diff --git a/src/cache/cache.c b/src/cache/cache.c index f16a57d13..36b56dc20 100644 --- a/src/cache/cache.c +++ b/src/cache/cache.c @@ -7,7 +7,8 @@ #include #ifdef CONFIG_OPENSSL -#include +#include +#include #endif #include "elinks.h" @@ -934,71 +935,35 @@ shrinked_enough: #ifdef CONFIG_OPENSSL static int -check_sha512(const void *data, size_t len, const char *checksum) +check_sha(const char *name, const unsigned char *data, size_t len, const char *checksum) { - unsigned char digest[SHA512_DIGEST_LENGTH] = {0}; - SHA512_CTX ctx; - SHA512_Init(&ctx); - SHA512_Update(&ctx, data, len); - SHA512_Final(digest, &ctx); + EVP_MD_CTX *mdctx; + const EVP_MD *md; + unsigned char md_value[EVP_MAX_MD_SIZE]; + int md_len; + md = EVP_get_digestbyname(name); + + if (!md) { + return 0; + } + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, data, len); + EVP_DigestFinal_ex(mdctx, md_value, &md_len); + EVP_MD_CTX_free(mdctx); int outlen = 0; - unsigned char *b64 = base64_encode_bin(digest, SHA512_DIGEST_LENGTH, &outlen); + unsigned char *b64 = base64_encode_bin(md_value, md_len, &outlen); int res = 0; if (b64) { res = !memcmp(b64, checksum, outlen); mem_free(b64); } + return res; } -static int -check_sha384(const void *data, size_t len, const char *checksum) -{ - unsigned char digest[SHA384_DIGEST_LENGTH] = {0}; - SHA512_CTX ctx; - SHA384_Init(&ctx); - SHA384_Update(&ctx, data, len); - SHA384_Final(digest, &ctx); - - int outlen = 0; - unsigned char *b64 = base64_encode_bin(digest, SHA384_DIGEST_LENGTH, &outlen); - int res = 0; - - if (b64) { - res = !memcmp(b64, checksum, outlen); - mem_free(b64); - } - return res; -} - -static int -check_sha256(const void *data, size_t len, const char *checksum) -{ - unsigned char digest[SHA256_DIGEST_LENGTH] = {0}; - SHA256_CTX ctx; - SHA256_Init(&ctx); - SHA256_Update(&ctx, data, len); - SHA256_Final(digest, &ctx); - - int outlen = 0; - unsigned char *b64 = base64_encode_bin(digest, SHA256_DIGEST_LENGTH, &outlen); - int res = 0; - - if (b64) { - res = !memcmp(b64, checksum, outlen); - mem_free(b64); - } - return res; -} - -enum alg { - EL_SHA512 = 1, - EL_SHA384 = 2, - EL_SHA256 = 3 -}; - int validate_cache_integrity(struct cache_entry *cached, const char *integrity) { @@ -1010,38 +975,21 @@ validate_cache_integrity(struct cache_entry *cached, const char *integrity) return 0; } while (1) { - int alg = 0; skip_space(ch); - if (!ch) { + if (!(*ch)) { return ret; } if (!strncmp("sha512-", ch, 7)) { - alg = EL_SHA512; ch += 7; + ret = check_sha("sha512", frag->data, frag->length, ch); } else if (!strncmp("sha384-", ch, 7)) { - alg = EL_SHA384; ch += 7; + ret = check_sha("sha384", frag->data, frag->length, ch); } else if (!strncmp("sha256-", ch, 7)) { - alg = EL_SHA256; ch += 7; - } else { - return ret; - } - - switch (alg) { - case EL_SHA512: - ret = check_sha512(frag->data, (size_t)frag->length, ch); - break; - case EL_SHA384: - ret = check_sha384(frag->data, (size_t)frag->length, ch); - break; - case EL_SHA256: - ret = check_sha256(frag->data, (size_t)frag->length, ch); - break; - default: - return ret; + ret = check_sha("sha256", frag->data, frag->length, ch); } if (ret) { return ret;