separate TLS code into a library, use in in wget

A new applet, ssl_client, is the TLS debug thing now. It doubles as wget's NOMMU helper. In MMU mode, wget still forks, but then directly calls TLS code, without execing. This can also be applied to sendmail/popmail (SMTPS / SMTP+starttls support) and nc --ssl (ncat, nmap's nc clone, has such option). function old new delta tls_handshake - 1691 +1691 tls_run_copy_loop - 443 +443 ssl_client_main - 128 +128 packed_usage 30978 31007 +29 wget_main 2508 2535 +27 applet_names 2553 2560 +7 ... xwrite_encrypted 360 342 -18 tls_main 2127 - -2127 ------------------------------------------------------------------------------ (add/remove: 4/1 grow/shrink: 13/8 up/down: 2351/-2195) Total: 156 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-01-23 01:08:16 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-01-23 01:08:16 +0100
commit: 9a647c326a41e8160d53e6cb5470161a44c0e8cf (patch)
tree: 1fef73df291e5c5897aef1bb32b65206caacf879 /include
parent: e1f90d13fa07d2974908470ce818ef956b7740f2 (diff)
download: busybox-w32-9a647c326a41e8160d53e6cb5470161a44c0e8cf.tar.gz
busybox-w32-9a647c326a41e8160d53e6cb5470161a44c0e8cf.tar.bz2
busybox-w32-9a647c326a41e8160d53e6cb5470161a44c0e8cf.zip
1 files changed, 67 insertions, 21 deletions
diff --git a/include/libbb.h b/include/libbb.h
index 87f89c76d..ba3b1479e 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -355,6 +355,27 @@ extern char *skip_dev_pfx(const char *tty_name) FAST_FUNC;
 extern char *strrstr(const char *haystack, const char *needle) FAST_FUNC;
+/* dmalloc will redefine these to it's own implementation. It is safe
+ * to have the prototypes here unconditionally.  */
+void *malloc_or_warn(size_t size) FAST_FUNC RETURNS_MALLOC;
+void *xmalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
+void *xzalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
+void *xrealloc(void *old, size_t size) FAST_FUNC;
+/* After v = xrealloc_vector(v, SHIFT, idx) it's ok to use
+ * at least v[idx] and v[idx+1], for all idx values.
+ * SHIFT specifies how many new elements are added (1:2, 2:4, ..., 8:256...)
+ * when all elements are used up. New elements are zeroed out.
+ * xrealloc_vector(v, SHIFT, idx) *MUST* be called with consecutive IDXs -
+ * skipping an index is a bad bug - it may miss a realloc!
+ */
+#define xrealloc_vector(vector, shift, idx) \
+        xrealloc_vector_helper((vector), (sizeof((vector)[0]) << 8) + (shift), (idx))
+void* xrealloc_vector_helper(void *vector, unsigned sizeof_and_shift, int idx) FAST_FUNC;
+char *xstrdup(const char *s) FAST_FUNC RETURNS_MALLOC;
+char *xstrndup(const char *s, int n) FAST_FUNC RETURNS_MALLOC;
+void *xmemdup(const void *s, int n) FAST_FUNC RETURNS_MALLOC;
 //TODO: supply a pointer to char[11] buffer (avoid statics)?
 extern const char *bb_mode_string(mode_t mode) FAST_FUNC;
 extern int is_directory(const char *name, int followLinks) FAST_FUNC;
@@ -692,6 +713,52 @@ struct hostent *xgethostbyname(const char *name) FAST_FUNC;
 // Also mount.c and inetd.c are using gethostbyname(),
 // + inet_common.c has additional IPv4-only stuff
+#define SHA256_INSIZE  64
+#define SHA256_OUTSIZE 32
+#define AES_BLOCKSIZE  16
+#define AES128_KEYSIZE 16
+#define AES256_KEYSIZE 32
+struct tls_handshake_data; /* opaque */
+typedef struct tls_state {
+        int     ofd;
+        int     ifd;
+        int     min_encrypted_len_on_read;
+        uint8_t encrypt_on_write;
+        uint8_t *outbuf;
+        int     outbuf_size;
+        int     inbuf_size;
+        int     ofs_to_buffered;
+        int     buffered_size;
+        uint8_t *inbuf;
+        struct tls_handshake_data *hsd;
+        // RFC 5246
+        // sequence number
+        //   Each connection state contains a sequence number, which is
+        //   maintained separately for read and write states.  The sequence
+        //   number MUST be set to zero whenever a connection state is made the
+        //   active state.  Sequence numbers are of type uint64 and may not
+        //   exceed 2^64-1.
