From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 0E76F49618 for ; Mon, 15 Apr 2024 02:32:28 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2CB6A68D32E; Mon, 15 Apr 2024 05:32:26 +0300 (EEST) Received: from PUWP216CU001.outbound.protection.outlook.com (mail-koreasouthazon11020002.outbound.protection.outlook.com [52.101.156.2]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2060D68D2F2 for ; Mon, 15 Apr 2024 05:32:18 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bwe2pGTLml9j/w0WbfGcZx6VNd89T7xzp+b6b79HJ6Uxd7vZcm10hKqyBwcvJD/M0GGBM7cCSlleEFLxJQftDMxYQ0Sya32d+pZ93Hk9s27XcNVC+nOc3PV+y6aKcvEidoUxjiPxREg0p9PU4f7stkd8D+6WFEuXig2pJuNcTk7mSdTvrtNtA31QWEbAZAHXuEQ2+lK7OYBqid+n32DpoJtOKLi50cC6+fwrnSTyAALl61qnFg++ihjGD08Os5AmqD+myg11RfpWD/yf9mc8XRQc9bqsEAX7oMgLiRrmyE5HstKw8FF06wqcMCYrRBaAf1uLGv/hDKJ1o/StAnJu/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2yaAdQR9uif/30TROAfDQWq1rQ8FHsfmQO+UZMjwZGw=; b=MD/eAXTTLZ94SBydgyuA27/uLyeiLe4uAFRYhiPgxyNOTwD8OUz6bSoXTYMcvRGXFE+1GINo7ikf+T6bcNuWy4LyxhBJoZLXa+qUdCaKJrc4Fq1ABcsFKHb0pvo8FF1bMsJr01ma+ulxI0rDxkrTeGlfauA3WMpdHqEmtj6ySYA7xiV/hWXq0Z6EHpa6M8a+Hlwn4wXKXBYTZeJ1qC1CWBnvDzKGmJy2Pnd/AW2H6SpP5xIGqP+rdZmkekNtXw0jDbKfoefsREi2lVKvoVOvkrZqLcz4bCWk394AtPMSQc2//XNzJAnf3++1WgFN7xD9/wKaOgTjFADOZhXz5p1UIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitsensing.com; dmarc=pass action=none header.from=bitsensing.com; dkim=pass header.d=bitsensing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitsensing.onmicrosoft.com; s=selector1-bitsensing-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2yaAdQR9uif/30TROAfDQWq1rQ8FHsfmQO+UZMjwZGw=; b=hhEPmu4y4bawk3EPJIxHI+N+YLUBgwB8SyXcOxfArmC7egzmY6K5CiiGECK/wacgZcZZzOzsZfdLikVSfIoRKe4AFmRYpqyZpKCoj19a0cLSOvZbWMZT+BAKgf4qbTbYrQyNHOpgUxwx3h/z6GnevIQH2xm0fr5XqRppzgTGQ0A= Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM (2603:1096:101:1f::7) by SE2P216MB1537.KORP216.PROD.OUTLOOK.COM (2603:1096:101:2c::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Mon, 15 Apr 2024 02:32:14 +0000 Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22]) by SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22%4]) with mapi id 15.20.7452.049; Mon, 15 Apr 2024 02:32:14 +0000 From: =?ks_c_5601-1987?B?waTB9r/sIHwgRXVnZW5l?= To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] avformat/httpauth.c Support RFC7616 [Style fixed] Thread-Index: AdqO3MDVmeQg5337R3mX0lhwfo9qpw== Date: Mon, 15 Apr 2024 02:32:14 +0000 Message-ID: Accept-Language: ko-KR, en-US Content-Language: ko-KR X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=bitsensing.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SL2P216MB1481:EE_|SE2P216MB1537:EE_ x-ms-office365-filtering-correlation-id: ab3fd179-6aa4-439d-3d0f-08dc5cf442e9 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: k9CHbpjUcS4aBdf2L+hSjvS6xlA4ZKLlUowDmFzH5vrPVZvVxgPb8nme3Sq0q9ksD34KeMC5QOi8PMdxdA5L2txgi2933WsqTor26Sxo0A8Wj46nnDIsK0JX3MJXoUD5hLTNT8cfkoqwQolj7vfJn+xVgceXNKFK+BbdlOJtwc5ba5OBFZ6qzVoD4xovuNW42t/75hudL3rLYJESpvVgAEdaVRYlJ2UNo2C1LQlV6ohDYt6IXCdEEtyDy7LctBJ8sZSP5aN5tJfSC27OppzflFK4g4IHY3v9JXm4g7X0r2aC6Jqv6h/kCXNxMR4ofmg6vbjg5uNVPHEqpZBYlHPhSNd2L4M7H6uxpnua3Gu0ve588QeqtYXNLaRkJPMomLEtSl6lTOnZhHOwU8leKPb82u8qsG8JwRsyH5eKLj85UZ16yjevD8AnMMsxEANAkTfnpj5kHn27TOp+VrcETTCdB3w2hcY/MIlmcCsfEKqBb9I+5ObyHdoxhHHbMOKopjM4dAelZm7H/LPu+C1skjV8jTZpq72xGoztI8ZbIBPsTVRZDNES0ShquEbOJq31ZN/VBNzfrdIC/zR4prQ1TVphVjpO0ZOMXdoLQQHkRJKbbJr/p7RgzUE44GcIsDEJE6OumXdOXU4P5pCTRIQWqqIN5wxJD8lBBZSoSBkgi6Ia/+3yx6j2U2ilYJeI2Wluwpd8pZxCUXSEcQyfomzzQ1c5Cs6ssuAj+J0LIjypl8aCsMM= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:ko; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SL2P216MB1481.KORP216.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015)(38070700009); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?ks_c_5601-1987?B?UG1rRWZNWTZibTN0aWN4d2VDTkQ3eUwrVU96MWxFWHJQd01XUWIx?= =?ks_c_5601-1987?B?YkFadC9jSVhHbUFHZ1hwVHpsbXpud3JsQkFGQWoraFhOUjhSczFW?= =?ks_c_5601-1987?B?M2tyOWg3YjBtMUtabGNnTDJWZGJyN08wWnc2NUV0bkxOcFFBMHlo?= =?ks_c_5601-1987?B?T2xwYXZLSlIwNlBQNm1LcjkwcGwrdllRa3kwcFFOWU5ZNC9oNlQ3?= =?ks_c_5601-1987?B?NGtoWU5LbXFDNUs3MkEzek9CbVZBOWZLWnhBbVVqT24rWFhHeHFR?= =?ks_c_5601-1987?B?OUhsTG5ObUJCVDB4d1dpNTRjRElmQ0tFVDVlcjU0QTIzT1FkY1h4?= =?ks_c_5601-1987?B?UVZhd1R3Y0N5SkphQnhCbFlWOVArU2haM1RUdG5YV2hQbGF6eGZ4?= =?ks_c_5601-1987?B?UnkvczhYWmNpYlliRkdudlhiSWk4WXdvMHluWnM2bnhOTW05aHdw?= =?ks_c_5601-1987?B?a25FRTNjUjZRcXRUUVBHcW9iZjE0Y2RROGV3MndXMGRvWld0YTRC?= =?ks_c_5601-1987?B?cGM3TVA1eXpWSFFEWDRuaXdnTEowYlVLMlFTd1hYWVI2aXdFSjNp?= =?ks_c_5601-1987?B?Q1RISGRhRmxLYllnb2JxTWsxdlhwbDN5UDh3SmdTc0VXZWszaUQ0?= =?ks_c_5601-1987?B?STAwdVVnRnFoMWdDUUs3QXBKa3BwVUxqY0svR3o3RDBMYkwwbktQ?= =?ks_c_5601-1987?B?RkRZSko3bkZmeFJYbWZpcm9xYlVhMnJncC9CN2c1eWh3Y1lGNFdu?= =?ks_c_5601-1987?B?a3RhdjR0MjJOaCtzRGdSNnZyb1RwdW5DekpMTmcycnVXL2NJSFJy?= =?ks_c_5601-1987?B?SG92RDRVclhHK3FaT2dKTlBEVi95c0g2MWkxdHRpTkVlOExvcUk2?= =?ks_c_5601-1987?B?NFNMMm5xTGJGQkZSM1haYUQ4ZWQxZTJhRUZ6YlBrL3ZJVUZ5NzJT?= =?ks_c_5601-1987?B?NzhhVE9PWmdoanZtZ1YzY0RhcWZ0WEZtZEFueER2M3Z5OVRMdVJ4?= =?ks_c_5601-1987?B?b0thVThOTytCOFl6VVRKczAxNXYzUmZVRmlSRUFVUkJQQlpGeHh4?= =?ks_c_5601-1987?B?NlhzeFAzNG1EV1FrL0cxY3ZCOEMra1lUNkszRHRVdXMzaGJ2NGJK?= =?ks_c_5601-1987?B?NitVRWxJSXF0QUEyd3ZuZ29HYXduQkFxdkJxcnZDeWZtS2hlZmdm?= =?ks_c_5601-1987?B?KzdRRjlJSitzOFpnOGc4UWNzcW42c2Z6eHRUU2w4LzhaRDhFL2hG?= =?ks_c_5601-1987?B?K1NRalhFUU9BVjMvRERaU2s1WHh6OGhScmRza1Fnc3JvYkRjYXNt?= =?ks_c_5601-1987?B?QkkyUEdWblFDbEhidVRpUGhoY3BzdXRUKzRNZWhxRis4Y1owc3RK?= =?ks_c_5601-1987?B?L2wzYWhRL1kvQTZZbiszQXNYRXpndGwwZ044QUVLc2dYM29YSnJF?= =?ks_c_5601-1987?B?ZUxaUm1sTXNjbUd4UGs5b2QzRDYxZWhOdU1ZOEJrbSttMlI3dnhj?= =?ks_c_5601-1987?B?T25nOGJna2xGR0w4MWJzdzMyU1lEaDhhbFdmc3ZLOVZVNEZqNzBr?= =?ks_c_5601-1987?B?NTh3NGRIWEwrdE5WTVlsT2svK3RiQmNmNDZjdmIvNnBCN2VsMFZ1?= =?ks_c_5601-1987?B?NjRQMXFSS2FCZnV2WGkvdUYxN0NETjA4RE5BNWUvWFAzaDdFWmFW?= =?ks_c_5601-1987?B?Mmh0Q1lhVXg0QVA5NUZFcTVRRUlFSUxFLzhFMHhqR3l1c3RIbFdB?= =?ks_c_5601-1987?B?QWJnVGZVR0l5Wk9nd3V4WFFqNFV0TWRlNU9OVnNocWY1NkkzS1RO?= =?ks_c_5601-1987?B?Wkk2dTZ6Wi8rY3dMVThsb2hiTUhiaXJOL3Y0eHBMUEJIekdibnIz?= =?ks_c_5601-1987?B?K0I1eGpsclZBSVlUNm1zQ0ZxL292SWM0ck5WQVp3bTBUN1hxZnNL?= =?ks_c_5601-1987?B?djRDMlJRaDFLSjF4dTlKbXN5VFZuL0hZaXhqanc4SVAzbkVPcmo4?= =?ks_c_5601-1987?B?ay92SWFqVldjNzhacitlMXJndzFTTk80WGJqb2ZoeXRaVXdFSWFE?= =?ks_c_5601-1987?B?UjExNjlON252Q1g4dWNkbVd2Tmc1dnlJVk05dy9rbFVIallGanlS?= =?ks_c_5601-1987?B?WUprMW9PUHZNdElFeENyRmdLWkQ1c0NPV0VXalRnK2hmM3diUkt4?= =?ks_c_5601-1987?B?aVJ6Wm1hVnZNeVVXaytMRll1RXVZalhoUUNPWlN6MUFGUCtHMnZl?= =?ks_c_5601-1987?B?ci9kM2w1dmxPL1R5L2xaRnF5MkpuSDZnSWNiRmhMV0J3ZVFaeEFl?