summaryrefslogtreecommitdiff
path: root/lib/vauth/digest.c
Commit message (Collapse)AuthorAgeFilesLines
* source cleanup: remove all custom typedef structsDaniel Stenberg2020-05-151-1/+1
| | | | | | | | | | | - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
* md5/sha256: Updated the functions to allow non-string data to be hashedSteve Holme2020-02-231-27/+19
|
* digest: Corrected the name of the local HTTP digest functionSteve Holme2020-02-231-12/+12
| | | | | Follow up to 2b5b37cb. Local static functions do not require the Curl prefix.
* digest: Do not quote algorithm in HTTP authorisationPierre-Yves Bigourdan2020-02-071-2/+2
| | | | | | | | | | RFC 7616 section 3.4 (The Authorization Header Field) states that "For historical reasons, a sender MUST NOT generate the quoted string syntax for the following parameters: algorithm, qop, and nc". This removes the quoting for the algorithm parameter. Reviewed-by: Steve Holme Closes #4890
* build: fix Codacy warningsMarcel Raad2019-06-051-5/+6
| | | | | | Reduce variable scopes and remove redundant variable stores. Closes https://github.com/curl/curl/pull/3975
* cleanup: remove FIXME and TODO commentsDaniel Stenberg2019-05-161-3/+2
| | | | | | | | | They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
* snprintf: renamed and we now only use msnprintf()Daniel Stenberg2018-11-231-5/+5
| | | | | | | | | | | The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
* memory: ensure to check allocation resultsDaniel Gustafsson2018-10-031-1/+3
| | | | | | | | | | | | | | | | The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* comment: Fix multiple typos in function parametersDaniel Gustafsson2018-10-031-3/+3
| | | | | | | | Ensure that the parameters in the comment match the actual names in the prototype. Closes #3079 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cppcheck: fix warningsMarian Klymov2018-06-111-3/+3
| | | | | | | | | | | | | - Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
* auth: add support for RFC7616 - HTTP Digest access authenticationFlorin2017-10-281-42/+152
| | | | Signed-off-by: Florin <petriuc.florin@gmail.com>
* rand: treat fake entropy the same regardless of endiannessJay Satiro2017-05-081-11/+4
| | | | | | | | | | | | | | | | | When the random seed is purposely made predictable for testing purposes by using the CURL_ENTROPY environment variable, process that data in an endian agnostic way so the the initial random seed is the same regardless of endianness. - Change Curl_rand to write to a char array instead of int array. - Add Curl_rand_hex to write random hex characters to a buffer. Fixes #1315 Closes #1468 Co-authored-by: Daniel Stenberg Reported-by: Michael Kaufmann
* lib: fix maybe-uninitialized warningsMarcel Raad2017-04-221-2/+2
| | | | | | | | | | | | | | With -Og, GCC complains: easy.c:628:7: error: ‘mcode’ may be used uninitialized in this function [-Werror=maybe-uninitialized] ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized] vauth/digest.c:208:9: note: ‘tok_buf’ was declared here ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized] vauth/digest.c:566:15: note: ‘tok_buf’ was declared here Fix this by initializing the variables.
* spelling fixesklemens2017-03-261-4/+4
| | | | Closes #1356
* checksrc: white space edits to comply to stricter checksrcDaniel Stenberg2016-11-241-1/+1
|
* Curl_rand: fixed and moved to rand.cDaniel Stenberg2016-11-141-6/+9
| | | | | | | | | | | | | Now Curl_rand() is made to fail if it cannot get the necessary random level. Changed the proto of Curl_rand() slightly to provide a number of ints at once. Moved out from vtls, since it isn't a TLS function and vtls provides Curl_ssl_random() for this to use. Discussion: https://curl.haxx.se/mail/lib-2016-11/0119.html
* strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg2016-10-311-17/+17
| | | | | We had some confusions on when each function was used. We should not act differently on different locales anyway.
* vauth: Introduced Curl_auth_is_<mechansism>_supported() functionsSteve Holme2016-08-181-0/+14
| | | | | | | | | | As Windows SSPI authentication calls fail when a particular mechanism isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 and Negotiate to allow both HTTP and SASL authentication the opportunity to query support for a supported mechanism before selecting it. For now each function returns TRUE to maintain compatability with the existing code when called.
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-2/+2
|
* URLs: change http to https in many placesViktor Szakats2016-04-061-1/+1
| | | | Closes #754
* vauth: Corrected a number of typos in commentsSteve Holme2016-04-061-1/+1
| | | | Reported-by: Michael Osipov
* code: style updatesDaniel Stenberg2016-04-031-2/+2
|
* vauth: Removed the need for a separate GSS-API based SPN functionSteve Holme2016-04-031-1/+1
|
* vauth: Refactored function names after move to new vauth directorySteve Holme2016-03-251-29/+29
| | | | | Renamed all the SASL functions that moved to the new vauth directory to include the correct module name.
* vauth: Updated the copyright year after recent changesSteve Holme2016-03-251-1/+1
| | | | | As most of this work was performed in 2015 but not pushed until 2016 updated the copyright year to reflect the public facing changes.
* digest.c: Fixed checksrc warningsSteve Holme2016-03-251-2/+4
|
* vauth: Moved the DIGEST authentication code to the new vauth directorySteve Holme2016-03-251-0/+881
View Lorry Controller Status