Commit c81ebc6f authored by David Woodhouse's avatar David Woodhouse

Simplify ESP conditionals

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 1e374cf4
......@@ -33,6 +33,7 @@ lib_srcs_iconv = iconv.c
lib_srcs_oath = oath.c
lib_srcs_yubikey = yubikey.c
lib_srcs_stoken = stoken.c
lib_srcs_esp = esp.c esp-seqno.c
POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_juniper) \
gnutls-esp.c openssl-esp.c esp.c esp-seqno.c \
......@@ -52,15 +53,14 @@ library_srcs += $(lib_srcs_gssapi)
endif
if OPENCONNECT_GNUTLS
library_srcs += $(lib_srcs_gnutls)
endif
if ESP_GNUTLS
lib_srcs_juniper += gnutls-esp.c esp.c esp-seqno.c
endif
if ESP_OPENSSL
lib_srcs_juniper += openssl-esp.c esp.c esp-seqno.c
lib_srcs_esp += gnutls-esp.c
endif
if OPENCONNECT_OPENSSL
library_srcs += $(lib_srcs_openssl)
lib_srcs_esp += openssl-esp.c
endif
if OPENCONNECT_ESP
lib_srcs_juniper += $(lib_srcs_esp)
endif
if OPENCONNECT_ICONV
library_srcs += $(lib_srcs_iconv)
......
......@@ -266,6 +266,7 @@ AC_ARG_WITH([openssl],
AS_HELP_STRING([--with-openssl], [Location of OpenSSL build dir]))
ssl_library=
esp=
if test "$with_openssl" != "" -a "$with_openssl" != "no"; then
if test "$with_gnutls" = ""; then
......@@ -439,9 +440,8 @@ case "$ssl_library" in
[AC_MSG_RESULT(no)])
AC_CHECK_FUNC(HMAC_CTX_copy,
[esp=openssl],
[esp=none
AC_MSG_WARN([ESP support will be disabled])])
[esp=yes],
[AC_MSG_WARN([ESP support will be disabled])])
LIBS="${oldLIBS}"
CFLAGS="${oldCFLAGS}"
......@@ -499,7 +499,7 @@ case "$ssl_library" in
AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"], [Location of System CA trust file])
fi
AC_CHECK_FUNC(gnutls_cipher_set_iv,
[esp=gnutls], [esp=none])
[esp=yes], [])
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
[AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1, [From GnuTLS 3.1.0])], [])
AC_CHECK_FUNC(gnutls_certificate_set_key,
......@@ -541,9 +541,6 @@ case "$ssl_library" in
AC_SUBST(SSL_PC, [gnutls])
AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
if test "$have_gnutls_esp" = "yes"; then
esp=gnutls
fi
;;
*)
......@@ -572,12 +569,10 @@ AM_CONDITIONAL(TEST_DSA, [test "$enable_dsa_tests" = "yes"])
AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" = "GnuTLS" ])
AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ])
AM_CONDITIONAL(ESP_GNUTLS, [ test "$esp" = "gnutls" ])
AM_CONDITIONAL(ESP_OPENSSL, [ test "$esp" = "openssl" ])
if test "$esp" = "gnutls"; then
AC_DEFINE(ESP_GNUTLS, 1, [Using GnuTLS for ESP])
elif test "$esp" = "openssl"; then
AC_DEFINE(ESP_OPENSSL, 1, [Using OpenSSL for ESP])
AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ])
if test "$esp" != ""; then
AC_DEFINE(HAVE_ESP, 1, [Build with ESP support])
fi
......
......@@ -127,7 +127,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = oncp_mainloop,
.add_http_headers = oncp_common_headers,
.obtain_cookie = oncp_obtain_cookie,
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
.udp_setup = esp_setup,
.udp_mainloop = esp_mainloop,
.udp_close = esp_close,
......
......@@ -433,7 +433,7 @@ static const unsigned char data_hdr[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x2c, 0x01, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00 };
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
static const unsigned char esp_kmp_hdr[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x2e,
0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, /* KMP header */
......@@ -775,7 +775,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
put_len32(reqbuf, group);
put_len16(reqbuf, kmp);
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
if (!setup_esp_keys(vpninfo)) {
struct esp *esp = &vpninfo->esp_in[vpninfo->current_esp_in];
/* Since we'll want to do this in the oncp_mainloop too, where it's easier
......@@ -824,7 +824,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
static int oncp_receive_espkeys(struct openconnect_info *vpninfo, int len)
{
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
int ret;
ret = parse_conf_pkt(vpninfo, vpninfo->cstp_pkt->oncp.kmp, len + 20, 301);
......@@ -1099,7 +1099,7 @@ int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout)
/* XXX: Do we have to do this or can we leave it open?
* Perhaps we could even reconnect asynchronously while
* the ESP is still running? */
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
#ifdef HAVE_ESP
esp_shutdown(vpninfo);
#endif
ret = ssl_reconnect(vpninfo);
......
......@@ -323,12 +323,12 @@ static inline void init_pkt_queue(struct pkt_q *q)
#define LINK_TO_TUNNEL_MTU(linkmtu) \
(linkmtu - DTLS_OVERHEAD)
struct esp {
#if defined(ESP_GNUTLS)
#if defined(OPENCONNECT_GNUTLS)
gnutls_cipher_hd_t cipher;
gnutls_hmac_hd_t hmac;
#elif defined(ESP_OPENSSL)
#elif defined(OPENCONNECT_OPENSSL)
HMAC_CTX *hmac, *pkt_hmac;
EVP_CIPHER_CTX *cipher;
#endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment