From patchwork Sun Sep 18 10:18:09 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aki Sakurai <ffmpeg@aki.tw>
X-Patchwork-Id: 37997
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp613444pzh;
        Sun, 18 Sep 2022 03:18:31 -0700 (PDT)
X-Google-Smtp-Source: 
 AMsMyM62YXrUSWKH3ThVpwWSdv8Z+10zazsbaBnZ/QFCm5HCbh/YynA05ETohypULPHcxUfnFYsh
X-Received: by 2002:a17:907:2c44:b0:770:8623:66c4 with SMTP id
 hf4-20020a1709072c4400b00770862366c4mr9631771ejc.3.1663496311267;
        Sun, 18 Sep 2022 03:18:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1663496311; cv=none;
        d=google.com; s=arc-20160816;
        b=iz9Zn2Lm1ouob2U+TzxXqU+Z8ou74pYwZ7QA4ELHIOOYqOzjvGVMwtELQIH8SAZ4Ek
         pMDt0Sxuv+9WBxYz46Rh+SZpndGZuNB+pAVgdKiR/51KGHHdtwGaDom0rk07PH3vVJaA
         tPl5nHX8rThlOiGzXSUxISO333t8fI/mcVTyIZYbHbfNAaKOoLAISXtCThlFlhYuHbx9
         xzYELBSse6lPLlJTmYZLbLvML/OAIfh7zWqIxXFclFm1Xp7CT92SWtMMib1I+gCg2Zo0
         5bcHNSIOicLBexZh4qqiqbjGRS+gplCye9VQbw6lcXV6JThkN2HxHAV6PMJNRB3ZZ+7c
         cgpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:mime-version:message-id:date:to:from
         :delivered-to;
        bh=ccqcPJUSbYEnFT6Kczm1TRBzab29dCSU8qtC91+gGhk=;
        b=zDdyyHjPyBK7Xr1mnxEsY+Wb6Gntrp1WS0juX/z/7JyCLvYm3mH1bneaWJpSoDGk1a
         xhg4OQTmP+MVkq342LN0ld723ELcvvXNgyPXSX3g/cpROIBEXUH09rtoJCV6XZsamyvS
         dF0Lcw1E5HratD8u6xLmG7b+gPGwpNbQ5PjsawHupMAFESUj20XbDhMHDRWJXRVr8JB2
         79a6KrIkEQ5sXZu7rnmfwTZmv+9Ju7BlA/kOF2TwaoAwpY92Uw5suVv5NMQa6/VyrLr8
         O/n8BaIZkWSK4YAib7Vxl11RGj5nsuLT+UPR7ftc+gqi0TKkxfNUZH1fwB772fzw5ZI9
         jaaQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 dm22-20020a170907949600b0073d5b737a78si20888078ejc.752.2022.09.18.03.18.30;
        Sun, 18 Sep 2022 03:18:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BE8CE68BACD;
	Sun, 18 Sep 2022 13:18:26 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net
 [217.70.183.197])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5F1BD68BA31
 for <ffmpeg-devel@ffmpeg.org>; Sun, 18 Sep 2022 13:18:20 +0300 (EEST)
Received: (Authenticated sender: akimail@aki.tw)
 by mail.gandi.net (Postfix) with ESMTPSA id 9246D1C0002;
 Sun, 18 Sep 2022 10:18:17 +0000 (UTC)
From: Aki Sakurai <ffmpeg@aki.tw>
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 18 Sep 2022 18:18:09 +0800
Message-Id: <20220918101809.94037-1-ffmpeg@aki.tw>
X-Mailer: git-send-email 2.37.3
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] avformat/httpauth: support sha-256 and
 sha-512-256
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Aki Sakurai <ffmpeg@aki.tw>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: GwF0nm81Z7VV

Signed-off-by: Aki Sakurai <ffmpeg@aki.tw>
---
 libavformat/httpauth.c | 82 ++++++++++++++++++++++++------------------
 1 file changed, 48 insertions(+), 34 deletions(-)

diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
index 0a98ff80a5..6781d32ff1 100644
--- a/libavformat/httpauth.c
+++ b/libavformat/httpauth.c
@@ -24,7 +24,7 @@
 #include "libavutil/avstring.h"
 #include "internal.h"
 #include "libavutil/random_seed.h"
-#include "libavutil/md5.h"
+#include "libavutil/hash.h"
 #include "urldecode.h"
 #include "avformat.h"
 
@@ -119,21 +119,21 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
 }
 
 
-static void update_md5_strings(struct AVMD5 *md5ctx, ...)
+static void update_hash_strings(struct AVHashContext *hashctx, ...)
 {
     va_list vl;
 
