Further optimise aesni_encrypt_esp_packet()

Do the HMAC and SHA1 stuff inline using the tail of the packet,
to avoid copying data around.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

test: reuse packets instead of free/malloc

Some MTU-related issues to work out here... this gives me about 1%
additional performance.

Add AES-NI ESP implementation

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Import CRYPTOGAMS ASM code (from OpenSSL master for now)

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Add esptest microbenchmark for ESP encryption

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Allow ESP functions to be overridden

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Consolidate common parts of setup_esp_keys()

There was a fair amount of redundancy between the OpenSSL and GnuTLS
variants. Create a new common function for that instead.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'more_careful_gpst_esp_catch_probe' of gitlab.com:dlenski/openconnect

Generate ESP IV from previous packet for GnuTLS too.

Less dramatic speedup here (only 4%) as we were already using
GNUTLS_RND_NONCE but still worth having.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Generate ESP IV from previous packet instead of using RAND_bytes()

This takes the esptest benchmark from ~1445Mb/s to ~1983Mb/s, which is
about a 37% speedup.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Reuse OpenSSL HMAC_CTX for ESP packets

We gain about 3% by reusing the HMAC_CTX instead of copying it each time.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Don't read from non-readable fds

By removing the unneeded reads from file descriptors that we know aren't
readable, ESP TX performance goes from 1700Mb/s to 1760Mb/s on my current
test setup.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'tmp-remove-fedora-bug' of gitlab.com:nmav/openconnect

more careful gpst_esp_catch_probe()

Previous version of gpst_esp_catch_probe would catch/filter *any* ping reply sent over the tunnel
from the "magical" ESP "gateway" address. (Heavy-handed scare quotes intentional.)

This may result in confusing behavior in some testing/debugging scenarios, as described in this thread:

    http://lists.infradead.org/pipermail/openconnect-devel/2019-April/005294.html

This patch modifies gpst_esp_catch_probe() to only catch ping replies if they also contain the
appropriate magic payload.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Merge branch 'bugfix_OTP_challenge_form_handling' of gitlab.com:dlenski/openconnect

bugfix for OTP "challenge" form handling

In the patch entitled 'Recognise auth forms named "challenge" as token
requests' (commit 51f8feb6, released in v8.00) the condition for using an
OTP token in an AnyConnect login form was changed from:

  (field is named `secondary_password`)

… to:

  (field is named `secondary_password`) AND (form is named `challenge`)

This was almost certainly a mistake, and should have been as follows:

  (field is named `secondary_password`) OR (form is named `challenge`)

This patch rewrites the condition to do just that, in a clearer form, and
should fix GitLab issue #24 (https://gitlab.com/openconnect/openconnect/issues/24#note_157035052).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Fix retry when ESP socket send() fails EAGAIN

Don't drop packets; requeue them until the socket becomes writeable again.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

download.xml: remove reference about fedora bug

This issue should have been resolved already.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Update translatons from GNOME

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Fix typo in help

This help string missed a closing parenthesis. This commits corrects
the typo across all localizations.

Signed-off-by: Patrick Lühne <patrick@luehne.de>

Add +SHA256 to re-enable AES-CBC-HMAC-SHA256

Fixes: #21
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

auth-juniper.c: ignore non-empty lines from TNCC after DSPREAUTH cookie

This skips over a seemingly harmless DSPREAUTH failure:

   Unexpected non-empty line from TNCC after DSPREAUTH cookie: '0'
   Failed to read response from TNCC
   Failed to obtain WebVPN cookie

After the unexpected '0', TNCC sends an empty line response and the
authentication sequence can proceed normally. In case other TNCC
variants send more chatter, the function ignores and logs up to 10
non-empty lines before giving up.

Signed-off-by: Marc St-Amand <pedalling.philosopher@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Remove some redundant gtls_ver() checks

We don't build with GnuTLS older then 3.2.10 now anyway.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Fix html.py to work with Python 3.x

Fix up running in non-UTF-8 environments too.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update translations from GNOME

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update changelog

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Fix test for if_utun.h to include <sys/types.h> first

In some versions it doesn't build without that.

