aboutsummaryrefslogtreecommitdiff
path: root/networking
AgeCommit message (Collapse)Author
2017-01-18tls: teach it to send AES256-encrypted dataDenys Vlasenko
>> CLIENT_HELLO wrote 50 bytes insize:0 tail:0 got block len:74 got HANDSHAKE << SERVER_HELLO insize:79 tail:0 got block len:2397 got HANDSHAKE << CERTIFICATE key bytes:271, first:0x00 server_rsa_pub_key.size:256 insize:2402 tail:0 got block len:4 got HANDSHAKE << SERVER_HELLO_DONE >> CLIENT_KEY_EXCHANGE wrote 267 bytes master secret:c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 client_write_MAC_key:3b0b7e2bab241b629c37eb3a3824f09b39fe71a00876b0c8026dda16ef0d2f82 client_write_key:d36e801470ed2f0a8fc886ac25df57ffbe4265d06e3192122c4ef4df1e32fab2 >> CHANGE_CIPHER_SPEC from secret: c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 from labelSeed: 636c69656e742066696e6973686564b22e0e6008b8ee218cc02e4a93e4a42b570535f9b57662e262d43b379d125b69 => digest: a45bfee8ed6507a2a9920d0c >> FINISHED before crypt: 5 hdr + 16 data + 32 hash bytes writing 5 + 16 IV + 64 encrypted bytes, padding_length:0x0f wrote 85 bytes insize:9 tail:0 got block len:1 << CHANGE_CIPHER_SPEC insize:6 tail:0 got block len:80 < hdr_type:22 ver:3.3 len:80 type:21 len24:9541723 |1591985b...a3da| The last line is the server's FINISHED response, encrypted. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: added AES code and made it compile. not used yetDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: massage writing for encryption support; finer-grained debugDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: address one easy FIXME, tidy up commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: process CHANGE_CIPHER_SPEC and FINISHED from serverDenys Vlasenko
Successfully finishes handshake with test servers using NULL-SHA256 cipher. The "only" thing remaining before there is a chance this can actually work with real servers is AES encrypt/decrypt. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: rearrange function order, improve commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: make our send_client_finished() pass server checkDenys Vlasenko
sha256 hash should be calculated over incoming handshake packets too! Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16tls: format FINISHED message properly for unencrypted, but sha256 signed modeDenys Vlasenko
Now it at least looks correct, but unfortunately "openssl s_server" says my hash is wrong. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16Assorted warning fixes and added a comment, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16tls: add sha256 hmac and prf codeDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: rearrange code, add/improve comments, fix whitespace, no real changes hereDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: send CHANGE_CIPHER_SPECDenys Vlasenko
To "actually implement it" will take more work... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15whitespace fixDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: format and send CLIENT_KEY_EXCHANGEDenys Vlasenko
$ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4265 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30 entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30 skipped der 0x30, next byte 0x03 entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00 key bytes:399, first:0x00 entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02 binary bytes:385, first:0x00 skipped der 0x02, next byte 0x02 binary bytes:3, first:0x01 server_rsa_pub_key.size:384 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE insize:9 tail:0 ^C Next step: send CHANGE_CIPHER_SPEC... and actually implement it. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: DER length byte 0x81 is actually validDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: a bit more workDenys Vlasenko
$ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4406 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8f7e723:0x30 len:1452 inner_byte @0x8f7e727:0x30 entered der @0x8f7e727:0x30 len:1172 inner_byte @0x8f7e72b:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8f7e830:0x30 len:418 inner_byte @0x8f7e834:0x30 skipped der 0x30, next byte 0x03 entered der @0x8f7e843:0x03 len:399 inner_byte @0x8f7e847:0x00 copying key bytes:399, first:0x00 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE Now need to teach it to send ClientKeyExchange... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: work-in-progress TLS1.2 test appletDenys Vlasenko
