Add openconnect_sha1() function and use it instead of using OpenSSL directly

This also adds openssl.c that OpenSSL-specific functions will migrate to.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/Makefile.am b/Makefile.am
index 49c2872..62eaf1e 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -17,7 +17,7 @@ openconnect_SOURCES = xml.c main.c dtls.c cstp.c mainloop.c tun.c
 openconnect_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS)
 openconnect_LDADD = libopenconnect.la $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL)
 
-library_srcs = ssl.c http.c auth.c library.c compat.c
+library_srcs = ssl.c http.c auth.c library.c compat.c @SSL_LIBRARY@.c
 libopenconnect_la_SOURCES = version.c $(library_srcs)
 libopenconnect_la_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS)
 libopenconnect_la_LIBADD = $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL)

diff --git a/http.c b/http.c
index 602ea8f..6d27165 100644 (file)
--- a/http.c
+++ b/http.c
@@ -351,9 +351,8 @@ static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu,
        char buf[MAX_BUF_LEN];
        char *config_buf = NULL;
        int result, buflen;
-       unsigned char local_sha1_bin[SHA_DIGEST_LENGTH];
-       char local_sha1_ascii[(SHA_DIGEST_LENGTH * 2)+1];
-       EVP_MD_CTX c;
+       unsigned char local_sha1_bin[SHA1_SIZE];
+       char local_sha1_ascii[(SHA1_SIZE * 2)+1];
        int i;
 
        sprintf(buf, "GET %s%s HTTP/1.1\r\n", fu, bu);
@@ -387,11 +386,9 @@ static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu,
                return -EINVAL;
        }
 
-       EVP_MD_CTX_init(&c);
-       EVP_Digest(config_buf, buflen, local_sha1_bin, NULL, EVP_sha1(), NULL);
-       EVP_MD_CTX_cleanup(&c);
+       openconnect_sha1(local_sha1_bin, config_buf, buflen);
 
-       for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+       for (i = 0; i < SHA1_SIZE; i++)
                sprintf(&local_sha1_ascii[i*2], "%02x", local_sha1_bin[i]);
 
        if (strcasecmp(server_sha1, local_sha1_ascii)) {
@@ -853,7 +850,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
                                        fu = tok + 3;
                                else if (!strncmp(tok, "fh:", 3)) {
                                        if (!strncasecmp(tok+3, vpninfo->xmlsha1,
-                                                        SHA_DIGEST_LENGTH * 2))
+                                                        SHA1_SIZE * 2))
                                                break;
                                        sha = tok + 3;
                                }

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 5a01d5c..bdbc02d 100644 (file)
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -54,4 +54,5 @@ OPENCONNECT_PRIVATE {
        openconnect_create_useragent;
        openconnect_report_ssl_errors;
        openconnect_get_cert_details;
+       openconnect_sha1;
 };

diff --git a/openconnect-internal.h b/openconnect-internal.h
index 5f532eb..a79b27d 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -48,6 +48,8 @@
 #endif
 #define N_(s) s
 
+#define SHA1_SIZE 20
+
 /****************************************************************************/
 
 struct pkt {
@@ -124,7 +126,7 @@ struct openconnect_info {
        const char *cafile;
        const char *servercert;
        const char *xmlconfig;
-       char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
+       char xmlsha1[(SHA1_SIZE * 2) + 1];
        char *username;
        char *password;
        char *authgroup;
@@ -289,6 +291,9 @@ int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
                             char *buf);
 void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
 
+/* ${SSL_LIBRARY}.c */
+int openconnect_sha1(unsigned char *result, void *data, int len);
+
 /* mainloop.c */
 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
 int vpn_mainloop(struct openconnect_info *vpninfo);

diff --git a/openssl.c b/openssl.c
new file mode 100644 (file)
index 0000000..c18478f
--- /dev/null
+++ b/openssl.c
@@ -0,0 +1,38 @@
+/*
+ * OpenConnect (SSL + DTLS) VPN client
+ *
+ * Copyright © 2008-2012 Intel Corporation.
+ *
+ * Author: David Woodhouse <dwmw2@infradead.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to:
+ *
+ *   Free Software Foundation, Inc.
+ *   51 Franklin Street, Fifth Floor,
+ *   Boston, MA 02110-1301 USA
+ */
+
+#include <openssl/evp.h>
+
+#include "openconnect-internal.h"
+
+int openconnect_sha1(unsigned char *result, void *data, int len)
+{
+        EVP_MD_CTX c;
+
+        EVP_MD_CTX_init(&c);
+        EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL);
+        EVP_MD_CTX_cleanup(&c);
+
+        return 0;
+}

diff --git a/xml.c b/xml.c
index 5a029eb..50fe54f 100644 (file)
--- a/xml.c
+++ b/xml.c
@@ -41,8 +41,7 @@ int config_lookup_host(struct openconnect_info *vpninfo, const char *host)
        int fd, i;
        struct stat st;
        char *xmlfile;
-       EVP_MD_CTX c;
-       unsigned char sha1[SHA_DIGEST_LENGTH];
+       unsigned char sha1[SHA1_SIZE];
        xmlDocPtr xml_doc;
        xmlNode *xml_node, *xml_node2;
 
@@ -69,11 +68,13 @@ int config_lookup_host(struct openconnect_info *vpninfo, const char *host)
                return -1;
        }
 
-       EVP_MD_CTX_init(&c);
-       EVP_Digest(xmlfile, st.st_size, sha1, NULL, EVP_sha1(), NULL);
-       EVP_MD_CTX_cleanup(&c);
+       if (openconnect_sha1(sha1, xmlfile, st.st_size)) {
+               fprintf(stderr, _("Failed to SHA1 existing file\n"));
+               close(fd);
+               return -1;
+       }
 
-       for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+       for (i = 0; i < SHA1_SIZE; i++)
                sprintf(&vpninfo->xmlsha1[i*2], "%02x", sha1[i]);
 
        vpn_progress(vpninfo, PRG_TRACE, _("XML config file SHA1: %s\n"),