Merge branch 'busybox' into merge

6 files changed, 93 insertions, 70 deletions

diff --git a/networking/ping.c b/networking/ping.c
index 86d8088de..9805695a1 100644
--- a/networking/ping.c
+++ b/networking/ping.c
@@ -74,7 +74,7 @@
 //usage:     "\n        -c CNT          Send only CNT pings"
 //usage:     "\n        -s SIZE         Send SIZE data bytes in packets (default 56)"
 //usage:     "\n        -i SECS         Interval"
-//usage:     "\n        -A              Ping as soon as reply is recevied"
+//usage:     "\n        -A              Ping as soon as reply is received"
 //usage:     "\n        -t TTL          Set TTL"
 //usage:     "\n        -I IFACE/IP     Source interface or IP address"
 //usage:     "\n        -W SEC          Seconds to wait for the first response (default 10)"
@@ -91,7 +91,7 @@
 //usage:     "\n        -c CNT          Send only CNT pings"
 //usage:     "\n        -s SIZE         Send SIZE data bytes in packets (default 56)"
 //usage:     "\n        -i SECS         Interval"
-//usage:     "\n        -A              Ping as soon as reply is recevied"
+//usage:     "\n        -A              Ping as soon as reply is received"
 ///////:     "\n        -t TTL          Set TTL"
 ///////^^^^^ -t not tested for IPv6, might be not working
 //usage:     "\n        -I IFACE/IP     Source interface or IP address"
diff --git a/networking/tc.c b/networking/tc.c
index 46ad23d8b..43187f7ee 100644
--- a/networking/tc.c
+++ b/networking/tc.c
@@ -214,7 +214,7 @@ static int prio_print_opt(struct rtattr *opt)
                 return 0;
         parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt, sizeof(*qopt));
         printf("bands %u priomap ", qopt->bands);
-        for (i=0; i<=TC_PRIO_MAX; i++)
+        for (i = 0; i <= TC_PRIO_MAX; i++)
                 printf(" %d", qopt->priomap[i]);
 
         if (tb[TCA_PRIO_MQ])
diff --git a/networking/tls.c b/networking/tls.c
index 5f40aec70..9f1dd67ec 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -948,11 +948,46 @@ static int tls_has_buffered_record(tls_state_t *tls)
 
 static const char *alert_text(int code)
 {
+        //10 unexpected_message
+        //20 bad_record_mac
+        //21 decryption_failed
+        //22 record_overflow
+        //30 decompression_failure
+        //40 handshake_failure
+        //41 no_certificate
+        //42 bad_certificate
+        //43 unsupported_certificate
+        //44 certificate_revoked
+        //45 certificate_expired
+        //46 certificate_unknown
+        //47 illegal_parameter
+        //48 unknown_ca
+        //49 access_denied
+        //50 decode_error
+        //51 decrypt_error
+        //52 too_many_cids_requested
+        //60 export_restriction
+        //70 protocol_version
+        //71 insufficient_security
+        //80 internal_error
+        //86 inappropriate_fallback
+        //90 user_canceled
+        //100 no_renegotiation
+        //109 missing_extension
+        //110 unsupported_extension
+        //111 certificate_unobtainable
+        //112 unrecognized_name
+        //113 bad_certificate_status_response
+        //114 bad_certificate_hash_value
+        //115 unknown_psk_identity
+        //116 certificate_required
+        //120 no_application_protocol
         switch (code) {
         case 20:  return "bad MAC";
         case 50:  return "decode error";
-        case 51:  return "decrypt error";
         case 40:  return "handshake failure";
+        case 51:  return "decrypt error";
+        case 80:  return "internal error";
         case 112: return "unrecognized name";
         }
         return itoa(code);
@@ -1531,27 +1566,6 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
 #endif
                 0x01,0x00, //not a cipher - comprtypes_len, comprtype
         };
-        static const uint8_t supported_groups[] = {
-                0x00,0x0a, //extension_type: "supported_groups"
-                0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len
-                0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len
-#if ALLOW_CURVE_P256
-                0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1)
-#endif
-                //0x00,0x18, //curve_secp384r1
-                //0x00,0x19, //curve_secp521r1
-#if ALLOW_CURVE_X25519
-                0x00,0x1d, //curve_x25519 (RFC 7748)
-#endif
-                //0x00,0x1e, //curve_x448 (RFC 7748)
-        };
-        //static const uint8_t signature_algorithms[] = {
-        //      000d
-        //      0020
-        //      001e
-        //      0601 0602 0603 0501 0502 0503 0401 0402 0403 0301 0302 0303 0201 0202 0203
-        //};
-
         struct client_hello {
                 uint8_t type;
                 uint8_t len24_hi, len24_mid, len24_lo;
@@ -1563,15 +1577,47 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
                 uint8_t cipherid[2 * (1 + NUM_CIPHERS)]; /* actually variable */
                 uint8_t comprtypes_len;
                 uint8_t comprtypes[1]; /* actually variable */
-                /* Extensions (SNI shown):
-                 * hi,lo // len of all extensions
-                 *   00,00 // extension_type: "Server Name"
-                 *   00,0e // list len (there can be more than one SNI)
-                 *     00,0c // len of 1st Server Name Indication
-                 *       00    // name type: host_name
-                 *       00,09   // name len
-                 *       "localhost" // name
-                 */
+        };
+        // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+        static const uint8_t extensions[] = {
+                // is.gd responds with "handshake failure" to our hello if there's no supported_groups
+                0x00,0x0a, //extension_type: "supported_groups"
+                        0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len
+                        0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len
+#if ALLOW_CURVE_P256
+                        0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1)
+#endif
+                        //0x00,0x18, //curve_secp384r1
+                        //0x00,0x19, //curve_secp521r1
+#if ALLOW_CURVE_X25519
+                        0x00,0x1d, //curve_x25519 (RFC 7748)
+#endif
+                        //0x00,0x1e, //curve_x448 (RFC 7748)
+
+                //0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02, //extension_type: "ec_point_formats"
+                //0x00,0x16,0x00,0x00, //extension_type: "encrpypt-then-mac"
+                //0x00,0x17,0x00,0x00, //extension_type: "extended_master"
+                //0x00,0x23,0x00,0x00, //extension_type: "session_ticket"
+
+                // kojipkgs.fedoraproject.org responds with alert code 80 ("internal error")
+                // to our hello without signature_algorithms.
+                // It is satisfied with just 0x04,0x01.
+                0x00,0x0d, //extension_type: "signature_algorithms" (RFC5246 section 7.4.1.4.1):
+#define SIGALGS (3 + 3 * ENABLE_FEATURE_TLS_SHA1)
+                        0x00,2 * (1 + SIGALGS), //ext len
+                        0x00,2 * (0 + SIGALGS), //list len
+                        //Format: two bytes
+                        // byte 1: 0:none,1:md5,2:sha1,3:sha224,4:sha256,5:sha384,6:sha512
+                        // byte 2: 1:rsa,2:dsa,3:ecdsa
+                        // (note that TLS 1.3 changes this, see RFC8446 section 4.2.3)
+#if ENABLE_FEATURE_TLS_SHA1
+                        0x02,0x01, //sha1 + rsa
+                        0x02,0x02, //sha1 + dsa
+                        0x02,0x03, //sha1 + ecdsa
+#endif
+                        0x04,0x01, //sha256 + rsa - kojipkgs.fedoraproject.org wants this
+                        0x04,0x02, //sha256 + dsa
+                        0x04,0x03, //sha256 + ecdsa
 // GNU Wget 1.18 to cdn.kernel.org sends these extensions:
 // 0055
 //   0005 0005 0100000000 - status_request
@@ -1591,8 +1637,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
         int sni_len = sni ? strnlen(sni, 127 - 5) : 0;
 
