From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id B2E0749DE4 for ; Thu, 11 Apr 2024 07:48:30 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7B00A68D196; Thu, 11 Apr 2024 10:48:28 +0300 (EEST) Received: from SEVP216CU002.outbound.protection.outlook.com (mail-koreacentralazon11022019.outbound.protection.outlook.com [52.101.154.19]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 77F0968B779 for ; Thu, 11 Apr 2024 10:48:21 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ecKFUNnbTFfSXGBi/cKuuMAbj60HBAVZZATg1z3dRq+GTA+OFRhxazOy1M3v0aI75TdQGOKowteWZ3/1Rjmcw/zqN+UzwvQdZ5zBHBw48xsPJaDym6lCVSNJJzdh9fH+GtX/ZXhHu1q8Q91hUB2t4T7bygqFuQtKop08ujMxF8GkbBPT1myWAKpaN4OvpKKNos/y8RPqINdZo/sbXQRCqVwsqwefvBHWQP0+zLitM/7/Uu1qY62LUY88WBw7rszalaKz3s9w89u1dKLxIQa7DGMdQDpGPq41Zy+Xp57ZMrOE8aQXN24H4GJu7MtKjmD8/FcNYEz3BpYSj6YE+55rFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MF6fklz/iSvnKnPRuvffaENTvd3GmyRkUwTL+h1ka1U=; b=eio1Gw0MLEtcOOWCoAZpMePiiAHSf4itv49+0tQHaQwskqNYJ5JsJhxGjCoI7gihSvY1BFRw6d2HdFIg8THPihbZ/mnj7UoOWBnrG79rOkJph9xm4ccjW57GpBDh8OX369tuTIqL0skkbtWPfccbgrqpDFtInSD9pI2F8tZd7DB5uLmj77tejvOpaOfqV57yqdloZjU2D/xU/VcNf1WPAFhxyeyETjuq64nkgr+kMnHrjeWl055e+692yFfMEmfLqaBPFiCcGEcbkygZcQ1FVDeh3j5tuVW44WPKxwVTrubj8DP0u46BoobSNVMbrTIwdgjKIQfH26oYAyc2M8UK3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitsensing.com; dmarc=pass action=none header.from=bitsensing.com; dkim=pass header.d=bitsensing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitsensing.onmicrosoft.com; s=selector1-bitsensing-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MF6fklz/iSvnKnPRuvffaENTvd3GmyRkUwTL+h1ka1U=; b=EyJJt9kmxLM9iZvfYWiRau8q3cozQY5C4bmf4n1lZMp3lff8In2qMtC6/a37uS7XXR1bdiGYCvq6EL/OBmGpesPCpcCTr5xB2tGVxxMJ0vZBnkeGgAwUazmRZRSAj7P/xIqV+gv1YmV4X9g/ivVD4OEIi2gh+chmI1hx9Ur7Ptw= Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM (2603:1096:101:1f::7) by SE2P216MB1442.KORP216.PROD.OUTLOOK.COM (2603:1096:101:2c::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Thu, 11 Apr 2024 07:48:16 +0000 Received: from SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22]) by SL2P216MB1481.KORP216.PROD.OUTLOOK.COM ([fe80::98b3:5aed:a402:9e22%4]) with mapi id 15.20.7409.053; Thu, 11 Apr 2024 07:48:14 +0000 From: =?ks_c_5601-1987?B?waTB9r/sIHwgRXVnZW5l?= To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] avformat/httpauth.c [support both RFC 2617 and RFC 7617] Thread-Index: AdqL5JSWsafkZARdTsaPUb6dbGKGwQ== Date: Thu, 11 Apr 2024 07:48:14 +0000 Message-ID: Accept-Language: ko-KR, en-US Content-Language: ko-KR X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=bitsensing.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SL2P216MB1481:EE_|SE2P216MB1442:EE_ x-ms-office365-filtering-correlation-id: 67db1f6b-1ab2-4a3e-0b29-08dc59fbbe48 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0u+OWZPHa2MFnhL3s7LxAcbpjWk8UUprOK+l1LNdCzeAaDX525b7sdOAnvI2fGfvfIKzdCvhlDIeAcqZVpJY7VMeSMad1+AGQ1ggHRftVirCmgsfpCwCmgkIJYIrGQDq4FbuT/xVTifhaLxqvnB/yqDs7wh3R1L8zCvsGg+NmKJwMCLHFIHD/h5VKRjDdD/qxyFbrQV7D4WC9sg+ditYtccWrknV+OSXtc0lGbtYcnBDnxOQmBIJ1yNdEh1HteZox4QlSBBiSbWXCnVYme4gDeKOFoLO43KI2d5Ly7BetLlpVUtjXf7ZZEYVjezylQd0TJGdOMGRdMSBns3iqRQQEMVwZXhfXAMI4aVg425EADthzWvV63eHVVZmlUKQX7+vxGddIUa2TL09WDksFZ72BmxDLqeHTaadbXTzP68ZgcP7i8hVb7LB9pRisJ3DdwWyFvmIAPxKP7wPf+ogTBWnFvIOK+k891clCT5NrUUoPf6AWHDxzR77r2VcoQx2TWAJEPjoxVHuclX5OuiieeEWDz+soCzrlSUXl0plA2GJ3QuH1MXs+p5syVlS0INhgT8pf85yvTC+OYmFAsR9LCcajX8kvyUd4ZFu4+5z53Q2P2lasIC1+UN3kkEeKHcTYPFjgLcAXFx3dvnKsRyKJYwbliUCJg/7/iNU70UjuGIUfCgIphRI20sg6iqSRWu3bTGiKQhp19XzRac1+AOolb6ct//SN1lcud4IfisaLOD5lvI= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:ko; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SL2P216MB1481.KORP216.