= =?ks_c_5601-1987?B?cDE0bUVoQVdWQ3lyTnZjcnVUb1NVV3kyOWtNdDJobnJOUEhoTTBV?= =?ks_c_5601-1987?B?dy9ESTNwMGt0WWRZOVQ5a0JYbE50cFk1RjcwZnUrOFVKMkdzd1ow?= =?ks_c_5601-1987?Q?YgsmHa6a3gft4eHWBy+NhYKmhf/9hgOKKfT1O8ZZ?= MIME-Version: 1.0 X-OriginatorOrg: bitsensing.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SL2P216MB1481.KORP216.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: ab3fd179-6aa4-439d-3d0f-08dc5cf442e9 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2024 02:32:14.3998 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5039430d-7fb7-4b01-9192-aeefd0db9500 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: D+flQeMuLX98gPTItobI0O+H0Il71bGu4fICs28cjju5RRexqESZZ1yPF0+bYCyIVmXY03OcM5P4+y7+GD5qGQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SE2P216MB1537 Subject: [FFmpeg-devel] [PATCH] avformat/httpauth.c Support RFC7616 [Style fixed] X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Update digest authentication in httpauth.c - Refactor make_digest_auth() to support RFC 2617 and RFC 7617 - Add support for SHA-256 and SHA-512/256 algorithms along with MD5 - MD5 and SHA-256 tested, but SHA-512/256 untested due to lack of server - Replace AVMD5 structure with AVHashContext for hash algorithm flexibility - Rename update_md5_strings() to update_hash_strings() for consistency - Address coding style feedback from reviewer: This is a feature update focused on digest authentication enhancements. Some lint issues in the existing code remain unaddressed in this patch. Signed-off-by: Eugene-bitsensing --- libavformat/httpauth.c | 102 +++++++++++++++++++++-------------------- 1 file changed, 53 insertions(+), 49 deletions(-) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 9780928357..2592140526 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -24,7 +24,7 @@ #include "libavutil/avstring.h" #include "internal.h" #include "libavutil/random_seed.h" -#include "libavutil/md5.h" +#include "libavutil/hash.h" #include "urldecode.h" static void handle_basic_params(HTTPAuthState *state, const char *key, @@ -117,35 +117,35 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, } } - -static void update_md5_strings(struct AVMD5 *md5ctx, ...) +/* Generate hash string, updated to use AVHashContext to support other algorithms */ +static void update_hash_strings(struct AVHashContext *hash_ctx, ...) { va_list vl; - va_start(vl, md5ctx); + va_start(vl, hash_ctx); while (1) { - const char* str = va_arg(vl, const char*); + const char *str = va_arg(vl, const char*); if (!str) break; - av_md5_update(md5ctx, str, strlen(str)); + av_hash_update(hash_ctx, (const uint8_t *)str, strlen(str)); } va_end(vl); } -/* Generate a digest reply, according to RFC 2617. */ +/* Generate a digest reply, according to RFC 2617. Update to support RFC 7617*/ static char *make_digest_auth(HTTPAuthState *state, const char *username, const char *password, const char *uri, const char *method) { DigestParams *digest = &state->digest_params; - int len; + size_t len; uint32_t cnonce_buf[2]; char cnonce[17]; char nc[9]; int i; - char A1hash[33], A2hash[33], response[33]; - struct AVMD5 *md5ctx; - uint8_t hash[16]; + char a1_hash[65], a2_hash[65], response[65]; + struct AVHashContext *hash_ctx = NULL; // use AVHashContext for other algorithm support + size_t