+        /*uint64_t read_seq64_be;*/
+        uint64_t write_seq64_be;
+        uint8_t client_write_MAC_key[SHA256_OUTSIZE];
+        uint8_t server_write_MAC_key[SHA256_OUTSIZE];
+        uint8_t client_write_key[AES256_KEYSIZE];
+        uint8_t server_write_key[AES256_KEYSIZE];
+} tls_state_t;
+static inline tls_state_t *new_tls_state(void)
+{
+        tls_state_t *tls = xzalloc(sizeof(*tls));
+        return tls;
+}
+void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
+void tls_run_copy_loop(tls_state_t *tls) FAST_FUNC;
 void socket_want_pktinfo(int fd) FAST_FUNC;
 ssize_t send_to_from(int fd, void *buf, size_t len, int flags,
@@ -705,9 +772,6 @@ ssize_t recv_from_to(int fd, void *buf, size_t len, int flags,
 uint16_t inet_cksum(uint16_t *addr, int len) FAST_FUNC;
-char *xstrdup(const char *s) FAST_FUNC RETURNS_MALLOC;
-char *xstrndup(const char *s, int n) FAST_FUNC RETURNS_MALLOC;
-void *xmemdup(const void *s, int n) FAST_FUNC RETURNS_MALLOC;
 void overlapping_strcpy(char *dst, const char *src) FAST_FUNC;
 char *safe_strncpy(char *dst, const char *src, size_t size) FAST_FUNC;
 char *strncpy_IFNAMSIZ(char *dst, const char *src) FAST_FUNC;
@@ -753,24 +817,6 @@ enum {
 };
 void visible(unsigned ch, char *buf, int flags) FAST_FUNC;
-/* dmalloc will redefine these to it's own implementation. It is safe
- * to have the prototypes here unconditionally.  */
-void *malloc_or_warn(size_t size) FAST_FUNC RETURNS_MALLOC;
-void *xmalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
-void *xzalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
-void *xrealloc(void *old, size_t size) FAST_FUNC;
-/* After v = xrealloc_vector(v, SHIFT, idx) it's ok to use
- * at least v[idx] and v[idx+1], for all idx values.
- * SHIFT specifies how many new elements are added (1:2, 2:4, ..., 8:256...)
- * when all elements are used up. New elements are zeroed out.
- * xrealloc_vector(v, SHIFT, idx) *MUST* be called with consecutive IDXs -
- * skipping an index is a bad bug - it may miss a realloc!
