aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-01-18tls: teach it to send AES256-encrypted dataDenys Vlasenko
>> CLIENT_HELLO wrote 50 bytes insize:0 tail:0 got block len:74 got HANDSHAKE << SERVER_HELLO insize:79 tail:0 got block len:2397 got HANDSHAKE << CERTIFICATE key bytes:271, first:0x00 server_rsa_pub_key.size:256 insize:2402 tail:0 got block len:4 got HANDSHAKE << SERVER_HELLO_DONE >> CLIENT_KEY_EXCHANGE wrote 267 bytes master secret:c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 client_write_MAC_key:3b0b7e2bab241b629c37eb3a3824f09b39fe71a00876b0c8026dda16ef0d2f82 client_write_key:d36e801470ed2f0a8fc886ac25df57ffbe4265d06e3192122c4ef4df1e32fab2 >> CHANGE_CIPHER_SPEC from secret: c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 from labelSeed: 636c69656e742066696e6973686564b22e0e6008b8ee218cc02e4a93e4a42b570535f9b57662e262d43b379d125b69 => digest: a45bfee8ed6507a2a9920d0c >> FINISHED before crypt: 5 hdr + 16 data + 32 hash bytes writing 5 + 16 IV + 64 encrypted bytes, padding_length:0x0f wrote 85 bytes insize:9 tail:0 got block len:1 << CHANGE_CIPHER_SPEC insize:6 tail:0 got block len:80 < hdr_type:22 ver:3.3 len:80 type:21 len24:9541723 |1591985b...a3da| The last line is the server's FINISHED response, encrypted. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: added AES code and made it compile. not used yetDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: massage writing for encryption support; finer-grained debugDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: address one easy FIXME, tidy up commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: process CHANGE_CIPHER_SPEC and FINISHED from serverDenys Vlasenko
Successfully finishes handshake with test servers using NULL-SHA256 cipher. The "only" thing remaining before there is a chance this can actually work with real servers is AES encrypt/decrypt. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: rearrange function order, improve commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: make our send_client_finished() pass server checkDenys Vlasenko
sha256 hash should be calculated over incoming handshake packets too! Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16tls: format FINISHED message properly for unencrypted, but sha256 signed modeDenys Vlasenko
Now it at least looks correct, but unfortunately "openssl s_server" says my hash is wrong. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16Assorted warning fixes and added a comment, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16tls: add sha256 hmac and prf codeDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15cryptpw: support "rounds=NNNNNNN$" thing in saltsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15libbb: eliminate redundant variable in sha_cryptDenys Vlasenko
function old new delta sha_crypt 1136 1130 -6 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15sha512: use larger constant table only if sha512 is in fact selectedDenys Vlasenko
function old new delta sha_K 640 256 -384 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: rearrange code, add/improve comments, fix whitespace, no real changes hereDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: send CHANGE_CIPHER_SPECDenys Vlasenko
To "actually implement it" will take more work... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15whitespace fixDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: format and send CLIENT_KEY_EXCHANGEDenys Vlasenko
$ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4265 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30 entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30 skipped der 0x30, next byte 0x03 entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00 key bytes:399, first:0x00 entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02 binary bytes:385, first:0x00 skipped der 0x02, next byte 0x02 binary bytes:3, first:0x01 server_rsa_pub_key.size:384 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE insize:9 tail:0 ^C Next step: send CHANGE_CIPHER_SPEC... and actually implement it. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: DER length byte 0x81 is actually validDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: a bit more workDenys Vlasenko
$ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4406 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8f7e723:0x30 len:1452 inner_byte @0x8f7e727:0x30 entered der @0x8f7e727:0x30 len:1172 inner_byte @0x8f7e72b:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8f7e830:0x30 len:418 inner_byte @0x8f7e834:0x30 skipped der 0x30, next byte 0x03 entered der @0x8f7e843:0x03 len:399 inner_byte @0x8f7e847:0x00 copying key bytes:399, first:0x00 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE Now need to teach it to send ClientKeyExchange... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: work-in-progress TLS1.2 test appletDenys Vlasenko
function old new delta tls_main - 733 +733 dump - 230 +230 xread_tls_block - 180 +180 get_der_len - 76 +76 enter_der_item - 70 +70 skip_der_item - 56 +56 get24be - 24 +24 tls_error_die - 19 +19 packed_usage 31010 31027 +17 applet_names 2549 2553 +4 applet_main 1472 1476 +4 applet_suid 92 93 +1 applet_install_loc 184 185 +1 ------------------------------------------------------------------------------ (add/remove: 9/0 grow/shrink: 5/0 up/down: 1415/0) Total: 1415 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11wget: fix for brain-damaged HTTP servers. Closes 9471Denys Vlasenko
