[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 08/12: digestauth: use mseconds for timestamp
From: |
gnunet |
Subject: |
[libmicrohttpd] 08/12: digestauth: use mseconds for timestamp |
Date: |
Wed, 04 May 2022 14:59:42 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 6224ac6264f0f582af7584696ae6081cfa84237a
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Mon May 2 14:19:49 2022 +0300
digestauth: use mseconds for timestamp
The clash of nonces is lower with higher timestamp resolution
---
src/microhttpd/digestauth.c | 6 +++---
src/microhttpd/internal.h | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 250276d1..33bec588 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1018,13 +1018,13 @@ digest_auth_check_all (struct MHD_Connection
*connection,
return MHD_NO;
}
- t = (uint64_t) MHD_monotonic_sec_counter ();
+ t = MHD_monotonic_msec_counter ();
/*
* First level vetting for the nonce validity: if the timestamp
* attached to the nonce exceeds `nonce_timeout', then the nonce is
* invalid.
*/
- if (TRIM_TO_TIMESTAMP (t - nonce_time) > nonce_timeout)
+ if (TRIM_TO_TIMESTAMP (t - nonce_time) > (nonce_timeout * 1000))
{
/* too old */
return MHD_INVALID_NONCE;
@@ -1447,7 +1447,7 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection
*connection,
VLA_CHECK_LEN_DIGEST (da.digest_size);
/* Generating the server nonce */
- calculate_nonce ((uint64_t) MHD_monotonic_sec_counter (),
+ calculate_nonce (MHD_monotonic_msec_counter (),
connection->method,
connection->daemon->digest_auth_random,
connection->daemon->digest_auth_rand_size,
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 1b732109..ce852fd9 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -236,7 +236,7 @@ enum MHD_ConnectionEventLoopInfo
/**
* Maximum length of a nonce in digest authentication. 64(SHA-256 Hex) +
- * 8(Timestamp Hex) + 1(NULL); hence 73 should suffice, but Opera
+ * 12(Timestamp Hex) + 1(NULL); hence 77 should suffice, but Opera
* (already) takes more (see Mantis #1633), so we've increased the
* value to support something longer...
*/
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (76b68f65 -> d031ea8c), gnunet, 2022/05/04
- [libmicrohttpd] 04/12: digestauth: changed type of var, gnunet, 2022/05/04
- [libmicrohttpd] 01/12: internal.h: fixed doxy, gnunet, 2022/05/04
- [libmicrohttpd] 02/12: .gitignore: Updated, gnunet, 2022/05/04
- [libmicrohttpd] 05/12: digestauth: additional assert, gnunet, 2022/05/04
- [libmicrohttpd] 08/12: digestauth: use mseconds for timestamp,
gnunet <=
- [libmicrohttpd] 09/12: digestauth: additional macros for readability, gnunet, 2022/05/04
- [libmicrohttpd] 07/12: digestauth: increased timestamp to 48 bits, gnunet, 2022/05/04
- [libmicrohttpd] 06/12: digestauth: added run-time checks for algo value, gnunet, 2022/05/04
- [libmicrohttpd] 11/12: digestauth: added management of nonce-nc map array slots, gnunet, 2022/05/04
- [libmicrohttpd] 03/12: digestauth: use 7 bit shift for fast "hash", gnunet, 2022/05/04
- [libmicrohttpd] 10/12: digestauth: additional static function for code re-use, gnunet, 2022/05/04
- [libmicrohttpd] 12/12: digestauth: re-used static function, gnunet, 2022/05/04