pkt->len = len;
if (pkt->esp.spi == esp->spi) {
- if (decrypt_esp_packet(vpninfo, esp, pkt))
+ if (vpninfo->decrypt_esp_packet(vpninfo, esp, pkt))
continue;
} else if (pkt->esp.spi == old_esp->spi &&
ntohl(pkt->esp.seq) + esp->seq < vpninfo->old_esp_maxseq) {
vpn_progress(vpninfo, PRG_TRACE,
_("Received ESP packet from old SPI 0x%x, seq %u\n"),
(unsigned)ntohl(old_esp->spi), (unsigned)ntohl(pkt->esp.seq));
- if (decrypt_esp_packet(vpninfo, old_esp, pkt))
+ if (vpninfo->decrypt_esp_packet(vpninfo, old_esp, pkt))
continue;
} else {
vpn_progress(vpninfo, PRG_DEBUG,
if (!this)
break;
- len = encrypt_esp_packet(vpninfo, this);
+ len = vpninfo->encrypt_esp_packet(vpninfo, this);
if (len < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to encrypt ESP packet: %d\n"),
void esp_shutdown(struct openconnect_info *vpninfo)
{
- destroy_esp_ciphers(&vpninfo->esp_in[0]);
- destroy_esp_ciphers(&vpninfo->esp_in[1]);
- destroy_esp_ciphers(&vpninfo->esp_out);
+ if (vpninfo->destroy_esp_ciphers) {
+ vpninfo->destroy_esp_ciphers(&vpninfo->esp_in[0]);
+ vpninfo->destroy_esp_ciphers(&vpninfo->esp_in[1]);
+ vpninfo->destroy_esp_ciphers(&vpninfo->esp_out);
+ }
if (vpninfo->proto->udp_close)
vpninfo->proto->udp_close(vpninfo);
if (vpninfo->dtls_state != DTLS_DISABLED)
#include "openconnect-internal.h"
-void destroy_esp_ciphers(struct esp *esp)
+static int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp,
+ struct pkt *pkt);
+static int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt);
+
+static void destroy_esp_ciphers(struct esp *esp)
{
if (esp->cipher) {
gnutls_cipher_deinit(esp->cipher);
return ret;
}
+ vpninfo->decrypt_esp_packet = decrypt_esp_packet;
+ vpninfo->encrypt_esp_packet = encrypt_esp_packet;
+ vpninfo->destroy_esp_ciphers = destroy_esp_ciphers;
+
return 0;
}
/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */
-int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt)
+static int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp,
+ struct pkt *pkt)
{
unsigned char hmac_buf[20];
int err;
memcpy(pmagic, magic_ping_payload, sizeof(magic_ping_payload)); /* required to get gateway to respond */
icmph->icmp_cksum = csum((uint16_t *)icmph, (ICMP_MINLEN+sizeof(magic_ping_payload))/2);
- pktlen = encrypt_esp_packet(vpninfo, pkt);
+ pktlen = vpninfo->encrypt_esp_packet(vpninfo, pkt);
if (pktlen >= 0)
send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
}
for (seq=1; seq <= (vpninfo->dtls_state==DTLS_CONNECTED ? 1 : 2); seq++) {
pkt->len = 1;
pkt->data[0] = 0;
- pktlen = encrypt_esp_packet(vpninfo, pkt);
+ pktlen = vpninfo->encrypt_esp_packet(vpninfo, pkt);
if (pktlen >= 0)
send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
}
const char *quit_reason;
+ void (*destroy_esp_ciphers)(struct esp *esp);
+ int (*decrypt_esp_packet)(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt);
+ int (*encrypt_esp_packet)(struct openconnect_info *vpninfo, struct pkt *pkt);
+
int verbose;
void *cbdata;
openconnect_validate_peer_cert_vfn validate_peer_cert;
int openconnect_setup_esp_keys(struct openconnect_info *vpninfo, int new_keys);
/* {gnutls,openssl}-esp.c */
-void destroy_esp_ciphers(struct esp *esp);
int init_esp_ciphers(struct openconnect_info *vpninfo, struct esp *out, struct esp *in);
-int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt);
-int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt);
/* {gnutls,openssl}.c */
int ssl_nonblock_read(struct openconnect_info *vpninfo, void *buf, int maxlen);
#include <openssl/evp.h>
#include <openssl/rand.h>
+static int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp,
+ struct pkt *pkt);
+static int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt);
+
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define EVP_CIPHER_CTX_free(c) do { \
}
#endif
-void destroy_esp_ciphers(struct esp *esp)
+static void destroy_esp_ciphers(struct esp *esp)
{
if (esp->cipher) {
EVP_CIPHER_CTX_free(esp->cipher);
destroy_esp_ciphers(esp);
}
+ vpninfo->decrypt_esp_packet = decrypt_esp_packet;
+ vpninfo->encrypt_esp_packet = encrypt_esp_packet;
+ vpninfo->destroy_esp_ciphers = destroy_esp_ciphers;
+
return 0;
}
}
/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */
-int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt)
+static int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp,
+ struct pkt *pkt)
{
unsigned char hmac_buf[20];
unsigned int hmac_len = sizeof(hmac_buf);
return 0;
}
-int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt)
+static int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt)
{
int i, padlen;
int blksize = 16;
projects / users / dwmw2 / openconnect.git / commitdiff