From 1d11e9b3dcdf026a3fe1e76f4279dfaedaf55073 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Thu, 14 Dec 2017 21:04:04 +1300 Subject: [PATCH] Nettle v3.4 support (#103) Nettle crypto library v3.4 changes the Base64 coder API to require less casting between uint8_t and char types. --- configure.ac | 8 +- include/base64.h | 167 ++++++++++----- lib/base64.c | 195 +++++++++++------- src/HttpHeader.cc | 2 +- src/adaptation/icap/ModXact.cc | 4 +- src/auth/digest/Config.cc | 4 +- .../kerberos/negotiate_kerberos_auth.cc | 6 +- .../kerberos/negotiate_kerberos_auth_test.cc | 4 +- .../kerberos/negotiate_kerberos_pac.cc | 6 +- .../negotiate/wrapper/negotiate_wrapper.cc | 2 +- src/auth/ntlm/fake/ntlm_fake_auth.cc | 6 +- src/http.cc | 4 +- src/peer_proxy_negotiate_auth.cc | 2 +- test-suite/buildtests/layer-01-minimal.opts | 1 + tools/cachemgr.cc | 8 +- tools/squidclient/gssapi_support.cc | 10 +- tools/squidclient/squidclient.cc | 8 +- 17 files changed, 283 insertions(+), 154 deletions(-) diff --git a/configure.ac b/configure.ac index 30686ee5f0..6d41870db4 100644 --- a/configure.ac +++ b/configure.ac @@ -1166,16 +1166,16 @@ if test "x$with_nettle" != "xno" ; then AC_CHECK_HEADERS(nettle/md5.h) ],[with_nettle=no]) if test "x$with_nettle" != "xno" ; then - # Base64 uses the nettle 3.0 API + # Base64 uses the nettle 3.4 API # which matters on 64-bit systems AC_CHECK_HEADERS(nettle/base64.h) - AC_MSG_CHECKING([for Nettle 3.0 API compatibility]) + AC_MSG_CHECKING([for Nettle 3.4 API compatibility]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ # include # include # include ]],[[ - uint8_t inData[10]; inData[0] = '\0'; + char inData[10]; inData[0] = '\0'; size_t srcLen = 0; struct base64_decode_ctx ctx; base64_decode_init(&ctx); @@ -1186,7 +1186,7 @@ if test "x$with_nettle" != "xno" ; then return 1; } ]])],[AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_NETTLE30_BASE64,1,[set to 1 if Nettle 3.0 API will link]) + AC_DEFINE(HAVE_NETTLE34_BASE64,1,[set to 1 if Nettle 3.4 API will link]) ],[AC_MSG_RESULT(no)]) fi fi diff --git a/include/base64.h b/include/base64.h index 1e0afdc352..5bc89fd5c0 100644 --- a/include/base64.h +++ b/include/base64.h @@ -9,88 +9,163 @@ #ifndef _SQUID_BASE64_H #define _SQUID_BASE64_H -#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE30_BASE64 +#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64 #include -#else /* Base64 functions copied from Nettle 3.0 under GPLv2, with adjustments */ +#else /* Base64 functions copied from Nettle 3.4 under GPLv2, with adjustments */ -#ifdef __cplusplus -extern "C" { -#endif +/* base64.h -// Decoding functions + Base-64 encoding and decoding. -/// Maximum length of output for base64_decode_update. -/// We have at most 6 buffered bits, and a total of (length + 1) * 6 bits. -# define BASE64_DECODE_LENGTH(length) ((((length) + 1) * 6) / 8) + Copyright (C) 2002 Niels Möller, Dan Egnor -struct base64_decode_ctx -{ - unsigned word; /* Leftover bits */ - unsigned bits; /* Number buffered bits */ + This file is part of GNU Nettle. - /* Number of padding characters encountered */ - unsigned padding; -}; + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: -void base64_decode_init(struct base64_decode_ctx *ctx); + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. -/* Returns 1 on success, 0 on error. DST should point to an area of - * size at least BASE64_DECODE_LENGTH(length). The amount of data - * generated is returned in *DST_LENGTH. - */ -int base64_decode_update(struct base64_decode_ctx *ctx, - size_t *dst_length, - uint8_t *dst, - size_t src_length, - const uint8_t *src); + or -/* Returns 1 on success. */ -int base64_decode_final(struct base64_decode_ctx *ctx); + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifdef __cplusplus +extern "C" { +#endif -// Encoding functions +/* Base64 encoding */ /* Maximum length of output for base64_encode_update. NOTE: Doesn't * include any padding that base64_encode_final may add. */ /* We have at most 4 buffered bits, and a total of (4 + length * 8) bits. */ -# define BASE64_ENCODE_LENGTH(length) (((length) * 8 + 4)/6) +#define BASE64_ENCODE_LENGTH(length) (((length) * 8 + 4)/6) /* Maximum length of output generated by base64_encode_final. */ -# define BASE64_ENCODE_FINAL_LENGTH 3 +#define BASE64_ENCODE_FINAL_LENGTH 3 /* Exact length of output generated by base64_encode_raw, including - * padding. - */ -# define BASE64_ENCODE_RAW_LENGTH(length) ((((length) + 2)/3)*4) + * padding. */ +#define BASE64_ENCODE_RAW_LENGTH(length) ((((length) + 2)/3)*4) struct base64_encode_ctx { - unsigned word; /* Leftover bits */ - unsigned bits; /* Number of bits, always 0, 2, or 4. */ + const char *alphabet; /* Alphabet to use for encoding */ + unsigned short word; /* Leftover bits */ + unsigned char bits; /* Number of bits, always 0, 2, or 4. */ }; -void base64_encode_init(struct base64_encode_ctx *ctx); +/* Initialize encoding context for base-64 */ +void +base64_encode_init(struct base64_encode_ctx *ctx); + +/* Initialize encoding context for URL safe alphabet, RFC 4648. */ +void +base64url_encode_init(struct base64_encode_ctx *ctx); -/// Encodes a single byte. Returns amount of output (always 1 or 2). -size_t base64_encode_single(struct base64_encode_ctx *ctx, uint8_t *dst, uint8_t src); +/* Encodes a single byte. Returns amount of output (always 1 or 2). */ +size_t +base64_encode_single(struct base64_encode_ctx *ctx, + char *dst, + uint8_t src); /* Returns the number of output characters. DST should point to an - * area of size at least BASE64_ENCODE_LENGTH(length). - */ -size_t base64_encode_update(struct base64_encode_ctx *ctx, uint8_t *dst, size_t length, const uint8_t *src); + * area of size at least BASE64_ENCODE_LENGTH(length). */ +size_t +base64_encode_update(struct base64_encode_ctx *ctx, + char *dst, + size_t length, + const uint8_t *src); + +/* DST should point to an area of size at least + * BASE64_ENCODE_FINAL_LENGTH */ +size_t +base64_encode_final(struct base64_encode_ctx *ctx, + char *dst); + +/* Lower level functions */ + +/* Encodes a string in one go, including any padding at the end. + * Generates exactly BASE64_ENCODE_RAW_LENGTH(length) bytes of output. + * Supports overlapped operation, if src <= dst. FIXME: Use of overlap + * is deprecated, if needed there should be a separate public fucntion + * to do that.*/ +void +base64_encode_raw(char *dst, size_t length, const uint8_t *src); + +void +base64_encode_group(char *dst, uint32_t group); + +/* Base64 decoding */ + +/* Maximum length of output for base64_decode_update. */ +/* We have at most 6 buffered bits, and a total of (length + 1) * 6 bits. */ +#define BASE64_DECODE_LENGTH(length) ((((length) + 1) * 6) / 8) + +struct base64_decode_ctx +{ + const signed char *table; /* Decoding table */ + unsigned short word; /* Leftover bits */ + unsigned char bits; /* Number buffered bits */ + + /* Number of padding characters encountered */ + unsigned char padding; +}; -/// DST should point to an area of size at least BASE64_ENCODE_FINAL_LENGTH -size_t base64_encode_final(struct base64_encode_ctx *ctx, uint8_t *dst); +/* Initialize decoding context for base-64 */ +void +base64_decode_init(struct base64_decode_ctx *ctx); + +/* Initialize encoding context for URL safe alphabet, RFC 4648. */ +void +base64url_decode_init(struct