-
Notifications
You must be signed in to change notification settings - Fork 554
Hash Digest noncedata #491
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
This makes the code match the documentation comment:
/*
* We use H(nonce_data) so the nonce is meaningless to the reciever.
* So our nonce looks like base64(H(timestamp,pointertohash,randomdata))
*/
This is to reduce the risk of client parsing errors caused by the nonce-string containing a '=' byte. Hexadecimal encoding also matches the examples in RFC 2617.
|
Can one of the admins verify this patch? |
|
OK to test |
src/auth/digest/Config.cc
Outdated
| HASH H; | ||
| SquidMD5Init(&Md5Ctx); | ||
| SquidMD5Update(&Md5Ctx, reinterpret_cast<const uint8_t *>(&nonce->noncedata), sizeof(nonce->noncedata)); | ||
| SquidMD5Final((unsigned char *) H, &Md5Ctx); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please avoid C-style casts in his C++ code. Also the H parameter here is an uint8_t[] in the md5.h API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, okay, that can be fixed later then.
Suggested here: squid-cache#491 (comment) Not casting doesn't work: ``` Config.cc: In function ‘void authDigestNonceEncode(digest_nonce_h*)’: Config.cc:118:22: error: invalid conversion from ‘void*’ to ‘char*’ [-fpermissive] CvtHex(H, nonce->key); ~~~~~~~^~~ ```
I missed these earlier because I was looking for "base64", not "b64".
|
I just pushed another change to rename identifiers: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, some style changes which really should happen but I'm not going to block on those.
| { | ||
| digest_nonce_h *nonce = NULL; | ||
|
|
||
| if (nonceb64 == NULL) | ||
| if (noncehex == NULL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| if (noncehex == NULL) | |
| if (!noncehex) |
|
|
||
| if ((nonce == NULL) || (strcmp(authenticateDigestNonceNonceb64(nonce), nonceb64))) | ||
| if ((nonce == NULL) || (strcmp(authenticateDigestNonceNonceHex(nonce), noncehex))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| if ((nonce == NULL) || (strcmp(authenticateDigestNonceNonceHex(nonce), noncehex))) | |
| if (!nonce || strcmp(authenticateDigestNonceNonceHex(nonce), noncehex) != 0) |
| @@ -23,7 +23,7 @@ | |||
| #include "SquidTime.h" | |||
|
|
|||
| Auth::Digest::UserRequest::UserRequest() : | |||
| nonceb64(NULL), | |||
| noncehex(NULL), | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| noncehex(NULL), | |
| noncehex(nullptr), |
These commits together 1. Hash the noncedata for Digest nonces before encoding, to match the documentation. 2. Encode Digest nonces using hex, rather than base64.
These commits together 1. Hash the noncedata for Digest nonces before encoding, to match the documentation. 2. Encode Digest nonces using hex, rather than base64.
These commits together 1. Hash the noncedata for Digest nonces before encoding, to match the documentation. 2. Encode Digest nonces using hex, rather than base64.
This is a follow-up to squid-cache#491, which hashed what was previously revealed as plaintext. Removing the pointer from the input to the hash removes the possibility that someone could recover a pointer by reversing a hash. Having the pointer as input was not adding anything: Squid remembers all outstanding nonces, so it really only requires uniqueness, which is already guaranteed by the authenticateDigestNonceFindNonce loop.
This is a follow-up to #491 (b20ce97), which hashed what was previously revealed as plaintext. Removing the pointer from the input to the hash removes the possibility that someone could recover a pointer by reversing a hash. Having the pointer as input was not adding anything: Squid remembers all outstanding nonces, so it really only requires uniqueness, which is already guaranteed by the authenticateDigestNonceFindNonce loop.
This is a follow-up to squid-cache#491 (b20ce97), which hashed what was previously revealed as plaintext. Removing the pointer from the input to the hash removes the possibility that someone could recover a pointer by reversing a hash. Having the pointer as input was not adding anything: Squid remembers all outstanding nonces, so it really only requires uniqueness, which is already guaranteed by the authenticateDigestNonceFindNonce loop.
This is a follow-up to #491 (b20ce97), which hashed what was previously revealed as plaintext. Removing the pointer from the input to the hash removes the possibility that someone could recover a pointer by reversing a hash. Having the pointer as input was not adding anything: Squid remembers all outstanding nonces, so it really only requires uniqueness, which is already guaranteed by the authenticateDigestNonceFindNonce loop.
This is a follow-up to squid-cache#491 (b20ce97), which hashed what was previously revealed as plaintext. Removing the pointer from the input to the hash removes the possibility that someone could recover a pointer by reversing a hash. Having the pointer as input was not adding anything: Squid remembers all outstanding nonces, so it really only requires uniqueness, which is already guaranteed by the authenticateDigestNonceFindNonce loop.
This is a follow-up to #491 (b20ce97), which hashed what was previously revealed as plaintext. Removing the pointer from the input to the hash removes the possibility that someone could recover a pointer by reversing a hash. Having the pointer as input was not adding anything: Squid remembers all outstanding nonces, so it really only requires uniqueness, which is already guaranteed by the authenticateDigestNonceFindNonce loop.
These commits together
to match the documentation.