Denys Vlasenko
8908c1d4f5
more ip --help fixes
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 03:56:46 +01:00
Denys Vlasenko
f3d705f41b
make --help texts smaller
...
function old new delta
packed_usage 31035 30968 -67
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 03:46:57 +01:00
Denys Vlasenko
bbc7bee966
make --help texts more uniform
...
function old new delta
packed_usage 31062 31035 -27
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 02:49:58 +01:00
Denys Vlasenko
f6e20724d4
tls: reorder tls_state fields for smaller offsets
...
function old new delta
xwrite_encrypted 363 360 -3
xwrite_and_update_handshake_hash 117 114 -3
tls_xread_handshake_block 72 69 -3
tls_error_die 211 202 -9
tls_get_outbuf 64 49 -15
tls_main 2163 2127 -36
tls_xread_record 702 639 -63
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/7 up/down: 0/-132) Total: -132 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 02:08:34 +01:00
Denys Vlasenko
dd2577f21a
tls: send SNI in the client hello
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 22:48:41 +01:00
Denys Vlasenko
0af5265180
tls: check size on "MAC-only, no crypt" code path too
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 21:23:10 +01:00
Denys Vlasenko
54b927d78b
tls: AES decrypt does one unnecessary memmove
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 21:19:38 +01:00
Denys Vlasenko
3916139ac4
tls: make input buffer grow as needed
...
As it turns out, it goes only up to "inbuf_size:4608"
for kernel.org - fixed 18kb buffer was x4 larger than necessary.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 20:27:06 +01:00
Denys Vlasenko
9731ca7611
password utils: improve --help, make DEFAULT_PASSWD_ALGO visible if CHPASSWD
...
Was:
$ cryptpw --help
...
Print crypt(3) hashed PASSWORD
-P,--password-fd=N Read password from fd N
-m,--method=TYPE Encryption method
-S,--salt=SALT
User: "What methods exist? which one os default?"
Now:
Print crypt(3) hashed PASSWORD
-P,--password-fd N Read password from fd N
-m,--method TYPE des,md5,sha256/512 (default des)
-S,--salt SALT
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 19:47:49 +01:00
Denys Vlasenko
38972a8df1
tls: improve i/o loop
...
With tls_has_buffered_record(), entire kernel.org response
is printed at once, without 6 second pause to see its delayed EOF.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 19:11:14 +01:00
Denys Vlasenko
e7863f394e
tls: was psAesDecrypt'ing one block too many, trashing buffered data
...
For the first time
printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox tls kernel.org
successfully reads entire server response and TLS shutdown.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 18:04:04 +01:00
Denys Vlasenko
6e511393f9
rdate: time(NULL) is shorter than time(&var)
...
function old new delta
rdate_main 251 246 -5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 16:07:14 +01:00
Denys Vlasenko
179e88bec9
rdate: make it do something remotely sane, facing 32-bit time overflow
...
function old new delta
rdate_main 251 254 +3
packed_usage 31029 31023 -6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 16:03:48 +01:00
Denys Vlasenko
19e695ebad
tls: do not use common_bufsiz
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 14:27:58 +01:00
Denys Vlasenko
a0aae9f714
tls: decode alerts and in particular, EOF alert.
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 14:12:10 +01:00
Denys Vlasenko
abbf17abcc
tls: add the i/o loop - largish rework of i/o buffering
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 03:15:09 +01:00
Denys Vlasenko
f7806f9d8f
tls: fix ROL/ROR x86 optimization
...
ALWAYS_INLINE:
function old new delta
psAesInitKey 825 824 -1
ROR 5 - -5
setup_mix2 148 134 -14
psAesDecryptBlock 1184 1139 -45
psAesEncryptBlock 1193 1102 -91
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/4 up/down: 0/-156) Total: -156 bytes
ALWAYS_INLINE + __builtin_constant_p(shift_cnt):
function old new delta
ROR 5 - -5
psAesInitKey 825 818 -7
setup_mix2 148 123 -25
psAesDecryptBlock 1184 1078 -106
psAesEncryptBlock 1193 1017 -176
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/4 up/down: 0/-319) Total: -319 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 16:45:41 +01:00
Denys Vlasenko
432f1ae2ff
tls: tested PSTM_X86_64, not enabling it - too large
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 16:32:38 +01:00
Denys Vlasenko
6b1b004845
tls: commented out psPool_t use
...
function old new delta
psAesEncrypt 159 162 +3
der_binary_to_pstm 42 40 -2
xwrite_and_hash 437 434 -3
xread_tls_block 446 443 -3
pstm_div_2d 449 444 -5
psAesDecrypt 179 174 -5
pstm_init_size 52 45 -7
pstm_init 46 39 -7
pstm_to_unsigned_bin 165 157 -8
tls_main 1265 1256 -9
pstm_mulmod 132 123 -9
pstm_mod 125 116 -9
pstm_init_copy 93 84 -9
psAesInitKey 840 825 -15
send_client_key_exchange 362 342 -20
psAesInit 103 80 -23
psRsaEncryptPub 429 403 -26
psAesDecryptBlock 1211 1184 -27
psAesEncryptBlock 1223 1193 -30
pstm_exptmod 1582 1524 -58
pstm_div 1557 1472 -85
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/20 up/down: 3/-360) Total: -357 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 15:51:00 +01:00
Denys Vlasenko
1bfc4b85a7
ntpd: print result of hostname resolution
...
This is particularly useful if hostname resolution is triggered by
host non-reachability: I saw this in real-life, without the message
it is not at all obvious that IP that we use for a specific host
has changed.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 14:42:34 +01:00
Denys Vlasenko
704c606f48
fdisk: add typical values of -H and -S to --help
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 14:29:42 +01:00
Denys Vlasenko
cccf8e735d
tls: teach it to decrypt AES256-encrypted data
...
This adds decryption only.
There is no MAC verification, code simply throws away MAC.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 00:20:45 +01:00
Denys Vlasenko
a9e1866806
tls: trim comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 21:00:23 +01:00
Denys Vlasenko
b5dfc3dfd6
tls: teach it to send AES256-encrypted data
...
>> CLIENT_HELLO
wrote 50 bytes
insize:0 tail:0
got block len:74
got HANDSHAKE
<< SERVER_HELLO
insize:79 tail:0
got block len:2397
got HANDSHAKE
<< CERTIFICATE
key bytes:271, first:0x00
server_rsa_pub_key.size:256
insize:2402 tail:0
got block len:4
got HANDSHAKE
<< SERVER_HELLO_DONE
>> CLIENT_KEY_EXCHANGE
wrote 267 bytes
master secret:c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78
client_write_MAC_key:3b0b7e2bab241b629c37eb3a3824f09b39fe71a00876b0c8026dda16ef0d2f82
client_write_key:d36e801470ed2f0a8fc886ac25df57ffbe4265d06e3192122c4ef4df1e32fab2
>> CHANGE_CIPHER_SPEC
from secret: c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78
from labelSeed: 636c69656e742066696e6973686564b22e0e6008b8ee218cc02e4a93e4a42b570535f9b57662e262d43b379d125b69
=> digest: a45bfee8ed6507a2a9920d0c
>> FINISHED
before crypt: 5 hdr + 16 data + 32 hash bytes
writing 5 + 16 IV + 64 encrypted bytes, padding_length:0x0f
wrote 85 bytes
insize:9 tail:0
got block len:1
<< CHANGE_CIPHER_SPEC
insize:6 tail:0
got block len:80
< hdr_type:22 ver:3.3 len:80 type:21 len24:9541723 |1591985b...a3da|
The last line is the server's FINISHED response, encrypted.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 20:37:24 +01:00
Denys Vlasenko
b7e9ae6e9f
tls: added AES code and made it compile. not used yet
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 17:20:27 +01:00
Denys Vlasenko
c8ba23bcec
tls: massage writing for encryption support; finer-grained debug
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 06:45:50 +01:00
Denys Vlasenko
5d1662ea1c
tls: address one easy FIXME, tidy up comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 18:17:27 +01:00
Denys Vlasenko
e69d78c038
tls: process CHANGE_CIPHER_SPEC and FINISHED from server
...
Successfully finishes handshake with test servers using NULL-SHA256
cipher.
The "only" thing remaining before there is a chance
this can actually work with real servers is AES encrypt/decrypt.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 17:24:11 +01:00
Denys Vlasenko
fe0588df3b
tls: rearrange function order, improve comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 17:04:24 +01:00
Denys Vlasenko
e2cb3b990f
tls: make our send_client_finished() pass server check
...
sha256 hash should be calculated over incoming handshake packets too!
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 16:53:36 +01:00
Denys Vlasenko
9a6897a48a
tls: format FINISHED message properly for unencrypted, but sha256 signed mode
...
Now it at least looks correct, but unfortunately "openssl s_server"
says my hash is wrong.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16 23:26:33 +01:00
Denys Vlasenko
4e08a123b0
Assorted warning fixes and added a comment, no code changes
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16 17:31:05 +01:00
Denys Vlasenko
936e83e694
tls: add sha256 hmac and prf code
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16 04:25:01 +01:00
Denys Vlasenko
6c73aaff38
cryptpw: support "rounds=NNNNNNN$" thing in salts
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 21:48:31 +01:00
Denys Vlasenko
16e7f697f8
libbb: eliminate redundant variable in sha_crypt
...
function old new delta
sha_crypt 1136 1130 -6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 20:59:32 +01:00
Denys Vlasenko
b8935d00b0
sha512: use larger constant table only if sha512 is in fact selected
...
function old new delta
sha_K 640 256 -384
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 20:16:27 +01:00
Denys Vlasenko
3f8ecd933a
tls: rearrange code, add/improve comments, fix whitespace, no real changes here
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 14:16:51 +01:00
Denys Vlasenko
c5540d61f6
tls: send CHANGE_CIPHER_SPEC
...
To "actually implement it" will take more work...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 02:17:03 +01:00
Denys Vlasenko
f78ad0938b
whitespace fix
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:18:22 +01:00
Denys Vlasenko
11d0096516
tls: format and send CLIENT_KEY_EXCHANGE
...
