1 files changed, 168 insertions, 0 deletions
diff --git a/libressl.patch b/libressl.patch
new file mode 100644
index 0000000..f49ed9d
--- /dev/null
+++ b/libressl.patch
@@ -0,0 +1,168 @@
+diff --git a/include/libbb.h b/include/libbb.h
+index bc1453e12..69f76cbb3 100644
+--- a/include/libbb.h
+++ b/include/libbb.h
+@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void)
+        tls_state_t *tls = xzalloc(sizeof(*tls));
+        return tls;
+ }
+-void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
+//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
+ #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0)
+ void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC;
+ 
+diff --git a/networking/tls.c b/networking/tls.c
+index 9f1dd67ec..7e8da6df2 100644
+--- a/networking/tls.c
+++ b/networking/tls.c
+@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls)
+        xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
+ }
+ 
+/*
+ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+ {
+        // Client              RFC 5246                Server
+@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+                // defined in Section 7.4.2."
+                // (i.e. the same format as server certs)
+ 
+-               /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */
+-               /* need to hash _all_ server replies first, up to ServerHelloDone */
+               //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc)
+               //need to hash _all_ server replies first, up to ServerHelloDone
+                len = tls_xread_handshake_block(tls, 4);
+        }
+ 
+@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+        send_client_key_exchange(tls);
+ 
+        send_change_cipher_spec(tls);
+-       /* from now on we should send encrypted */
+-       /* tls->write_seq64_be = 0; - already is */
+       // from now on we should send encrypted
+       // tls->write_seq64_be = 0; - already is
+        tls->flags |= ENCRYPT_ON_WRITE;
+ 
+        send_client_finished(tls);
+ 
+-       /* Get CHANGE_CIPHER_SPEC */
+       // Get CHANGE_CIPHER_SPEC
+        len = tls_xread_record(tls, "switch to encrypted traffic");
+        if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
+                bad_record_die(tls, "switch to encrypted traffic", len);
+@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
+        } else
+        if (!(tls->flags & ENCRYPTION_AESGCM)) {
+                unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
+-               /* all incoming packets now should be encrypted and have
+-                * at least IV + (MAC padded to blocksize):
+-                */
+               // all incoming packets now should be encrypted and have
+               // at least IV + (MAC padded to blocksize):
+                tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE);
+        } else {
+                tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE;
+        }
+        dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read);
+ 
+-       /* Get (encrypted) FINISHED from the server */
+       // Get (encrypted) FINISHED from the server
+        len = tls_xread_record(tls, "'server finished'");
+        if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
+                bad_record_die(tls, "'server finished'", len);
+        dbg("<< FINISHED\n");
+-       /* application data can be sent/received */
+       // application data can be sent/received
+ 
+-       /* free handshake data */
+       // free handshake data
+        psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
+ //     if (PARANOIA)
+ //             memset(tls->hsd, 0, tls->hsd->hsd_size);
+        free(tls->hsd);
+        tls->hsd = NULL;
+ }
+*/
+ 
+ static void tls_xwrite(tls_state_t *tls, int len)
+ {
+diff --git a/networking/wget.c b/networking/wget.c
+index 6a64836fb..6a82f1fa4 100644
+--- a/networking/wget.c
+++ b/networking/wget.c
+@@ -689,6 +689,7 @@ static void reset_beg_range_to_zero(void)
+ }
+ 
+ #if ENABLE_FEATURE_WGET_OPENSSL
+# if !ENABLE_PLATFORM_MINGW32
+ static int spawn_https_helper_openssl(const char *host, unsigned port)
+ {
+        char *allocated = NULL;
+@@ -777,6 +778,34 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+ # endif
+        return sp[0];
+ }
+# else
+#include <tls.h>
+static int spawn_https_helper_openssl(const char *host, unsigned port)
+{
+               char* allocated = NULL;
+        int fd1;
+        char *servername, *p, *cmd;
+               int sp[2];
+        if(!strchr(host,":"))
+                host = allocated = xasprintf("%s:%u",host,port);
+        servername = xstrdup(host);
+        fflush_all();
+
+        struct tls *ctx = tls_client();
+        if(ctx == NULL)
+                bb_error_msg_and_die("Out of memory");
+        struct tls_config *config = tls_config_new();
+        if(config == NULL)
+                bb_error_msg_and_die("Out of memory");
+        if(tls_configure(ctx,config) != 0)
+                bb_error_msg_and_die("Failed to configure client");
+        tls_connect_fds(ctx,sp[0],sp[1],servername);
+        close(sp[1]);
+               free(allocated);
+               free(servername);
+        return sp[0];
+}
+# endif
+ #endif
+ 
+ #if ENABLE_FEATURE_WGET_HTTPS
+diff --git a/scripts/trylink b/scripts/trylink
+index 2456252a3..6186284f1 100755
+--- a/scripts/trylink
+++ b/scripts/trylink
+@@ -84,7 +84,8 @@ A_FILES="$6"
+ # a real utmp library in LDLIBS, dropping it "works" but resulting binary
+ # does not work properly).
+ LDLIBS="$7"
+-CONFIG_EXTRA_LDLIBS="$8"
+shift 7
+CONFIG_EXTRA_LDLIBS="$@"
+ 
+ # The --sort-section option is not supported by older versions of ld
+ SORT_SECTION="-Wl,--sort-section,alignment"
+diff --git a/win32/mingw.c b/win32/mingw.c
+index 87e7ca602..7bad3e4fa 100644
+--- a/win32/mingw.c
+++ b/win32/mingw.c
+@@ -1214,11 +1214,13 @@ elevation_state(void)
+        return elevated | (enabled << 1);
+ }
+ 
+/*
+ int getuid(void)
+ {
+        return elevation_state() == (ELEVATED_PRIVILEGE | ADMIN_ENABLED) ?
+                                0 : DEFAULT_UID;
+ }
+*/
+ 
+ struct passwd *getpwnam(const char *name)
+ {

diff --git a/libressl.patch b/libressl.patch new file mode 100644 index 0000000..f49ed9d --- /dev/null +++ b/libressl.patch
@@ -0,0 +1,168 @@
	1	diff --git a/include/libbb.h b/include/libbb.h
	2	index bc1453e12..69f76cbb3 100644
	3	--- a/include/libbb.h
	4	+++ b/include/libbb.h
	5	@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void)
	6	tls_state_t tls = xzalloc(sizeof(tls));
	7	return tls;
	8	}
	9	-void tls_handshake(tls_state_t tls, const char sni) FAST_FUNC;
	10	+//void tls_handshake(tls_state_t tls, const char sni) FAST_FUNC;
	11	#define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0)
	12	void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC;
	13
	14	diff --git a/networking/tls.c b/networking/tls.c
	15	index 9f1dd67ec..7e8da6df2 100644
	16	--- a/networking/tls.c
	17	+++ b/networking/tls.c
	18	@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls)
	19	xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
	20	}
	21
	22	+/*
	23	void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
	24	{
	25	// Client RFC 5246 Server
	26	@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
	27	// defined in Section 7.4.2."
	28	// (i.e. the same format as server certs)
	29
	30	- /send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) /
	31	- /* need to hash _all_ server replies first, up to ServerHelloDone */
	32	+ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc)
	33	+ //need to hash _all_ server replies first, up to ServerHelloDone
	34	len = tls_xread_handshake_block(tls, 4);
	35	}
	36
	37	@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
	38	send_client_key_exchange(tls);
	39
	40	send_change_cipher_spec(tls);
	41	- /* from now on we should send encrypted */
	42	- /* tls->write_seq64_be = 0; - already is */
	43	+ // from now on we should send encrypted
	44	+ // tls->write_seq64_be = 0; - already is
	45	tls->flags \|= ENCRYPT_ON_WRITE;
	46
	47	send_client_finished(tls);
	48
	49	- /* Get CHANGE_CIPHER_SPEC */
	50	+ // Get CHANGE_CIPHER_SPEC
	51	len = tls_xread_record(tls, "switch to encrypted traffic");
	52	if (len != 1 \|\| memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
	53	bad_record_die(tls, "switch to encrypted traffic", len);
	54	@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
	55	} else
	56	if (!(tls->flags & ENCRYPTION_AESGCM)) {
	57	unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
	58	- /* all incoming packets now should be encrypted and have
	59	- * at least IV + (MAC padded to blocksize):
	60	- */
	61	+ // all incoming packets now should be encrypted and have
	62	+ // at least IV + (MAC padded to blocksize):
	63	tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE);
	64	} else {
	65	tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE;
	66	}
	67	dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read);
	68
	69	- /* Get (encrypted) FINISHED from the server */
	70	+ // Get (encrypted) FINISHED from the server
	71	len = tls_xread_record(tls, "'server finished'");
	72	if (len < 4 \|\| tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
	73	bad_record_die(tls, "'server finished'", len);
	74	dbg("<< FINISHED\n");
	75	- /* application data can be sent/received */
	76	+ // application data can be sent/received
	77
	78	- /* free handshake data */
	79	+ // free handshake data
	80	psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
	81	// if (PARANOIA)
	82	// memset(tls->hsd, 0, tls->hsd->hsd_size);
	83	free(tls->hsd);
	84	tls->hsd = NULL;
	85	}
	86	+*/
	87
	88	static void tls_xwrite(tls_state_t *tls, int len)
	89	{
	90	diff --git a/networking/wget.c b/networking/wget.c
	91	index 6a64836fb..6a82f1fa4 100644
	92	--- a/networking/wget.c
	93	+++ b/networking/wget.c
	94	@@ -689,6 +689,7 @@ static void reset_beg_range_to_zero(void)
	95	}
	96
	97	#if ENABLE_FEATURE_WGET_OPENSSL
	98	+# if !ENABLE_PLATFORM_MINGW32
	99	static int spawn_https_helper_openssl(const char *host, unsigned port)
	100	{
	101	char *allocated = NULL;
	102	@@ -777,6 +778,34 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
	103	# endif
	104	return sp[0];
	105	}
	106	+# else
	107	+#include <tls.h>
	108	+static int spawn_https_helper_openssl(const char *host, unsigned port)
	109	+{
	110	+ char* allocated = NULL;
	111	+ int fd1;
	112	+ char servername, p, *cmd;
	113	+ int sp[2];
	114	+ if(!strchr(host,":"))
	115	+ host = allocated = xasprintf("%s:%u",host,port);
	116	+ servername = xstrdup(host);
	117	+ fflush_all();
	118	+
	119	+ struct tls *ctx = tls_client();
	120	+ if(ctx == NULL)
	121	+ bb_error_msg_and_die("Out of memory");
	122	+ struct tls_config *config = tls_config_new();
	123	+ if(config == NULL)
	124	+ bb_error_msg_and_die("Out of memory");
	125	+ if(tls_configure(ctx,config) != 0)
	126	+ bb_error_msg_and_die("Failed to configure client");
	127	+ tls_connect_fds(ctx,sp[0],sp[1],servername);
	128	+ close(sp[1]);
	129	+ free(allocated);
	130	+ free(servername);
	131	+ return sp[0];
	132	+}
	133	+# endif
	134	#endif
	135
	136	#if ENABLE_FEATURE_WGET_HTTPS
	137	diff --git a/scripts/trylink b/scripts/trylink
	138	index 2456252a3..6186284f1 100755
	139	--- a/scripts/trylink
	140	+++ b/scripts/trylink
	141	@@ -84,7 +84,8 @@ A_FILES="$6"
	142	# a real utmp library in LDLIBS, dropping it "works" but resulting binary
	143	# does not work properly).
	144	LDLIBS="$7"
	145	-CONFIG_EXTRA_LDLIBS="$8"
	146	+shift 7
	147	+CONFIG_EXTRA_LDLIBS="$@"
	148
	149	# The --sort-section option is not supported by older versions of ld
	150	SORT_SECTION="-Wl,--sort-section,alignment"
	151	diff --git a/win32/mingw.c b/win32/mingw.c
	152	index 87e7ca602..7bad3e4fa 100644
	153	--- a/win32/mingw.c
	154	+++ b/win32/mingw.c
	155	@@ -1214,11 +1214,13 @@ elevation_state(void)
	156	return elevated \| (enabled << 1);
	157	}
	158
	159	+/*
	160	int getuid(void)
	161	{
	162	return elevation_state() == (ELEVATED_PRIVILEGE \| ADMIN_ENABLED) ?
	163	0 : DEFAULT_UID;
	164	}
	165	+*/
	166
	167	struct passwd getpwnam(const char name)
	168	{