|
|
|
|
@ -4,6 +4,7 @@
|
|
|
|
|
#include "log.h"
|
|
|
|
|
#include "buffer.h"
|
|
|
|
|
#include "base64.h"
|
|
|
|
|
#include "http_auth.h"
|
|
|
|
|
|
|
|
|
|
#include "plugin.h"
|
|
|
|
|
|
|
|
|
|
@ -21,11 +22,6 @@
|
|
|
|
|
|
|
|
|
|
#include "md5.h"
|
|
|
|
|
|
|
|
|
|
#define HASHLEN 16
|
|
|
|
|
typedef unsigned char HASH[HASHLEN];
|
|
|
|
|
#define HASHHEXLEN 32
|
|
|
|
|
typedef char HASHHEX[HASHHEXLEN+1];
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* mod_secdownload verifies a checksum associated with a timestamp
|
|
|
|
|
* and a path.
|
|
|
|
|
@ -160,10 +156,12 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
|
|
|
|
|
case SECDL_MD5:
|
|
|
|
|
{
|
|
|
|
|
li_MD5_CTX Md5Ctx;
|
|
|
|
|
HASH HA1;
|
|
|
|
|
char hexmd5[33];
|
|
|
|
|
const char *ts_str;
|
|
|
|
|
const char *rel_uri;
|
|
|
|
|
unsigned char HA1[16];
|
|
|
|
|
unsigned char md5bin[16];
|
|
|
|
|
|
|
|
|
|
if (0 != http_auth_md5_hex2bin(mac, maclen, md5bin)) return 0;
|
|
|
|
|
|
|
|
|
|
/* legacy message:
|
|
|
|
|
* protected_path := '/' <timestamp-hex> <rel-path>
|
|
|
|
|
@ -181,9 +179,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
|
|
|
|
|
li_MD5_Update(&Md5Ctx, ts_str, 8);
|
|
|
|
|
li_MD5_Final(HA1, &Md5Ctx);
|
|
|
|
|
|
|
|
|
|
li_tohex(hexmd5, sizeof(hexmd5), (const char *)HA1, 16);
|
|
|
|
|
|
|
|
|
|
return (32 == maclen) && const_time_memeq(mac, hexmd5, 32);
|
|
|
|
|
return const_time_memeq((char *)HA1, (char *)md5bin, sizeof(md5bin));
|
|
|
|
|
}
|
|
|
|
|
case SECDL_HMAC_SHA1:
|
|
|
|
|
#ifdef USE_OPENSSL_CRYPTO
|
|
|
|
|
|