len_hash = 33; // Modifiable hash length, MD5:32, SHA-2:64 char *authstr; digest->nc++; @@ -156,52 +156,56 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, cnonce_buf[i] = av_get_random_seed(); ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1); - md5ctx = av_md5_alloc(); - if (!md5ctx) - return NULL; - - av_md5_init(md5ctx); - update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); - - if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) { - } else if (!strcmp(digest->algorithm, "MD5-sess")) { - av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); - } else { - /* Unsupported algorithm */ - av_free(md5ctx); + /* Generate hash context by algorithm. */ + const char *algorithm = digest->algorithm; + const char *hashing_algorithm; + if (!*algorithm) { + algorithm = "MD5"; // if empty, use MD5 as Default + hashing_algorithm = "MD5"; + } else if (av_stristr(algorithm, "MD5")) { + hashing_algorithm = "MD5"; + } else if (av_stristr(algorithm, "sha256") || av_stristr(algorithm, "sha-256")) { + hashing_algorithm = "SHA256"; + len_hash = 65; // SHA-2: 64 characters. + } else if (av_stristr(algorithm, "sha512-256") || av_stristr(algorithm, "sha-512-256")) { + hashing_algorithm = "SHA512_256"; + len_hash = 65; // SHA-2: 64 characters. + } else { // Unsupported algorithm return NULL; } - av_md5_init(md5ctx); - update_md5_strings(md5ctx, method, ":", uri, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A2hash, hash, 16, 1); + int ret = av_hash_alloc(&hash_ctx, hashing_algorithm); + if (ret < 0) + return NULL; - av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL); - if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) { - update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); + /* a1 hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, username, ":", state->realm, ":", password, NULL); + if (av_stristr(algorithm, "-sess")) { + update_hash_strings(hash_ctx, ":", digest->nonce, ":", cnonce, NULL); } - update_md5_strings(md5ctx, ":", A2hash, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(response, hash, 16, 1); - - av_free(md5ctx); - - if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) { - } else if (!strcmp(digest->qop, "auth-int")) { - /* qop=auth-int not supported */ - return NULL; - } else { - /* Unsupported qop value. */ + av_hash_final_hex(hash_ctx, a1_hash, len_hash); + + /* a2 hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, method, ":", uri, NULL); + av_hash_final_hex(hash_ctx, a2_hash, len_hash); + + /* response hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, a1_hash, ":", digest->nonce, NULL); + if (!strcmp(digest->qop, "auth")) { + update_hash_strings(hash_ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); + } else if (!strcmp(digest->qop, "auth-int")) { // unsupported + av_hash_freep(&hash_ctx); return NULL; } + update_hash_strings(hash_ctx, ":", a2_hash, NULL); + update_hash_strings(hash_ctx, NULL); + av_hash_final_hex(hash_ctx, response, len_hash); + av_hash_freep(&hash_ctx); + /* Authorization header generation */ len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + strlen(uri) + strlen(response) + strlen(digest->algorithm) + strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) + -- 2.42.0.windows.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".