more work

author: Alexander M Pickering <alex@cogarr.net> 2024-11-07 14:35:57 -0600
committer: Alexander M Pickering <alex@cogarr.net> 2024-11-07 14:35:57 -0600
commit: fda0531cd8a75f9983b709ac828a491c61747f7e (patch)
tree: 49cecab363b2c0af8eb6487d21234ea07b2dfdfa
parent: 7a30abb846cd2ca6e9043c8f6b0ef8b9bd85fc1b (diff)
download: busybox-w32-packaging-fda0531cd8a75f9983b709ac828a491c61747f7e.tar.gz
busybox-w32-packaging-fda0531cd8a75f9983b709ac828a491c61747f7e.tar.bz2
busybox-w32-packaging-fda0531cd8a75f9983b709ac828a491c61747f7e.zip
3 files changed, 149 insertions, 0 deletions
diff --git a/init b/init
index 0269966..9770a2b 100755
--- a/init
+++ b/init
@@ -4,8 +4,17 @@ rc-service networking start
 apk update
 apk add build-base xz mingw-w64-gcc
+tar -xvzf include.tar.gz
+mv include/openssl /usr/x86_64-w64-mignw32/include
+mv include/tls.h /usr/x86_64-w64-mignw32/include
+mv libtls.a /usr/x86_64-w64-mingw32/lib
+mv libssl.a /usr/x86_64-w64-mingw32/lib
+mv libcrypto.a /usr/x86_64-w64-mingw32/lib
 cd busybox-w32
 cp /root/busybox-w32-packaging/config .config
+git apply /root/busybox-w32-packaging/test.patch
 sed -i "s/CONFIG_EXTRA_CFLAGS=\"\"/CONFIG_EXTRA_CFLAGS=\"$CFLAGS\"/g" .config
+sed -i "s/CONFIG_EXTRA_LDLIBS=\"\"/CONFIG_EXTRA_LDLIBS=\"-ltls -lssl -lcrypto\"/g" .config
 make
 cp busybox.exe ..
diff --git a/meta.lua b/meta.lua
index 88a84a3..20ddd48 100644
--- a/meta.lua
+++ b/meta.lua
@@ -21,6 +21,10 @@ for opti_k, opti_v, rel_k, rel_v, _, comp_v in cartesian(optimizations, debug, c
                image="image-" .. comp_v,
                requires = {
                        {"git","busybox-w32"},
+                        {"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":include.tar.gz"},
+                        {"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":libtls.a"},
+                        {"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":libssl.a"},
+                        {"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":libcrypto.a"},
                },
                produces = {
                        ["busybox.exe"] = true
diff --git a/test.patch b/test.patch
new file mode 100644
index 0000000..0f89645
--- /dev/null
+++ b/test.patch
@@ -0,0 +1,136 @@
+diff --git a/include/libbb.h b/include/libbb.h
+index bc1453e12..69f76cbb3 100644
+--- a/include/libbb.h
+++ b/include/libbb.h
+@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void)
+        tls_state_t *tls = xzalloc(sizeof(*tls));
+        return tls;
+ }
+-void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
+//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
+ #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0)
+ void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC;
+ 
+diff --git a/networking/tls.c b/networking/tls.c
+index 9f1dd67ec..7e8da6df2 100644
+--- a/networking/tls.c
+++ b/networking/tls.c
+@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls)
+        xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
+ }
+ 
+/*
+ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+ {
+        // Client              RFC 5246                Server
+@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+                // defined in Section 7.4.2."
