Commit Graph

2836 Commits

Author SHA1 Message Date
Denys Vlasenko
3a4d5a73a8 tls: prepare for ECDH_anon ciphers
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 19:19:38 +01:00
Denys Vlasenko
c67ff8a1b0 tls: fix a potential (currently "disabled" by a macro) SHA1-related bug
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 18:49:29 +01:00
Denys Vlasenko
63bfe0e4c0 tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC
function                                             old     new   delta
tls_xread_record                                     634     636      +2
xwrite_encrypted                                     579     580      +1
tls_handshake                                       2095    2085     -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10)              Total: -7 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 16:43:53 +01:00
Denys Vlasenko
71fa5b0a4c tls: introduce FEATURE_TLS_SHA1 to make SHA1 code optional
When disabled:

function                                             old     new   delta
xwrite_encrypted                                     580     579      -1
prf_hmac_sha256                                      222     217      -5
hmac_begin                                           158     149      -9
static.ciphers                                        32      20     -12
tls_handshake                                       2115    2095     -20
hmac                                                  87      61     -26
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/6 up/down: 0/-73)             Total: -73 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 16:14:58 +01:00
Denys Vlasenko
32ec5f1705 tls: AES-GCM: in GMULT, avoid memcpy, use one less variable in bit loop
function                                             old     new   delta
GMULT                                                168     159      -9

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-08 21:24:38 +01:00
Denys Vlasenko
b437df1157 inetd: suppress aliasing warning
function                                             old     new   delta
sigprocmask2                                           -       8      +8
wait_for_child_or_signal                             213     218      +5
dowait                                               424     429      +5
block_CHLD_HUP_ALRM                                   62      59      -3
sigprocmask_SIG_SETMASK                               16       -     -16
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 2/1 up/down: 18/-19)             Total: -1 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-08 15:35:24 +01:00
Denys Vlasenko
9f00a0fdb1 tls: make RIGHTSHIFTX() in AES-GCM faster
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-08 13:34:43 +01:00
Denys Vlasenko
dffc8ff6a6 tls: add ECDHE_PSK and remove ARIA cipher ids
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-27 10:35:10 +01:00
Denys Vlasenko
8a46c74f8d tls: add _anon_ cipher definitions
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 17:33:17 +01:00
Denys Vlasenko
2eb04290f9 tls: enable TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher
function                                             old     new   delta
static.ciphers                                        30      32      +2

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 16:39:35 +01:00
Denys Vlasenko
60f784027e tls: cipher 009D is not yet supported, don't test for it
function                                             old     new   delta
tls_handshake                                       2116    2108      -8

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 16:30:22 +01:00
Denys Vlasenko
d9f6c3b091 tls: speed up prf_hmac_sha256()
function                                             old     new   delta
hmac_sha_precomputed                                   -      58     +58
prf_hmac_sha256                                      181     222     +41
hmac_sha256                                           68       -     -68
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 1/0 up/down: 99/-68)             Total: 31 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 15:55:41 +01:00
Denys Vlasenko
d4681c7293 tls: simplify hmac_begin()
function                                             old     new   delta
hmac_begin                                           196     158     -38

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 10:33:23 +01:00
Denys Vlasenko
ca7cdd4b03 tls: add support for 8 more cipher ids - all tested to work
function                                             old     new   delta
tls_handshake                                       2059    2116     +57
static.ciphers                                         -      30     +30
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/0 up/down: 87/0)               Total: 87 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 00:17:10 +01:00
Denys Vlasenko
838b88c044 tls: fix comments
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 18:52:47 +01:00
Denys Vlasenko
330d7f53f7 tls: add a comment on expanding list of supported ciphers
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 17:27:48 +01:00
Denys Vlasenko
a6192f347f tls: do not leak RSA key
function                                             old     new   delta
tls_handshake                                       1957    2059    +102

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 16:17:26 +01:00
Denys Vlasenko
eb53d01be5 tls: code shrink
function                                             old     new   delta
xwrite_and_update_handshake_hash                      81      80      -1
tls_handshake                                       1987    1957     -30

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 14:45:55 +01:00
Denys Vlasenko
a33b008240 tls: code shrink
function                                             old     new   delta
tls_handshake                                       1993    1987      -6

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 14:28:32 +01:00
Denys Vlasenko
be5ca42e8d tls: code shrink
function                                             old     new   delta
aesgcm_GHASH                                         223     196     -27

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 14:03:59 +01:00
Denys Vlasenko
23d0d8caf4 tls: on x86, use xorbuf_aligned_AES_BLOCK_SIZE() even with non-aligned source
function                                             old     new   delta
aesgcm_GHASH                                         228     223      -5

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 12:02:45 +01:00
Denys Vlasenko
ab3c5e4c44 tls: actually fill in CIPHER_ID3 value in hello message
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 00:53:19 +01:00
Denys Vlasenko
0d18e5cab2 ntpd: do not SEGV on "-p keyno:192.168.1.1", show --help instead
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 00:42:56 +01:00
Denys Vlasenko
5084bae61a wget: code shrink
function                                             old     new   delta
base64enc                                             53      46      -7

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 21:56:21 +01:00
Denys Vlasenko
d2923b3d23 tls: fix is.gd again, fix AES-CBC using decrypt key instead of encrypt
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 21:26:20 +01:00
Denys Vlasenko
03569bc50f tls: speed up xor'ing of aligned 16-byte buffers
function                                             old     new   delta
xorbuf_aligned_AES_BLOCK_SIZE                          -      23     +23
xwrite_encrypted                                     585     580      -5
aesgcm_GHASH                                         233     228      -5
GMULT                                                192     187      -5
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/3 up/down: 23/-15)              Total: 8 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 14:08:29 +01:00
Denys Vlasenko
941440cf16 tls: in AES-GCM decoding, avoid memmove
function                                             old     new   delta
xorbuf3                                                -      36     +36
xorbuf                                                24      12     -12
tls_xread_record                                     656     634     -22
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/2 up/down: 36/-34)              Total: 2 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 13:51:46 +01:00
Denys Vlasenko
985702c892 tls: fix a thinko in GHASH optimization
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 13:47:44 +01:00
Denys Vlasenko
624066f0cc tls: make tls_get_random() FAST_FUNC
function                                             old     new   delta
tls_handshake                                       1977    1985      +8
tls_get_random                                        32      28      -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 8/-4)                Total: 4 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 19:24:57 +01:00
Denys Vlasenko
26602b85a3 wget: print the final newline only for non-tty output
$ busybox wget URL 2>&1 | cat
Connecting to ....
install.iso          0% |                                | 2629k  0:02:05 ETA
install.iso          7% |**                              | 25.7M  0:00:23 ETA
install.iso         16% |*****                           | 54.1M  0:00:14 ETA
install.iso         20% |******                          | 67.4M  0:00:15 ETA
install.iso         25% |********                        | 81.0M  0:00:14 ETA
install.iso         30% |*********                       | 97.3M  0:00:13 ETA
install.iso         36% |***********                     |  117M  0:00:12 ETA
install.iso         41% |*************                   |  134M  0:00:11 ETA
install.iso         47% |***************                 |  152M  0:00:10 ETA
install.iso         54% |*****************               |  176M  0:00:08 ETA
install.iso         61% |*******************             |  200M  0:00:06 ETA
install.iso         66% |*********************           |  215M  0:00:06 ETA
install.iso         71% |**********************          |  231M  0:00:05 ETA
install.iso         75% |************************        |  244M  0:00:04 ETA
install.iso         79% |*************************       |  257M  0:00:03 ETA
install.iso         84% |***************************     |  275M  0:00:02 ETA
install.iso         91% |*****************************   |  297M  0:00:01 ETA
install.iso         99% |******************************* |  321M  0:00:00 ETA
install.iso        100% |********************************|  323M  0:00:00 ETA
  <-- no empty line here
$

function                                             old     new   delta
bb_progress_update                                   622     632     +10
progress_meter                                       152     158      +6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 16/0)               Total: 16 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 19:14:52 +01:00
Denys Vlasenko
fbf5e6363b tls: code shrink
function                                             old     new   delta
aesgcm_GHASH                                         262     233     -29

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 19:07:05 +01:00
Denys Vlasenko
d496b4002a tls: typo fix in comment
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 19:00:12 +01:00
Denys Vlasenko
25569c3ca9 tls: make local buffers in aesgcm_GHASH() explicitly 32-bit aligned
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:55:15 +01:00
Denys Vlasenko
219c9d4b5d tls: code shrink
function                                             old     new   delta
xwrite_encrypted                                     599     585     -14

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:48:20 +01:00
Denys Vlasenko
ecc9090cfc tls: simplify aesgcm_GHASH()
function                                             old     new   delta
xwrite_encrypted                                     604     599      -5
FlattenSzInBits                                       52       -     -52
aesgcm_GHASH                                         395     262    -133
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/2 up/down: 0/-190)           Total: -190 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:31:26 +01:00
Denys Vlasenko
5e4236d226 tls: in AES-CBC code, do not set key for every record - do it once
function                                             old     new   delta
aes_setkey                                            16     212    +196
tls_handshake                                       1941    1977     +36
aes_encrypt_1                                        382     396     +14
xwrite_encrypted                                     605     604      -1
tls_xread_record                                     659     656      -3
aes_encrypt_one_block                                 65      59      -6
aes_cbc_encrypt                                      172     121     -51
aesgcm_setkey                                         58       -     -58
aes_cbc_decrypt                                      958     881     -77
KeyExpansion                                         188       -    -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384)         Total: -138 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:02:44 +01:00
Denys Vlasenko
83e5c627e1 tls: add support for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher
function                                             old     new   delta
xwrite_encrypted                                     209     605    +396
GHASH                                                  -     395    +395
aes_encrypt_1                                          -     382    +382
GMULT                                                  -     192    +192
tls_xread_record                                     489     659    +170
aes_encrypt_one_block                                  -      65     +65
aesgcm_setkey                                          -      58     +58
FlattenSzInBits                                        -      52     +52
tls_handshake                                       1890    1941     +51
xwrite_and_update_handshake_hash                      46      81     +35
xorbuf                                                 -      24     +24
aes_setkey                                             -      16     +16
psRsaEncryptPub                                      413     421      +8
stty_main                                           1221    1227      +6
ssl_client_main                                      138     143      +5
next_token                                           841     845      +4
spawn_ssl_client                                     218     219      +1
volume_id_probe_hfs_hfsplus                          564     563      -1
read_package_field                                   232     230      -2
i2cdetect_main                                       674     672      -2
fail_hunk                                            139     136      -3
parse_expr                                           891     883      -8
curve25519                                           802     793      -9
aes_cbc_decrypt                                      971     958     -13
xwrite_handshake_record                               43       -     -43
aes_cbc_encrypt                                      644     172    -472
------------------------------------------------------------------------------
(add/remove: 9/1 grow/shrink: 9/8 up/down: 1860/-553)        Total: 1307 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 17:48:07 +01:00
Denys Vlasenko
4e46b98a45 tls: add comment, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-18 19:50:24 +01:00
Denys Vlasenko
fe836d8455 tls: code shrink
function                                             old     new   delta
spawn_ssl_client                                     219     218      -1

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-14 11:35:36 +01:00
Denys Vlasenko
dbe95682b4 wget: print "TLS certificate validation not implemented" only once on redirects
function                                             old     new   delta
spawn_ssl_client                                     209     219     +10

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 12:00:19 +01:00
Denys Vlasenko
d5a0405a6f tls: code shrink
function                                             old     new   delta
tls_get_zeroed_outbuf                                  -      28     +28
static.empty_client_cert                               7       -      -7
tls_handshake                                       1930    1890     -40
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 0/1 up/down: 28/-47)            Total: -19 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 11:58:53 +01:00
Denys Vlasenko
de7b5bb59a tls: tidy up recently added ECDSA code
function                                             old     new   delta
tls_handshake                                       1935    1930      -5
static.OID_ECDSA_KEY_ALG                              21      11     -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-15)             Total: -15 bytes
   text	   data	    bss	    dec	    hex	filename
 950036	    477	   7296	 957809	  e9d71	busybox_old
 950048	    477	   7296	 957821	  e9d7d	busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 11:44:32 +01:00
Denys Vlasenko
375fc78d51 tls: code shrink
function                                             old     new   delta
static.f25519_one                                     32       -     -32
curve25519                                           835     802     -33
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/1 up/down: 0/-65)             Total: -65 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 03:15:15 +01:00
Denys Vlasenko
bddb6545a9 tls: add support for ECDHE-ECDSA-AES-128-CBC-SHA and x25519 curve
function                                             old     new   delta
curve25519                                             -     835    +835
tls_handshake                                       1619    1935    +316
xc_diffadd                                             -     230    +230
fe_mul__distinct                                       -     149    +149
lm_sub                                                 -     103    +103
lm_add                                                 -      82     +82
fe_mul_c                                               -      74     +74
fe_select                                              -      45     +45
static.f25519_one                                      -      32     +32
static.basepoint9                                      -      32     +32
static.OID_ECDSA_KEY_ALG                               -      21     +21
static.OID_RSA_KEY_ALG                                 -      13     +13
static.supported_groups                                -       8      +8
static.empty_client_cert                               -       7      +7
der_binary_to_pstm                                    40      42      +2
static.expected                                       13       -     -13
------------------------------------------------------------------------------
(add/remove: 14/1 grow/shrink: 2/0 up/down: 1949/-13)        Total: 1936 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 02:17:54 +01:00
Denys Vlasenko
084bac472b tls: code shrink
function                                             old     new   delta
tls_handshake                                       1643    1619     -24

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-05 00:19:15 +01:00
Denys Vlasenko
5df3b12241 tls: reorder a few more cipher ids
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 21:25:41 +01:00
Denys Vlasenko
b29d045581 tls: move TLS_AES_128_GCM_SHA256 definition up
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 21:18:29 +01:00
Denys Vlasenko
9b0ce4d608 tls: add more cipher ids, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 20:53:54 +01:00
Denys Vlasenko
9d05ad087e udhcpc: code shrink
function                                             old     new   delta
perform_release                                      112     172     +60
send_release                                          81       -     -81
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/0 up/down: 60/-81)            Total: -21 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-03 23:34:35 +01:00
Denys Vlasenko
63d053d8c3 ntpd: default to FEATURE_NTP_AUTH=y
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-30 23:07:26 +01:00