Fixes: #18
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

s/GitHub/GitLab/

Doh.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

gnutls-dtls: fixed initialization of AES256-GCM-SHA384

Without this fix when AES256-GCM-SHA384 the openconnect client
will fail to initialize the DTLS connection.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Tag version 8.02

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Resync translations with sources

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update translations from GNOME

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'hurd' of gitlab.com:mtmiller/openconnect

Add 'attempt-reconnect' vpnc-script reason

In https://gitlab.com/openconnect/openconnect/issues/17 we think we need
to give the vpnc-script a chance to reinstate the host route to the VPN
server before we can reconnect.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Also define IPV6_TCLASS for older versions of OS X

Signed-off-by: Mike Miller <mtmiller@debian.org>

Define IPV6_TCLASS when it isn't defined on Hurd

Per https://bugs.debian.org/738646, Hurd uses the *BSD definition for
the socket option IPV6_TCLASS, but it is not yet provided in any system
header files.

Signed-off-by: Mike Miller <mtmiller@debian.org>

Update changelog

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Add vpnc-script locations for FreeBSD and OpenBSD packages

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Fix build failure on systems missing IPV6_TCLASS

Some operating systems such as GNU/Hurd support IPv6 but do not define
the IPV6_TCLASS socket option.

Signed-off-by: Mike Miller <mtmiller@debian.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'test-installed-openconnect' of gitlab.com:mtmiller/openconnect

Merge branch 'GP_split_excludes' of gitlab.com:dlenski/openconnect

Autogenerate AUTHORS file

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

process split-excludes for GlobalProtect

Server-side split-excludes were added in PanOS 8.0:
https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/globalprotect-features

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Allow running test suite on installed openconnect

Support 'make check OPENCONNECT=/usr/sbin/openconnect' to run the test
suite as a CI test against the already-installed copy of openconnect.

Signed-off-by: Mike Miller <mtmiller@debian.org>

Make tmp-distdir and build there, as part of CI

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Remove stray pass-CP852 file from EXTRA_DIST

This never existed in the git repo and was never part of a working test.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Add tmp-distdir make target for CI

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Add --dtls12-ciphers option

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update translations from GNOME

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Make TODO file refer to contribute.html web page

We can't just remove it as autohate wants it, but we can at least stop
having horridly out-of-date content in it.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Remove obsolete README.DTLS file

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'single_probe_for_keepalive' of gitlab.com:dlenski/openconnect

Merge branch 'remove_unneeded_headers' of gitlab.com:dlenski/openconnect

Add GitLab reference to mail/help page

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update contribute page with project ideas

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

no need to send multiple probe packets as an ESP keepalive

Both Juniper and GlobalProtect ESP send special probe packets to initiate the ESP connection, and as keepalives.
Multiple packets are sent to initiate the connection, because a lack of response will cause a total fallback to TLS.

However, one probe packet (per keepalive interval) is enough for the keepalive packets. GlobalProtect ESP already
did this, but Juniper did not.

This patch is motivated by me having access to the highest-latency Juniper VPN server in the known universe.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

decruft esp.c: these headers are only needed for GP's probe-sending/catching (which are in gpst.c now)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Clean up DTLS cipher selection for OpenSSL >= 1.1.0

Where we have SSL_get1_supported_ciphers(), use it to generate the list we
advertise to the server in the first place. This stops us from advertising
DES support when we're not really going to do it, for example.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update changelog

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Add Cisco DTLSv1.2 support for GnuTLS build

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Add Cisco DTLSv1.2 support for OpenSSL build

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Process X-DTLS12-CipherSuite: header from server

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Clean up X-DTLS-CipherSuite header generation to allow for DTLSv1.2

Allow crypto code to provide the values for both DTLS and DTLSv1.2
headers separately.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

OpenSSL: Loop over DTLS ciphersuites looking for the one we asked for.

As of OpenSSL 1.1.1, the trick of using SSL_CTX_set_cipher_list() and then
expecting only the one ciphersuite to be present in what we get back from
SSL_get_ciphers(), is no longer working. It now always returns the TLSv1.3
ciphers, even though we don't have DTLSv1.3 yet.

