http: digest - do not use EVP_sha512_256() for nonce, check openssl version

diff --git a/src/http.c b/src/http.c
index 443493152e17af7c40fe8de2b5d3da14cc4e4bef..1e2bea391cae6de4ff127fe68885622e97e9bca3 100644 (file)
--- a/src/http.c
+++ b/src/http.c
@@ -26,6 +26,8 @@
 #include "htsmsg_json.h"
 #include "compat.h"
 
+#include "openssl/opensslv.h"
+
 #if ENABLE_ANDROID
 #include <sys/socket.h>
 #endif
@@ -266,7 +268,7 @@ http_get_nonce(http_connection_t *hc)
     mono ^= 0xa1687211885fcd30LL;
     xor ^= 0xf6e398624aa55013LL;
     snprintf(stamp, sizeof(stamp), "A!*Fz32%"PRId64"%"PRId64, mono, xor);
-    m = sha512sum256_base64(stamp);
+    m = sha256sum_base64(stamp);
     if (m == NULL) return -1;
     strlcpy(n->nonce, m, sizeof(n->nonce));
     tvh_mutex_lock(&global_lock);
@@ -308,7 +310,7 @@ http_get_opaque(http_connection_t *hc, const char *realm)
   char *a = alloca(strlen(realm) + strlen(hc->hc_nonce) + 1);
   strcpy(a, realm);
   strcat(a, hc->hc_nonce);
-  return sha512sum256_base64(a);
+  return sha256sum_base64(a);
 }
 
 /**
@@ -402,10 +404,17 @@ http_send_header(http_connection_t *hc, int rc, const char *content,
       char *opaque;
       if (hc->hc_nonce == NULL && http_get_nonce(hc)) goto __noauth;
       opaque = http_get_opaque(hc, realm);
+      if (opaque == NULL) goto __noauth;
       if (config.http_auth_algo != HTTP_AUTH_ALGO_MD5)
         http_auth_header(&hdrs, realm,
                          config.http_auth_algo == HTTP_AUTH_ALGO_SHA256 ?
-                           "SHA-256" : "SHA-512-256", hc->hc_nonce, opaque);
+                           "SHA-256" :
+#if OPENSSL_VERSION_NUMBER >= 0x1010101fL
+                             "SHA-512-256",
+#else
+                             "SHA-256",
+#endif
+                           hc->hc_nonce, opaque);
       http_auth_header(&hdrs, realm, NULL, hc->hc_nonce, opaque);
       free(opaque);
     } else {

diff --git a/src/tvheadend.h b/src/tvheadend.h
index 1d40a458dd69af1265a1b564c1d3ba6836c2e086..072391d3e0db5942dbeab9e7f221d3b8d042fc59 100644 (file)
--- a/src/tvheadend.h
+++ b/src/tvheadend.h
@@ -274,7 +274,7 @@ static inline int64_t ts_rescale_inv(int64_t ts, int tb)
 char *md5sum ( const char *str, int lowercase );
 char *sha256sum ( const char *str, int lowercase );
 char *sha512sum256 ( const char *str, int lowercase );
-char *sha512sum256_base64 ( const char *str );
+char *sha256sum_base64 ( const char *str );
 
 int makedirs ( int subsys, const char *path, int mode, int mstrict, gid_t gid, uid_t uid );
 

diff --git a/src/utils.c b/src/utils.c
index f6ce8340f9eda38c3188c127c5cf68d3f14ce854..c3557bbf3f547a4fc9ce4744dd61f4c61a8c4044 100644 (file)
--- a/src/utils.c
+++ b/src/utils.c
@@ -21,6 +21,7 @@
 #include <string.h>
 #include <assert.h>
 #include <openssl/evp.h>
+#include <openssl/opensslv.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <dirent.h>
@@ -610,16 +611,20 @@ sha256sum ( const char *str, int lowercase )
 char *
 sha512sum256 ( const char *str, int lowercase )
 {
+#if OPENSSL_VERSION_NUMBER >= 0x1010101fL
   return openssl_hash_hexstr(str, lowercase, EVP_sha512_256(), 32);
+#else
+  return NULL;
+#endif
 }
 
 char *
-sha512sum256_base64 ( const char *str )
+sha256sum_base64 ( const char *str )
 {
   uint8_t hash[32];
   char *out = malloc(64);
   if (out == NULL) return NULL;
-  if (openssl_hash(hash, (const uint8_t *)str, strlen(str), EVP_sha512_256()) == NULL) {
+  if (openssl_hash(hash, (const uint8_t *)str, strlen(str), EVP_sha256()) == NULL) {
     free(out);
     return NULL;
   }