aboutsummaryrefslogtreecommitdiff
path: root/networking
AgeCommit message (Collapse)Author
2018-11-23tls: make local buffers in aesgcm_GHASH() explicitly 32-bit alignedDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23tls: code shrinkDenys Vlasenko
function old new delta xwrite_encrypted 599 585 -14 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23tls: simplify aesgcm_GHASH()Denys Vlasenko
function old new delta xwrite_encrypted 604 599 -5 FlattenSzInBits 52 - -52 aesgcm_GHASH 395 262 -133 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 0/2 up/down: 0/-190) Total: -190 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23tls: in AES-CBC code, do not set key for every record - do it onceDenys Vlasenko
function old new delta aes_setkey 16 212 +196 tls_handshake 1941 1977 +36 aes_encrypt_1 382 396 +14 xwrite_encrypted 605 604 -1 tls_xread_record 659 656 -3 aes_encrypt_one_block 65 59 -6 aes_cbc_encrypt 172 121 -51 aesgcm_setkey 58 - -58 aes_cbc_decrypt 958 881 -77 KeyExpansion 188 - -188 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23tls: add support for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipherDenys Vlasenko
function old new delta xwrite_encrypted 209 605 +396 GHASH - 395 +395 aes_encrypt_1 - 382 +382 GMULT - 192 +192 tls_xread_record 489 659 +170 aes_encrypt_one_block - 65 +65 aesgcm_setkey - 58 +58 FlattenSzInBits - 52 +52 tls_handshake 1890 1941 +51 xwrite_and_update_handshake_hash 46 81 +35 xorbuf - 24 +24 aes_setkey - 16 +16 psRsaEncryptPub 413 421 +8 stty_main 1221 1227 +6 ssl_client_main 138 143 +5 next_token 841 845 +4 spawn_ssl_client 218 219 +1 volume_id_probe_hfs_hfsplus 564 563 -1 read_package_field 232 230 -2 i2cdetect_main 674 672 -2 fail_hunk 139 136 -3 parse_expr 891 883 -8 curve25519 802 793 -9 aes_cbc_decrypt 971 958 -13 xwrite_handshake_record 43 - -43 aes_cbc_encrypt 644 172 -472 ------------------------------------------------------------------------------ (add/remove: 9/1 grow/shrink: 9/8 up/down: 1860/-553) Total: 1307 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-18tls: add comment, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-14tls: code shrinkDenys Vlasenko
function old new delta spawn_ssl_client 219 218 -1 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13wget: print "TLS certificate validation not implemented" only once on redirectsDenys Vlasenko
function old new delta spawn_ssl_client 209 219 +10 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13tls: code shrinkDenys Vlasenko
function old new delta tls_get_zeroed_outbuf - 28 +28 static.empty_client_cert 7 - -7 tls_handshake 1930 1890 -40 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 0/1 up/down: 28/-47) Total: -19 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13tls: tidy up recently added ECDSA codeDenys Vlasenko
function old new delta tls_handshake 1935 1930 -5 static.OID_ECDSA_KEY_ALG 21 11 -10 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-15) Total: -15 bytes text data bss dec hex filename 950036 477 7296 957809 e9d71 busybox_old 950048 477 7296 957821 e9d7d busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13tls: code shrinkDenys Vlasenko
function old new delta static.f25519_one 32 - -32 curve25519 835 802 -33 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 0/1 up/down: 0/-65) Total: -65 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13tls: add support for ECDHE-ECDSA-AES-128-CBC-SHA and x25519 curveDenys Vlasenko
function old new delta curve25519 - 835 +835 tls_handshake 1619 1935 +316 xc_diffadd - 230 +230 fe_mul__distinct - 149 +149 lm_sub - 103 +103 lm_add - 82 +82 fe_mul_c - 74 +74 fe_select - 45 +45 static.f25519_one - 32 +32 static.basepoint9 - 32 +32 static.OID_ECDSA_KEY_ALG - 21 +21 static.OID_RSA_KEY_ALG - 13 +13 static.supported_groups - 8 +8 static.empty_client_cert - 7 +7 der_binary_to_pstm 40 42 +2 static.expected 13 - -13 ------------------------------------------------------------------------------ (add/remove: 14/1 grow/shrink: 2/0 up/down: 1949/-13) Total: 1936 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-05tls: code shrinkDenys Vlasenko
function old new delta tls_handshake 1643 1619 -24 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04tls: reorder a few more cipher idsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04tls: move TLS_AES_128_GCM_SHA256 definition upDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04tls: add more cipher ids, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-03udhcpc: code shrinkDenys Vlasenko
function old new delta perform_release 112 172 +60 send_release 81 - -81 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 1/0 up/down: 60/-81) Total: -21 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-30ntpd: default to FEATURE_NTP_AUTH=yDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-30udhcpc: ensure at least one unicast renew attemptDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-27ntpd: add support for MD5/SHA1 message authenticationBrandon P. Enochs
Add support for MD5 message authentication as described in RFC 5905. This patch also supports SHA1 authentication. The key file format is the same file format as used by ntpd. The configuration file format follows standard Unix conventions (# comments) with lines consist of the following fields separated by whitespace: <key identifier, [1,65535]> <SHA1|MD5> <an ASCII string of up to 20 characters|an octet string [a-zA-F0-9] of up to 40 characters>. https://www.ietf.org/rfc/rfc5905.txt function old new delta ntp_init 473 987 +514 hash - 125 +125 recv_and_process_peer_pkt 889 961 +72 packed_usage 33066 33130 +64 ntpd_main 1226 1277 +51 find_key_entry - 29 +29 add_peers 195 207 +12 recv_and_process_client_pkt 509 514 +5 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 6/0 up/down: 872/0) Total: 872 bytes Signed-off-by: Brandon P. Enochs <enochs.brandon@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-24nbd-client: support newstyle protocol, -b, -d, -p, -NDenys Vlasenko
Recognize the "newstyle" protocol and switch to it automatically. Add options for setting blocksize (-b) and for disconnecting a nbd device (-d). function old new delta nbdclient_main 492 1179 +687 static.long_options - 80 +80 print_direc 438 457 +19 brctl_main 1169 1183 +14 bb_strtoll 84 89 +5 packed_usage 33082 33066 -16 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 4/1 up/down: 805/-16) Total: 789 bytes Signed-off-by: Elvira Khabirova <lineprinter@altlinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-01brctl: use a single buffer for brname and ifnameBernhard Reutner-Fischer
function old new delta brctl_main 1681 1675 -6 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-6) Total: -6 bytes Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
2018-09-30ifupdown: support "source-directory" stanzaBrandon Maier
Support the "source-directory" stanza from ifupdown[1]. source-directory will include all files in the named directory. Similar to the Busybox version of the "source" stanza, this version of source-directory does not currently support shell wildcards. We only check that the stanza starts with "source-dir" as ifupdown does[2]. [1] https://manpages.debian.org/stretch/ifupdown/interfaces.5.en.html#INCLUDING_OTHER_FILES [2] https://salsa.debian.org/debian/ifupdown/blob/0.8.33/config.c#L498 function old new delta read_interfaces 1150 1241 +91 Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-09-28udhcpc: give SIGUSR1-induced renew one chance of unicast renewDenys Vlasenko
The caps were inconsistent: timeout to renew was capped at 20 seconds, and any renews with timeout <= 60 seconds were forced to broadcast. function old new delta udhcpc_main 2683 2680 -3 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-09-13ntpd: more verbose message for "root distance too high" caseDenys Vlasenko
Managed to make ntpd on one of my machines to be stuck getting "root distance too high" all the time, but log is not giving me more informatin what exactly is happening... function old new delta select_and_cluster 1045 1095 +50 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-09-04whois: fix a possible out-of-bounds stack accessDenys Vlasenko
If fgets() returns incomplete string, we replace NUL with '\n', and then trim() runs on a non-NUL-terminated buffer. Prevent that. While at it, bump buffer from 1k to 2k. function old new delta query 519 524 +5 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-25ping: use setitimer() instead of ualarm()Denys Vlasenko
function old new delta sendping_tail 218 265 +47 ualarm 79 - -79 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 1/0 up/down: 47/-79) Total: -32 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-14ip: tweak --help textDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-03ping: implement -i SECDenys Vlasenko
function old new delta common_ping_main 1862 1968 +106 ualarm - 79 +79 packed_usage 32858 32897 +39 sendping_tail 204 218 +14 ------------------------------------------------------------------------------ (add/remove: 5/0 grow/shrink: 3/0 up/down: 320/0) Total: 320 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-03ntpd: show real, unclamped delays on low-latency networksDenys Vlasenko
On fast network, I've seen "delay:0.002000" shown for all packets, thus completely losing information on what real delays are. The new code is careful to not reject packets with tiny delays if the delay "grows a lot" but is still tiny: 0.000009 is "much larger" than 0.000001 (nine times larger), but is still very good small delay. function old new delta recv_and_process_peer_pkt 863 889 +26 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-01nslookup: add support for search domains, closes 11161Denys Vlasenko
function old new delta parse_resolvconf - 311 +311 add_query_with_search - 105 +105 nslookup_main 873 757 -116 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 0/1 up/down: 416/-116) Total: 300 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-01udhcpc: add a cooment about sanitizing DHCP_DOMAIN_NAME, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-01udhcpc: do in fact not allow hostname components which start with dashDenys Vlasenko
function old new delta xmalloc_optname_optval 879 893 +14 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-25htpd: increase MIN_FREQHOLD by 3Denys Vlasenko
This means we'll start correcting frequency ~5 minutes after start, not ~3.5 ones. With previos settings I still often see largish ~0.7s initial offsets only about 1/2 corrected before frequency correction kicks in, resulting in ~200ppm "correction" which is then slowly undone. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-04udhcp: add decimal option values in comments, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-04udhcp: tweak comment indentation, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-04udhcp: add option 211, "reboot time"Jeremy Kerr
As defined in RFC 5071. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-02wget: fix fetching of https URLs without http proxyDenys Vlasenko
The "fix fetching of https URLs with http proxy" commit broke the usual http-to-https redirect: $ wget http://busybox.net/downloads/busybox-1.29.0.tar.bz2 Connecting to busybox.net (140.211.167.122:80) Connecting to busybox.net (140.211.167.122:443) wget: server returned error: HTTP/1.1 400 Bad Request Fixing... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-02ntpd: increase minimum G.FREQHOLD_cnt from 8 to 10Denys Vlasenko