Reported as https://github.com/openssl/openssl/issues/8004 but probably
not going to change; the most likely outcome there is that I'm told that
I'm Doing It Wrong™ and a different approach is suggested.

In the meantime, just loop over the results and pick the one that we
actually asked for.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Fix up building against local static OpenSSL

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'libtasn1_fix_for_Android' of gitlab.com:dlenski/openconnect

don't double-include libtasn1.h (breaks Android cross-build)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Fix Mageia TSS2_ESYS build

On Mageia Cauldron latest openconnect 8.00 and 8.01 fais to build with
TSS2_ESYS support due to a missing header in gnutls_tpm2_esys.c file, so
adding #include <errno.h> in gnutls_tpm2_esys.c fixes build.

Signed-off-by: David Geiger (Mageia Linux Team Packager) <geiger.david68210@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Tag version 8.01

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update changelog

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Fix memset_s arguments harder.

Doh.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'extra_headers_for_IP_packet_munging_on_BSDs' of gitlab.com:dlenski/openconnect

GP ESP: extra headers must be explicitly included for IP packet munging on *BSD

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Tag version 8.00

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Resync translations with sources

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Explicitly reference python2 in shebang for tncc-wrapper.py

The RPM build complains:
BUILDSTDERR: *** ERROR: ambiguous python shebang in /usr/libexec/openconnect/tncc-wrapper.py: #!/usr/bin/python. Change it to python3 (or python2) explicitly.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Install trojan scripts to $(pkglibexecdir)

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'CLOEXEC_for_GP_HIP' of gitlab.com:dlenski/openconnect

Fix memset_s() parameters.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

set CLOEXEC for GP's HIP pipes as well

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Clean up TNCC error handling

As suggested by Daniel Lenski, create the oc_text_buf for the request
only once the TNCC wrapper has been spawned, to make the error handling
a bit saner. And remember to close the socketpair if fork() fails, too.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Fix order of dup2 args in spawning TNCC, and add comments

Reported-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Use cancellable_gets() for TNCC communication

Just keep things simple. This avoids SOCK_SEQPACKET which doesn't work on
OSX, and stops assuming that TNCC will send the whole response in a single
send() call.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Split out cancellable recv/send/gets functions from proxy code

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

TNCC periodic host checking fix

Fix periodic host checking in check_cookie_success() by passing
dspreauth to TNCC instead of dsid

Signed-off-by: Nick Parrin <spam@coreworks.be>

Include all keys in dist

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Update translations from GNOME

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'oh_what_fun_it_is_to_spoof' of gitlab.com:dlenski/openconnect

make csd-post.sh continue with a warning without xmlstarlet (using Poor Man's vary speshul XML parsing)

move trojans (csd-post.sh, csd-wrapper.sh, hipreport.sh, tncc-wrapper.py) to trojans/ subdirectory and expand and clarify their documentation

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Encrypt digests being signed with IBM TSS2.

The digest itself will end up on the wire. But the computed hash including
the secrets should probably be obsecured. For the TPM that's an input
parameter, which it must decrypt. Hence TPMA_SESSION_DECRYPT.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Disable TLSv1.3 when hardware RSA keys can't support PSS

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Merge branch 'fix_asprintf' into 'master'

asprintf() returns -1 on error

See merge request openconnect/openconnect!22

asprintf() returns -1 on error

Fixes the bugs reported on the mailing list and Ubuntu tracker…

- http://lists.infradead.org/pipermail/openconnect-devel/2018-December/005164.html "Failed to obtain WebVPN cookie introduced by f08767d9644029bd3ac0e83bf160a7bf03a5c8de"
- https://bugs.launchpad.net/bugs/1809839 "[Bug 1809839] [NEW] Daily build 2667 broken for protocol=GP"

Clear TCG TSS2 auth passwords on free

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

More free_pass() for TPMv1 passwords

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Use free_pass() in openconnect_vpninfo_free()

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Use free_pass() for TCG TSS2

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Use free_pass() for freeing certificate passwords

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Use free_pass() for yubikey PIN

Signed-off-by: David Woodhouse <dwmw2@infradead.org>