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005)(38070700009); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?ks_c_5601-1987?B?eEQ0SnZ4OTF1VWJSTGJCSUYvei9UbTVsdG0zYUpPeTdpZzJUdGlk?= =?ks_c_5601-1987?B?TmFFRE1Bd3ZGb2hJZDFGUEdaYUliVEcrd1YxNjhMVUdGdHMreUVQ?= =?ks_c_5601-1987?B?dkNzeGpXNEttZXBnV2hPYVFDVE1RVVpDRnNNcEEzd0dIRVR1ek9F?= =?ks_c_5601-1987?B?S1A5ckFDSElONWFhUW1uNUE3eDVBemExQ0hEK3ZQcUhuYVlSdXE2?= =?ks_c_5601-1987?B?UytENmlXNEJ4WTVENW1UUXF6K2hNMENGMjMxK2RDVVFqejBwWGJ0?= =?ks_c_5601-1987?B?N3dtS1JmTHlvWWxGN1NCZWFjclNwVHo4dnpHWVM0ejQ3QU9Yd3Uw?= =?ks_c_5601-1987?B?WHcyV0c1aTh5bnduUmRVelZtMmxjdE5ocVd5dXF2RVF2bVR4ZVFt?= =?ks_c_5601-1987?B?QmpzY3lHMHV4L3kxa2psTDUwbTFsaSs1ckVWejg5WVB4WHM4SWg2?= =?ks_c_5601-1987?B?RVpxZGFWWGtRa2wrMlQ2Tkg5N2FpWWNnMWRXZ1FqQkthU28yeEY3?= =?ks_c_5601-1987?B?YkdMVE91TFRpYTRBYXBQb082NGU1RXk2dkE0eFNvNnQzMWV2ekVv?= =?ks_c_5601-1987?B?UkZwbFJuTDM2b1VwL3RFTEc0aGRNMUFIeWVLcTEwQm8waHQ0aHJS?= =?ks_c_5601-1987?B?R0xSSytLQ0s4WWh0aDlSRjdjMW9NOElFS0xNQ1JLdjI5T0tqNHJK?= =?ks_c_5601-1987?B?cWlOeEJvU0RObnFWTHBJMDh1Ymk1OFdKcmxVcFNtUm5YSFFldUtC?= =?ks_c_5601-1987?B?ZmpUSXBMamQxS1JUdEx5RDdWRytpaEJjNTIrTHhDN2V3cUZyeTdJ?= =?ks_c_5601-1987?B?M0JpQmdLTVpKVThIWEZ6MFVqZ1VYZ2piNVlTd1Q2Nm9WbE1YSEUr?= =?ks_c_5601-1987?B?anFYUHcrbnFndXlWQkpaNm83V0FIaytGQ2J4K0NvM1ZWVTk4dXpl?= =?ks_c_5601-1987?B?TE9LaUNLVW55ZXdiV25xK2VjOExBd3lDTGNXU0JrNnFBeGNGQzVQ?= =?ks_c_5601-1987?B?cnF5ZW1rcFRCRUl4bnRwNVVpT08xd1Uva2pGSGdpU2RvNXBuNSs0?= =?ks_c_5601-1987?B?V1dOS1NYUStLeThpejhuWlZjNnZsZTg3R3pQdGhwV3RmakxVNktx?= =?ks_c_5601-1987?B?dmVRcjhIWmo1dG8ya0RDaGRYRmc5WEVsOEZRN2l1ejZ3QVd1Y1d1?= =?ks_c_5601-1987?B?SmlwWk9YNmFXVjhLNVF3VTNQcTdEYkU1ZHRwV1d4dk52bmhiMGh6?= =?ks_c_5601-1987?B?ZWpIeWxEUEp3NU12ck9TallWSjlWdS8zclAzSHRWRG12ay9nL2RF?= =?ks_c_5601-1987?B?WkZvcnlCeTJueXFBb2ZQUGRwK2xzNzJES3BoUkVVRFB4ekswOTE4?= =?ks_c_5601-1987?B?NWx4REtaaXRpZEZGRXJuL1EvclV3bVNFaDUzeGl3alZ0QlBwbHNu?= =?ks_c_5601-1987?B?TnVVY2ZFc085cXJTcnpwaVhCdG4yKzdnVlhmelkvUHk4MkVDMU8v?= =?ks_c_5601-1987?B?Q2tuU3RFTWwxWEowNnMzY0lUL25XNG1PZFBybTd5NzhPU0x6ZlA5?= =?ks_c_5601-1987?B?cldPNk1GWlJpazJQb2lKVjcrMTRCZm9SNlNHRXJjZzJPUkM0c0pM?= =?ks_c_5601-1987?B?cXI1Z2dsYnB0b3lRR1VsTVd6WGZzQmFVeEd3TGxSenpqZE1CNHpj?= =?ks_c_5601-1987?B?N3J1TmlLMTZwNmZEYTFKVDgyQzVVSUFRR1R1dTRJdzRVQzlBUEhU?= =?ks_c_5601-1987?B?dnc5V3g5ZEdhYmJjTzZLZXJQWjloQ2NHUzBDTlRwV1UwLyt5eFRi?= =?ks_c_5601-1987?B?cEM5blpqVDVNYU5uWnNUT1IwcGplMzlmNVVmMXRYQUhNQ094Rk1R?= =?ks_c_5601-1987?B?cDY2SmtPcHlUdmtiWHN3RkxLdEpINmtsVjRtMHhpbzQ4MmR3RERa?= =?ks_c_5601-1987?B?Z1dCS3E0WGRHcm1qQ1lNQmIyeDFnMGZyc1dmVXRRRHhSYkhqVlNa?= =?ks_c_5601-1987?B?UURmbHhRT3JkR3JSVGxHOExCUTU0WU1PUHFZUjUwTzRCNFR6MmlL?= =?ks_c_5601-1987?B?SjcvU1pxRFRGblhrVTYzWVNtdEUvRHhleWJHbklRYjhDbC9PNG9n?= =?ks_c_5601-1987?B?ZlVBb21XMGF0YzlmQlZzWUNTK2RXWENmbkk1d3N1S0hVQmFMSm5i?= =?ks_c_5601-1987?B?NUNGWktockZuWlI4WFIzZTRoYVdCVEpqNUs5VW1kSzZiZVlvakxT?= =?ks_c_5601-1987?B?aWxzM0xVSlVBUkx4amx0eDY2TnJpVERTVWh5djVQWUJDTUJhYTFu?