Denys Vlasenko
89193f985b
tls: can download kernels now :)
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 18:08:07 +01:00
Denys Vlasenko
1500b3a50d
tls: if got CERTIFICATE_REQUEST, send an empty CERTIFICATE
...
wolfssl test server is not satisfied by an empty one,
but some real servers might be.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 17:06:10 +01:00
Denys Vlasenko
49ecee098d
tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't work
...
Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;)
This change adds inevitable extension to have different sized hashes and AES key sizes.
In libbb, md5_end() and shaX_end() are extended to return result size instead of void -
this helps *a lot* in tls (the cost is ~5 bytes per _end() function).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 16:00:54 +01:00
Denys Vlasenko
9a64c3337c
ls: convert DISP_DIRNAME to a bool variable
...
function old new delta
ls_main 553 548 -5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 20:46:12 +01:00
Denys Vlasenko
ccc1699e3e
ls: get rid of opt_flags[], handle -l1c through option_mask32
...
function old new delta
display_single 885 888 +3
scan_and_display_dirs_recur 496 486 -10
opt_flags 11 - -11
ls_main 618 553 -65
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/2 up/down: 3/-86) Total: -83 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 20:43:06 +01:00
Denys Vlasenko
92c6898e10
ls: handle -x through option_mask32, remove default -C from --help
...
function old new delta
packed_usage 31024 31002 -22
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 20:21:14 +01:00
Denys Vlasenko
4cde4cca65
ls: handle -d and -R through option_mask32
...
function old new delta
scan_and_display_dirs_recur 545 550 +5
display_single 1039 1044 +5
append_char 67 68 +1
display_files 399 396 -3
ls_main 736 717 -19
opt_flags 68 11 -57
.rodata 168864 168784 -80
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/4 up/down: 11/-159) Total: -148 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 20:08:22 +01:00
Denys Vlasenko
96d9c5bdbd
ls: handle -p and -F through option_mask32
...
function old new delta
display_single 1039 1044 +5
append_char 67 68 +1
display_files 399 396 -3
scan_and_display_dirs_recur 545 541 -4
ls_main 736 722 -14
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/3 up/down: 6/-21) Total: -15 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 19:56:13 +01:00
Denys Vlasenko
51b01fda30
ls: LIST_ID_NAME/ID_NUMERIC/LOPT/LONG are the same, merge as LONG
...
Also, handle -n and --full-time using option_mask32
function old new delta
scan_and_display_dirs_recur 548 545 -3
display_single 1053 1039 -14
ls_main 777 736 -41
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-58) Total: -58 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 19:42:12 +01:00
Denys Vlasenko
a1cbaca1ba
ls: make -Z output compatible with GNU coreutils 8.25
...
This also makes it clear that LIST_MODEBITS == LIST_LOPT
function old new delta
ls_main 752 777 +25
display_files 400 399 -1
display_single 1055 1053 -2
my_stat 320 317 -3
packed_usage 32311 32280 -31
.rodata 168895 168864 -31
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/5 up/down: 25/-68) Total: -43 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 19:30:14 +01:00
Denys Vlasenko
2c3131d88e
ls: LIST_NLINKS/SIZE/DATE_TIME/SYMLINK are always the same, merge as LIST_LOPT
...
They are always set and cleared together
function old new delta
append_char 69 68 -1
display_single 910 908 -2
ls_main 677 664 -13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-16) Total: -16 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 19:05:11 +01:00
Denys Vlasenko
5d43ddc59b
ls: handle -s through option_mask32
...
function old new delta
scan_and_display_dirs_recur 493 494 +1
sort_and_display_files 424 423 -1
ls_main 682 677 -5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 18:43:43 +01:00
Denys Vlasenko
b60686cc2a
ls: handle -i through option_mask32
...
function old new delta
sort_and_display_files 420 424 +4
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 18:34:11 +01:00
Denys Vlasenko
f5bd6f631c
ls: handle -a and -A through option_mask32
...
function old new delta
ls_main 685 682 -3
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 18:24:05 +01:00
Denys Vlasenko
11540a8da4
ls: handle all sort options through option_mask32
...
function old new delta
packed_usage 31007 31024 +17
my_stat 318 324 +6
sort_and_display_files 419 420 +1
print_name 216 217 +1
sortcmp 228 216 -12
opt_flags 96 64 -32
ls_main 732 685 -47
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/3 up/down: 25/-91) Total: -66 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 18:01:48 +01:00
Denys Vlasenko
7a18b9502a
tls: reorder tls_handshake_data fields for smaller size, tweak comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 16:37:04 +01:00
Denys Vlasenko
b5bf1913d3
tls: send EMPTY_RENEGOTIATION_INFO_SCSV in our client hello
...
Hoped this can make cdn.kernel.org to like us more. Nope.
While at it, made error reporting more useful.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 16:12:17 +01:00
Denys Vlasenko
9492da7e63
tls: set TLS_DEBUG to 0; placate a gcc indentation warning
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 01:15:13 +01:00
Denys Vlasenko
9a647c326a
separate TLS code into a library, use in in wget
...
A new applet, ssl_client, is the TLS debug thing now.
It doubles as wget's NOMMU helper.
In MMU mode, wget still forks, but then directly calls TLS code,
without execing.
This can also be applied to sendmail/popmail (SMTPS / SMTP+starttls support)
and nc --ssl (ncat, nmap's nc clone, has such option).
function old new delta
tls_handshake - 1691 +1691
tls_run_copy_loop - 443 +443
ssl_client_main - 128 +128
packed_usage 30978 31007 +29
wget_main 2508 2535 +27
applet_names 2553 2560 +7
...
xwrite_encrypted 360 342 -18
tls_main 2127 - -2127
------------------------------------------------------------------------------
(add/remove: 4/1 grow/shrink: 13/8 up/down: 2351/-2195) Total: 156 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 01:08:16 +01:00
Denys Vlasenko
e1f90d13fa
ls: -1 should be ignored by -l (and options which imply -l)
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-22 22:02:19 +01:00
Denys Vlasenko
f580baf94a
ls: more correct handling of -c, -u
...
function old new delta
my_stat 302 318 +16
packed_usage 30977 30969 -8
display_single 928 910 -18
sortcmp 258 228 -30
ls_main 776 732 -44
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/4 up/down: 16/-100) Total: -84 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-22 19:02:57 +01:00
Denys Vlasenko
194b2ebd2a
ls: replace -e with --full-time, add --group-directories-first, delete -K
...
-K and -e were non-standard
function old new delta
static.ls_longopts 9 47 +38
ls_main 748 776 +28
display_single 901 928 +27
sortcmp 254 258 +4
ls_options 32 31 -1
opt_flags 100 96 -4
packed_usage 31032 30977 -55
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/3 up/down: 97/-60) Total: 37 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-22 17:32:20 +01:00
Denys Vlasenko
12389889c0
ip: better --help
...
Was:
Usage: ip [OPTIONS] address|route|link|tunnel|neigh|rule [COMMAND]
ip [OPTIONS] OBJECT [COMMAND]
where OBJECT := address|route|link|tunnel|neigh|rule
OPTIONS := -f[amily] inet|inet6|link | -o[neline]
User: instead of repeating list of OBJECTs twice, you could at least
show available COMMANDs...
Now:
Usage: ip [OPTIONS] address|route|link|tunnel|neigh|rule [COMMAND]
OPTIONS := -f[amily] inet|inet6|link | -o[neline]
COMMAND :=
ip addr add|del IFADDR dev IFACE | show|flush [dev IFACE] [to PREFIX]
ip route list|flush|add|del|change|append|replace|test ROUTE
ip link set IFACE [up|down] [arp on|off] | show [IFACE]
ip tunnel add|change|del|show [NAME]
[mode ipip|gre|sit]
[remote ADDR] [local ADDR] [ttl TTL]
ip neigh show|flush [to PREFIX] [dev DEV] [nud STATE]
ip rule [list] | add|del SELECTOR ACTION
While at it, tweak tc --help too (it stays disabled, thus no effect)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 14:27:07 +01:00
Denys Vlasenko
8908c1d4f5
more ip --help fixes
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 03:56:46 +01:00
Denys Vlasenko
f3d705f41b
make --help texts smaller
...
function old new delta
packed_usage 31035 30968 -67
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 03:46:57 +01:00
Denys Vlasenko
bbc7bee966
make --help texts more uniform
...
function old new delta
packed_usage 31062 31035 -27
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 02:49:58 +01:00
Denys Vlasenko
f6e20724d4
tls: reorder tls_state fields for smaller offsets
...
function old new delta
xwrite_encrypted 363 360 -3
xwrite_and_update_handshake_hash 117 114 -3
tls_xread_handshake_block 72 69 -3
tls_error_die 211 202 -9
tls_get_outbuf 64 49 -15
tls_main 2163 2127 -36
tls_xread_record 702 639 -63
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/7 up/down: 0/-132) Total: -132 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 02:08:34 +01:00
Denys Vlasenko
dd2577f21a
tls: send SNI in the client hello
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 22:48:41 +01:00
Denys Vlasenko
0af5265180
tls: check size on "MAC-only, no crypt" code path too
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 21:23:10 +01:00
Denys Vlasenko
54b927d78b
tls: AES decrypt does one unnecessary memmove
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 21:19:38 +01:00
Denys Vlasenko
3916139ac4
tls: make input buffer grow as needed
...
As it turns out, it goes only up to "inbuf_size:4608"
for kernel.org - fixed 18kb buffer was x4 larger than necessary.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 20:27:06 +01:00
Denys Vlasenko
9731ca7611
password utils: improve --help, make DEFAULT_PASSWD_ALGO visible if CHPASSWD
...
Was:
$ cryptpw --help
...
Print crypt(3) hashed PASSWORD
-P,--password-fd=N Read password from fd N
-m,--method=TYPE Encryption method
-S,--salt=SALT
User: "What methods exist? which one os default?"
Now:
Print crypt(3) hashed PASSWORD
-P,--password-fd N Read password from fd N
-m,--method TYPE des,md5,sha256/512 (default des)
-S,--salt SALT
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 19:47:49 +01:00
Denys Vlasenko
38972a8df1
tls: improve i/o loop
...
With tls_has_buffered_record(), entire kernel.org response
is printed at once, without 6 second pause to see its delayed EOF.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 19:11:14 +01:00
Denys Vlasenko
e7863f394e
tls: was psAesDecrypt'ing one block too many, trashing buffered data
...
For the first time
printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox tls kernel.org
successfully reads entire server response and TLS shutdown.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 18:04:04 +01:00
Denys Vlasenko
6e511393f9
rdate: time(NULL) is shorter than time(&var)
...
function old new delta
rdate_main 251 246 -5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 16:07:14 +01:00
Denys Vlasenko
179e88bec9
rdate: make it do something remotely sane, facing 32-bit time overflow
...
function old new delta
rdate_main 251 254 +3
packed_usage 31029 31023 -6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 16:03:48 +01:00
Denys Vlasenko
19e695ebad
tls: do not use common_bufsiz
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 14:27:58 +01:00
Denys Vlasenko
a0aae9f714
tls: decode alerts and in particular, EOF alert.
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 14:12:10 +01:00
Denys Vlasenko
abbf17abcc
tls: add the i/o loop - largish rework of i/o buffering
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 03:15:09 +01:00
Denys Vlasenko
f7806f9d8f
tls: fix ROL/ROR x86 optimization
...
ALWAYS_INLINE:
function old new delta
psAesInitKey 825 824 -1
ROR 5 - -5
setup_mix2 148 134 -14
psAesDecryptBlock 1184 1139 -45
psAesEncryptBlock 1193 1102 -91
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/4 up/down: 0/-156) Total: -156 bytes
ALWAYS_INLINE + __builtin_constant_p(shift_cnt):
function old new delta
ROR 5 - -5
psAesInitKey 825 818 -7
setup_mix2 148 123 -25
psAesDecryptBlock 1184 1078 -106
psAesEncryptBlock 1193 1017 -176
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/4 up/down: 0/-319) Total: -319 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 16:45:41 +01:00
Denys Vlasenko
432f1ae2ff
tls: tested PSTM_X86_64, not enabling it - too large
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 16:32:38 +01:00
Denys Vlasenko
6b1b004845
tls: commented out psPool_t use
...
function old new delta
psAesEncrypt 159 162 +3
der_binary_to_pstm 42 40 -2
xwrite_and_hash 437 434 -3
xread_tls_block 446 443 -3
pstm_div_2d 449 444 -5
psAesDecrypt 179 174 -5
pstm_init_size 52 45 -7
pstm_init 46 39 -7
pstm_to_unsigned_bin 165 157 -8
tls_main 1265 1256 -9
pstm_mulmod 132 123 -9
pstm_mod 125 116 -9
pstm_init_copy 93 84 -9
psAesInitKey 840 825 -15
send_client_key_exchange 362 342 -20
psAesInit 103 80 -23
psRsaEncryptPub 429 403 -26
psAesDecryptBlock 1211 1184 -27
psAesEncryptBlock 1223 1193 -30
pstm_exptmod 1582 1524 -58
pstm_div 1557 1472 -85
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/20 up/down: 3/-360) Total: -357 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 15:51:00 +01:00
Denys Vlasenko
1bfc4b85a7
ntpd: print result of hostname resolution
...
This is particularly useful if hostname resolution is triggered by
host non-reachability: I saw this in real-life, without the message
it is not at all obvious that IP that we use for a specific host
has changed.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 14:42:34 +01:00
Denys Vlasenko
704c606f48
fdisk: add typical values of -H and -S to --help
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 14:29:42 +01:00
Denys Vlasenko
cccf8e735d
tls: teach it to decrypt AES256-encrypted data
...
This adds decryption only.
There is no MAC verification, code simply throws away MAC.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 00:20:45 +01:00
Denys Vlasenko
a9e1866806
tls: trim comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 21:00:23 +01:00
Denys Vlasenko
b5dfc3dfd6
tls: teach it to send AES256-encrypted data
...
>> CLIENT_HELLO
wrote 50 bytes
insize:0 tail:0
got block len:74
got HANDSHAKE
<< SERVER_HELLO
insize:79 tail:0
got block len:2397
got HANDSHAKE
<< CERTIFICATE
key bytes:271, first:0x00
server_rsa_pub_key.size:256
insize:2402 tail:0
got block len:4
got HANDSHAKE
<< SERVER_HELLO_DONE
>> CLIENT_KEY_EXCHANGE
wrote 267 bytes
master secret:c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78
client_write_MAC_key:3b0b7e2bab241b629c37eb3a3824f09b39fe71a00876b0c8026dda16ef0d2f82
client_write_key:d36e801470ed2f0a8fc886ac25df57ffbe4265d06e3192122c4ef4df1e32fab2
>> CHANGE_CIPHER_SPEC
from secret: c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78
from labelSeed: 636c69656e742066696e6973686564b22e0e6008b8ee218cc02e4a93e4a42b570535f9b57662e262d43b379d125b69
=> digest: a45bfee8ed6507a2a9920d0c
>> FINISHED
before crypt: 5 hdr + 16 data + 32 hash bytes
writing 5 + 16 IV + 64 encrypted bytes, padding_length:0x0f
wrote 85 bytes
insize:9 tail:0
got block len:1
<< CHANGE_CIPHER_SPEC
insize:6 tail:0
got block len:80
< hdr_type:22 ver:3.3 len:80 type:21 len24:9541723 |1591985b...a3da|
The last line is the server's FINISHED response, encrypted.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 20:37:24 +01:00
Denys Vlasenko
b7e9ae6e9f
tls: added AES code and made it compile. not used yet
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 17:20:27 +01:00
Denys Vlasenko
c8ba23bcec
tls: massage writing for encryption support; finer-grained debug
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 06:45:50 +01:00
Denys Vlasenko
5d1662ea1c
tls: address one easy FIXME, tidy up comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 18:17:27 +01:00