-    va_start(vl, md5ctx);
+    va_start(vl, hashctx);
     while (1) {
         const char* str = va_arg(vl, const char*);
         if (!str)
             break;
-        av_md5_update(md5ctx, str, strlen(str));
+        av_hash_update(hashctx, str, strlen(str));
     }
     va_end(vl);
 }
 
-/* Generate a digest reply, according to RFC 2617. */
+/* Generate a digest reply, according to RFC 2617 / 7616. */
 static char *make_digest_auth(HTTPAuthState *state, const char *username,
                               const char *password, const char *uri,
                               const char *method)
@@ -144,10 +144,12 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
     char cnonce[17];
     char nc[9];
     int i;
-    char A1hash[33], A2hash[33], response[33];
-    struct AVMD5 *md5ctx;
-    uint8_t hash[16];
+    char A1hash[AV_HASH_MAX_SIZE * 2 + 1], A2hash[AV_HASH_MAX_SIZE * 2 + 1], response[AV_HASH_MAX_SIZE * 2  + 1];
+    struct AVHashContext *hashctx = NULL;
+    uint8_t hash[AV_HASH_MAX_SIZE];
     char *authstr;
+    const char* algorithm = NULL;
+    int hash_size;
 
     digest->nc++;
     snprintf(nc, sizeof(nc), "%08x", digest->nc);
@@ -157,42 +159,54 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
         cnonce_buf[i] = av_get_random_seed();
     ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
 
-    md5ctx = av_md5_alloc();
-    if (!md5ctx)
+    if(!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5") || !strcmp(digest->algorithm, "MD5-sess"))
+        algorithm = "MD5";
+    if(!strcmp(digest->algorithm, "SHA-256") || !strcmp(digest->algorithm, "SHA-256-sess"))
+        algorithm = "SHA256";
+    else if(!strcmp(digest->algorithm, "SHA-512-256") || !strcmp(digest->algorithm, "SHA-512-256-sess"))
+        algorithm = "SHA512/256";
+
+    if (!algorithm) {
+        /* Unsupported algorithm */
         return NULL;
+    }
 
-    av_md5_init(md5ctx);
-    update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
-    av_md5_final(md5ctx, hash);
-    ff_data_to_hex(A1hash, hash, 16, 1);
-
-    if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
-    } else if (!strcmp(digest->algorithm, "MD5-sess")) {
-        av_md5_init(md5ctx);
-        update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
-        av_md5_final(md5ctx, hash);
-        ff_data_to_hex(A1hash, hash, 16, 1);
-    } else {
+    av_hash_alloc(&hashctx, algorithm);
+
+    if (!hashctx) {
         /* Unsupported algorithm */
-        av_free(md5ctx);
         return NULL;
     }
 
-    av_md5_init(md5ctx);
-    update_md5_strings(md5ctx, method, ":", uri, NULL);
-    av_md5_final(md5ctx, hash);
-    ff_data_to_hex(A2hash, hash, 16, 1);
+    hash_size = av_hash_get_size(hashctx);
+
+    av_hash_init (hashctx);
+    update_hash_strings(hashctx, username, ":", state->realm, ":", password, NULL);
+    av_hash_final(hashctx, hash);
+    ff_data_to_hex(A1hash, hash, hash_size, 1);
+
+    if (!strcmp(digest->algorithm, "MD5-sess") || !strcmp(digest->algorithm, "SHA-256-sess") ||  !strcmp(digest->algorithm, "SHA-512-256-sess")) {
+        av_hash_init(hashctx);
+        update_hash_strings(hashctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
+        av_hash_final(hashctx, hash);
+        ff_data_to_hex(A1hash, hash, hash_size, 1);
+    }
+
+    av_hash_init(hashctx);
+    update_hash_strings(hashctx, method, ":", uri, NULL);
+    av_hash_final(hashctx, hash);
+    ff_data_to_hex(A2hash, hash, hash_size, 1);
 
-    av_md5_init(md5ctx);
-    update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
+    av_hash_init(hashctx);
+    update_hash_strings(hashctx, A1hash, ":", digest->nonce, NULL);
     if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
-        update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
+        update_hash_strings(hashctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
     }
-    update_md5_strings(md5ctx, ":", A2hash, NULL);
-    av_md5_final(md5ctx, hash);
-    ff_data_to_hex(response, hash, 16, 1);
+    update_hash_strings(hashctx, ":", A2hash, NULL);
+    av_hash_final(hashctx, hash);
+    ff_data_to_hex(response, hash, hash_size, 1);
 
-    av_free(md5ctx);
+    av_free(hashctx);
 
     if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
     } else if (!strcmp(digest->qop, "auth-int")) {