diff options
-rw-r--r-- | lib/curl_sasl.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 8a6b52217..b7effcf87 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -403,9 +403,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, const char *service, char **outptr, size_t *outlen) { -#ifndef DEBUGBUILD - static const char table16[] = "0123456789abcdef"; -#endif CURLcode result = CURLE_OK; size_t i; MD5_context *ctxt; @@ -421,8 +418,14 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, char qop_options[64]; int qop_values; + char cnonce[33]; + unsigned int cnonce1 = 0; + unsigned int cnonce2 = 0; + unsigned int cnonce3 = 0; + unsigned int cnonce4 = 0; + struct timeval now; + char nonceCount[] = "00000001"; - char cnonce[] = "12345678"; /* will be changed */ char method[] = "AUTHENTICATE"; char qop[] = DIGEST_QOP_VALUE_STRING_AUTH; char uri[128]; @@ -449,11 +452,18 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, return CURLE_BAD_CONTENT_ENCODING; #ifndef DEBUGBUILD - /* Generate 64 bits of random data */ - for(i = 0; i < 8; i++) - cnonce[i] = table16[Curl_rand(data)%16]; + /* Generate 16 bytes of random data */ + cnonce1 = Curl_rand(data); + cnonce2 = Curl_rand(data); + now = Curl_tvnow(); + cnonce3 = now.tv_sec; + cnonce4 = now.tv_sec; #endif + /* Convert the random data into a 32 byte hex string */ + snprintf(cnonce, sizeof(cnonce), "%08x%08x%08x%08x", + cnonce1, cnonce2, cnonce3, cnonce4); + /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); if(!ctxt) |