function old new delta tls_main - 733 +733 dump - 230 +230 xread_tls_block - 180 +180 get_der_len - 76 +76 enter_der_item - 70 +70 skip_der_item - 56 +56 get24be - 24 +24 tls_error_die - 19 +19 packed_usage 31010 31027 +17 applet_names 2549 2553 +4 applet_main 1472 1476 +4 applet_suid 92 93 +1 applet_install_loc 184 185 +1 ------------------------------------------------------------------------------ (add/remove: 9/0 grow/shrink: 5/0 up/down: 1415/0) Total: 1415 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11wget: fix for brain-damaged HTTP servers. Closes 9471Denys Vlasenko
write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74 shutdown(3, SHUT_WR) = 0 alarm(900) = 900 read(3, "", 1024) = 0 write(2, "wget: error getting response\n", 29) = 29 exit(1) The peer simply does not return anything. It closes its connection. Probably it detects wget closing its writing end: shutdown(3, SHUT_WR). The point it, closing write side of the socket is _valid_ for HTTP. wget sent the full request, it won't be sending anything more: it will only receive the response, and that's it. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11Move FEATURE_AUTOWIDTH config option to two applets which use itDenys Vlasenko
No code changes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10Big cleanup in config help and descriptionDenys Vlasenko
Redundant help texts (one which only repeats the description) are deleted. Descriptions and help texts are trimmed. Some config options are moved, even across menus. No config option _names_ are changed. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-08httpd: fix address family for reverse proxy client socketLaurent Bercot
When httpd proxies a request to another server, it first creates an AF_INET socket, then resolves the server name to a sockaddr, then connects to it. This fails if the server name resolves to an IPv6 address. This patch ensures that the socket is created with the correct address family (AF_INET6 if the server resolves to an IPv6 address and AF_INET otherwise). Signed-off-by: Laurent Bercot <ska-dietlibc@skarnet.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-06ntpd: improve postponed hostname resolutionNatanael Copa
Run the namelookup from the main loop so a misspelled first ntp server name does not block everything forever. This fixes the following situation which would block forever: $ sudo ./busybox ntpd -dn -p foobar -p pool.ntp.org ntpd: bad address 'foobar' ntpd: bad address 'foobar' ntpd: bad address 'foobar' ... New behavior: ntpd: bad address 'foobar' ntpd: sending query to 137.190.2.4 ntpd: reply from 137.190.2.4: offset:-1.009775 delay:0.175550 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x01 ntpd: sending query to 137.190.2.4 ntpd: reply from 137.190.2.4: offset:-1.009605 delay:0.175461 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x03 ntpd: sending query to 137.190.2.4 ntpd: reply from 137.190.2.4: offset:-1.005327 delay:0.167027 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x07 ntpd: sending query to 137.190.2.4 ntpd: bad address 'foobar' ntpd: reply from 137.190.2.4: offset:-1.046349 delay:0.248705 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x0f This patch is based on Kaarle Ritvanens work. http://lists.busybox.net/pipermail/busybox/2016-May/084197.html function old new delta ntpd_main 1061 1079 +18 ntp_init 556 560 +4 resolve_peer_hostname 81 75 -6 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/1 up/down: 22/-6) Total: 16 bytes Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-04udhcp: tweak config order and menu item namesDenys Vlasenko
All other applets are listed simply by their name, no reason why dumpleases doesn't do that. Group all udhcpd feature options directly after it. Put "NOT READY" into udhcpc6 item (some users actually tried to use it, and complained). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-03Fix dependency for IFUPDOWN_UDHCPC_CMD_OPTIONSJörg Krause
Commit a8c696bf09d8151323f6e99348c4bc8989f829c8 makes ifup and ifdown individually selectable, but forgets to update the dependency to IFUPDOWN_UDHCPC_CMD_OPTIONS, so it is not selectable anymore. This patch fixes the dependency by checking for IFUP or IFDOWN, instead of the obsolete IFUPDOWN. Also, it drops dependency on UDHCPC: udhcpc on the target system does not have to come from the _same_ binary. Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-02tcpudp: define SO_ORIGINAL_DST directly, not via includeDenys Vlasenko
musl does not like including linux/netfilter_ipv4.h (enum / #define collision in two headers, resulting in "3 = 3" type situation in enum definition). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-12-23Remove FEATURE_IFUPDOWN_IP_BUILTIN and FEATURE_IFUPDOWN_IFCONFIG_BUILTINDenys Vlasenko
They merely enable ip or ifconfig/route. There is already a way to do this on the same menuconfig page. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-12-23fix breakage found by mass one-applet buildsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-12-22ip: make ip aliases individually selectableDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-12-22Make POST upload example script easier to useDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-12-22Update information on building httpd and wget helpersDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-12-18libiproute: handle table ids larger than 255Lukasz Nowak
Linux kernel, starting from 2.6.19 allows ip table ids to have 32-bit values. In order to preserve compatibility, the old 8-bit field: rtm_table is still in use when table id is lower than 256. Add support for the 32-bit table id (RTA_TABLE attribute) in: - ip route print - ip route modify - ip rule print - ip rule modify Add printing of table ids to ip route. Changes are compatible with the mainline iproute2 utilities. These changes are required for compatibility with ConnMan, which by default uses table ids greater than 255. function old new delta print_route 1588 1637 +49 do_iproute 2187 2222 +35 do_iprule 955 987 +32 print_rule 617 630 +13 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 4/0 up/down: 129/0) Total: 129 bytes Signed-off-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-28Code style fixes, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23Convert all udhcp applets to "new style" applet definitionsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23tc: consolidate its disabled bitsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23Make ping6 and traceroute6 selectable independently from ping/tracerouteDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23ipneigh: add this shortcur similar to other "ip <CMD>" shortcutsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23Rename FEATURE_FTP_WRITE and FEATURE_FTP_AUTHENTICATION to *_FTPD_*Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23Convert all networking/* applets to "new style" applet definitionsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-22httpd: explain why we use sprintf and why it should be fineDenys Vlasenko
While at it, fix a pathological case where it is not fine: -r REALM with some 8-kbyte long REALM would overflow the buffer. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-14Make ifup and ifdown individually selectable.Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-13dnsdomainname: split it from "hostname", make it independently selectableDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-25udhcpc: check read of overload option data byte to be within packetDenys Vlasenko
function old new delta udhcp_get_option 220 225 +5 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-25udhcpc: check read of option length byte to be within packetBrian Foley
function old new delta udhcp_get_option 215 220 +5 udhcp_run_script 802 803 +1 Signed-off-by: Brian Foley <bpfoley@google.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-13telnetd: ifdef out a buggy error handling code pathDenys Vlasenko
Here, not handling the error is would just eat one input 0xff char. Correct handling would need even more corner case handling, as-is buggy handling corrupts the buffer. Since we just been told by kernel that pty is ready, EAGAIN should not be happening here anyway. function old new delta telnetd_main 1798 1785 -13 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-12telnet: code shrinkDenys Vlasenko
put_iac2(w,c) is mostly used with constants, fold them into one arg function old new delta put_iac2_merged - 46 +46 telnet_main 1603 1583 -20 con_escape 285 257 -28 put_iac2 50 - -50 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 0/2 up/down: 46/-98) Total: -52 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-12telnetd: add another handshake example in comments, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-12telnetd: treat all 2-byte IACs in 240..249 range as NOPs.Denys Vlasenko
A bit of future-proofing. Some of them can stand just being ignored. function old new delta telnetd_main 1791 1798 +7 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-12telnetd: fix corner case of input processing of 0xff bytesDenys Vlasenko
I managed to reproduce the bug, with some difficulty. function old new delta telnetd_main 1780 1791 +11 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-12telnetd: fix a corner case where CRLF->CR translation can misbehaveDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-12telnetd: fix handling of short writes to ptyDenys Vlasenko
If a write to pty is short, remove_iacs() can be run on a buffer repeatedly. This, for example, can eat 0xff chars (IACs, in telnet terms). Rework the logic to handle IACs in a special "write to pty" function. function old new delta telnetd_main 1662 1750 +88 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>