to_network(a, (char *)b, strlen((const char *)b)); \
+ result = Curl_convert_to_network(a, b, strlen(b)); \
if(result) { \
free(b); \
return result; \
@@ -688,12 +688,12 @@ static CURLcode auth_create_digest_http_message(
struct digestdata *digest,
char **outptr, size_t *outlen,
void (*convert_to_ascii)(unsigned char *, unsigned char *),
- void (*hash)(unsigned char *, const unsigned char *))
+ void (*hash)(unsigned char *, const unsigned char *,
+ const size_t))
{
CURLcode result;
unsigned char hashbuf[32]; /* 32 bytes/256 bits */
unsigned char request_digest[65];
- unsigned char *hashthis;
unsigned char ha1[65]; /* 64 digits and 1 zero byte */
unsigned char ha2[65]; /* 64 digits and 1 zero byte */
char userh[65];
@@ -701,6 +701,7 @@ static CURLcode auth_create_digest_http_message(
size_t cnonce_sz = 0;
char *userp_quoted;
char *response = NULL;
+ char *hashthis = NULL;
char *tmp = NULL;
if(!digest->nc)
@@ -722,12 +723,12 @@ static CURLcode auth_create_digest_http_message(
}
if(digest->userhash) {
- hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm);
+ hashthis = aprintf("%s:%s", userp, digest->realm);
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis);
- hash(hashbuf, hashthis);
+ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis);
convert_to_ascii(hashbuf, (unsigned char *)userh);
}
@@ -743,14 +744,13 @@ static CURLcode auth_create_digest_http_message(
unq(nonce-value) ":" unq(cnonce-value)
*/
- hashthis = (unsigned char *)
- aprintf("%s:%s:%s", digest->userhash ? userh : userp,
- digest->realm, passwdp);
+ hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp,
+ digest->realm, passwdp);
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
- hash(hashbuf, hashthis);
+ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis);
convert_to_ascii(hashbuf, ha1);
@@ -763,7 +763,7 @@ static CURLcode auth_create_digest_http_message(
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */
- hash(hashbuf, (unsigned char *) tmp);
+ hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
free(tmp);
convert_to_ascii(hashbuf, ha1);
}
@@ -781,19 +781,19 @@ static CURLcode auth_create_digest_http_message(
5.1.1 of RFC 2616)
*/
- hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);
+ hashthis = aprintf("%s:%s", request, uripath);
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
/* We don't support auth-int for PUT or POST */
char hashed[65];
- unsigned char *hashthis2;
+ char *hashthis2;
- hash(hashbuf, (const unsigned char *)"");
+ hash(hashbuf, (const unsigned char *)"", 0);
convert_to_ascii(hashbuf, (unsigned char *)hashed);
- hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed);
+ hashthis2 = aprintf("%s:%s", hashthis, hashed);
free(hashthis);
hashthis = hashthis2;
}
@@ -802,31 +802,23 @@ static CURLcode auth_create_digest_http_message(
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
- hash(hashbuf, hashthis);
+ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis);
convert_to_ascii(hashbuf, ha2);
if(digest->qop) {
- hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s",
- ha1,
- digest->nonce,
- digest->nc,
- digest->cnonce,
- digest->qop,
- ha2);
+ hashthis = aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc,
+ digest->cnonce, digest->qop, ha2);
}
else {
- hashthis = (unsigned char *) aprintf("%s:%s:%s",
- ha1,
- digest->nonce,
- ha2);
+ hashthis = aprintf("%s:%s:%s", ha1, digest->nonce, ha2);
}
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
- hash(hashbuf, hashthis);
+ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis);
convert_to_ascii(hashbuf, request_digest);
diff --git a/tests/unit/unit1601.c b/tests/unit/unit1601.c
index a6120e1c2..bf00bc7e9 100644
--- a/tests/unit/unit1601.c
+++ b/tests/unit/unit1601.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -36,18 +36,20 @@ static void unit_stop(void)