= =?ks_c_5601-1987?B?UWtqMzdwVzhaSDc5SmxUdE9jbTRjNTJVOFRZdmpCb0xIeGRObXpo?= =?ks_c_5601-1987?B?SGU4Z2tZdnArdUlXZ0xSYjhwcnlXTkRtY0hnSlg5SzJPT2VBbkFG?= =?ks_c_5601-1987?Q?1m0Mz6F4mCia8y8jIQv+kgS/7qpoZCPuuLum3OTn?= MIME-Version: 1.0 X-OriginatorOrg: bitsensing.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SL2P216MB1481.KORP216.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 67db1f6b-1ab2-4a3e-0b29-08dc59fbbe48 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2024 07:48:14.3369 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5039430d-7fb7-4b01-9192-aeefd0db9500 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QXF4dBir0iq2HsKfcCjtC1NcUeWcmzaz2Eh7ydyrxe26+ZDXIH+vz8EEeLPJm/9rrOY7IUuMd3os75vXe3i2kg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SE2P216MB1442 Subject: [FFmpeg-devel] [PATCH] avformat/httpauth.c [support both RFC 2617 and RFC 7617] X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: - Updated the make_digest_auth() function to support both RFC 2617 and RFC 7617 digest authentication. - Supports sha256 , sha512-256 along with the existing md5. MD5 and sha256 were tested, but sha512-256 was not tested due to lack of testable server. - AVHashContext instead of AVMD5 structure. - update_md5_strings() -> update_hash_strings(). - There are some lynt issues in the old code of make_digest_auth, but this is a feature update patch, so I didn't fix it. - modified the implementation of RFC7616 based on community feedback. Signed-off-by: Eugene-bitsensing --- libavformat/httpauth.c | 105 ++++++++++++++++++++++------------------- 1 file changed, 57 insertions(+), 48 deletions(-) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 9780928357..ba2ebea3a4 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -24,7 +24,7 @@ #include "libavutil/avstring.h" #include "internal.h" #include "libavutil/random_seed.h" -#include "libavutil/md5.h" +#include "libavutil/hash.h" #include "urldecode.h" static void handle_basic_params(HTTPAuthState *state, const char *key, @@ -117,35 +117,35 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, } } - -static void update_md5_strings(struct AVMD5 *md5ctx, ...) +/* Generate hash string, updated to use AVHashContext to support other algorithms */ +static void update_hash_strings(struct AVHashContext* hash_ctx, ...) { va_list vl; - va_start(vl, md5ctx); + va_start(vl, hash_ctx); while (1) { const char* str = va_arg(vl, const char*); if (!str) break; - av_md5_update(md5ctx, str, strlen(str)); + av_hash_update(hash_ctx, (const uint8_t*)str, strlen(str)); } va_end(vl); } -/* Generate a digest reply, according to RFC 2617. */ +/* Generate a digest reply, according to RFC 2617. Update to support RFC 7617*/ static char *make_digest_auth(HTTPAuthState *state, const char *username, const char *password, const char *uri, const char *method) { DigestParams *digest = &state->digest_params; - int len; + size_t len; // change int -> size_t uint32_t cnonce_buf[2]; char cnonce[17]; char nc[9]; int i; - char A1hash[33], A2hash[33], response[33]; - struct AVMD5 *md5ctx; - uint8_t hash[16]; + char a1_hash[65], a2_hash[65], response[65]; // increase hash size for SHA-2 + struct AVHashContext* hash_ctx = NULL; // use AVHashContext for other algorithm support + size_t len_hash = 33; // Modifiable hash length, MD5:32, SHA-2:64 char *authstr; digest->nc++; @@ -156,52 +156,61 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, cnonce_buf[i] = av_get_random_seed(); ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1); - md5ctx = av_md5_alloc(); - if (!md5ctx) - return NULL; - - av_md5_init(md5ctx); - update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); - - if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) { - } else if (!strcmp(digest->algorithm, "MD5-sess")) { - av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A1hash, hash, 16, 1); - } else { - /* Unsupported algorithm */ - av_free(md5ctx); + /* Generate hash context by algorithm. */ + const char* algorithm = digest->algorithm; + const char* hashing_algorithm; + if (!*algorithm) { + algorithm = "MD5"; // if empty, use MD5 as Default + hashing_algorithm = "MD5"; + } + else if (av_stristr(algorithm, "md5") || av_stristr(algorithm, "MD5")) { + hashing_algorithm = "MD5"; + } + else if (av_stristr(algorithm, "sha256") || av_stristr(algorithm, "sha-256")) { + hashing_algorithm = "SHA256"; + len_hash = 65; // SHA-2: 64 characters. + } + else if (av_stristr(algorithm, "sha512-256") || av_stristr(algorithm, "sha-512-256")) { + hashing_algorithm = "SHA512_256"; + len_hash = 65; // SHA-2: 64 characters. + } + else { // Unsupported algorithm return NULL; } - av_md5_init(md5ctx); - update_md5_strings(md5ctx, method, ":", uri, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(A2hash, hash, 16, 1); + int ret = av_hash_alloc(&hash_ctx, hashing_algorithm); + if (ret < 0) + return NULL; - av_md5_init(md5ctx); - update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL); - if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) { - update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); + /* a1 hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, username, ":", state->realm, ":", password, NULL); + if (av_stristr(algorithm, "-sess")) { + update_hash_strings(hash_ctx, ":", digest->nonce, ":", cnonce, NULL); } - update_md5_strings(md5ctx, ":", A2hash, NULL); - av_md5_final(md5ctx, hash); - ff_data_to_hex(response, hash, 16, 1); - - av_free(md5ctx); - - if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) { - } else if (!strcmp(digest->qop, "auth-int")) { - /* qop=auth-int not supported */ - return NULL; - } else { - /* Unsupported qop value. */ + av_hash_final_hex(hash_ctx, a1_hash, len_hash); + + /* a2 hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, method, ":", uri, NULL); + av_hash_final_hex(hash_ctx, a2_hash, len_hash); + + /* response hash calculation */ + av_hash_init(hash_ctx); + update_hash_strings(hash_ctx, a1_hash, ":", digest->nonce, NULL); + if (!strcmp(digest->qop, "auth")) { + update_hash_strings(hash_ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); + } + else if (!strcmp(digest->qop, "auth-int")) { // unsupported + av_hash_freep(&hash_ctx); return NULL; } + update_hash_strings(hash_ctx,":", a2_hash, NULL); + update_hash_strings(hash_ctx, NULL); + av_hash_final_hex(hash_ctx, response, len_hash); + av_hash_freep(&hash_ctx); + /* Authorization header generation */ len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + strlen(uri) + strlen(response) + strlen(digest->algorithm) + strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) + -- 2.42.0.windows.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".