diff --git a/Makefile.am b/Makefile.am index 49c2872b..62eaf1e2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ openconnect_SOURCES = xml.c main.c dtls.c cstp.c mainloop.c tun.c openconnect_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) openconnect_LDADD = libopenconnect.la $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) -library_srcs = ssl.c http.c auth.c library.c compat.c +library_srcs = ssl.c http.c auth.c library.c compat.c @SSL_LIBRARY@.c libopenconnect_la_SOURCES = version.c $(library_srcs) libopenconnect_la_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) libopenconnect_la_LIBADD = $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL) diff --git a/http.c b/http.c index 602ea8f1..6d27165f 100644 --- a/http.c +++ b/http.c @@ -351,9 +351,8 @@ static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu, char buf[MAX_BUF_LEN]; char *config_buf = NULL; int result, buflen; - unsigned char local_sha1_bin[SHA_DIGEST_LENGTH]; - char local_sha1_ascii[(SHA_DIGEST_LENGTH * 2)+1]; - EVP_MD_CTX c; + unsigned char local_sha1_bin[SHA1_SIZE]; + char local_sha1_ascii[(SHA1_SIZE * 2)+1]; int i; sprintf(buf, "GET %s%s HTTP/1.1\r\n", fu, bu); @@ -387,11 +386,9 @@ static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu, return -EINVAL; } - EVP_MD_CTX_init(&c); - EVP_Digest(config_buf, buflen, local_sha1_bin, NULL, EVP_sha1(), NULL); - EVP_MD_CTX_cleanup(&c); + openconnect_sha1(local_sha1_bin, config_buf, buflen); - for (i = 0; i < SHA_DIGEST_LENGTH; i++) + for (i = 0; i < SHA1_SIZE; i++) sprintf(&local_sha1_ascii[i*2], "%02x", local_sha1_bin[i]); if (strcasecmp(server_sha1, local_sha1_ascii)) { @@ -853,7 +850,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) fu = tok + 3; else if (!strncmp(tok, "fh:", 3)) { if (!strncasecmp(tok+3, vpninfo->xmlsha1, - SHA_DIGEST_LENGTH * 2)) + SHA1_SIZE * 2)) break; sha = tok + 3; } diff --git a/libopenconnect.map.in b/libopenconnect.map.in index 5a01d5cf..bdbc02dd 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -54,4 +54,5 @@ OPENCONNECT_PRIVATE { openconnect_create_useragent; openconnect_report_ssl_errors; openconnect_get_cert_details; + openconnect_sha1; }; diff --git a/openconnect-internal.h b/openconnect-internal.h index 5f532eb7..a79b27d7 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -48,6 +48,8 @@ #endif #define N_(s) s +#define SHA1_SIZE 20 + /****************************************************************************/ struct pkt { @@ -124,7 +126,7 @@ struct openconnect_info { const char *cafile; const char *servercert; const char *xmlconfig; - char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1]; + char xmlsha1[(SHA1_SIZE * 2) + 1]; char *username; char *password; char *authgroup; @@ -289,6 +291,9 @@ int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert, char *buf); void openconnect_report_ssl_errors(struct openconnect_info *vpninfo); +/* ${SSL_LIBRARY}.c */ +int openconnect_sha1(unsigned char *result, void *data, int len); + /* mainloop.c */ int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events); int vpn_mainloop(struct openconnect_info *vpninfo); diff --git a/openssl.c b/openssl.c new file mode 100644 index 00000000..c18478f1 --- /dev/null +++ b/openssl.c @@ -0,0 +1,38 @@ +/* + * OpenConnect (SSL + DTLS) VPN client + * + * Copyright © 2008-2012 Intel Corporation. + * + * Author: David Woodhouse + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1, as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to: + * + * Free Software Foundation, Inc. + * 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA + */ + +#include + +#include "openconnect-internal.h" + +int openconnect_sha1(unsigned char *result, void *data, int len) +{ + EVP_MD_CTX c; + + EVP_MD_CTX_init(&c); + EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL); + EVP_MD_CTX_cleanup(&c); + + return 0; +} diff --git a/xml.c b/xml.c index 5a029eb0..50fe54fd 100644 --- a/xml.c +++ b/xml.c @@ -41,8 +41,7 @@ int config_lookup_host(struct openconnect_info *vpninfo, const char *host) int fd, i; struct stat st; char *xmlfile; - EVP_MD_CTX c; - unsigned char sha1[SHA_DIGEST_LENGTH]; + unsigned char sha1[SHA1_SIZE]; xmlDocPtr xml_doc; xmlNode *xml_node, *xml_node2; @@ -69,11 +68,13 @@ int config_lookup_host(struct openconnect_info *vpninfo, const char *host) return -1; } - EVP_MD_CTX_init(&c); - EVP_Digest(xmlfile, st.st_size, sha1, NULL, EVP_sha1(), NULL); - EVP_MD_CTX_cleanup(&c); + if (openconnect_sha1(sha1, xmlfile, st.st_size)) { + fprintf(stderr, _("Failed to SHA1 existing file\n")); + close(fd); + return -1; + } - for (i = 0; i < SHA_DIGEST_LENGTH; i++) + for (i = 0; i < SHA1_SIZE; i++) sprintf(&vpninfo->xmlsha1[i*2], "%02x", sha1[i]); vpn_progress(vpninfo, PRG_TRACE, _("XML config file SHA1: %s\n"),