write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74 shutdown(3, SHUT_WR) = 0 alarm(900) = 900 read(3, "", 1024) = 0 write(2, "wget: error getting response\n", 29) = 29 exit(1) The peer simply does not return anything. It closes its connection. Probably it detects wget closing its writing end: shutdown(3, SHUT_WR). The point it, closing write side of the socket is _valid_ for HTTP. wget sent the full request, it won't be sending anything more: it will only receive the response, and that's it. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11ash: commented-out possible fix for 7694Denys Vlasenko
bash has a feature: it restores termios after a successful wait for a foreground job which had at least one stopped or sigkilled member. The probable rationale is that SIGSTOP and SIGKILL can preclude task from properly restoring tty state. Should we do this too? A reproducer: ^Z an interactive python: $ python Python 2.7.12 (...) >>> ^Z { python leaves tty in -icanon -echo state. We do survive that... } [1]+ Stopped python { ...however, next program (python no.2) does not survive it well: } $ python Python 2.7.12 (...) >>> Traceback (most recent call last): { above, I typed "qwerty<CR>", but -echo state is still in effect } File "<stdin>", line 1, in <module> NameError: name 'qwerty' is not defined The implementation is modeled on bash code and seems to work. However, I'm not sure we should do this. For one: what if I'd fg the stopped python instead? It'll be confused by "restored" tty state. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11ash: 16-bit ->nprocs field is a pain for many CPUsDenys Vlasenko
function old new delta getoptscmd 527 540 +13 getjob 280 286 +6 makejob 278 282 +4 forkchild 602 600 -2 waitcmd 208 205 -3 showjob 382 379 -3 getstatus 83 80 -3 dowait 408 405 -3 freejob 93 89 -4 fg_bgcmd 290 286 -4 forkshell 260 255 -5 killcmd 224 218 -6 jobno 17 11 -6 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/10 up/down: 23/-39) Total: -16 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11Move FEATURE_AUTOWIDTH config option to two applets which use itDenys Vlasenko
No code changes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11Move FEATURE_USE_TERMIOS config option to two applets which use itDenys Vlasenko
No code changes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11libbb: consolidate the code to set termios unbuffered modeDenys Vlasenko
function old new delta set_termios_to_raw - 116 +116 count_lines 72 74 +2 powertop_main 1458 1430 -28 top_main 943 914 -29 more_main 759 714 -45 fsck_minix_main 2969 2921 -48 conspy_main 1197 1135 -62 rawmode 99 36 -63 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 1/6 up/down: 118/-275) Total: -157 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11hush: reinstate [[ builtinDenys Vlasenko
Mike deleted it: commit 39456a18a104b228de240b265bd943251219849d Author: Mike Frysinger <vapier@gentoo.org> Date: Sat Mar 28 12:21:57 2009 +0000 stop lying about [[ test support probably because it was not properly ifdefed around, and was enabled even when bash compat is off. I just tested it - it works: $ [ *.diff = z.diff ]; echo $? 0 $ [[ *.diff = z.diff ]]; echo $? 1 Of course, not all numerous bash tricks of [[ ]] are implemented... function old new delta bltins2 60 72 +12 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11hush: split bash compatible extensions into separate defines. No code changesKang-Che Sung
Splitting these options makes it self-documenting about what bash-compatible features we have. Signed-off-by: Kang-Che Sung <explorer09@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11ash: split bash compatible extensions into separate defines. No code changesDenys Vlasenko
Splitting these options makes it self-documenting about what bash-compatible features we have. Signed-off-by: Kang-Che Sung <explorer09@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11busybox: stop depending on FEATURE_AUTOWIDTH for applet listDenys Vlasenko
Many other appletw don't - they unconditionally use get_terminal_wodth(), and here the amount of code saved by FEATURE_AUTOWIDTH=n is tiny. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11top: FEATURE_USE_TERMIOS shouldn't control reading of screen sizeDenys Vlasenko
It controls whether we take input. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11more: hardcode FEATURE_USE_TERMIOS=y in this applet; code shrinkDenys Vlasenko
function old new delta get_wh - 27 +27 tcsetattr_tty_TCSANOW - 18 +18 gotsig 35 27 -8 more_main 835 759 -76 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 0/2 up/down: 45/-84) Total: -39 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10hush: shorten output of "help" builtinDenys Vlasenko
text data bss dec hex filename 891272 485 6856 898613 db635 busybox_old 891232 485 6856 898573 db60d busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10hush: reorder builtins (cd and pwd ought to be close, etc), no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10init: rename FEATURE_EXTRA_QUIET -> FEATURE_INIT_QUIETDenys Vlasenko
The former name had no INIT anywhere in its name, sounded generic Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10ash: revert "make dot command search current directory first"Denys Vlasenko
Reverts this: commit 8ad78e1ec7b2e873953f9f476fb63b5893526c39 Author: Denis Vlasenko <vda.linux@googlemail.com> Date: Sun Feb 15 12:40:30 2009 +0000 ash: make dot command search current directory first, as bash does. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10shells: make hush test optional, rename ASH_BUILTIN_foo -> ASH_fooDenys Vlasenko
This makes hash and ash more symmetrical wrt config menu and config options. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10Big cleanup in config help and descriptionDenys Vlasenko
Redundant help texts (one which only repeats the description) are deleted. Descriptions and help texts are trimmed. Some config options are moved, even across menus. No config option _names_ are changed. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09Allow FAST_FUNC to be overridden at build timeKang-Che Sung
Busybox uses FAST_FUNC macro to tweak with IA-32 calling conventions in order to make the function call slightly smaller or slightly faster. However, when I experiment with GCC's LTO (Link Time Optimization), I discovered that FAST_FUNC could hinder LTO's optimization so that the resulting executable become a few bytes larger (than what is compiled without FAST_FUNC). This change allows to specify e.g. CONFIG_EXTRA_CFLAGS="-DFAST_FUNC= -flto" and compile with LTO without a source code hack. Signed-off-by: Kang-Che Sung <explorer09@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09kill: optimizations for single-applet buildKang-Che Sung
* Fix a bug with a configuration in which the shell's kill builtin would be mistreated as a killall command (i.e. '-q' works, and 'kill process_name' succeeds when it shouldn't): CONFIG_ASH_JOB_CONTROL=y CONFIG_HUSH_KILL=y # CONFIG_KILL is not set CONFIG_KILLALL=y # CONFIG_KILLALL5 is not set * Optimize out unneeded code when the relevant applets are not selected. * Move kbuild lines about shells' kill builtins from Kbuild.src to kill.c, to accompany the new HAVE_SH_KILL macro. I hope this would make maintanence a little bit easier. Signed-off-by: Kang-Che Sung <explorer09@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09hush: make echo builtin optionalDenys Vlasenko
It's a bit overkill (who would want it off?) but ash already has it configurable. Let's be symmetric. Also tweak kbuild logic to use ASH_BUILTIN_ECHO to select echo.o, not ASH. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09kill: need not build kill.c when ash's job control is offKang-Che Sung
ash kill builtin depends on the job control config option. Signed-off-by: Kang-Che Sung <explorer09@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09make_single_applets.sh: show errors and warningsDenys Vlasenko
While at it, fix one warning in modprobe-small.c Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09unlzma: expand comments, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09unlzma: fix erroneous "while" instead of "if". Closes 4682Denys Vlasenko
These parts of the code essentially check whether stepping back by rep0 goes negative or not. LZMA SDK from lzma1604.7z has the following in the corresponding places: ... = dic[dicPos - rep0 + (dicPos < rep0 ? dicBufSize : 0)] Clearly, not loop here. Technically, "while" here works: if condition is false (because pos underflowed), it iterates once, adds header.dict_size (a.k.a. dicBufSize), this makes pos positive but smaller than header.dict_size, and loop exits. Now we'll just check for negative result of subtraction, which is less code: function old new delta unpack_lzma_stream 2659 2641 -18 (I hope 2 Gbyte+ dictionaries won't be in use soon). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09unzip: match "Defl:?" display with info-zip; cosmetic code shufflingDenys Vlasenko
Large nested indented code blocks made more sane with a few gotos. function old new delta unzip_main 2491 2519 +28 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09unzip: optional support for xzDenys Vlasenko
function old new delta unzip_main 2476 2491 +15 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09unzip: optional support for bzip2 and lzmaDenys Vlasenko
function old new delta unzip_main 2376 2476 +100 bbunpack 750 745 -5 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09modprobe-small: build fixesDenys Vlasenko
Was throwing some build errors: CONFIG_MODPROBE_SMALL=y CONFIG_DEPMOD=y CONFIG_LSMOD=y CONFIG_MODINFO=y CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED=y error: unused variable 'exitcode' modutils/modprobe-small.c: In function 'modprobe_main': modutils/modprobe-small.c:1060: error: control reaches end of non-void function Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-09modprobe-small: optimizations for single applet buildExplorer09
(I'm requesting for a review first because I fear such an aggressive change could lead to bugs. While I observe the sizes have reduced, I haven't test the functionality of each applet after that. So please test before merging.) Aggressively cut off unneeded code when the relevant applets are not built. Correct dependencies of FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE and FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED. Don't bother with the '-r' option check if only rmmod is built (assume true then), or when neither rmmod or mobprobe is built (assume false then). Size comparison before and after the change (single applet configuration): text data bss dec hex filename 34778 946 112 35836 8bfc old/busybox_DEPMOD 34151 946 112 35209 8989 new/busybox_DEPMOD 34903 946 112 35961 8c79 old/busybox_INSMOD 28316 778 112 29206 7216 new/busybox_INSMOD 35228 962 112 36302 8dce old/busybox_LSMOD 5011 706 40 5757 167d new/busybox_LSMOD 34830 946 112 35888 8c30 old/busybox_MODPROBE 34795 946 112 35853 8c0d new/busybox_MODPROBE 34718 946 112 35776 8bc0 old/busybox_RMMOD 7502 714 104 8320 2080 new/busybox_RMMOD Signed-off-by: Kang-Che Sung <explorer09@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>