[mod_auth] http_auth_digest_hex2bin()

replace http_auth_md5_hex2bin() with more generic function to handle
digests of different lengths

src/http_auth.c

@@ -137,20 +137,21 @@ void http_auth_setenv(connection *con, const char *username, size_t ulen, const
     http_header_env_set(con, CONST_STR_LEN("AUTH_TYPE"), auth_type, alen);
 }
 
-int http_auth_md5_hex2bin (const char *md5hex, size_t len, unsigned char md5bin[16])
+int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen)
 {
-    /* validate and transform 32-byte MD5 hex string to 16-byte binary MD5 */
-    if (32 != len) return -1; /*(Note: char *md5hex must be a 32-char string)*/
-    for (int i = 0; i < 32; i+=2) {
-        int hi = md5hex[i];
-        int lo = md5hex[i+1];
+    /* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
+     * or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
+    if (len > (binlen << 1)) return -1;
+    for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
+        int hi = hexstr[i];
+        int lo = hexstr[i+1];
         if ('0' <= hi && hi <= '9')                    hi -= '0';
         else if ((hi |= 0x20), 'a' <= hi && hi <= 'f') hi += -'a' + 10;
         else                                           return -1;
         if ('0' <= lo && lo <= '9')                    lo -= '0';
         else if ((lo |= 0x20), 'a' <= lo && lo <= 'f') lo += -'a' + 10;
         else                                           return -1;
-        md5bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
+        bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
     }
     return 0;
 }

src/http_auth.h

@@ -47,6 +47,6 @@ int http_auth_const_time_memeq (const char *a, size_t alen, const char *b, size_
 
 void http_auth_setenv(connection *con, const char *username, size_t ulen, const char *auth_type, size_t alen);
 
-int http_auth_md5_hex2bin (const char *md5hex, size_t len, unsigned char md5bin[16]);
+int http_auth_digest_hex2bin (const char *hexstr, size_t len, unsigned char *bin, size_t binlen);
 
 #endif

src/mod_authn_file.c

@@ -257,7 +257,8 @@ static int mod_authn_file_htdigest_get(server *srv, const buffer *auth_fn, const
 
             fclose(fp);
 
-            return http_auth_md5_hex2bin(f_pwd, pwd_len, HA1);
+            return http_auth_digest_hex2bin(f_pwd, pwd_len,
+                                            HA1, sizeof(HA1));
         }
     }
 

src/mod_authn_mysql.c

@@ -379,7 +379,7 @@ static int mod_authn_mysql_password_cmp(const char *userpw, unsigned long userpw
 
         /*(compare 16-byte MD5 binary instead of converting to hex strings
          * in order to then have to do case-insensitive hex str comparison)*/
-        return (0 == http_auth_md5_hex2bin(userpw, 32 /*(userpwlen)*/, md5pw))
+        return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw)))
           ? memcmp(HA1, md5pw, sizeof(md5pw))
           : -1;
     }
@@ -413,7 +413,8 @@ static int mod_authn_mysql_result(server *srv, plugin_data *p, const char *pw, u
             rc = mod_authn_mysql_password_cmp(row[0], lengths[0], pw);
         }
         else {          /* used with HTTP Digest auth */
-            rc = http_auth_md5_hex2bin(row[0], lengths[0], HA1);
+            rc = http_auth_digest_hex2bin(row[0], lengths[0],
+                                          HA1, sizeof(HA1));
         }
     }
     else if (0 == num_rows) {

src/mod_secdownload.c

@@ -158,7 +158,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
 			unsigned char HA1[16];
 			unsigned char md5bin[16];
 
-			if (0 != http_auth_md5_hex2bin(mac, maclen, md5bin)) return 0;
+			if (0 != http_auth_digest_hex2bin(mac, maclen, md5bin, sizeof(md5bin))) return 0;
 
 			/* legacy message:
 			 *   protected_path := '/' <timestamp-hex> <rel-path>