base64_decode_ctx *ctx); + +/* Decodes a single byte. Returns amount of output (0 or 1), or -1 on + * errors. */ +int +base64_decode_single(struct base64_decode_ctx *ctx, + uint8_t *dst, + char src); + +/* Returns 1 on success, 0 on error. DST should point to an area of + * size at least BASE64_DECODE_LENGTH(length). The amount of data + * generated is returned in *DST_LENGTH. */ +int +base64_decode_update(struct base64_decode_ctx *ctx, + size_t *dst_length, + uint8_t *dst, + size_t src_length, + const char *src); + +/* Returns 1 on success. */ +int +base64_decode_final(struct base64_decode_ctx *ctx); #ifdef __cplusplus } #endif -#endif /* HAVE_NETTLE_BASE64_H */ +#endif /* HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64 */ /// Calculate the buffer size required to hold the encoded form of /// a string of length 'decodedLen' including all terminator bytes. # define base64_encode_len(length) (BASE64_ENCODE_LENGTH(length)+BASE64_ENCODE_FINAL_LENGTH+1) #endif /* _SQUID_BASE64_H */ - diff --git a/lib/base64.c b/lib/base64.c index 484c058f1b..ff75d5607a 100644 --- a/lib/base64.c +++ b/lib/base64.c @@ -7,65 +7,86 @@ */ /* -* Copied from Nettle 3.0 under GPLv2, with adjustments + * Copied from Nettle 3.4 under GPLv2, with adjustments */ #include "squid.h" #include "base64.h" -#if !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE30_BASE64 +#if !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE34_BASE64 -#if HAVE_STDLIB_H -#include -#endif +/* base64-encode.c -static const uint8_t encode_table[64] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789+/"; + Copyright (C) 2002 Niels Möller -#define ENCODE(x) (encode_table[0x3F & (x)]) + This file is part of GNU Nettle. -static const signed char decode_table[0x100] = -{ - /* White space is HT, VT, FF, CR, LF and SPC */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -2, -2, -2, -2, -2, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -3, -1, -1, - -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, - -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -}; + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ #define TABLE_INVALID -1 #define TABLE_SPACE -2 #define TABLE_END -3 -#define BASE64_VALUE_SZ 256 -int base64_value[BASE64_VALUE_SZ]; - void base64_decode_init(struct base64_decode_ctx *ctx) { + static const signed char base64_decode_table[0x100] = + { + /* White space is HT, VT, FF, CR, LF and SPC */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -2, -2, -2, -2, -2, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -3, -1, -1, + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, + -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + }; + ctx->word = ctx->bits = ctx->padding = 0; + ctx->table = base64_decode_table; } -static int -base64_decode_single(struct base64_decode_ctx *ctx, uint8_t *dst, uint8_t src) +int +base64_decode_single(struct base64_decode_ctx *ctx, + uint8_t *dst, + char src) { - int data = decode_table[src]; + int data = ctx->table[(uint8_t) src]; - switch(data) { + switch(data) + { default: assert(data >= 0 && data < 0x40); @@ -75,12 +96,13 @@ base64_decode_single(struct base64_decode_ctx *ctx, uint8_t *dst, uint8_t src) ctx->word = ctx->word << 6 | data; ctx->bits += 6; - if (ctx->bits >= 8) { + if (ctx->bits >= 8) + { ctx->bits -= 8; dst[0] = ctx->word >> ctx->bits; return 1; - } else - return 0; + } + else return 0; case TABLE_INVALID: return -1; @@ -108,13 +130,14 @@ base64_decode_update(struct base64_decode_ctx *ctx, size_t *dst_length, uint8_t *dst, size_t src_length, - const uint8_t *src) + const char *src) { size_t done; size_t i; - for (i = 0, done = 0; i < src_length; i++) { - switch(base64_decode_single(ctx, dst + done, src[i])) { + for (i = 0, done = 0; ibits == 0; } +/* base64-encode.c */ + +#define ENCODE(alphabet,x) ((alphabet)[0x3F & (x)]) + static void -base64_encode_raw(uint8_t *dst, size_t length, const uint8_t *src) +encode_raw(const char *alphabet, + char *dst, size_t length, const uint8_t *src) { const uint8_t *in = src + length; - uint8_t *out = dst + BASE64_ENCODE_RAW_LENGTH(length); + char *out = dst + BASE64_ENCODE_RAW_LENGTH(length); unsigned left_over = length % 3; - if (left_over) { + if (left_over) + { in -= left_over; *--out = '='; - switch(left_over) { + switch(left_over) + { case 1: *--out = '='; - *--out = ENCODE(in[0] << 4); + *--out = ENCODE(alphabet, (in[0] << 4)); break; case 2: - *--out = ENCODE( in[1] << 2); - *--out = ENCODE((in[0] << 4) | (in[1] >> 4)); + *--out = ENCODE(alphabet, (in[1] << 2)); + *--out = ENCODE(alphabet, ((in[0] << 4) | (in[1] >> 4))); break; default: abort(); } - *--out = ENCODE(in[0] >> 2); + *--out = ENCODE(alphabet, (in[0] >> 2)); } - while (in > src) { + while (in > src) + { in -= 3; - *--out = ENCODE( in[2]); - *--out = ENCODE((in[1] << 2) | (in[2] >> 6)); - *--out = ENCODE((in[0] << 4) | (in[1] >> 4)); - *--out = ENCODE( in[0] >> 2); + *--out = ENCODE(alphabet, (in[2])); + *--out = ENCODE(alphabet, ((in[1] << 2) | (in[2] >> 6))); + *--out = ENCODE(alphabet, ((in[0] << 4) | (in[1] >> 4))); + *--out = ENCODE(alphabet, (in[0] >> 2)); } assert(in == src); assert(out == dst); } +static const char base64_encode_table[64] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789+/"; + +void +base64_encode_raw(char *dst, size_t length, const uint8_t *src) +{ + encode_raw(base64_encode_table, dst, length, src); +} + +void +base64_encode_group(char *dst, uint32_t group) +{ + *dst++ = ENCODE(base64_encode_table, (group >> 18)); + *dst++ = ENCODE(base64_encode_table, (group >> 12)); + *dst++ = ENCODE(base64_encode_table, (group >> 6)); + *dst++ = ENCODE(base64_encode_table, group); +} + void base64_encode_init(struct base64_encode_ctx *ctx) { ctx->word = ctx->bits = 0; + ctx->alphabet = base64_encode_table; } /* Encodes a single byte. */ size_t base64_encode_single(struct base64_encode_ctx *ctx, - uint8_t *dst, + char *dst, uint8_t src) { unsigned done = 0; unsigned word = ctx->word << 8 | src; unsigned bits = ctx->bits + 8; - while (bits >= 6) { + while (bits >= 6) + { bits -= 6; - dst[done++] = ENCODE(word >> bits); + dst[done++] = ENCODE(ctx->alphabet, (word >> bits)); } ctx->bits = bits; @@ -211,7 +263,7 @@ base64_encode_single(struct base64_encode_ctx *ctx, * area of size at least BASE64_ENCODE_LENGTH(length). */ size_t base64_encode_update(struct base64_encode_ctx *ctx, - uint8_t *dst, + char *dst, size_t length, const uint8_t *src) { @@ -220,7 +272,8 @@ base64_encode_update(struct base64_encode_ctx *ctx, unsigned left_over; size_t bulk; - while (ctx->bits && left) { + while (ctx->bits && left) + { left--; done += base64_encode_single(ctx, dst + done, *src++); } @@ -228,16 +281,18 @@ base64_encode_update(struct base64_encode_ctx *ctx, left_over = left % 3; bulk = left - left_over; - if (bulk) { + if (bulk) + { assert(!(bulk % 3)); - base64_encode_raw(dst + done, bulk, src); + encode_raw(ctx->alphabet, dst + done, bulk, src); done += BASE64_ENCODE_RAW_LENGTH(bulk); src += bulk; left = left_over; } - while (left) { + while (left) + { left--; done += base64_encode_single(ctx, dst + done, *src++); } @@ -251,13 +306,14 @@ base64_encode_update(struct base64_encode_ctx *ctx, * BASE64_ENCODE_FINAL_SIZE */ size_t base64_encode_final(struct base64_encode_ctx *ctx, - uint8_t *dst) + char *dst) { unsigned done = 0; unsigned bits = ctx->bits; - if (bits) { - dst[done++] = ENCODE(ctx->word << (6 - ctx->bits)); + if (bits) + { + dst[done++] = ENCODE(ctx->alphabet, (ctx->word << (6 - ctx->bits))); for (; bits < 6; bits += 2) dst[done++] = '='; @@ -268,5 +324,4 @@ base64_encode_final(struct base64_encode_ctx *ctx, return done; } -#endif /* !