UNITTEST_START
#ifndef CURL_DISABLE_CRYPTO_AUTH
- unsigned char output[16];
+ const char string1[] = "1";
+ const char string2[] = "hello-you-fool";
+ unsigned char output[MD5_DIGEST_LEN];
unsigned char *testp = output;
- Curl_md5it(output, (const unsigned char *)"1");
-/* !checksrc! disable LONGLINE 2 */
- verify_memory(testp,
-
"\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f\x75\x84\x9b", 16);
+ Curl_md5it(output, (const unsigned char *) string1, strlen(string1));
- Curl_md5it(output, (const unsigned char *)"hello-you-fool");
+ verify_memory(testp, "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f"
+ "\x75\x84\x9b", MD5_DIGEST_LEN);
- verify_memory(testp,
-
"\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82\x87\x5f\x22", 16);
+ Curl_md5it(output, (const unsigned char *) string2, strlen(string2));
+
+ verify_memory(testp, "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82"
+ "\x87\x5f\x22", MD5_DIGEST_LEN);
#endif
diff --git a/tests/unit/unit1610.c b/tests/unit/unit1610.c
index 06c97198b..bb9c937c9 100644
--- a/tests/unit/unit1610.c
+++ b/tests/unit/unit1610.c
@@ -41,14 +41,14 @@ UNITTEST_START
unsigned char output[SHA256_DIGEST_LENGTH];
unsigned char *testp = output;
- Curl_sha256it(output, (const unsigned char *) string1);
+ Curl_sha256it(output, (const unsigned char *) string1, strlen(string1));
verify_memory(testp,
"\x6b\x86\xb2\x73\xff\x34\xfc\xe1\x9d\x6b\x80\x4e\xff\x5a\x3f"
"\x57\x47\xad\xa4\xea\xa2\x2f\x1d\x49\xc0\x1e\x52\xdd\xb7\x87"
"\x5b\x4b", SHA256_DIGEST_LENGTH);
- Curl_sha256it(output, (const unsigned char *) string2);
+ Curl_sha256it(output, (const unsigned char *) string2, strlen(string2));
verify_memory(testp,
"\xcb\xb1\x6a\x8a\xb9\xcb\xb9\x35\xa8\xcb\xa0\x2e\x28\xc0\x26"
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 132/282: nit: Copyright year out of date, (continued)
- [gnurl] 132/282: nit: Copyright year out of date, gnunet, 2020/04/01
- [gnurl] 137/282: github action: add CIFuzz, gnunet, 2020/04/01
- [gnurl] 141/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 143/282: tests: Added a unit test for SHA256 digest generation, gnunet, 2020/04/01
- [gnurl] 144/282: digest: Corrected the name of the local HTTP digest function, gnunet, 2020/04/01
- [gnurl] 146/282: ntlm: Removed the dependency on the TLS libaries when using MD5, gnunet, 2020/04/01
- [gnurl] 147/282: test1610: Fixed the link to the unit test, gnunet, 2020/04/01
- [gnurl] 150/282: ntlm: Moved the HMAC MD5 function into the HMAC module as a generic function, gnunet, 2020/04/01
- [gnurl] 140/282: http2: now require nghttp2 >= 1.12.0, gnunet, 2020/04/01
- [gnurl] 123/282: socks: make the connect phase non-blocking, gnunet, 2020/04/01
- [gnurl] 145/282: md5/sha256: Updated the functions to allow non-string data to be hashed,
gnunet <=
- [gnurl] 153/282: ftpserver: Updated VRFY_smtp() so the response isn't necessary in the test case, gnunet, 2020/04/01
- [gnurl] 148/282: md4: Use const for the length input parameter, gnunet, 2020/04/01
- [gnurl] 152/282: ftpserver: Corrected the e-mail address regex in MAIL_smtp() and RCTP_smtp(), gnunet, 2020/04/01
- [gnurl] 155/282: url: Make the IDN conversion functions available to others, gnunet, 2020/04/01
- [gnurl] 159/282: smtp: Detect server support for the UTF-8 extension as defined in RFC-6531, gnunet, 2020/04/01
- [gnurl] 158/282: smtp: Support UTF-8 based host names in the VRFY command, gnunet, 2020/04/01
- [gnurl] 151/282: hmac: Added a unit test for the HMAC hash generation, gnunet, 2020/04/01
- [gnurl] 149/282: tests: Added a unit test for MD4 digest generation, gnunet, 2020/04/01
- [gnurl] 163/282: smtp: Support the SMTPUTF8 extension for the EXPN command, gnunet, 2020/04/01
- [gnurl] 162/282: smtp: Support the SMTPUTF8 extension in the VRFY command, gnunet, 2020/04/01