From 451041cd8cdf1dbf19b30d048af62626ac962432 Mon Sep 17 00:00:00 2001 From: Breno Silva Date: Tue, 30 Oct 2012 18:19:11 -0400 Subject: [PATCH] Change names of HMAC feature to HASH --- apache2/apache2_io.c | 4 +-- apache2/msc_crypt.c | 58 ++++++++++++++++++++++---------------------- apache2/msc_crypt.h | 11 +++------ 3 files changed, 34 insertions(+), 39 deletions(-) diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index 71900f03..e6f28b75 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -597,9 +597,9 @@ static int flatten_response_body(modsec_rec *msr) { retval = init_response_body_html_parser(msr); if(retval == 1) { - retval = encrypt_response_body_links(msr); + retval = hash_response_body_links(msr); if(retval > 0) { - retval = inject_encrypted_response_body(msr, retval); + retval = inject_hashed_response_body(msr, retval); if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "Hash completed in %" APR_TIME_T_FMT " usec.", (apr_time_now() - time1)); } diff --git a/apache2/msc_crypt.c b/apache2/msc_crypt.c index b0f1863c..d1d810fa 100644 --- a/apache2/msc_crypt.c +++ b/apache2/msc_crypt.c @@ -369,7 +369,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) { error_msg = apr_psprintf(msr->mp, "Execution error - " - "PCRE limits exceeded for Encrytion regex [%s] (%d): %s", + "PCRE limits exceeded for Hash regex [%s] (%d): %s", em[i]->param,rc, my_error_msg); if (msr->txcfg->debuglog_level >= 4) @@ -424,7 +424,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) { error_msg = apr_psprintf(msr->mp, "Execution error - " - "PCRE limits exceeded for Encrytion regex [%s] (%d): %s", + "PCRE limits exceeded for Hash regex [%s] (%d): %s", em[i]->param,rc, my_error_msg); if (msr->txcfg->debuglog_level >= 4) @@ -479,7 +479,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) { error_msg = apr_psprintf(msr->mp, "Execution error - " - "PCRE limits exceeded for Encrytion regex [%s] (%d): %s", + "PCRE limits exceeded for Hash regex [%s] (%d): %s", em[i]->param,rc, my_error_msg); if (msr->txcfg->debuglog_level >= 4) @@ -534,7 +534,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) { error_msg = apr_psprintf(msr->mp, "Execution error - " - "PCRE limits exceeded for Encrytion regex [%s] (%d): %s", + "PCRE limits exceeded for Hash regex [%s] (%d): %s", em[i]->param,rc, my_error_msg); if (msr->txcfg->debuglog_level >= 4) @@ -589,7 +589,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) { error_msg = apr_psprintf(msr->mp, "Execution error - " - "PCRE limits exceeded for Encrytion regex [%s] (%d): %s", + "PCRE limits exceeded for Hash regex [%s] (%d): %s", em[i]->param,rc, my_error_msg); if (msr->txcfg->debuglog_level >= 4) @@ -617,7 +617,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) { } /** - * \brief Encrypt the html elements + * \brief Hash the html elements * * \param msr ModSecurity transaction resource * @@ -625,7 +625,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) { * \retval 0 No element was changed * \retval -1 On fail */ -int encrypt_response_body_links(modsec_rec *msr) { +int hash_response_body_links(modsec_rec *msr) { int lsize = 0, fsize = 0, lcount = 0, fcount = 0, i; int isize = 0, icount = 0, frsize = 0, frcount = 0; xmlXPathContextPtr xpathCtx = NULL; @@ -639,7 +639,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if (msr->crypto_html_tree == NULL) { if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "encrypt_response_body_links: Cannot parse NULL html tree"); + msr_log(msr, 4, "hash_response_body_links: Cannot parse NULL html tree"); return -1; } @@ -652,7 +652,7 @@ int encrypt_response_body_links(modsec_rec *msr) { xpathCtx = xmlXPathNewContext(msr->crypto_html_tree); if(xpathCtx == NULL) { if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "encrypt_response_body_links: Unable to create Xpath context."); + msr_log(msr, 4, "hash_response_body_links: Unable to create Xpath context."); goto ctx_error; } @@ -664,7 +664,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(xpathObj == NULL) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, - "encrypt_response_body_links: Unable to evaluate xpath expression."); + "hash_response_body_links: Unable to evaluate xpath expression."); goto obj_error; } @@ -728,7 +728,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(xpathObj == NULL) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, - "encrypt_response_body_links: Unable to evaluate xpath expression."); + "hash_response_body_links: Unable to evaluate xpath expression."); goto obj_error; } @@ -804,7 +804,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(xpathObj == NULL) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, - "encrypt_response_body_links: Unable to evaluate xpath expression."); + "hash_response_body_links: Unable to evaluate xpath expression."); goto obj_error; } @@ -869,7 +869,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(xpathObj == NULL) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, - "encrypt_response_body_links: Unable to evaluate xpath expression."); + "hash_response_body_links: Unable to evaluate xpath expression."); goto obj_error; } @@ -933,10 +933,10 @@ int encrypt_response_body_links(modsec_rec *msr) { xmlXPathFreeContext(xpathCtx); if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "encrypt_response_body_links: Processed [%d] iframe src, [%d] encrypted.",isize, icount); - msr_log(msr, 4, "encrypt_response_body_links: Processed [%d] frame src, [%d] encrypted.",frsize, frcount); - msr_log(msr, 4, "encrypt_response_body_links: Processed [%d] form actions, [%d] encrypted.",fsize, fcount); - msr_log(msr, 4, "encrypt_response_body_links: Processed [%d] links, [%d] encrypted.",lsize, lcount); + msr_log(msr, 4, "hash_response_body_links: Processed [%d] iframe src, [%d] hashed.",isize, icount); + msr_log(msr, 4, "hash_response_body_links: Processed [%d] frame src, [%d] hashed.",frsize, frcount); + msr_log(msr, 4, "hash_response_body_links: Processed [%d] form actions, [%d] hashed.",fsize, fcount); + msr_log(msr, 4, "hash_response_body_links: Processed [%d] links, [%d] hashed.",lsize, lcount); } if(msr->of_stream_changed == 0) { @@ -965,12 +965,12 @@ ctx_error: * \brief Inject the new response body * * \param msr ModSecurity transaction resource - * \param elts Number of encrypted elements + * \param elts Number of hashed elements * * \retval 1 On success * \retval -1 On fail */ -int inject_encrypted_response_body(modsec_rec *msr, int elts) { +int inject_hashed_response_body(modsec_rec *msr, int elts) { xmlOutputBufferPtr output_buf = NULL; xmlCharEncodingHandlerPtr handler = NULL; char *p = NULL; @@ -984,7 +984,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { if (msr->crypto_html_tree == NULL) { if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Cannot parse NULL html tree"); + msr_log(msr, 4, "inject_hashed_response_body: Cannot parse NULL html tree"); return -1; } @@ -1011,7 +1011,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { } if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Detected encoding type [%s].", encoding); + msr_log(msr, 4, "inject_hashed_response_body: Detected encoding type [%s].", encoding); if (handler == NULL) handler = xmlFindCharEncodingHandler("UTF-8"); @@ -1032,12 +1032,12 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { apr_table_set(msr->r->err_headers_out,"Content-Type",new_ct); if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Using content-type [%s].", handler->name); + msr_log(msr, 4, "inject_hashed_response_body: Using content-type [%s].", handler->name); output_buf = xmlAllocOutputBuffer(handler); if (output_buf == NULL) { if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Unable to allocate memory buffer."); + msr_log(msr, 4, "inject_hashed_response_body: Unable to allocate memory buffer."); xmlFreeDoc(msr->crypto_html_tree); return -1; } @@ -1073,7 +1073,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length); if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf)); + msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf)); } else { @@ -1102,7 +1102,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length); if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf)); + msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf)); } @@ -1135,7 +1135,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { memcpy(msr->stream_output_data, output_buf->buffer->content, msr->stream_output_length); if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", output_buf->buffer->use); + msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", output_buf->buffer->use); } else { @@ -1164,7 +1164,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { memcpy(msr->stream_output_data, output_buf->conv->content, msr->stream_output_length); if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", output_buf->conv->use); + msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", output_buf->conv->use); } @@ -1176,13 +1176,13 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { apr_table_unset(msr->r->headers_out,"Content-Length"); if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Setting new content value %s", content_value); + msr_log(msr, 4, "inject_hashed_response_body: Setting new content value %s", content_value); apr_table_set(msr->r->headers_out, "Content-Length", content_value); xmlFreeDoc(msr->crypto_html_tree); if (msr->txcfg->debuglog_level >= 4) - msr_log(msr, 4, "inject_encrypted_response_body: Stream buffer [%"APR_SIZE_T_FMT"]. Done",msr->stream_output_length); + msr_log(msr, 4, "inject_hashed_response_body: Stream buffer [%"APR_SIZE_T_FMT"]. Done",msr->stream_output_length); return 1; } diff --git a/apache2/msc_crypt.h b/apache2/msc_crypt.h index 94bb9931..54a6dc7f 100644 --- a/apache2/msc_crypt.h +++ b/apache2/msc_crypt.h @@ -27,11 +27,6 @@ #define INT32_MAX (2147483647) #endif -#define N16BITS_MASK 65536L -#define N16BITS_MAX 0xFFFF -#define N15BITS_MASK 0x7FFF -#define N31BITS_MASK 0x7FFFFFFF - char DSOLOCAL *hmac(modsec_rec *msr, const char *key, int key_len, unsigned char *msg, int msglen); char DSOLOCAL *do_hash_link(modsec_rec *msr, char *link, @@ -39,9 +34,9 @@ char DSOLOCAL *do_hash_link(modsec_rec *msr, char *link, char DSOLOCAL *getkey(apr_pool_t *mp); int DSOLOCAL init_response_body_html_parser(modsec_rec *msr); -int DSOLOCAL encrypt_response_body_links(modsec_rec *msr); -int DSOLOCAL inject_encrypted_response_body(modsec_rec *msr, int elts); -int DSOLOCAL do_encryption_method(modsec_rec *msr, char *link, int type); +int DSOLOCAL hash_response_body_links(modsec_rec *msr); +int DSOLOCAL inject_hashed_response_body(modsec_rec *msr, int elts); +int DSOLOCAL do_hash_method(modsec_rec *msr, char *link, int type); int DSOLOCAL modify_response_header(modsec_rec *msr); char DSOLOCAL *normalize_path(modsec_rec *msr, char *input); #endif