Commit Graph

2797 Commits

Author SHA1 Message Date
Denys Vlasenko
dbe95682b4 wget: print "TLS certificate validation not implemented" only once on redirects
function                                             old     new   delta
spawn_ssl_client                                     209     219     +10

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 12:00:19 +01:00
Denys Vlasenko
d5a0405a6f tls: code shrink
function                                             old     new   delta
tls_get_zeroed_outbuf                                  -      28     +28
static.empty_client_cert                               7       -      -7
tls_handshake                                       1930    1890     -40
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 0/1 up/down: 28/-47)            Total: -19 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 11:58:53 +01:00
Denys Vlasenko
de7b5bb59a tls: tidy up recently added ECDSA code
function                                             old     new   delta
tls_handshake                                       1935    1930      -5
static.OID_ECDSA_KEY_ALG                              21      11     -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-15)             Total: -15 bytes
   text	   data	    bss	    dec	    hex	filename
 950036	    477	   7296	 957809	  e9d71	busybox_old
 950048	    477	   7296	 957821	  e9d7d	busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 11:44:32 +01:00
Denys Vlasenko
375fc78d51 tls: code shrink
function                                             old     new   delta
static.f25519_one                                     32       -     -32
curve25519                                           835     802     -33
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/1 up/down: 0/-65)             Total: -65 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 03:15:15 +01:00
Denys Vlasenko
bddb6545a9 tls: add support for ECDHE-ECDSA-AES-128-CBC-SHA and x25519 curve
function                                             old     new   delta
curve25519                                             -     835    +835
tls_handshake                                       1619    1935    +316
xc_diffadd                                             -     230    +230
fe_mul__distinct                                       -     149    +149
lm_sub                                                 -     103    +103
lm_add                                                 -      82     +82
fe_mul_c                                               -      74     +74
fe_select                                              -      45     +45
static.f25519_one                                      -      32     +32
static.basepoint9                                      -      32     +32
static.OID_ECDSA_KEY_ALG                               -      21     +21
static.OID_RSA_KEY_ALG                                 -      13     +13
static.supported_groups                                -       8      +8
static.empty_client_cert                               -       7      +7
der_binary_to_pstm                                    40      42      +2
static.expected                                       13       -     -13
------------------------------------------------------------------------------
(add/remove: 14/1 grow/shrink: 2/0 up/down: 1949/-13)        Total: 1936 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 02:17:54 +01:00
Denys Vlasenko
084bac472b tls: code shrink
function                                             old     new   delta
tls_handshake                                       1643    1619     -24

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-05 00:19:15 +01:00
Denys Vlasenko
5df3b12241 tls: reorder a few more cipher ids
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 21:25:41 +01:00
Denys Vlasenko
b29d045581 tls: move TLS_AES_128_GCM_SHA256 definition up
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 21:18:29 +01:00
Denys Vlasenko
9b0ce4d608 tls: add more cipher ids, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 20:53:54 +01:00
Denys Vlasenko
9d05ad087e udhcpc: code shrink
function                                             old     new   delta
perform_release                                      112     172     +60
send_release                                          81       -     -81
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/0 up/down: 60/-81)            Total: -21 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-03 23:34:35 +01:00
Denys Vlasenko
63d053d8c3 ntpd: default to FEATURE_NTP_AUTH=y
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-30 23:07:26 +01:00
Denys Vlasenko
c05aa6a776 udhcpc: ensure at least one unicast renew attempt
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-30 11:56:18 +01:00
Brandon P. Enochs
a541314b1f ntpd: add support for MD5/SHA1 message authentication
Add support for MD5 message authentication as described in RFC 5905.
This patch also supports SHA1 authentication.

The key file format is the same file format as used by ntpd.
The configuration file format follows standard Unix conventions
(# comments) with lines consist of the following fields separated by whitespace:
<key identifier, [1,65535]> <SHA1|MD5> <an ASCII string of up to 20 characters|an octet string [a-zA-F0-9] of up to 40 characters>.

https://www.ietf.org/rfc/rfc5905.txt

function                                             old     new   delta
ntp_init                                             473     987    +514
hash                                                   -     125    +125
recv_and_process_peer_pkt                            889     961     +72
packed_usage                                       33066   33130     +64
ntpd_main                                           1226    1277     +51
find_key_entry                                         -      29     +29
add_peers                                            195     207     +12
recv_and_process_client_pkt                          509     514      +5
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 6/0 up/down: 872/0)             Total: 872 bytes

Signed-off-by: Brandon P. Enochs <enochs.brandon@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-27 18:57:37 +02:00
Denys Vlasenko
4329116b6d nbd-client: support newstyle protocol, -b, -d, -p, -N
Recognize the "newstyle" protocol and switch to it automatically.
Add options for setting blocksize (-b) and for disconnecting
a nbd device (-d).

function                                             old     new   delta
nbdclient_main                                       492    1179    +687
static.long_options                                    -      80     +80
print_direc                                          438     457     +19
brctl_main                                          1169    1183     +14
bb_strtoll                                            84      89      +5
packed_usage                                       33082   33066     -16
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 4/1 up/down: 805/-16)           Total: 789 bytes

Signed-off-by: Elvira Khabirova <lineprinter@altlinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-10-24 15:52:04 +02:00
Bernhard Reutner-Fischer
7effa31cd4 brctl: use a single buffer for brname and ifname
function                                             old     new   delta
brctl_main                                          1681    1675      -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-6)               Total: -6 bytes

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
2018-10-01 22:45:36 +02:00
Brandon Maier
14454b3071 ifupdown: support "source-directory" stanza
Support the "source-directory" stanza from ifupdown[1]. source-directory
will include all files in the named directory. Similar to the Busybox
version of the "source" stanza, this version of source-directory does
not currently support shell wildcards.

We only check that the stanza starts with "source-dir" as ifupdown does[2].

[1] https://manpages.debian.org/stretch/ifupdown/interfaces.5.en.html#INCLUDING_OTHER_FILES
[2] https://salsa.debian.org/debian/ifupdown/blob/0.8.33/config.c#L498

function                                             old     new   delta
read_interfaces                                     1150    1241     +91

Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-09-30 13:23:05 +02:00
Denys Vlasenko
aae428f0bf udhcpc: give SIGUSR1-induced renew one chance of unicast renew
The caps were inconsistent: timeout to renew was capped at 20 seconds,
and any renews with timeout <= 60 seconds were forced to broadcast.

function                                             old     new   delta
udhcpc_main                                         2683    2680      -3

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-09-28 14:44:09 +02:00
Denys Vlasenko
1303962957 ntpd: more verbose message for "root distance too high" case
Managed to make ntpd on one of my machines to be stuck getting
"root distance too high" all the time, but log is not giving me
more informatin what exactly is happening...

function                                             old     new   delta
select_and_cluster                                  1045    1095     +50

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-09-13 12:15:36 +02:00
Denys Vlasenko
3d6f95ede6 whois: fix a possible out-of-bounds stack access
If fgets() returns incomplete string, we replace NUL with
'\n', and then trim() runs on a non-NUL-terminated buffer.
Prevent that.

While at it, bump buffer from 1k to 2k.

function                                             old     new   delta
query                                                519     524      +5

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-09-04 14:48:00 +02:00
Denys Vlasenko
78a5ef9d2c ping: use setitimer() instead of ualarm()
function                                             old     new   delta
sendping_tail                                        218     265     +47
ualarm                                                79       -     -79
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 1/0 up/down: 47/-79)            Total: -32 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-25 19:36:06 +02:00
Denys Vlasenko
3759516672 ip: tweak --help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-14 11:19:09 +02:00
Denys Vlasenko
36d198ec6d ping: implement -i SEC
function                                             old     new   delta
common_ping_main                                    1862    1968    +106
ualarm                                                 -      79     +79
packed_usage                                       32858   32897     +39
sendping_tail                                        204     218     +14
------------------------------------------------------------------------------
(add/remove: 5/0 grow/shrink: 3/0 up/down: 320/0)             Total: 320 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-03 18:50:50 +02:00
Denys Vlasenko
9b1c8bf89b ntpd: show real, unclamped delays on low-latency networks
On fast network, I've seen "delay:0.002000" shown for all packets,
thus completely losing information on what real delays are.

The new code is careful to not reject packets with tiny delays
if the delay "grows a lot" but is still tiny:
0.000009 is "much larger" than 0.000001 (nine times larger),
but is still very good small delay.

function                                             old     new   delta
recv_and_process_peer_pkt                            863     889     +26

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-03 11:14:22 +02:00
Denys Vlasenko
9408978a43 nslookup: add support for search domains, closes 11161
function                                             old     new   delta
parse_resolvconf                                       -     311    +311
add_query_with_search                                  -     105    +105
nslookup_main                                        873     757    -116
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 0/1 up/down: 416/-116)          Total: 300 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-01 19:42:46 +02:00
Denys Vlasenko
02cf149ed7 udhcpc: add a cooment about sanitizing DHCP_DOMAIN_NAME, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-01 13:36:36 +02:00
Denys Vlasenko
48ec979ed1 udhcpc: do in fact not allow hostname components which start with dash
function                                             old     new   delta
xmalloc_optname_optval                               879     893     +14

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-08-01 13:16:05 +02:00
Denys Vlasenko
79153cb6bc htpd: increase MIN_FREQHOLD by 3
This means we'll start correcting frequency ~5 minutes after start,
not ~3.5 ones.

With previos settings I still often see largish ~0.7s initial offsets
only about 1/2 corrected before frequency correction kicks in,
resulting in ~200ppm "correction" which is then slowly undone.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-25 14:58:49 +02:00
Denys Vlasenko
2cd81698ee udhcp: add decimal option values in comments, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-04 16:05:48 +02:00
Denys Vlasenko
6d26744a2c udhcp: tweak comment indentation, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-04 15:44:22 +02:00
Jeremy Kerr
fc267214f0 udhcp: add option 211, "reboot time"
As defined in RFC 5071.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-04 15:38:19 +02:00
Denys Vlasenko
9634e8a7d5 wget: fix fetching of https URLs without http proxy
The "fix fetching of https URLs with http proxy" commit
broke the usual http-to-https redirect:

$ wget http://busybox.net/downloads/busybox-1.29.0.tar.bz2
Connecting to busybox.net (140.211.167.122:80)
Connecting to busybox.net (140.211.167.122:443)
wget: server returned error: HTTP/1.1 400 Bad Request

Fixing...

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-02 18:31:02 +02:00
Denys Vlasenko
029bd187bd ntpd: increase minimum G.FREQHOLD_cnt from 8 to 10
With ~0.9 initiall offsets, using 8 results in a bit too eager
frequency correction.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-07-02 16:18:34 +02:00
Denys Vlasenko
2f7738e474 nslookup: placate "warning: unused variable i"
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-27 14:44:35 +02:00
Ivan Abrea
5cb4f9081f tls: fix to handle X.509 v1 certificates correctly
The syntax of public key certificates can be found in RFC 5280 section
4.1. The relevant part of the syntax is the following:

  TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    ... remaining fields omitted ...
  }

The version field has a default value of v1. RFC 5280 section 4.1.2.1
says the following:

  If only basic fields are present, the version SHOULD be 1 (the value
  is omitted from the certificate as the default value); however, the
  version MAY be 2 or 3.

To help detect if the version field is present or not, the type of the
version field has an explicit tag of [0]. Due to this tag, if the
version field is present, its encoding will have an identifier octet
that is distinct from that of the serialNumber field.

ITU-T X.690 specifies how a value of such a type should be encoded with
DER. There is a PDF of X.690 freely available from ITU-T. X.690 section
8.1.2 specifies the format of identifier octets which is the first
component of every encoded value. Identifier octets encode the tag of a
type. Bits 8 and 7 encode the tag class. Bit 6 will be 0 if the encoding
is primitive and 1 if the encoding is constructed. Bits 5 to 1 encode
the tag number.

X.690 section 8.14 specifies what the identifier octet should be for
explicitly tagged types. Section 8.14.3 says if implicit tagging is not
used, then the encoding shall be constructed. The version field uses
explicit tagging and not implicit tagging, so its encoding will be
constructed. This means bit 6 of the identifier octet should be 1.

X.690 section 8.14 and Annex A provide examples. Note from their
examples that the notation for tags could look like [APPLICATION 2]
where both the tag class and tag number are given. For this example, the
tag class is 1 (application) and the tag number is 2. For notation like
[0] where the tag class is omitted and only the tag number is given, the
tag class will be context-specific.

Putting this all together, the identifier octet for the DER encoding of
the version field should have a tag class of 2 (context-specific), bit 6
as 1 (constructed), and a tag number of 0.

Signed-off-by: Ivan Abrea <ivan@algosolutions.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-24 20:05:24 +02:00
Codarren Velvindron
7c43d43117 ntpd: deprecate IPTOS_LOWDELAY in favor of IPTOS_DSCP_AF21
Update QoS markers.
Use DSCP AF21 for interactive traffic. DSCP is defined in RFC2474.
Many modern equipment no longer support IPTOS.

Signed-off-by: Codarren Velvindron <codarren@hackers.mu>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-24 20:03:55 +02:00
Denys Vlasenko
148788eb0e udhcpc: remove code which requires server ID to be on local network
This reverts "udhcpc: paranoia when using kernel UDP mode
for sending renew: server ID may be bogus".

Users complain that they do have servers behind routers
(with DHCP relays).

function                                             old     new   delta
send_packet                                          168     166      -2
bcast_or_ucast                                        25      23      -2
udhcp_send_kernel_packet                             301     295      -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-10)             Total: -10 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-21 17:38:14 +02:00
Kartik Agaram
43b17b1cd0 restore documentation on the build config language
Kconfig-language.txt was deleted in commit 4fa499a17b back in 2006.
Move to docs/ as suggested by Xabier Oneca:
  http://lists.busybox.net/pipermail/busybox/2014-May/080914.html
Also update references to it everywhere.

Signed-off-by: Kartik Agaram <akkartik@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-06 15:16:48 +02:00
Denys Vlasenko
0972c7f7a5 wget: emit a message that certificate verification is not implemented
function                                             old     new   delta
spawn_ssl_client                                     185     209     +24

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-28 14:36:26 +02:00
David Decotigny
8f48fc01e9 udhcpc6: carry along length of packet when parsing it.
This is to avoid parsing garbage past packet's actual end.

Also const-ize params to a few functions.

function                                             old     new   delta
d6_run_script_no_option                                -      12     +12
option_to_env                                        791     798      +7
d6_run_script                                        253     255      +2
perform_d6_release                                    95      93      -2
udhcpc6_main                                        2596    2592      -4
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/2 up/down: 21/-6)              Total: 15 bytes

Signed-off-by: David Decotigny <ddecotig@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-24 18:34:56 +02:00
David Decotigny
a174c791ec udhcpc6: ignore invalid OPTION_IAADDR
Signed-off-by: David Decotigny <ddecotig@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-24 18:26:01 +02:00
Denys Vlasenko
3f91e662f2 nc: fix the !NC_SERVER configuration
The symptom is the "nc: NO OPT l!" message.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-24 16:38:40 +02:00
Denys Vlasenko
6027597fd1 udhcpc6: set -x options in request
Last foru commits:

function                                             old     new   delta
option_to_env                                        621     791    +170
.rodata                                           168351  168505    +154
attach_option                                        431     506     +75
add_d6_client_options                                112     167     +55
d6_option_strings                                     30      84     +54
udhcp_str2optset                                     644     660     +16
d6_optflags                                           12      20      +8
udhcpc6_main                                        2590    2596      +6
udhcpc_main                                         2648    2651      +3
read_optset                                           15      18      +3
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 10/0 up/down: 544/0)            Total: 544 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-14 11:11:08 +02:00
Samuel Mendoza-Jonas
30f4d52ed1 udhcpc6: add PXELINUX options
Add support for the PXELINUX options 209 ("ConfigFile") and 210
("PathPrefix") in the DHCPv6 client.

See also: RFC5071, "Dynamic Host Configuration Protocol Options Used by
PXELINUX".

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-14 10:46:00 +02:00
Samuel Mendoza-Jonas
23cbd7d5bb udhcpc6: add DHCPv6 boot options
Add support for 'bootfile-url' and 'bootfile-params' as defined by
RFC5970 "DHCPv6 Options for Network Boot".

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-14 10:46:00 +02:00
Samuel Mendoza-Jonas
bcdec1a8b8 udhcpc6: add DHCPv6 env helper
Add string_option_to_env() to easily generate environment variables for
known simple options.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-14 10:46:00 +02:00
Samuel Mendoza-Jonas
43b9235f66 udhcp: fix use of trim() in udhcp_str2optset()
trim() modifies the string in place if needed and returns a pointer to
the end of the resulting string. Update udhcp_str2optset() so it no
longer sets the value of 'val' to the return value of trim().

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-05-14 10:46:00 +02:00
Denys Vlasenko
bc2e70b4a2 ifplugd: close signal race
function                                             old     new   delta
ifplugd_main                                        1109    1117      +8

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-04-29 13:46:49 +02:00
Denys Vlasenko
df45eb49ac wget: handle URLs with @ or hash differently
If server replied with 302 and

Location: ?foo

we used to underflow the allocated space while trying to form the "@foo"
filename. Switch to forming "foo" filename.

function                                             old     new   delta
packed_usage                                       32795   32799      +4
parse_url                                            387     352     -35
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 4/-35)             Total: -31 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-04-24 13:35:32 +02:00
Denys Vlasenko
2aeb201c97 libbb: new option FEATURE_ETC_SERVICES: if off, /etc/services reads often avoided
In practice, "wget http://host.com/" always uses port 80.
People explicitly set non-standard ports via options or parameters
("telnet 1.2.3.4 567" or "telnet 1.2.3.4 ftp") instead of modifying
/etc/services.

function                                             old     new   delta
telnet_main                                         1466    1464      -2
rdate_main                                           215     198     -17
fakeidentd_main                                      269     252     -17
parse_url                                            459     392     -67
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/4 up/down: 0/-103)           Total: -103 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-04-17 12:43:54 +02:00
Denys Vlasenko
c72499584a nslookup: simplify make_ptr
function                                             old     new   delta
nslookup_main                                       2644    2611     -33

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-04-15 20:04:57 +02:00