482
492
* 'Time to make the doughnuts..'
487
497
* The password first, since that is what is most unknown
489
MD5_Update(&ctx, pw, strlen(pw));
499
li_MD5_Update(&ctx, pw, strlen(pw));
492
502
* Then our magic string
494
MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
504
li_MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
497
507
* Then the raw salt
499
MD5_Update(&ctx, sp, sl);
509
li_MD5_Update(&ctx, sp, sl);
502
512
* Then just as many characters of the MD5(pw, salt, pw)
505
MD5_Update(&ctx1, pw, strlen(pw));
506
MD5_Update(&ctx1, sp, sl);
507
MD5_Update(&ctx1, pw, strlen(pw));
508
MD5_Final(final, &ctx1);
515
li_MD5_Update(&ctx1, pw, strlen(pw));
516
li_MD5_Update(&ctx1, sp, sl);
517
li_MD5_Update(&ctx1, pw, strlen(pw));
518
li_MD5_Final(final, &ctx1);
509
519
for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
510
MD5_Update(&ctx, final,
520
li_MD5_Update(&ctx, final,
511
521
(pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
544
554
* need 30 seconds to build a 1000 entry dictionary...
546
556
for (i = 0; i < 1000; i++) {
549
MD5_Update(&ctx1, pw, strlen(pw));
559
li_MD5_Update(&ctx1, pw, strlen(pw));
552
MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
562
li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
555
MD5_Update(&ctx1, sp, sl);
565
li_MD5_Update(&ctx1, sp, sl);
559
MD5_Update(&ctx1, pw, strlen(pw));
569
li_MD5_Update(&ctx1, pw, strlen(pw));
563
MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
573
li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
566
MD5_Update(&ctx1, pw, strlen(pw));
576
li_MD5_Update(&ctx1, pw, strlen(pw));
568
MD5_Final(final,&ctx1);
578
li_MD5_Final(final,&ctx1);
571
581
p = passwd + strlen(passwd);
608
618
* user:realm:md5(user:realm:password)
616
MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
617
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
618
MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
619
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
620
MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
621
MD5_Final(HA1, &Md5Ctx);
625
li_MD5_Init(&Md5Ctx);
626
li_MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
627
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
628
li_MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
629
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
630
li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
631
li_MD5_Final(HA1, &Md5Ctx);
1006
1016
log_error_write(srv, __FILE__, __LINE__, "ss", "realm", realm);
1007
1017
log_error_write(srv, __FILE__, __LINE__, "ss", "nonce", nonce);
1008
1018
log_error_write(srv, __FILE__, __LINE__, "ss", "uri", uri);
1009
log_error_write(srv, __FILE__, __LINE__, "ss", "algorigthm", algorithm);
1019
log_error_write(srv, __FILE__, __LINE__, "ss", "algorithm", algorithm);
1010
1020
log_error_write(srv, __FILE__, __LINE__, "ss", "qop", qop);
1011
1021
log_error_write(srv, __FILE__, __LINE__, "ss", "cnonce", cnonce);
1012
1022
log_error_write(srv, __FILE__, __LINE__, "ss", "nc", nc);
1062
1072
if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
1063
1073
/* generate password from plain-text */
1065
MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
1066
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1067
MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
1068
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1069
MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
1070
MD5_Final(HA1, &Md5Ctx);
1074
li_MD5_Init(&Md5Ctx);
1075
li_MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
1076
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1077
li_MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
1078
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1079
li_MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
1080
li_MD5_Final(HA1, &Md5Ctx);
1071
1081
} else if (p->conf.auth_backend == AUTH_BACKEND_HTDIGEST) {
1073
1083
/* transform the 32-byte-hex-md5 to a 16-byte-md5 */
1085
1095
if (algorithm &&
1086
1096
strcasecmp(algorithm, "md5-sess") == 0) {
1088
MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
1089
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1090
MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
1091
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1092
MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
1093
MD5_Final(HA1, &Md5Ctx);
1097
li_MD5_Init(&Md5Ctx);
1098
/* Errata ID 1649: http://www.rfc-editor.org/errata_search.php?rfc=2617 */
1100
li_MD5_Update(&Md5Ctx, (unsigned char *)a1, 32);
1101
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1102
li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
1103
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1104
li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
1105
li_MD5_Final(HA1, &Md5Ctx);
1096
1108
CvtHex(HA1, a1);
1098
1110
/* calculate H(A2) */
1100
MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
1101
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1102
MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
1111
li_MD5_Init(&Md5Ctx);
1112
li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
1113
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1114
li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
1103
1115
if (qop && strcasecmp(qop, "auth-int") == 0) {
1104
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1105
MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
1116
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1117
li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
1107
MD5_Final(HA2, &Md5Ctx);
1119
li_MD5_Final(HA2, &Md5Ctx);
1108
1120
CvtHex(HA2, HA2Hex);
1110
1122
/* calculate response */
1112
MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
1113
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1114
MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
1115
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1123
li_MD5_Init(&Md5Ctx);
1124
li_MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
1125
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1126
li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
1127
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1116
1128
if (qop && *qop) {
1117
MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
1118
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1119
MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
1120
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1121
MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
1122
MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1129
li_MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
1130
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1131
li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
1132
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1133
li_MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
1134
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
1124
MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
1125
MD5_Final(RespHash, &Md5Ctx);
1136
li_MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
1137
li_MD5_Final(RespHash, &Md5Ctx);
1126
1138
CvtHex(RespHash, a2);
1128
1140
if (0 != strcmp(a2, respons)) {
1166
1178
int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char out[33]) {
1173
1185
/* generate shared-secret */
1175
MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
1176
MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
1186
li_MD5_Init(&Md5Ctx);
1187
li_MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
1188
li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
1178
1190
/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
1179
1191
LI_ltostr(hh, srv->cur_ts);
1180
MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
1181
MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
1192
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
1193
li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
1182
1194
LI_ltostr(hh, rand());
1183
MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
1195
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
1185
MD5_Final(h, &Md5Ctx);
1197
li_MD5_Final(h, &Md5Ctx);
1187
1199
CvtHex(h, out);