+                // (i.e. the same format as server certs)
+ 
+-               /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */
+-               /* need to hash _all_ server replies first, up to ServerHelloDone */
+               //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc)
+               //need to hash _all_ server replies first, up to ServerHelloDone
+                len = tls_xread_handshake_block(tls, 4);
+        }
+ 
+@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+        send_client_key_exchange(tls);
+ 
+        send_change_cipher_spec(tls);
+-       /* from now on we should send encrypted */
+-       /* tls->write_seq64_be = 0; - already is */
+       // from now on we should send encrypted
+       // tls->write_seq64_be = 0; - already is
+        tls->flags |= ENCRYPT_ON_WRITE;
+ 
+        send_client_finished(tls);
+ 
+-       /* Get CHANGE_CIPHER_SPEC */
+       // Get CHANGE_CIPHER_SPEC
+        len = tls_xread_record(tls, "switch to encrypted traffic");
+        if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
+                bad_record_die(tls, "switch to encrypted traffic", len);
+@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+        } else
+        if (!(tls->flags & ENCRYPTION_AESGCM)) {
+                unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
+-               /* all incoming packets now should be encrypted and have
+-                * at least IV + (MAC padded to blocksize):
+-                */
+               // all incoming packets now should be encrypted and have
+               // at least IV + (MAC padded to blocksize):
+                tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE);
+        } else {
+                tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE;
+        }
+        dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read);
+ 
+-       /* Get (encrypted) FINISHED from the server */
+       // Get (encrypted) FINISHED from the server
+        len = tls_xread_record(tls, "'server finished'");
+        if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
+                bad_record_die(tls, "'server finished'", len);
+        dbg("<< FINISHED\n");
+-       /* application data can be sent/received */
+       // application data can be sent/received
+ 
+-       /* free handshake data */
+       // free handshake data
+        psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
+ //     if (PARANOIA)
+ //             memset(tls->hsd, 0, tls->hsd->hsd_size);
+        free(tls->hsd);
+        tls->hsd = NULL;
+ }
+*/
+ 
+ static void tls_xwrite(tls_state_t *tls, int len)
+ {
+diff --git a/networking/wget.c b/networking/wget.c
+index 6a64836fb..b92f22d3e 100644
+--- a/networking/wget.c
+++ b/networking/wget.c
+@@ -689,6 +689,7 @@ static void reset_beg_range_to_zero(void)
+ }
+ 
+ #if ENABLE_FEATURE_WGET_OPENSSL
+# if !ENABLE_PLATFORM_MINGW32
+ static int spawn_https_helper_openssl(const char *host, unsigned port)
+ {
+        char *allocated = NULL;
+@@ -777,6 +778,34 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+ # endif
+        return sp[0];
+ }
+# else
+#include <tls.h>
+static int spawn_https_helper_openssl(const char *host, unsigned port)
+{
+               char* allocated = NULL;
+        int fd1;
+        char *servername, *p, *cmd;
+               int sp[2];
+        if(!strchr(host,":"))
+                host = allocated = xasprintf("%s:%u",host,port);
+        servername = xstrdup(host);
+        fflush_all();
+
+        struct tls *ctx = tls_client();
+        if(tls == NULL)
+                bb_error_msg_and_die("Out of memory");
+        struct tls_config *config = tls_config_new();
+        if(config == NULL)
+                bb_error_msg_and_die("Out of memory");
+        if(tls_configure(ctx,config) != 0)
+                bb_error_msg_and_die("Failed to configure client");
+        tls_connect_fds(ctx,sp[0],sp[1],servername);
+        close(sp[1]);
+               free(allocated);
+               free(servername);
+        return sp[0];
+}
+# endif
+ #endif
+ 
+ #if ENABLE_FEATURE_WGET_HTTPS
author	Alexander M Pickering <alex@cogarr.net>	2024-11-07 14:35:57 -0600
committer	Alexander M Pickering <alex@cogarr.net>	2024-11-07 14:35:57 -0600
commit	fda0531cd8a75f9983b709ac828a491c61747f7e (patch)
tree	49cecab363b2c0af8eb6487d21234ea07b2dfdfa
parent	7a30abb846cd2ca6e9043c8f6b0ef8b9bd85fc1b (diff)
download	busybox-w32-packaging-fda0531cd8a75f9983b709ac828a491c61747f7e.tar.gz busybox-w32-packaging-fda0531cd8a75f9983b709ac828a491c61747f7e.tar.bz2 busybox-w32-packaging-fda0531cd8a75f9983b709ac828a491c61747f7e.zip

diff --git a/init b/init index 0269966..9770a2b 100755 --- a/init +++ b/init
@@ -4,8 +4,17 @@ rc-service networking start
4	apk update	4	apk update
5	apk add build-base xz mingw-w64-gcc	5	apk add build-base xz mingw-w64-gcc
6		6
		7	tar -xvzf include.tar.gz
		8	mv include/openssl /usr/x86_64-w64-mignw32/include
		9	mv include/tls.h /usr/x86_64-w64-mignw32/include
		10	mv libtls.a /usr/x86_64-w64-mingw32/lib
		11	mv libssl.a /usr/x86_64-w64-mingw32/lib
		12	mv libcrypto.a /usr/x86_64-w64-mingw32/lib
		13
7	cd busybox-w32	14	cd busybox-w32
8	cp /root/busybox-w32-packaging/config .config	15	cp /root/busybox-w32-packaging/config .config
		16	git apply /root/busybox-w32-packaging/test.patch
9	sed -i "s/CONFIG_EXTRA_CFLAGS=\"\"/CONFIG_EXTRA_CFLAGS=\"$CFLAGS\"/g" .config	17	sed -i "s/CONFIG_EXTRA_CFLAGS=\"\"/CONFIG_EXTRA_CFLAGS=\"$CFLAGS\"/g" .config
		18	sed -i "s/CONFIG_EXTRA_LDLIBS=\"\"/CONFIG_EXTRA_LDLIBS=\"-ltls -lssl -lcrypto\"/g" .config
10	make	19	make
11	cp busybox.exe ..	20	cp busybox.exe ..


diff --git a/meta.lua b/meta.lua index 88a84a3..20ddd48 100644 --- a/meta.lua +++ b/meta.lua
@@ -21,6 +21,10 @@ for opti_k, opti_v, rel_k, rel_v, _, comp_v in cartesian(optimizations, debug, c
21	image="image-" .. comp_v,	21	image="image-" .. comp_v,
22	requires = {	22	requires = {
23	{"git","busybox-w32"},	23	{"git","busybox-w32"},
		24	{"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":include.tar.gz"},
		25	{"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":libtls.a"},
		26	{"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":libssl.a"},
		27	{"cicd","libressl-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v .. ":libcrypto.a"},
24	},	28	},
25	produces = {	29	produces = {
26	["busybox.exe"] = true	30	["busybox.exe"] = true


diff --git a/test.patch b/test.patch new file mode 100644 index 0000000..0f89645 --- /dev/null +++ b/test.patch
@@ -0,0 +1,136 @@
		1	diff --git a/include/libbb.h b/include/libbb.h
		2	index bc1453e12..69f76cbb3 100644
		3	--- a/include/libbb.h
		4	+++ b/include/libbb.h
		5	@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void)
		6	tls_state_t tls = xzalloc(sizeof(tls));
		7	return tls;
		8	}
		9	-void tls_handshake(tls_state_t tls, const char sni) FAST_FUNC;
		10	+//void tls_handshake(tls_state_t tls, const char sni) FAST_FUNC;
		11	#define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0)
		12	void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC;
		13
		14	diff --git a/networking/tls.c b/networking/tls.c
		15	index 9f1dd67ec..7e8da6df2 100644
		16	--- a/networking/tls.c
		17	+++ b/networking/tls.c
		18	@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls)
		19	xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
		20	}
		21
		22	+/*
		23	void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
		24	{
		25	// Client RFC 5246 Server
		26	@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
		27	// defined in Section 7.4.2."
		28	// (i.e. the same format as server certs)
		29
		30	- /send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) /
		31	- /* need to hash _all_ server replies first, up to ServerHelloDone */
		32	+ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc)
		33	+ //need to hash _all_ server replies first, up to ServerHelloDone
		34	len = tls_xread_handshake_block(tls, 4);
		35	}
		36
		37	@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
		38	send_client_key_exchange(tls);
		39
		40	send_change_cipher_spec(tls);
		41	- /* from now on we should send encrypted */
		42	- /* tls->write_seq64_be = 0; - already is */
		43	+ // from now on we should send encrypted
		44	+ // tls->write_seq64_be = 0; - already is
		45	tls->flags \|= ENCRYPT_ON_WRITE;
		46
		47	send_client_finished(tls);
		48
		49	- /* Get CHANGE_CIPHER_SPEC */
		50	+ // Get CHANGE_CIPHER_SPEC
		51	len = tls_xread_record(tls, "switch to encrypted traffic");
		52	if (len != 1 \|\| memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
		53	bad_record_die(tls, "switch to encrypted traffic", len);
		54	@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
		55	} else
		56	if (!(tls->flags & ENCRYPTION_AESGCM)) {
		57	unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
		58	- /* all incoming packets now should be encrypted and have
		59	- * at least IV + (MAC padded to blocksize):
		60	- */
		61	+ // all incoming packets now should be encrypted and have
		62	+ // at least IV + (MAC padded to blocksize):
		63	tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE);
		64	} else {
		65	tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE;
		66	}
		67	dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read);
		68
		69	- /* Get (encrypted) FINISHED from the server */
		70	+ // Get (encrypted) FINISHED from the server
		71	len = tls_xread_record(tls, "'server finished'");
		72	if (len < 4 \|\| tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
		73	bad_record_die(tls, "'server finished'", len);
		74	dbg("<< FINISHED\n");
		75	- /* application data can be sent/received */
		76	+ // application data can be sent/received
		77
		78	- /* free handshake data */
		79	+ // free handshake data
		80	psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
		81	// if (PARANOIA)
		82	// memset(tls->hsd, 0, tls->hsd->hsd_size);
		83	free(tls->hsd);
		84	tls->hsd = NULL;
		85	}
		86	+*/
		87
		88	static void tls_xwrite(tls_state_t *tls, int len)
		89	{
		90	diff --git a/networking/wget.c b/networking/wget.c
		91	index 6a64836fb..b92f22d3e 100644
		92	--- a/networking/wget.c
		93	+++ b/networking/wget.c
		94	@@ -689,6 +689,7 @@ static void reset_beg_range_to_zero(void)
		95	}
		96
		97	#if ENABLE_FEATURE_WGET_OPENSSL
		98	+# if !ENABLE_PLATFORM_MINGW32
		99	static int spawn_https_helper_openssl(const char *host, unsigned port)
		100	{
		101	char *allocated = NULL;
		102	@@ -777,6 +778,34 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
		103	# endif
		104	return sp[0];
		105	}
		106	+# else
		107	+#include <tls.h>
		108	+static int spawn_https_helper_openssl(const char *host, unsigned port)
		109	+{
		110	+ char* allocated = NULL;
		111	+ int fd1;
		112	+ char servername, p, *cmd;
		113	+ int sp[2];
		114	+ if(!strchr(host,":"))
		115	+ host = allocated = xasprintf("%s:%u",host,port);
		116	+ servername = xstrdup(host);
		117	+ fflush_all();
		118	+
		119	+ struct tls *ctx = tls_client();
		120	+ if(tls == NULL)
		121	+ bb_error_msg_and_die("Out of memory");
		122	+ struct tls_config *config = tls_config_new();
		123	+ if(config == NULL)
		124	+ bb_error_msg_and_die("Out of memory");
		125	+ if(tls_configure(ctx,config) != 0)
		126	+ bb_error_msg_and_die("Failed to configure client");
		127	+ tls_connect_fds(ctx,sp[0],sp[1],servername);
		128	+ close(sp[1]);
		129	+ free(allocated);
		130	+ free(servername);
		131	+ return sp[0];
		132	+}
		133	+# endif
		134	#endif
		135
		136	#if ENABLE_FEATURE_WGET_HTTPS