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE30_BASE64 */ - +#endif /* !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE34_BASE64 */ diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc index d40146221f..3e98a739be 100644 --- a/src/HttpHeader.cc +++ b/src/HttpHeader.cc @@ -1345,7 +1345,7 @@ HttpHeader::getAuth(Http::HdrType id, const char *auth_scheme) const struct base64_decode_ctx ctx; base64_decode_init(&ctx); size_t decodedLen = 0; - if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(decodedAuthToken), strlen(field), reinterpret_cast(field)) || + if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(decodedAuthToken), strlen(field), field) || !base64_decode_final(&ctx)) { return NULL; } diff --git a/src/adaptation/icap/ModXact.cc b/src/adaptation/icap/ModXact.cc index 54e25cd946..e53583cc74 100644 --- a/src/adaptation/icap/ModXact.cc +++ b/src/adaptation/icap/ModXact.cc @@ -1413,7 +1413,7 @@ void Adaptation::Icap::ModXact::makeRequestHeaders(MemBuf &buf) } else if (request->extacl_user.size() > 0 && request->extacl_passwd.size() > 0) { struct base64_encode_ctx ctx; base64_encode_init(&ctx); - uint8_t base64buf[base64_encode_len(MAX_LOGIN_SZ)]; + char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; size_t resultLen = base64_encode_update(&ctx, base64buf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); resultLen += base64_encode_update(&ctx, base64buf+resultLen, 1, reinterpret_cast(":")); resultLen += base64_encode_update(&ctx, base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); @@ -1575,7 +1575,7 @@ void Adaptation::Icap::ModXact::makeUsernameHeader(const HttpRequest *request, M if (value) { if (TheConfig.client_username_encode) { - uint8_t base64buf[base64_encode_len(MAX_LOGIN_SZ)]; + char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; size_t resultLen = base64_encode_update(&ctx, base64buf, strlen(value), reinterpret_cast(value)); resultLen += base64_encode_final(&ctx, base64buf+resultLen); buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf); diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc index 3e9a07edc9..8209edd63a 100644 --- a/src/auth/digest/Config.cc +++ b/src/auth/digest/Config.cc @@ -111,8 +111,8 @@ authDigestNonceEncode(digest_nonce_h * nonce) nonce->key = xcalloc(base64_encode_len(sizeof(digest_nonce_data)), 1); struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, reinterpret_cast(nonce->key), sizeof(digest_nonce_data), reinterpret_cast(&(nonce->noncedata))); - blen += base64_encode_final(&ctx, reinterpret_cast(nonce->key)+blen); + size_t blen = base64_encode_update(&ctx, reinterpret_cast(nonce->key), sizeof(digest_nonce_data), reinterpret_cast(&(nonce->noncedata))); + blen += base64_encode_final(&ctx, reinterpret_cast(nonce->key)+blen); } digest_nonce_h * diff --git a/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc b/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc index 7195689514..d08e364a62 100644 --- a/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc +++ b/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc @@ -658,7 +658,7 @@ main(int argc, char *const argv[]) fprintf(stdout, "BH Invalid negotiate request\n"); continue; } - const uint8_t *b64Token = reinterpret_cast(buf+3); + const char *b64Token = buf+3; const size_t srcLen = strlen(buf+3); input_token.length = BASE64_DECODE_LENGTH(srcLen); debug((char *) "%s| %s: DEBUG: Decode '%s' (decoded length estimate: %d).