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
Denys Vlasenko
2a17d1fc9b
tls: DER length byte 0x81 is actually valid
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14 22:38:25 +01:00
Denys Vlasenko
b1003f7019
tls: a bit more work
...
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4406
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8f7e723:0x30 len:1452 inner_byte @0x8f7e727:0x30
entered der @0x8f7e727:0x30 len:1172 inner_byte @0x8f7e72b:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8f7e830:0x30 len:418 inner_byte @0x8f7e834:0x30
skipped der 0x30, next byte 0x03
entered der @0x8f7e843:0x03 len:399 inner_byte @0x8f7e847:0x00
copying key bytes:399, first:0x00
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
Now need to teach it to send ClientKeyExchange...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14 13:57:16 +01:00
Denys Vlasenko
ceff6b0ea9
tls: work-in-progress TLS1.2 test applet
...
function old new delta
tls_main - 733 +733
dump - 230 +230
xread_tls_block - 180 +180
get_der_len - 76 +76
enter_der_item - 70 +70
skip_der_item - 56 +56
get24be - 24 +24
tls_error_die - 19 +19
packed_usage 31010 31027 +17
applet_names 2549 2553 +4
applet_main 1472 1476 +4
applet_suid 92 93 +1
applet_install_loc 184 185 +1
------------------------------------------------------------------------------
(add/remove: 9/0 grow/shrink: 5/0 up/down: 1415/0) Total: 1415 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14 12:49:32 +01:00
Denys Vlasenko
a6f8651911
wget: fix for brain-damaged HTTP servers. Closes 9471
...
write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74
shutdown(3, SHUT_WR) = 0
alarm(900) = 900
read(3, "", 1024) = 0
write(2, "wget: error getting response\n", 29) = 29
exit(1)
The peer simply does not return anything. It closes its connection.
Probably it detects wget closing its writing end: shutdown(3, SHUT_WR).
The point it, closing write side of the socket is _valid_ for HTTP.
wget sent the full request, it won't be sending anything more:
it will only receive the response, and that's it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11 20:16:45 +01:00
Denys Vlasenko
098b713c7b
ash: commented-out possible fix for 7694
...
bash has a feature: it restores termios after a successful wait for
a foreground job which had at least one stopped or sigkilled member.
The probable rationale is that SIGSTOP and SIGKILL can preclude task from
properly restoring tty state. Should we do this too?
A reproducer: ^Z an interactive python:
$ python
Python 2.7.12 (...)
>>> ^Z
{ python leaves tty in -icanon -echo state. We do survive that... }
[1]+ Stopped python
{ ...however, next program (python no.2) does not survive it well: }
$ python
Python 2.7.12 (...)
>>> Traceback (most recent call last):
{ above, I typed "qwerty<CR>", but -echo state is still in effect }
File "<stdin>", line 1, in <module>
NameError: name 'qwerty' is not defined
The implementation is modeled on bash code and seems to work.
However, I'm not sure we should do this. For one: what if I'd fg
the stopped python instead? It'll be confused by "restored" tty state.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11 19:59:03 +01:00
Denys Vlasenko
4c179373e0
ash: 16-bit ->nprocs field is a pain for many CPUs
...
function old new delta
getoptscmd 527 540 +13
getjob 280 286 +6
makejob 278 282 +4
forkchild 602 600 -2
waitcmd 208 205 -3
showjob 382 379 -3
getstatus 83 80 -3
dowait 408 405 -3
freejob 93 89 -4
fg_bgcmd 290 286 -4
forkshell 260 255 -5
killcmd 224 218 -6
jobno 17 11 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/10 up/down: 23/-39) Total: -16 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11 18:44:15 +01:00
Denys Vlasenko
ed15dde60a
Move FEATURE_AUTOWIDTH config option to two applets which use it
...
No code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11 16:35:52 +01:00
Denys Vlasenko
6c1f348fa7
Move FEATURE_USE_TERMIOS config option to two applets which use it
...
No code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11 16:27:12 +01:00
Denys Vlasenko
01ccdd1d3c
libbb: consolidate the code to set termios unbuffered mode
...
function old new delta
set_termios_to_raw - 116 +116
count_lines 72 74 +2
powertop_main 1458 1430 -28
top_main 943 914 -29
more_main 759 714 -45
fsck_minix_main 2969 2921 -48
conspy_main 1197 1135 -62
rawmode 99 36 -63
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/6 up/down: 118/-275) Total: -157 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11 16:17:59 +01:00
Denys Vlasenko
8944c67b1f
hush: reinstate [[ builtin
...
Mike deleted it:
commit 39456a18a1
Author: Mike Frysinger <vapier@gentoo.org>
Date: Sat Mar 28 12:21:57 2009 +0000
stop lying about [[ test support
probably because it was not properly ifdefed around, and was enabled
even when bash compat is off.
I just tested it - it works:
$ [ *.diff = z.diff ]; echo $?
0
$ [[ *.diff = z.diff ]]; echo $?
1
Of course, not all numerous bash tricks of [[ ]] are implemented...
function old new delta
bltins2 60 72 +12
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11 14:22:00 +01:00