- */
-#define xrealloc_vector(vector, shift, idx) \
-        xrealloc_vector_helper((vector), (sizeof((vector)[0]) << 8) + (shift), (idx))
-void* xrealloc_vector_helper(void *vector, unsigned sizeof_and_shift, int idx) FAST_FUNC;
 extern ssize_t safe_read(int fd, void *buf, size_t count) FAST_FUNC;
 extern ssize_t nonblock_immune_read(int fd, void *buf, size_t count) FAST_FUNC;
 // NB: will return short read on error, not -1,
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-01-23 01:08:16 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-01-23 01:08:16 +0100
commit	9a647c326a41e8160d53e6cb5470161a44c0e8cf (patch)
tree	1fef73df291e5c5897aef1bb32b65206caacf879 /include
parent	e1f90d13fa07d2974908470ce818ef956b7740f2 (diff)
download	busybox-w32-9a647c326a41e8160d53e6cb5470161a44c0e8cf.tar.gz busybox-w32-9a647c326a41e8160d53e6cb5470161a44c0e8cf.tar.bz2 busybox-w32-9a647c326a41e8160d53e6cb5470161a44c0e8cf.zip

diff --git a/include/libbb.h b/include/libbb.h index 87f89c76d..ba3b1479e 100644 --- a/include/libbb.h +++ b/include/libbb.h
@@ -355,6 +355,27 @@ extern char skip_dev_pfx(const char tty_name) FAST_FUNC;
355		355
356	extern char strrstr(const char haystack, const char *needle) FAST_FUNC;	356	extern char strrstr(const char haystack, const char *needle) FAST_FUNC;
357		357
		358	/* dmalloc will redefine these to it's own implementation. It is safe
		359	* to have the prototypes here unconditionally. */
		360	void *malloc_or_warn(size_t size) FAST_FUNC RETURNS_MALLOC;
		361	void *xmalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
		362	void *xzalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
		363	void xrealloc(void old, size_t size) FAST_FUNC;
		364	/* After v = xrealloc_vector(v, SHIFT, idx) it's ok to use
		365	* at least v[idx] and v[idx+1], for all idx values.
		366	* SHIFT specifies how many new elements are added (1:2, 2:4, ..., 8:256...)
		367	* when all elements are used up. New elements are zeroed out.
		368	* xrealloc_vector(v, SHIFT, idx) MUST be called with consecutive IDXs -
		369	* skipping an index is a bad bug - it may miss a realloc!
		370	*/
		371	#define xrealloc_vector(vector, shift, idx) \
		372	xrealloc_vector_helper((vector), (sizeof((vector)[0]) << 8) + (shift), (idx))
		373	void* xrealloc_vector_helper(void *vector, unsigned sizeof_and_shift, int idx) FAST_FUNC;
		374	char xstrdup(const char s) FAST_FUNC RETURNS_MALLOC;
		375	char xstrndup(const char s, int n) FAST_FUNC RETURNS_MALLOC;
		376	void xmemdup(const void s, int n) FAST_FUNC RETURNS_MALLOC;
		377
		378
358	//TODO: supply a pointer to char[11] buffer (avoid statics)?	379	//TODO: supply a pointer to char[11] buffer (avoid statics)?
359	extern const char *bb_mode_string(mode_t mode) FAST_FUNC;	380	extern const char *bb_mode_string(mode_t mode) FAST_FUNC;
360	extern int is_directory(const char *name, int followLinks) FAST_FUNC;	381	extern int is_directory(const char *name, int followLinks) FAST_FUNC;
@@ -692,6 +713,52 @@ struct hostent xgethostbyname(const char name) FAST_FUNC;
692	// Also mount.c and inetd.c are using gethostbyname(),	713	// Also mount.c and inetd.c are using gethostbyname(),
693	// + inet_common.c has additional IPv4-only stuff	714	// + inet_common.c has additional IPv4-only stuff
694		715
		716	#define SHA256_INSIZE 64
		717	#define SHA256_OUTSIZE 32
		718	#define AES_BLOCKSIZE 16
		719	#define AES128_KEYSIZE 16
		720	#define AES256_KEYSIZE 32
		721	struct tls_handshake_data; /* opaque */
		722	typedef struct tls_state {
		723	int ofd;
		724	int ifd;
		725
		726	int min_encrypted_len_on_read;
		727	uint8_t encrypt_on_write;
		728
		729	uint8_t *outbuf;
		730	int outbuf_size;
		731
		732	int inbuf_size;
		733	int ofs_to_buffered;
		734	int buffered_size;
		735	uint8_t *inbuf;
		736
		737	struct tls_handshake_data *hsd;
		738
		739	// RFC 5246
		740	// sequence number
		741	// Each connection state contains a sequence number, which is
		742	// maintained separately for read and write states. The sequence
		743	// number MUST be set to zero whenever a connection state is made the
		744	// active state. Sequence numbers are of type uint64 and may not
		745	// exceed 2^64-1.
