about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-07-14 03:32:00 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-07-14 03:33:56 +0200
commitc3b5b5f648d953307672a4b30e9222787668f708 (patch)
tree6b2179805885fe812fddc8d54d8e8fd5ee4f6292
parentBump version. (diff)
downloadcgit-pink-c3b5b5f648d953307672a4b30e9222787668f708.tar.gz
cgit-pink-c3b5b5f648d953307672a4b30e9222787668f708.zip
auth-filters: do not use HMAC-SHA1
Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our
luck; SHA256 is more sensible anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat
-rw-r--r--filters/gentoo-ldap-authentication.lua4
-rw-r--r--filters/simple-authentication.lua4
2 files changed, 4 insertions, 4 deletions
diff --git a/filters/gentoo-ldap-authentication.lua b/filters/gentoo-ldap-authentication.lua
index 6d8eb3e..c1e382f 100644
--- a/filters/gentoo-ldap-authentication.lua
+++ b/filters/gentoo-ldap-authentication.lua
@@ -271,7 +271,7 @@ function validate_value(expected_field, cookie)
 	end
 
 	-- Lua hashes strings, so these comparisons are time invariant.
-	if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+	if hmac ~= crypto.hmac.digest("sha256", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
 		return nil
 	end
 
@@ -296,7 +296,7 @@ function secure_value(field, value, expiration)
 	value = url_encode(value)
 	field = url_encode(field)
 	authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
-	authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+	authstr = authstr .. "|" .. crypto.hmac.digest("sha256", authstr, secret)
 	return authstr
 end
 
diff --git a/filters/simple-authentication.lua b/filters/simple-authentication.lua
index de34d09..596c041 100644
--- a/filters/simple-authentication.lua
+++ b/filters/simple-authentication.lua
@@ -231,7 +231,7 @@ function validate_value(expected_field, cookie)
 	end
 
 	-- Lua hashes strings, so these comparisons are time invariant.
-	if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+	if hmac ~= crypto.hmac.digest("sha256", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
 		return nil
 	end
 
@@ -256,7 +256,7 @@ function secure_value(field, value, expiration)
 	value = url_encode(value)
 	field = url_encode(field)
 	authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
-	authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+	authstr = authstr .. "|" .. crypto.hmac.digest("sha256", authstr, secret)
 	return authstr
 end
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 22:26:28 +0000
pan title='2009-07-25 12:25:06 +0200'>2009-07-25cgit.h: keep config flags sortedLars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-07-25cgitrc.5.txt: document 'embedded' and 'noheader'Lars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-07-25Add support for 'noheader' optionLars Hjemli This option can be used to disable the standard cgit page header, which might be useful in combination with the 'embedded' option. Suggested-by: Mark Constable <markc@renta.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-07-25cgitrc.5.txt: document 'head-include'Lars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-07-25ui-blob: return 'application/octet-stream' for binary blobsLars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-07-25ui-plain: Return 'application/octet-stream' for binary files.Remko Tronçon Signed-off-by: Remko Tronçon <git@el-tramo.be> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-06-11use cgit_httpscheme() for atom feedDiego Ongaro 2009-06-11add cgit_httpscheme() -> http:// or https://Diego Ongaro 2009-06-07Return http statuscode 404 on unknown branchLars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-06-07Add head-include configuration option.Mark Lodato This patch adds an option to the configuration file, "head-include", which works just like "header" or "footer", except the content is put into the HTML's <head> tag. 2009-03-15CGIT 0.8.2.1Lars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-03-15Fix doc-related glitches in Makefile and .gitignoreLars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-03-15ui-snapshot: avoid segfault when no filename is specifiedLars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-03-15fix segfault when displaying empty blobsEric Wong When size is zero, subtracting one from it turns it into ULONG_MAX which causes an out-of-bounds access on buf. Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-02-19Add support for HEAD requestsLars Hjemli This is a quick 'n dirty hack which makes cgit honor HEAD requests. Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-02-19Add support for ETag in 'plain' viewLars Hjemli When downloading a blob identified by its path, the client might want to know if the blob has been modified since a previous download of the same path. To this end, an ETag containing the blob SHA1 seems to be ideal. Todo: add support for HEAD requests... Suggested-by: Owen Taylor <otaylor@redhat.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-02-12ui-tree: escape ascii-text properly in hexdump viewLars Hjemli Signed-off-by: Lars Hjemli <hjemli@gmail.com> 2009-02-12Makefile: add doc-related targetsLars Hjemli