Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Simplify ESP conditionals
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Sep 10, 2016
1 parent 1e374cf commit c81ebc6
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 27 deletions.
12 changes: 6 additions & 6 deletions Makefile.am
Expand Up @@ -33,6 +33,7 @@ lib_srcs_iconv = iconv.c
lib_srcs_oath = oath.c
lib_srcs_yubikey = yubikey.c
lib_srcs_stoken = stoken.c
lib_srcs_esp = esp.c esp-seqno.c

POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_juniper) \
gnutls-esp.c openssl-esp.c esp.c esp-seqno.c \
Expand All @@ -52,15 +53,14 @@ library_srcs += $(lib_srcs_gssapi)
endif
if OPENCONNECT_GNUTLS
library_srcs += $(lib_srcs_gnutls)
endif
if ESP_GNUTLS
lib_srcs_juniper += gnutls-esp.c esp.c esp-seqno.c
endif
if ESP_OPENSSL
lib_srcs_juniper += openssl-esp.c esp.c esp-seqno.c
lib_srcs_esp += gnutls-esp.c
endif
if OPENCONNECT_OPENSSL
library_srcs += $(lib_srcs_openssl)
lib_srcs_esp += openssl-esp.c
endif
if OPENCONNECT_ESP
lib_srcs_juniper += $(lib_srcs_esp)
endif
if OPENCONNECT_ICONV
library_srcs += $(lib_srcs_iconv)
Expand Down
21 changes: 8 additions & 13 deletions configure.ac
Expand Up @@ -266,6 +266,7 @@ AC_ARG_WITH([openssl],
AS_HELP_STRING([--with-openssl], [Location of OpenSSL build dir]))

ssl_library=
esp=

if test "$with_openssl" != "" -a "$with_openssl" != "no"; then
if test "$with_gnutls" = ""; then
Expand Down Expand Up @@ -439,9 +440,8 @@ case "$ssl_library" in
[AC_MSG_RESULT(no)])

AC_CHECK_FUNC(HMAC_CTX_copy,
[esp=openssl],
[esp=none
AC_MSG_WARN([ESP support will be disabled])])
[esp=yes],
[AC_MSG_WARN([ESP support will be disabled])])

LIBS="${oldLIBS}"
CFLAGS="${oldCFLAGS}"
Expand Down Expand Up @@ -499,7 +499,7 @@ case "$ssl_library" in
AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"], [Location of System CA trust file])
fi
AC_CHECK_FUNC(gnutls_cipher_set_iv,
[esp=gnutls], [esp=none])
[esp=yes], [])
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
[AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1, [From GnuTLS 3.1.0])], [])
AC_CHECK_FUNC(gnutls_certificate_set_key,
Expand Down Expand Up @@ -541,9 +541,6 @@ case "$ssl_library" in
AC_SUBST(SSL_PC, [gnutls])
AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
if test "$have_gnutls_esp" = "yes"; then
esp=gnutls
fi
;;

*)
Expand Down Expand Up @@ -572,12 +569,10 @@ AM_CONDITIONAL(TEST_DSA, [test "$enable_dsa_tests" = "yes"])

AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" = "GnuTLS" ])
AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ])
AM_CONDITIONAL(ESP_GNUTLS, [ test "$esp" = "gnutls" ])
AM_CONDITIONAL(ESP_OPENSSL, [ test "$esp" = "openssl" ])
if test "$esp" = "gnutls"; then
AC_DEFINE(ESP_GNUTLS, 1, [Using GnuTLS for ESP])
elif test "$esp" = "openssl"; then
AC_DEFINE(ESP_OPENSSL, 1, [Using OpenSSL for ESP])
AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ])

if test "$esp" != ""; then
AC_DEFINE(HAVE_ESP, 1, [Build with ESP support])
fi


Expand Down
2 changes: 1 addition & 1 deletion library.c
Expand Up @@ -127,7 +127,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = oncp_mainloop,
.add_http_headers = oncp_common_headers,
.obtain_cookie = oncp_obtain_cookie,
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
.udp_setup = esp_setup,
.udp_mainloop = esp_mainloop,
.udp_close = esp_close,
Expand Down
8 changes: 4 additions & 4 deletions oncp.c
Expand Up @@ -433,7 +433,7 @@ static const unsigned char data_hdr[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x2c, 0x01, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00 };

#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
static const unsigned char esp_kmp_hdr[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x2e,
0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, /* KMP header */
Expand Down Expand Up @@ -775,7 +775,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
put_len32(reqbuf, group);
put_len16(reqbuf, kmp);

#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
if (!setup_esp_keys(vpninfo)) {
struct esp *esp = &vpninfo->esp_in[vpninfo->current_esp_in];
/* Since we'll want to do this in the oncp_mainloop too, where it's easier
Expand Down Expand Up @@ -824,7 +824,7 @@ int oncp_connect(struct openconnect_info *vpninfo)

static int oncp_receive_espkeys(struct openconnect_info *vpninfo, int len)
{
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
int ret;

ret = parse_conf_pkt(vpninfo, vpninfo->cstp_pkt->oncp.kmp, len + 20, 301);
Expand Down Expand Up @@ -1099,7 +1099,7 @@ int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout)
/* XXX: Do we have to do this or can we leave it open?
* Perhaps we could even reconnect asynchronously while
* the ESP is still running? */
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
esp_shutdown(vpninfo);
#endif
ret = ssl_reconnect(vpninfo);
Expand Down
6 changes: 3 additions & 3 deletions openconnect-internal.h
Expand Up @@ -323,12 +323,12 @@ static inline void init_pkt_queue(struct pkt_q *q)

#define LINK_TO_TUNNEL_MTU(linkmtu) \
(linkmtu - DTLS_OVERHEAD)

struct esp {
#if defined(ESP_GNUTLS)
#if defined(OPENCONNECT_GNUTLS)
gnutls_cipher_hd_t cipher;
gnutls_hmac_hd_t hmac;
#elif defined(ESP_OPENSSL)
#elif defined(OPENCONNECT_OPENSSL)
HMAC_CTX *hmac, *pkt_hmac;
EVP_CIPHER_CTX *cipher;
#endif
Expand Down

0 comments on commit c81ebc6

Please sign in to comment.