Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix build for GnuTLS 2.12 without OpenSSL
I'm not sure how much I can be persuaded to care about this setup, but it's
not so hard to make it work so we might as well for now.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jan 26, 2015
1 parent 1eca77d commit cfe8cc4
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 9 deletions.
8 changes: 4 additions & 4 deletions Makefile.am
Expand Up @@ -25,7 +25,7 @@ openconnect_LDADD = libopenconnect.la $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIB

library_srcs = ssl.c http.c auth-common.c library.c compat.c lzs.c mainloop.c script.c ntlm.c digest.c
lib_srcs_cisco = auth.c cstp.c dtls.c
lib_srcs_juniper = oncp.c esp.c
lib_srcs_juniper = oncp.c
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
lib_srcs_openssl = openssl.c openssl-pkcs11.c
lib_srcs_win32 = tun-win32.c sspi.c
Expand All @@ -37,7 +37,7 @@ lib_srcs_yubikey = yubikey.c
lib_srcs_stoken = stoken.c

POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_juniper) \
gnutls-esp.c openssl-esp.c \
gnutls-esp.c openssl-esp.c esp.c \
$(lib_srcs_openssl) $(lib_srcs_gnutls) $(library_srcs) \
$(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) $(lib_srcs_iconv) \
$(lib_srcs_oath) $(lib_srcs_yubikey) $(lib_srcs_stoken) openconnect-internal.h
Expand All @@ -59,10 +59,10 @@ if OPENCONNECT_GNUTLS
library_srcs += $(lib_srcs_gnutls)
endif
if ESP_GNUTLS
lib_srcs_juniper += gnutls-esp.c
lib_srcs_juniper += gnutls-esp.c esp.c
endif
if ESP_OPENSSL
lib_srcs_juniper += openssl-esp.c
lib_srcs_juniper += openssl-esp.c esp.c
endif
if OPENCONNECT_OPENSSL
library_srcs += $(lib_srcs_openssl)
Expand Down
6 changes: 6 additions & 0 deletions library.c
Expand Up @@ -120,10 +120,14 @@ void openconnect_set_juniper(struct openconnect_info *vpninfo)
vpninfo->proto.tcp_mainloop = oncp_mainloop;
vpninfo->proto.add_http_headers = oncp_common_headers;
vpninfo->proto.obtain_cookie = oncp_obtain_cookie;
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
vpninfo->proto.udp_setup = esp_setup;
vpninfo->proto.udp_mainloop = esp_mainloop;
vpninfo->proto.udp_close = esp_close;
vpninfo->proto.udp_shutdown = esp_shutdown;
#else
vpninfo->dtls_state = DTLS_DISABLED;
#endif
}

int openconnect_setup_dtls(struct openconnect_info *vpninfo,
Expand Down Expand Up @@ -254,9 +258,11 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
#ifdef DTLS_GNUTLS
gnutls_free(vpninfo->gnutls_dtls_cipher);
#endif
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
destroy_esp_ciphers(&vpninfo->esp_in[0]);
destroy_esp_ciphers(&vpninfo->esp_in[1]);
destroy_esp_ciphers(&vpninfo->esp_out);
#endif
free(vpninfo->dtls_addr);

if (vpninfo->csd_scriptname) {
Expand Down
19 changes: 15 additions & 4 deletions oncp.c
Expand Up @@ -1192,7 +1192,6 @@ int oncp_connect(struct openconnect_info *vpninfo)
group = reqbuf->pos;
buf_append_tlv_be32(reqbuf, 2, vpninfo->ip_info.mtu);
if (buf_error(reqbuf)) {
enomem:
vpn_progress(vpninfo, PRG_ERR,
_("Error creating oNCP negotiation request\n"));
ret = buf_error(reqbuf);
Expand All @@ -1201,6 +1200,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
put_len32(reqbuf, group);
put_len16(reqbuf, kmp);

#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
if (!setup_esp_keys(vpninfo)) {
struct esp *esp = &vpninfo->esp_in[vpninfo->current_esp_in];
/* Since we'll want to do this in the oncp_mainloop too, where it's easier
Expand All @@ -1210,10 +1210,14 @@ int oncp_connect(struct openconnect_info *vpninfo)
buf_append_bytes(reqbuf, &esp->spi, sizeof(esp->spi));
buf_append_bytes(reqbuf, esp_kmp_part2, sizeof(esp_kmp_part2));
buf_append_bytes(reqbuf, &esp->secrets, sizeof(esp->secrets));
if (buf_error(reqbuf))
goto enomem;
if (buf_error(reqbuf)) {
vpn_progress(vpninfo, PRG_ERR,
_("Error negotiating ESP keys\n"));
ret = buf_error(reqbuf);
goto out;
}
}

#endif
/* Length at the start of the packet is little-endian */
reqbuf->data[0] = (reqbuf->pos - 2);
reqbuf->data[1] = (reqbuf->pos - 2) >> 8;
Expand Down Expand Up @@ -1241,6 +1245,7 @@ int oncp_connect(struct openconnect_info *vpninfo)

static int oncp_receive_espkeys(struct openconnect_info *vpninfo, int len)
{
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
int ret;

ret = parse_conf_pkt(vpninfo, vpninfo->cstp_pkt->oncp_hdr + 2, len + 20, 301);
Expand All @@ -1267,7 +1272,13 @@ static int oncp_receive_espkeys(struct openconnect_info *vpninfo, int len)
print_esp_keys(vpninfo, _("new outgoing"), &vpninfo->esp_out);
}
return ret;
#else
vpn_progress(vpninfo, PRG_DEBUG,
_("Ignoring ESP keys since ESP support not available in this build\n"));
return 0;
#endif
}

static int oncp_receive_data(struct openconnect_info *vpninfo, int len, int unreceived)
{
struct pkt *pkt = vpninfo->cstp_pkt;
Expand Down
2 changes: 1 addition & 1 deletion openconnect-internal.h
Expand Up @@ -773,7 +773,7 @@ void esp_close(struct openconnect_info *vpninfo);
void esp_shutdown(struct openconnect_info *vpninfo);
int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct esp *esp);

/* gnutls-esp.c */
/* {gnutls,openssl}-esp.c */
int setup_esp_keys(struct openconnect_info *vpninfo);
void destroy_esp_ciphers(struct esp *esp);
int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt);
Expand Down

0 comments on commit cfe8cc4

Please sign in to comment.