With ~0.9 initiall offsets, using 8 results in a bit too eager frequency correction. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-27nslookup: placate "warning: unused variable i"Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-24tls: fix to handle X.509 v1 certificates correctlyIvan Abrea
The syntax of public key certificates can be found in RFC 5280 section 4.1. The relevant part of the syntax is the following: TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, ... remaining fields omitted ... } The version field has a default value of v1. RFC 5280 section 4.1.2.1 says the following: If only basic fields are present, the version SHOULD be 1 (the value is omitted from the certificate as the default value); however, the version MAY be 2 or 3. To help detect if the version field is present or not, the type of the version field has an explicit tag of [0]. Due to this tag, if the version field is present, its encoding will have an identifier octet that is distinct from that of the serialNumber field. ITU-T X.690 specifies how a value of such a type should be encoded with DER. There is a PDF of X.690 freely available from ITU-T. X.690 section 8.1.2 specifies the format of identifier octets which is the first component of every encoded value. Identifier octets encode the tag of a type. Bits 8 and 7 encode the tag class. Bit 6 will be 0 if the encoding is primitive and 1 if the encoding is constructed. Bits 5 to 1 encode the tag number. X.690 section 8.14 specifies what the identifier octet should be for explicitly tagged types. Section 8.14.3 says if implicit tagging is not used, then the encoding shall be constructed. The version field uses explicit tagging and not implicit tagging, so its encoding will be constructed. This means bit 6 of the identifier octet should be 1. X.690 section 8.14 and Annex A provide examples. Note from their examples that the notation for tags could look like [APPLICATION 2] where both the tag class and tag number are given. For this example, the tag class is 1 (application) and the tag number is 2. For notation like [0] where the tag class is omitted and only the tag number is given, the tag class will be context-specific. Putting this all together, the identifier octet for the DER encoding of the version field should have a tag class of 2 (context-specific), bit 6 as 1 (constructed), and a tag number of 0. Signed-off-by: Ivan Abrea <ivan@algosolutions.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-24ntpd: deprecate IPTOS_LOWDELAY in favor of IPTOS_DSCP_AF21Codarren Velvindron
Update QoS markers. Use DSCP AF21 for interactive traffic. DSCP is defined in RFC2474. Many modern equipment no longer support IPTOS. Signed-off-by: Codarren Velvindron <codarren@hackers.mu> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-21udhcpc: remove code which requires server ID to be on local networkDenys Vlasenko
This reverts "udhcpc: paranoia when using kernel UDP mode for sending renew: server ID may be bogus". Users complain that they do have servers behind routers (with DHCP relays). function old new delta send_packet 168 166 -2 bcast_or_ucast 25 23 -2 udhcp_send_kernel_packet 301 295 -6 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-10) Total: -10 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-06restore documentation on the build config languageKartik Agaram
Kconfig-language.txt was deleted in commit 4fa499a17b52b back in 2006. Move to docs/ as suggested by Xabier Oneca: http://lists.busybox.net/pipermail/busybox/2014-May/080914.html Also update references to it everywhere. Signed-off-by: Kartik Agaram <akkartik@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-28wget: emit a message that certificate verification is not implementedDenys Vlasenko
function old new delta spawn_ssl_client 185 209 +24 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-24udhcpc6: carry along length of packet when parsing it.David Decotigny
This is to avoid parsing garbage past packet's actual end. Also const-ize params to a few functions. function old new delta d6_run_script_no_option - 12 +12 option_to_env 791 798 +7 d6_run_script 253 255 +2 perform_d6_release 95 93 -2 udhcpc6_main 2596 2592 -4 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 2/2 up/down: 21/-6) Total: 15 bytes Signed-off-by: David Decotigny <ddecotig@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-24udhcpc6: ignore invalid OPTION_IAADDRDavid Decotigny
Signed-off-by: David Decotigny <ddecotig@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-24nc: fix the !NC_SERVER configurationDenys Vlasenko
The symptom is the "nc: NO OPT l!" message. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-14udhcpc6: set -x options in requestDenys Vlasenko
Last foru commits: function old new delta option_to_env 621 791 +170 .rodata 168351 168505 +154 attach_option 431 506 +75 add_d6_client_options 112 167 +55 d6_option_strings 30 84 +54 udhcp_str2optset 644 660 +16 d6_optflags 12 20 +8 udhcpc6_main 2590 2596 +6 udhcpc_main 2648 2651 +3 read_optset 15 18 +3 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 10/0 up/down: 544/0) Total: 544 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-14udhcpc6: add PXELINUX optionsSamuel Mendoza-Jonas
Add support for the PXELINUX options 209 ("ConfigFile") and 210 ("PathPrefix") in the DHCPv6 client. See also: RFC5071, "Dynamic Host Configuration Protocol Options Used by PXELINUX". Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>