Commit 5865b7df authored by David Woodhouse's avatar David Woodhouse

Add openconnect_sha1() function and use it instead of using OpenSSL directly

This also adds openssl.c that OpenSSL-specific functions will migrate to.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent e57861db
......@@ -17,7 +17,7 @@ openconnect_SOURCES = xml.c main.c dtls.c cstp.c mainloop.c tun.c
openconnect_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS)
openconnect_LDADD = libopenconnect.la $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL)
library_srcs = ssl.c http.c auth.c library.c compat.c
library_srcs = ssl.c http.c auth.c library.c compat.c @SSL_LIBRARY@.c
libopenconnect_la_SOURCES = version.c $(library_srcs)
libopenconnect_la_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL)
......
......@@ -351,9 +351,8 @@ static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu,
char buf[MAX_BUF_LEN];
char *config_buf = NULL;
int result, buflen;
unsigned char local_sha1_bin[SHA_DIGEST_LENGTH];
char local_sha1_ascii[(SHA_DIGEST_LENGTH * 2)+1];
EVP_MD_CTX c;
unsigned char local_sha1_bin[SHA1_SIZE];
char local_sha1_ascii[(SHA1_SIZE * 2)+1];
int i;
sprintf(buf, "GET %s%s HTTP/1.1\r\n", fu, bu);
......@@ -387,11 +386,9 @@ static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu,
return -EINVAL;
}
EVP_MD_CTX_init(&c);
EVP_Digest(config_buf, buflen, local_sha1_bin, NULL, EVP_sha1(), NULL);
EVP_MD_CTX_cleanup(&c);
openconnect_sha1(local_sha1_bin, config_buf, buflen);
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
for (i = 0; i < SHA1_SIZE; i++)
sprintf(&local_sha1_ascii[i*2], "%02x", local_sha1_bin[i]);
if (strcasecmp(server_sha1, local_sha1_ascii)) {
......@@ -853,7 +850,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
fu = tok + 3;
else if (!strncmp(tok, "fh:", 3)) {
if (!strncasecmp(tok+3, vpninfo->xmlsha1,
SHA_DIGEST_LENGTH * 2))
SHA1_SIZE * 2))
break;
sha = tok + 3;
}
......
......@@ -54,4 +54,5 @@ OPENCONNECT_PRIVATE {
openconnect_create_useragent;
openconnect_report_ssl_errors;
openconnect_get_cert_details;
openconnect_sha1;
};
......@@ -48,6 +48,8 @@
#endif
#define N_(s) s
#define SHA1_SIZE 20
/****************************************************************************/
struct pkt {
......@@ -124,7 +126,7 @@ struct openconnect_info {
const char *cafile;
const char *servercert;
const char *xmlconfig;
char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
char xmlsha1[(SHA1_SIZE * 2) + 1];
char *username;
char *password;
char *authgroup;
......@@ -289,6 +291,9 @@ int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
char *buf);
void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
/* ${SSL_LIBRARY}.c */
int openconnect_sha1(unsigned char *result, void *data, int len);
/* mainloop.c */
int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
int vpn_mainloop(struct openconnect_info *vpninfo);
......
/*
* OpenConnect (SSL + DTLS) VPN client
*
* Copyright © 2008-2012 Intel Corporation.
*
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to:
*
* Free Software Foundation, Inc.
* 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA
*/
#include <openssl/evp.h>
#include "openconnect-internal.h"
int openconnect_sha1(unsigned char *result, void *data, int len)
{
EVP_MD_CTX c;
EVP_MD_CTX_init(&c);
EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL);
EVP_MD_CTX_cleanup(&c);
return 0;
}
......@@ -41,8 +41,7 @@ int config_lookup_host(struct openconnect_info *vpninfo, const char *host)
int fd, i;
struct stat st;
char *xmlfile;
EVP_MD_CTX c;
unsigned char sha1[SHA_DIGEST_LENGTH];
unsigned char sha1[SHA1_SIZE];
xmlDocPtr xml_doc;
xmlNode *xml_node, *xml_node2;
......@@ -69,11 +68,13 @@ int config_lookup_host(struct openconnect_info *vpninfo, const char *host)
return -1;
}
EVP_MD_CTX_init(&c);
EVP_Digest(xmlfile, st.st_size, sha1, NULL, EVP_sha1(), NULL);
EVP_MD_CTX_cleanup(&c);
if (openconnect_sha1(sha1, xmlfile, st.st_size)) {
fprintf(stderr, _("Failed to SHA1 existing file\n"));
close(fd);
return -1;
}
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
for (i = 0; i < SHA1_SIZE; i++)
sprintf(&vpninfo->xmlsha1[i*2], "%02x", sha1[i]);
vpn_progress(vpninfo, PRG_TRACE, _("XML config file SHA1: %s\n"),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment