From c2b012a90590ab3fa531392fd27003e62c156099 Mon Sep 17 00:00:00 2001 From: Alexander M Pickering Date: Thu, 7 Nov 2024 20:03:29 -0600 Subject: Rename test.patch --- init | 6 ++- libressl.patch | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ meta.lua | 6 ++- test.patch | 168 --------------------------------------------------------- zero.patch | 17 ++++++ 5 files changed, 195 insertions(+), 170 deletions(-) create mode 100644 libressl.patch delete mode 100644 test.patch create mode 100644 zero.patch diff --git a/init b/init index 5f856a5..348c86b 100755 --- a/init +++ b/init @@ -13,7 +13,11 @@ mv libcrypto.a /usr/x86_64-w64-mingw32/lib cd busybox-w32 cp /root/busybox-w32-packaging/config .config -git apply /root/busybox-w32-packaging/test.patch +git apply /root/busybox-w32-packaging/libressl.patch +# For some reason this code only causes errors on -O0 +if [ -n "$ZERO_PATCH" ]; then + git apply /root/busybox-w32-packaging/zero.patch +fi sed -i "s/CONFIG_EXTRA_CFLAGS=\"\"/CONFIG_EXTRA_CFLAGS=\"$CFLAGS\"/g" .config make cp busybox.exe .. diff --git a/libressl.patch b/libressl.patch new file mode 100644 index 0000000..f49ed9d --- /dev/null +++ b/libressl.patch @@ -0,0 +1,168 @@ +diff --git a/include/libbb.h b/include/libbb.h +index bc1453e12..69f76cbb3 100644 +--- a/include/libbb.h ++++ b/include/libbb.h +@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void) + tls_state_t *tls = xzalloc(sizeof(*tls)); + return tls; + } +-void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; ++//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; + #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0) + void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC; + +diff --git a/networking/tls.c b/networking/tls.c +index 9f1dd67ec..7e8da6df2 100644 +--- a/networking/tls.c ++++ b/networking/tls.c +@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls) + xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE); + } + ++/* + void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) + { + // Client RFC 5246 Server +@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) + // defined in Section 7.4.2." + // (i.e. the same format as server certs) + +- /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */ +- /* need to hash _all_ server replies first, up to ServerHelloDone */ ++ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) ++ //need to hash _all_ server replies first, up to ServerHelloDone + len = tls_xread_handshake_block(tls, 4); + } + +@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) + send_client_key_exchange(tls); + + send_change_cipher_spec(tls); +- /* from now on we should send encrypted */ +- /* tls->write_seq64_be = 0; - already is */ ++ // from now on we should send encrypted ++ // tls->write_seq64_be = 0; - already is + tls->flags |= ENCRYPT_ON_WRITE; + + send_client_finished(tls); + +- /* Get CHANGE_CIPHER_SPEC */ ++ // Get CHANGE_CIPHER_SPEC + len = tls_xread_record(tls, "switch to encrypted traffic"); + if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0) + bad_record_die(tls, "switch to encrypted traffic", len); +@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) + } else + if (!(tls->flags & ENCRYPTION_AESGCM)) { + unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; +- /* all incoming packets now should be encrypted and have +- * at least IV + (MAC padded to blocksize): +- */ ++ // all incoming packets now should be encrypted and have ++ // at least IV + (MAC padded to blocksize): + tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE); + } else { + tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE; + } + dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read); + +- /* Get (encrypted) FINISHED from the server */ ++ // Get (encrypted) FINISHED from the server + len = tls_xread_record(tls, "'server finished'"); + if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) + bad_record_die(tls, "'server finished'", len); + dbg("<< FINISHED\n"); +- /* application data can be sent/received */ ++ // application data can be sent/received + +- /* free handshake data */ ++ // free handshake data + psRsaKey_clear(&tls->hsd->server_rsa_pub_key); + // if (PARANOIA) + // memset(tls->hsd, 0, tls->hsd->hsd_size); + free(tls->hsd); + tls->hsd = NULL; + } ++*/ + + static void tls_xwrite(tls_state_t *tls, int len) + { +diff --git a/networking/wget.c b/networking/wget.c +index 6a64836fb..6a82f1fa4 100644 +--- a/networking/wget.c ++++ b/networking/wget.c +@@ -689,6 +689,7 @@ static void reset_beg_range_to_zero(void) + } + + #if ENABLE_FEATURE_WGET_OPENSSL ++# if !ENABLE_PLATFORM_MINGW32 + static int spawn_https_helper_openssl(const char *host, unsigned port) + { + char *allocated = NULL; +@@ -777,6 +778,34 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) + # endif + return sp[0]; + } ++# else ++#include ++static int spawn_https_helper_openssl(const char *host, unsigned port) ++{ ++ char* allocated = NULL; ++ int fd1; ++ char *servername, *p, *cmd; ++ int sp[2]; ++ if(!strchr(host,":")) ++ host = allocated = xasprintf("%s:%u",host,port); ++ servername = xstrdup(host); ++ fflush_all(); ++ ++ struct tls *ctx = tls_client(); ++ if(ctx == NULL) ++ bb_error_msg_and_die("Out of memory"); ++ struct tls_config *config = tls_config_new(); ++ if(config == NULL) ++ bb_error_msg_and_die("Out of memory"); ++ if(tls_configure(ctx,config) != 0) ++ bb_error_msg_and_die("Failed to configure client"); ++ tls_connect_fds(ctx,sp[0],sp[1],servername); ++ close(sp[1]); ++ free(allocated); ++ free(servername); ++ return sp[0]; ++} ++# endif + #endif + + #if ENABLE_FEATURE_WGET_HTTPS +diff --git a/scripts/trylink b/scripts/trylink +index 2456252a3..6186284f1 100755 +--- a/scripts/trylink ++++ b/scripts/trylink +@@ -84,7 +84,8 @@ A_FILES="$6" + # a real utmp library in LDLIBS, dropping it "works" but resulting binary + # does not work properly). + LDLIBS="$7" +-CONFIG_EXTRA_LDLIBS="$8" ++shift 7 ++CONFIG_EXTRA_LDLIBS="$@" + + # The --sort-section option is not supported by older versions of ld + SORT_SECTION="-Wl,--sort-section,alignment" +diff --git a/win32/mingw.c b/win32/mingw.c +index 87e7ca602..7bad3e4fa 100644 +--- a/win32/mingw.c ++++ b/win32/mingw.c +@@ -1214,11 +1214,13 @@ elevation_state(void) + return elevated | (enabled << 1); + } + ++/* + int getuid(void) + { + return elevation_state() == (ELEVATED_PRIVILEGE | ADMIN_ENABLED) ? + 0 : DEFAULT_UID; + } ++*/ + + struct passwd *getpwnam(const char *name) + { diff --git a/meta.lua b/meta.lua index 8e5296a..6e217a1 100644 --- a/meta.lua +++ b/meta.lua @@ -14,7 +14,7 @@ local debug = { local compilers = {--[["mingw32",]]"mingw64"--[[,"clang32","clang64"]]} local builds = {} for opti_k, opti_v, rel_k, rel_v, _, comp_v in cartesian(optimizations, debug, compilers) do - builds["busybox-w32-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v] = { + local build = { timeout=600, image="image-" .. comp_v, requires = { @@ -31,5 +31,9 @@ for opti_k, opti_v, rel_k, rel_v, _, comp_v in cartesian(optimizations, debug, c CFLAGS = opti_v .. " " .. rel_v, } } + if opti_k == "zero" then + build.env.ZERO_PATCH="true" + end + builds["busybox-w32-" .. opti_k .. "-" .. rel_k .. "-" .. comp_v] = build end return builds diff --git a/test.patch b/test.patch deleted file mode 100644 index f49ed9d..0000000 --- a/test.patch +++ /dev/null @@ -1,168 +0,0 @@ -diff --git a/include/libbb.h b/include/libbb.h -index bc1453e12..69f76cbb3 100644 ---- a/include/libbb.h -+++ b/include/libbb.h -@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void) - tls_state_t *tls = xzalloc(sizeof(*tls)); - return tls; - } --void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; -+//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; - #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0) - void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC; - -diff --git a/networking/tls.c b/networking/tls.c -index 9f1dd67ec..7e8da6df2 100644 ---- a/networking/tls.c -+++ b/networking/tls.c -@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls) - xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE); - } - -+/* - void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - { - // Client RFC 5246 Server -@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - // defined in Section 7.4.2." - // (i.e. the same format as server certs) - -- /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */ -- /* need to hash _all_ server replies first, up to ServerHelloDone */ -+ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) -+ //need to hash _all_ server replies first, up to ServerHelloDone - len = tls_xread_handshake_block(tls, 4); - } - -@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - send_client_key_exchange(tls); - - send_change_cipher_spec(tls); -- /* from now on we should send encrypted */ -- /* tls->write_seq64_be = 0; - already is */ -+ // from now on we should send encrypted -+ // tls->write_seq64_be = 0; - already is - tls->flags |= ENCRYPT_ON_WRITE; - - send_client_finished(tls); - -- /* Get CHANGE_CIPHER_SPEC */ -+ // Get CHANGE_CIPHER_SPEC - len = tls_xread_record(tls, "switch to encrypted traffic"); - if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0) - bad_record_die(tls, "switch to encrypted traffic", len); -@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) - } else - if (!(tls->flags & ENCRYPTION_AESGCM)) { - unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; -- /* all incoming packets now should be encrypted and have -- * at least IV + (MAC padded to blocksize): -- */ -+ // all incoming packets now should be encrypted and have -+ // at least IV + (MAC padded to blocksize): - tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE); - } else { - tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE; - } - dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read); - -- /* Get (encrypted) FINISHED from the server */ -+ // Get (encrypted) FINISHED from the server - len = tls_xread_record(tls, "'server finished'"); - if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) - bad_record_die(tls, "'server finished'", len); - dbg("<< FINISHED\n"); -- /* application data can be sent/received */ -+ // application data can be sent/received - -- /* free handshake data */ -+ // free handshake data - psRsaKey_clear(&tls->hsd->server_rsa_pub_key); - // if (PARANOIA) - // memset(tls->hsd, 0, tls->hsd->hsd_size); - free(tls->hsd); - tls->hsd = NULL; - } -+*/ - - static void tls_xwrite(tls_state_t *tls, int len) - { -diff --git a/networking/wget.c b/networking/wget.c -index 6a64836fb..6a82f1fa4 100644 ---- a/networking/wget.c -+++ b/networking/wget.c -@@ -689,6 +689,7 @@ static void reset_beg_range_to_zero(void) - } - - #if ENABLE_FEATURE_WGET_OPENSSL -+# if !ENABLE_PLATFORM_MINGW32 - static int spawn_https_helper_openssl(const char *host, unsigned port) - { - char *allocated = NULL; -@@ -777,6 +778,34 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - # endif - return sp[0]; - } -+# else -+#include -+static int spawn_https_helper_openssl(const char *host, unsigned port) -+{ -+ char* allocated = NULL; -+ int fd1; -+ char *servername, *p, *cmd; -+ int sp[2]; -+ if(!strchr(host,":")) -+ host = allocated = xasprintf("%s:%u",host,port); -+ servername = xstrdup(host); -+ fflush_all(); -+ -+ struct tls *ctx = tls_client(); -+ if(ctx == NULL) -+ bb_error_msg_and_die("Out of memory"); -+ struct tls_config *config = tls_config_new(); -+ if(config == NULL) -+ bb_error_msg_and_die("Out of memory"); -+ if(tls_configure(ctx,config) != 0) -+ bb_error_msg_and_die("Failed to configure client"); -+ tls_connect_fds(ctx,sp[0],sp[1],servername); -+ close(sp[1]); -+ free(allocated); -+ free(servername); -+ return sp[0]; -+} -+# endif - #endif - - #if ENABLE_FEATURE_WGET_HTTPS -diff --git a/scripts/trylink b/scripts/trylink -index 2456252a3..6186284f1 100755 ---- a/scripts/trylink -+++ b/scripts/trylink -@@ -84,7 +84,8 @@ A_FILES="$6" - # a real utmp library in LDLIBS, dropping it "works" but resulting binary - # does not work properly). - LDLIBS="$7" --CONFIG_EXTRA_LDLIBS="$8" -+shift 7 -+CONFIG_EXTRA_LDLIBS="$@" - - # The --sort-section option is not supported by older versions of ld - SORT_SECTION="-Wl,--sort-section,alignment" -diff --git a/win32/mingw.c b/win32/mingw.c -index 87e7ca602..7bad3e4fa 100644 ---- a/win32/mingw.c -+++ b/win32/mingw.c -@@ -1214,11 +1214,13 @@ elevation_state(void) - return elevated | (enabled << 1); - } - -+/* - int getuid(void) - { - return elevation_state() == (ELEVATED_PRIVILEGE | ADMIN_ENABLED) ? - 0 : DEFAULT_UID; - } -+*/ - - struct passwd *getpwnam(const char *name) - { diff --git a/zero.patch b/zero.patch new file mode 100644 index 0000000..1ec175d --- /dev/null +++ b/zero.patch @@ -0,0 +1,17 @@ +diff --git a/win32/inet_pton.c b/win32/inet_pton.c +index f229a9355..9f4466b8e 100644 +--- a/win32/inet_pton.c ++++ b/win32/inet_pton.c +@@ -36,6 +36,7 @@ static int hexval(unsigned c) + return -1; + } + ++/* + int inet_pton(int af, const char *restrict s, void *restrict a0) + { + uint16_t ip[8]; +@@ -93,3 +94,4 @@ int inet_pton(int af, const char *restrict s, void *restrict a0) + if (need_v4 && inet_pton(AF_INET, (void *)s, a-4) <= 0) return 0; + return 1; + } ++*/ -- cgit v1.2.3-55-g6feb