From 93c4cb8ffab8bd76fa95545777d0bb1beae23e55 Mon Sep 17 00:00:00 2001
From: joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845>
Date: Sat, 10 Sep 2016 19:12:46 +0000
Subject: * src/ne_md5.h: Allow ne_md5_create_ctx to return NULL.

* src/ne_auth.c (auth_register): Disable Digest support without MD5 support.

* test/auth.c (make_digest): Don't crash in above case.

* test/util-tests.c (digest_md5, md5_alignment): Likewise.


git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1970 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
---
 src/ne_auth.c     | 12 ++++++++++++
 src/ne_md5.h      |  4 +++-
 test/auth.c       |  1 +
 test/util-tests.c |  6 +++++-
 4 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/ne_auth.c b/src/ne_auth.c
index 48a0cb5..96f34d3 100644
--- a/src/ne_auth.c
+++ b/src/ne_auth.c
@@ -1616,6 +1616,18 @@ static void auth_register(ne_session *sess, int isproxy, unsigned protomask,
         protomask |= NE_AUTH_GSSAPI_ONLY | NE_AUTH_SSPI;
     }
 
+    if (protomask | NE_AUTH_DIGEST) {
+        struct ne_md5_ctx *ctx = ne_md5_create_ctx();
+
+        if (ctx) {
+            ne_md5_destroy_ctx(ctx);
+        }
+        else {
+            NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Disabling Digest support without MD5.\n");
+            protomask &= ~NE_AUTH_DIGEST;
+        }
+    }
+    
     ahs = ne_get_session_private(sess, id);
     if (ahs == NULL) {
         ahs = ne_calloc(sizeof *ahs);
diff --git a/src/ne_md5.h b/src/ne_md5.h
index 9a625bc..cb850bf 100644
--- a/src/ne_md5.h
+++ b/src/ne_md5.h
@@ -34,7 +34,9 @@ NE_BEGIN_DECLS
  */
 struct ne_md5_ctx;
 
-/* Create structure containing state of computation. */
+/* Create structure containing state of computation.  Can return NULL
+ * if the MD5 algorithm is prohibited (such as FIPS-enabled
+ * systems). */
 extern struct ne_md5_ctx *ne_md5_create_ctx(void);
 
 /* Starting with the result of former calls of this function (or the
diff --git a/test/auth.c b/test/auth.c
index 692c37b..050b046 100644
--- a/test/auth.c
+++ b/test/auth.c
@@ -418,6 +418,7 @@ static void make_digest(struct digest_state *state, struct digest_parms *parms,
 
     /* H(A1) */
     ctx = ne_md5_create_ctx();
+    if (!ctx) return;
     ne_md5_process_bytes(state->username, strlen(state->username), ctx);
     ne_md5_process_bytes(":", 1, ctx);
     ne_md5_process_bytes(state->realm, strlen(state->realm), ctx);
diff --git a/test/util-tests.c b/test/util-tests.c
index 95e4c74..ee8aebb 100644
--- a/test/util-tests.c
+++ b/test/util-tests.c
@@ -101,13 +101,16 @@ static int status_lines(void)
 }
 
 /* Write MD5 of 'len' bytes of 'str' to 'digest' */
-static unsigned char *digest_md5(const char *data, size_t len,
+static const unsigned char *digest_md5(const char *data, size_t len,
                                  unsigned int digest[4])
 {
     struct ne_md5_ctx *ctx;
 
 #define CHUNK 100
     ctx = ne_md5_create_ctx();
+    if (!ctx) {
+        return (unsigned char *)"NO-MD5-SUPPORT";
+    }        
     /* exercise the buffering interface */
     while (len > CHUNK) {
         ne_md5_process_bytes(data, CHUNK, ctx);
@@ -154,6 +157,7 @@ static int md5_alignment(void)
      * the process_bytes function would SIGBUS if the buffer argument
      * isn't 32-bit aligned. Won't trigger on x86 though. */
     ctx = ne_md5_create_ctx();
+    ONN("could not create MD5 context", ctx == NULL);
     ne_md5_process_bytes(bb + 1, 65, ctx);
     ne_md5_destroy_ctx(ctx);
     ne_free(bb);
-- 
cgit v1.2.1