		746	/uint64_t read_seq64_be;/
		747	uint64_t write_seq64_be;
		748
		749	uint8_t client_write_MAC_key[SHA256_OUTSIZE];
		750	uint8_t server_write_MAC_key[SHA256_OUTSIZE];
		751	uint8_t client_write_key[AES256_KEYSIZE];
		752	uint8_t server_write_key[AES256_KEYSIZE];
		753	} tls_state_t;
		754
		755	static inline tls_state_t *new_tls_state(void)
		756	{
		757	tls_state_t tls = xzalloc(sizeof(tls));
		758	return tls;
		759	}
		760	void tls_handshake(tls_state_t tls, const char sni) FAST_FUNC;
		761	void tls_run_copy_loop(tls_state_t *tls) FAST_FUNC;
695		762
696	void socket_want_pktinfo(int fd) FAST_FUNC;	763	void socket_want_pktinfo(int fd) FAST_FUNC;
697	ssize_t send_to_from(int fd, void *buf, size_t len, int flags,	764	ssize_t send_to_from(int fd, void *buf, size_t len, int flags,
@@ -705,9 +772,6 @@ ssize_t recv_from_to(int fd, void *buf, size_t len, int flags,
705		772
706	uint16_t inet_cksum(uint16_t *addr, int len) FAST_FUNC;	773	uint16_t inet_cksum(uint16_t *addr, int len) FAST_FUNC;
707		774
708	char xstrdup(const char s) FAST_FUNC RETURNS_MALLOC;
709	char xstrndup(const char s, int n) FAST_FUNC RETURNS_MALLOC;
710	void xmemdup(const void s, int n) FAST_FUNC RETURNS_MALLOC;
711	void overlapping_strcpy(char dst, const char src) FAST_FUNC;	775	void overlapping_strcpy(char dst, const char src) FAST_FUNC;
712	char safe_strncpy(char dst, const char *src, size_t size) FAST_FUNC;	776	char safe_strncpy(char dst, const char *src, size_t size) FAST_FUNC;
713	char strncpy_IFNAMSIZ(char dst, const char *src) FAST_FUNC;	777	char strncpy_IFNAMSIZ(char dst, const char *src) FAST_FUNC;
@@ -753,24 +817,6 @@ enum {
753	};	817	};
754	void visible(unsigned ch, char *buf, int flags) FAST_FUNC;	818	void visible(unsigned ch, char *buf, int flags) FAST_FUNC;
755		819
756	/* dmalloc will redefine these to it's own implementation. It is safe
757	* to have the prototypes here unconditionally. */
758	void *malloc_or_warn(size_t size) FAST_FUNC RETURNS_MALLOC;
759	void *xmalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
760	void *xzalloc(size_t size) FAST_FUNC RETURNS_MALLOC;
761	void xrealloc(void old, size_t size) FAST_FUNC;
762	/* After v = xrealloc_vector(v, SHIFT, idx) it's ok to use
763	* at least v[idx] and v[idx+1], for all idx values.
764	* SHIFT specifies how many new elements are added (1:2, 2:4, ..., 8:256...)
765	* when all elements are used up. New elements are zeroed out.
766	* xrealloc_vector(v, SHIFT, idx) MUST be called with consecutive IDXs -
767	* skipping an index is a bad bug - it may miss a realloc!
768	*/
769	#define xrealloc_vector(vector, shift, idx) \
770	xrealloc_vector_helper((vector), (sizeof((vector)[0]) << 8) + (shift), (idx))
771	void* xrealloc_vector_helper(void *vector, unsigned sizeof_and_shift, int idx) FAST_FUNC;
772
773
774	extern ssize_t safe_read(int fd, void *buf, size_t count) FAST_FUNC;	820	extern ssize_t safe_read(int fd, void *buf, size_t count) FAST_FUNC;
775	extern ssize_t nonblock_immune_read(int fd, void *buf, size_t count) FAST_FUNC;	821	extern ssize_t nonblock_immune_read(int fd, void *buf, size_t count) FAST_FUNC;
776	// NB: will return short read on error, not -1,	822	// NB: will return short read on error, not -1,