[libmicrohttpd] 04/20: digestauth: add log warning for empty random data

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 04/20: digestauth: add log warning for empty random data

From:	gnunet
Subject:	[libmicrohttpd] 04/20: digestauth: add log warning for empty random data
Date:	Mon, 15 Aug 2022 20:38:30 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 0d85695349b526afc897f770902e65672f3628e7
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Sun Aug 14 14:23:02 2022 +0300

    digestauth: add log warning for empty random data
---
 src/microhttpd/digestauth.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index b7a32bf0..3dd29d20 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1544,6 +1544,15 @@ calculate_add_nonce_with_retry (struct MHD_Connection 
*const connection,
   const uint64_t timestamp1 = MHD_monotonic_msec_counter ();
   const size_t realm_len = strlen (realm);
 
+#ifdef HAVE_MESSAGES
+  if (0 == MHD_get_master (connection->daemon)->digest_auth_rand_size)
+    MHD_DLOG (connection->daemon,
+              _ ("Random value was not initialised by " \
+                 "MHD_OPTION_DIGEST_AUTH_RANDOM or " \
+                 "MHD_OPTION_DIGEST_AUTH_RANDOM_COPY, generated nonces " \
+                 "are predictable.\n"));
+#endif
+
   if (! calculate_add_nonce (connection, timestamp1, realm, realm_len, da,
                              nonce))
   {

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (9a18a4f8 -> c63be03c), gnunet, 2022/08/15
- [libmicrohttpd] 04/20: digestauth: add log warning for empty random data, gnunet <=
- [libmicrohttpd] 01/20: digestauth: use internal header for mutex instead of system header, gnunet, 2022/08/15
- [libmicrohttpd] 06/20: digestauth: warn about RFC2069 used with SHA-256, gnunet, 2022/08/15
- [libmicrohttpd] 05/20: digestauth: corrected log message for RFC2069 mode, gnunet, 2022/08/15
- [libmicrohttpd] 16/20: test_digestauth2: minor improvements, gnunet, 2022/08/15
- [libmicrohttpd] 18/20: test_digestauth_concurrent: added debug print, gnunet, 2022/08/15
- [libmicrohttpd] 12/20: test_digestauth2: added testing with two requests, gnunet, 2022/08/15
- [libmicrohttpd] 08/20: digestauth: added log messages if realm is rejected due to its size, gnunet, 2022/08/15
- [libmicrohttpd] 03/20: daemon.c: cosmetics, gnunet, 2022/08/15
- [libmicrohttpd] 07/20: digestauth: do not use "algorithm" in response header in RFC2069 mode, gnunet, 2022/08/15
- [libmicrohttpd] 11/20: Added MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE to control how to generate and check nonces for Digest Auth, gnunet, 2022/08/15

Prev by Date: [taler-exchange] branch master updated: -more work on extended fakebank API
Next by Date: [libmicrohttpd] 01/20: digestauth: use internal header for mutex instead of system header
Previous by thread: [libmicrohttpd] branch master updated (9a18a4f8 -> c63be03c)
Next by thread: [libmicrohttpd] 01/20: digestauth: use internal header for mutex instead of system header
Index(es):
- Date
- Thread