From c81ebc6f8405b40befa2f538bf362e574671ef89 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 10 Sep 2016 19:58:56 +0100 Subject: [PATCH] Simplify ESP conditionals Signed-off-by: David Woodhouse --- Makefile.am | 12 ++++++------ configure.ac | 21 ++++++++------------- library.c | 2 +- oncp.c | 8 ++++---- openconnect-internal.h | 6 +++--- 5 files changed, 22 insertions(+), 27 deletions(-) diff --git a/Makefile.am b/Makefile.am index 51d63724..04123fce 100644 --- a/Makefile.am +++ b/Makefile.am @@ -33,6 +33,7 @@ lib_srcs_iconv = iconv.c lib_srcs_oath = oath.c lib_srcs_yubikey = yubikey.c lib_srcs_stoken = stoken.c +lib_srcs_esp = esp.c esp-seqno.c POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_juniper) \ gnutls-esp.c openssl-esp.c esp.c esp-seqno.c \ @@ -52,15 +53,14 @@ library_srcs += $(lib_srcs_gssapi) endif if OPENCONNECT_GNUTLS library_srcs += $(lib_srcs_gnutls) -endif -if ESP_GNUTLS -lib_srcs_juniper += gnutls-esp.c esp.c esp-seqno.c -endif -if ESP_OPENSSL -lib_srcs_juniper += openssl-esp.c esp.c esp-seqno.c +lib_srcs_esp += gnutls-esp.c endif if OPENCONNECT_OPENSSL library_srcs += $(lib_srcs_openssl) +lib_srcs_esp += openssl-esp.c +endif +if OPENCONNECT_ESP +lib_srcs_juniper += $(lib_srcs_esp) endif if OPENCONNECT_ICONV library_srcs += $(lib_srcs_iconv) diff --git a/configure.ac b/configure.ac index 80685b0b..898bc0da 100644 --- a/configure.ac +++ b/configure.ac @@ -266,6 +266,7 @@ AC_ARG_WITH([openssl], AS_HELP_STRING([--with-openssl], [Location of OpenSSL build dir])) ssl_library= +esp= if test "$with_openssl" != "" -a "$with_openssl" != "no"; then if test "$with_gnutls" = ""; then @@ -439,9 +440,8 @@ case "$ssl_library" in [AC_MSG_RESULT(no)]) AC_CHECK_FUNC(HMAC_CTX_copy, - [esp=openssl], - [esp=none - AC_MSG_WARN([ESP support will be disabled])]) + [esp=yes], + [AC_MSG_WARN([ESP support will be disabled])]) LIBS="${oldLIBS}" CFLAGS="${oldCFLAGS}" @@ -499,7 +499,7 @@ case "$ssl_library" in AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"], [Location of System CA trust file]) fi AC_CHECK_FUNC(gnutls_cipher_set_iv, - [esp=gnutls], [esp=none]) + [esp=yes], []) AC_CHECK_FUNC(gnutls_pkcs12_simple_parse, [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1, [From GnuTLS 3.1.0])], []) AC_CHECK_FUNC(gnutls_certificate_set_key, @@ -541,9 +541,6 @@ case "$ssl_library" in AC_SUBST(SSL_PC, [gnutls]) AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)']) AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)']) - if test "$have_gnutls_esp" = "yes"; then - esp=gnutls - fi ;; *) @@ -572,12 +569,10 @@ AM_CONDITIONAL(TEST_DSA, [test "$enable_dsa_tests" = "yes"]) AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" = "GnuTLS" ]) AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ]) -AM_CONDITIONAL(ESP_GNUTLS, [ test "$esp" = "gnutls" ]) -AM_CONDITIONAL(ESP_OPENSSL, [ test "$esp" = "openssl" ]) -if test "$esp" = "gnutls"; then - AC_DEFINE(ESP_GNUTLS, 1, [Using GnuTLS for ESP]) -elif test "$esp" = "openssl"; then - AC_DEFINE(ESP_OPENSSL, 1, [Using OpenSSL for ESP]) +AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ]) + +if test "$esp" != ""; then + AC_DEFINE(HAVE_ESP, 1, [Build with ESP support]) fi diff --git a/library.c b/library.c index 3742f083..23928b38 100644 --- a/library.c +++ b/library.c @@ -127,7 +127,7 @@ const struct vpn_proto openconnect_protos[] = { .tcp_mainloop = oncp_mainloop, .add_http_headers = oncp_common_headers, .obtain_cookie = oncp_obtain_cookie, -#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL) +#ifdef HAVE_ESP .udp_setup = esp_setup, .udp_mainloop = esp_mainloop, .udp_close = esp_close, diff --git a/oncp.c b/oncp.c index eadc458c..cc9a223a 100644 --- a/oncp.c +++ b/oncp.c @@ -433,7 +433,7 @@ static const unsigned char data_hdr[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x2c, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00 }; -#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL) +#ifdef HAVE_ESP static const unsigned char esp_kmp_hdr[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x2e, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, /* KMP header */ @@ -775,7 +775,7 @@ int oncp_connect(struct openconnect_info *vpninfo) put_len32(reqbuf, group); put_len16(reqbuf, kmp); -#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL) +#ifdef HAVE_ESP if (!setup_esp_keys(vpninfo)) { struct esp *esp = &vpninfo->esp_in[vpninfo->current_esp_in]; /* Since we'll want to do this in the oncp_mainloop too, where it's easier @@ -824,7 +824,7 @@ int oncp_connect(struct openconnect_info *vpninfo) static int oncp_receive_espkeys(struct openconnect_info *vpninfo, int len) { -#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL) +#ifdef HAVE_ESP int ret; ret = parse_conf_pkt(vpninfo, vpninfo->cstp_pkt->oncp.kmp, len + 20, 301); @@ -1099,7 +1099,7 @@ int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout) /* XXX: Do we have to do this or can we leave it open? * Perhaps we could even reconnect asynchronously while * the ESP is still running? */ -#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL) +#ifdef HAVE_ESP esp_shutdown(vpninfo); #endif ret = ssl_reconnect(vpninfo); diff --git a/openconnect-internal.h b/openconnect-internal.h index a87d9def..798f2499 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -323,12 +323,12 @@ static inline void init_pkt_queue(struct pkt_q *q) #define LINK_TO_TUNNEL_MTU(linkmtu) \ (linkmtu - DTLS_OVERHEAD) - + struct esp { -#if defined(ESP_GNUTLS) +#if defined(OPENCONNECT_GNUTLS) gnutls_cipher_hd_t cipher; gnutls_hmac_hd_t hmac; -#elif defined(ESP_OPENSSL) +#elif defined(OPENCONNECT_OPENSSL) HMAC_CTX *hmac, *pkt_hmac; EVP_CIPHER_CTX *cipher; #endif