\n", @@ -729,8 +729,8 @@ main(int argc, char *const argv[]) } struct base64_encode_ctx tokCtx; base64_encode_init(&tokCtx); - size_t blen = base64_encode_update(&tokCtx, reinterpret_cast(token), spnegoTokenLength, reinterpret_cast(spnegoToken)); - blen += base64_encode_final(&tokCtx, reinterpret_cast(token)+blen); + size_t blen = base64_encode_update(&tokCtx, token, spnegoTokenLength, reinterpret_cast(spnegoToken)); + blen += base64_encode_final(&tokCtx, token+blen); token[blen] = '\0'; if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1)) diff --git a/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc b/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc index afe0737896..41cbb59def 100644 --- a/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc +++ b/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc @@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy) token = (char *) xcalloc(base64_encode_len(output_token.length), 1); struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, reinterpret_cast(token), output_token.length, reinterpret_cast(output_token.value)); - blen += base64_encode_final(&ctx, reinterpret_cast(token)+blen); + size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast(output_token.value)); + blen += base64_encode_final(&ctx, token+blen); } } diff --git a/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc b/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc index bd791138b9..d79835bb7d 100644 --- a/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc +++ b/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc @@ -244,11 +244,11 @@ getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t Gro struct base64_encode_ctx ctx; base64_encode_init(&ctx); const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */; - uint8_t *b64buf = (uint8_t *)xcalloc(expectedSz, 1); + char *b64buf = static_cast(xcalloc(expectedSz, 1)); size_t blen = base64_encode_update(&ctx, b64buf, length+4, reinterpret_cast(ag)); blen += base64_encode_final(&ctx, b64buf+blen); b64buf[expectedSz-1] = '\0'; - if (!pstrcat(ad_groups, reinterpret_cast(b64buf))) { + if (!pstrcat(ad_groups, b64buf)) { debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n", LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups); } @@ -333,7 +333,7 @@ getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount) struct base64_encode_ctx ctx; base64_encode_init(&ctx); const uint32_t expectedSz = base64_encode_len(length) +1 /* terminator */; - uint8_t *b64buf = (uint8_t *)xcalloc(expectedSz, 1); + char *b64buf = static_cast(xcalloc(expectedSz, 1)); size_t blen = base64_encode_update(&ctx, b64buf, length, reinterpret_cast(ag)); blen += base64_encode_final(&ctx, b64buf+blen); b64buf[expectedSz-1] = '\0'; diff --git a/src/auth/negotiate/wrapper/negotiate_wrapper.cc b/src/auth/negotiate/wrapper/negotiate_wrapper.cc index 9943a99b86..1671d3e144 100644 --- a/src/auth/negotiate/wrapper/negotiate_wrapper.cc +++ b/src/auth/negotiate/wrapper/negotiate_wrapper.cc @@ -193,7 +193,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT) struct base64_decode_ctx ctx; base64_decode_init(&ctx); size_t dstLen = 0; - if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), reinterpret_cast(buf+3)) || + if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) || !base64_decode_final(&ctx)) { if (debug_enabled) fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3); diff --git a/src/auth/ntlm/fake/ntlm_fake_auth.cc b/src/auth/ntlm/fake/ntlm_fake_auth.cc index ac9fb281d7..f79199c682 100644 --- a/src/auth/ntlm/fake/ntlm_fake_auth.cc +++ b/src/auth/ntlm/fake/ntlm_fake_auth.cc @@ -155,7 +155,7 @@ main(int argc, char *argv[]) base64_decode_init(&ctx); size_t dstLen = 0; if (buflen > 3 && - base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, reinterpret_cast(buf+3)) && + base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) && base64_decode_final(&ctx)) { decodedLen = dstLen; packet = (ntlmhdr*)decodedBuf; @@ -189,8 +189,8 @@ main(int argc, char *argv[]) struct base64_encode_ctx eCtx; base64_encode_init(&eCtx); - uint8_t *data = (uint8_t*)xcalloc(base64_encode_len(len), 1); - size_t blen = base64_encode_update(&eCtx, data, len, reinterpret_cast(&chal)); + char *data = static_cast(xcalloc(base64_encode_len(len), 1)); + size_t blen = base64_encode_update(&eCtx, data, len, reinterpret_cast(&chal)); blen += base64_encode_final(&eCtx, data+blen); if (NTLM_packet_debug_enabled) { printf("TT %.*s\n", (int)blen, data); diff --git a/src/http.cc b/src/http.cc index 3b2e079d38..ea09b6c417 100644 --- a/src/http.cc +++ b/src/http.cc @@ -1672,7 +1672,7 @@ httpFixupAuthentication(HttpRequest * request, const HttpHeader * hdr_in, HttpHe } } - uint8_t loginbuf[base64_encode_len(MAX_LOGIN_SZ)]; + char loginbuf[base64_encode_len(MAX_LOGIN_SZ)]; size_t blen; struct base64_encode_ctx ctx; base64_encode_init(&ctx); @@ -1857,7 +1857,7 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request, /* append Authorization if known in URL, not in header and going direct */ if (!hdr_out->has(Http::HdrType::AUTHORIZATION)) { if (!request->flags.proxying && !request->url.userInfo().isEmpty()) { - static uint8_t result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment + static char result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment struct base64_encode_ctx ctx; base64_encode_init(&ctx); size_t blen = base64_encode_update(&ctx, result, request->url.userInfo().length(), reinterpret_cast(request->url.userInfo().rawContent())); diff --git a/src/peer_proxy_negotiate_auth.cc b/src/peer_proxy_negotiate_auth.cc index 221f308d87..d3ffc875f3 100644 --- a/src/peer_proxy_negotiate_auth.cc +++ b/src/peer_proxy_negotiate_auth.cc @@ -559,7 +559,7 @@ char *peer_proxy_negotiate_auth(char *principal_name, char *proxy, int flags) { debugs(11, 5, HERE << "Got token with length " << output_token.length); if (output_token.length) { - static uint8_t b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to. + static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to. struct base64_encode_ctx ctx; base64_encode_init(&ctx); size_t blen = base64_encode_update(&ctx, b64buf, output_token.length, reinterpret_cast(output_token.value)); diff --git a/test-suite/buildtests/layer-01-minimal.opts b/test-suite/buildtests/layer-01-minimal.opts index da8f2db739..251f73b8ab 100644 --- a/test-suite/buildtests/layer-01-minimal.opts +++ b/test-suite/buildtests/layer-01-minimal.opts @@ -99,6 +99,7 @@ DISTCHECK_CONFIGURE_FLAGS=" \ --without-aio \ --without-dl \ --without-large-files \ + --without-nettle \ --without-valgrind-debug \ --without-ipv6-split-stack \ --without-dns-cname \ diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc index ec7cdabdbb..178a867334 100644 --- a/tools/cachemgr.cc +++ b/tools/cachemgr.cc @@ -1081,8 +1081,8 @@ make_pub_auth(cachemgr_request * req) req->pub_auth = (char *) xmalloc(encodedLen); struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, reinterpret_cast(req->pub_auth), bufLen, reinterpret_cast(buf)); - blen += base64_encode_final(&ctx, reinterpret_cast(req->pub_auth)+blen); + size_t blen = base64_encode_update(&ctx, req->pub_auth, bufLen, reinterpret_cast(buf)); + blen += base64_encode_final(&ctx, req->pub_auth + blen); req->pub_auth[blen] = '\0'; debug("cmgr: encoded: '%s'\n", req->pub_auth); } @@ -1106,7 +1106,7 @@ decode_pub_auth(cachemgr_request * req) buf = (char*)xmalloc(decodedLen); struct base64_decode_ctx ctx; base64_decode_init(&ctx); - if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(buf), strlen(req->pub_auth), reinterpret_cast(req->pub_auth)) || + if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(buf), strlen(req->pub_auth), req->pub_auth) || !base64_decode_final(&ctx)) { debug("cmgr: base64 decode failure. Incomplete auth token string.\n"); xfree(buf); @@ -1191,7 +1191,7 @@ make_auth_header(const cachemgr_request * req) if (encodedLen <= 0) return ""; - uint8_t *str64 = static_cast(xmalloc(encodedLen)); + char *str64 = static_cast(xmalloc(encodedLen)); struct base64_encode_ctx ctx; base64_encode_init(&ctx); size_t blen = base64_encode_update(&ctx, str64, bufLen, reinterpret_cast(buf)); diff --git a/tools/squidclient/gssapi_support.cc b/tools/squidclient/gssapi_support.cc index 578459c1cc..14de023a50 100644 --- a/tools/squidclient/gssapi_support.cc +++ b/tools/squidclient/gssapi_support.cc @@ -131,14 +131,12 @@ GSSAPI_token(const char *server) NULL); if (!check_gss_err(major_status, minor_status, "gss_init_sec_context()") && output_token.length) { - uint8_t *b64buf = new uint8_t[base64_encode_len(output_token.length)]; + token = new char[base64_encode_len(output_token.length)]; struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, b64buf, output_token.length, reinterpret_cast(output_token.value)); - blen += base64_encode_final(&ctx, b64buf+blen); - b64buf[blen] = '\0'; - - token = reinterpret_cast(b64buf); + size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast(output_token.value)); + blen += base64_encode_final(&ctx, token+blen); + token[blen] = '\0'; } } diff --git a/tools/squidclient/squidclient.cc b/tools/squidclient/squidclient.cc index 71976125a9..12255ffb98 100644 --- a/tools/squidclient/squidclient.cc +++ b/tools/squidclient/squidclient.cc @@ -481,12 +481,12 @@ main(int argc, char *argv[]) std::cerr << "ERROR: Proxy password missing" << std::endl; exit(EXIT_FAILURE); } - uint8_t *pwdBuf = new uint8_t[base64_encode_len(strlen(user)+1+strlen(password))]; + char *pwdBuf = new char[base64_encode_len(strlen(user)+1+strlen(password))]; blen = base64_encode_update(&ctx, pwdBuf, strlen(user), reinterpret_cast(user)); blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast(":")); blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast(password)); blen += base64_encode_final(&ctx, pwdBuf+blen); - snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %.*s\r\n", (int)blen, reinterpret_cast(pwdBuf)); + snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %.*s\r\n", static_cast(blen), pwdBuf); strcat(msg, buf); delete[] pwdBuf; } @@ -501,12 +501,12 @@ main(int argc, char *argv[]) std::cerr << "ERROR: WWW password missing" << std::endl; exit(EXIT_FAILURE); } - uint8_t *pwdBuf = new uint8_t[base64_encode_len(strlen(user)+1+strlen(password))]; + char *pwdBuf = new char[base64_encode_len(strlen(user)+1+strlen(password))]; blen = base64_encode_update(&ctx, pwdBuf, strlen(user), reinterpret_cast(user)); blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast(":")); blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast(password)); blen += base64_encode_final(&ctx, pwdBuf+blen); - snprintf(buf, BUFSIZ, "Authorization: Basic %.*s\r\n", (int)blen, reinterpret_cast(pwdBuf)); + snprintf(buf, BUFSIZ, "Authorization: Basic %.*s\r\n", static_cast(blen), pwdBuf); strcat(msg, buf); delete[] pwdBuf; } -- 2.39.5