         ext_len = 0;
-        /* is.gd responds with "handshake failure" to our hello if there's no supported_groups element */
-        ext_len += sizeof(supported_groups);
+        ext_len += sizeof(extensions);
         if (sni_len)
                 ext_len += 9 + sni_len;
 
@@ -1626,7 +1671,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
                 ptr[8] = sni_len;         //name len
                 ptr = mempcpy(&ptr[9], sni, sni_len);
         }
-        memcpy(ptr, supported_groups, sizeof(supported_groups));
+        memcpy(ptr, extensions, sizeof(extensions));
 
         tls->hsd = xzalloc(sizeof(*tls->hsd));
         /* HANDSHAKE HASH: ^^^ + len if need to save saved_client_hello */
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 292dda24e..a593c5c40 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -68,9 +68,6 @@ static const sp_digit p256_mod[8] ALIGNED(8) = {
 
 #define p256_mp_mod ((sp_digit)0x000001)
 
-/* Normalize the values in each word to 32 bits - NOP */
-#define sp_256_norm_8(a) ((void)0)
-
 /* Write r as big endian to byte array.
  * Fixed length number of bytes written: 32
  *
@@ -83,8 +80,6 @@ static void sp_256_to_bin_8(const sp_digit* rr, uint8_t* a)
         int i;
         const uint64_t* r = (void*)rr;
 
-        sp_256_norm_8(rr);
-
         r += 4;
         for (i = 0; i < 4; i++) {
                 r--;
@@ -97,8 +92,6 @@ static void sp_256_to_bin_8(const sp_digit* r, uint8_t* a)
 {
         int i;
 
-        sp_256_norm_8(r);
-
         r += 8;
         for (i = 0; i < 8; i++) {
                 r--;
@@ -641,7 +634,6 @@ static void sp_256_div2_8(sp_digit* r /*, const sp_digit* m*/)
         int carry = 0;
         if (r[0] & 1)
                 carry = sp_256_add_8(r, r, m);
-        sp_256_norm_8(r);
         sp_256_rshift1_8(r, carry);
 }
 
@@ -652,10 +644,8 @@ static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b
 //      const sp_digit* m = p256_mod;
 
         int carry = sp_256_add_8(r, a, b);
-        sp_256_norm_8(r);
         if (carry) {
                 sp_256_sub_8_p256_mod(r);
-                sp_256_norm_8(r);
         }
 }
 
@@ -667,10 +657,8 @@ static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b
 
         int borrow;
         borrow = sp_256_sub_8(r, a, b);
-        sp_256_norm_8(r);
         if (borrow) {
                 sp_256_add_8(r, r, m);
-                sp_256_norm_8(r);
         }
 }
 
@@ -680,10 +668,8 @@ static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
 //      const sp_digit* m = p256_mod;
 
         int carry = sp_256_add_8(r, a, a);
-        sp_256_norm_8(r);
         if (carry)
                 sp_256_sub_8_p256_mod(r);
-        sp_256_norm_8(r);
 }
 
 /* Triple a Montgomery form number (r = a + a + a % m) */
@@ -692,16 +678,12 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
 //      const sp_digit* m = p256_mod;
 
         int carry = sp_256_add_8(r, a, a);
-        sp_256_norm_8(r);
         if (carry) {
                 sp_256_sub_8_p256_mod(r);
-                sp_256_norm_8(r);
         }
         carry = sp_256_add_8(r, r, a);
-        sp_256_norm_8(r);
         if (carry) {
                 sp_256_sub_8_p256_mod(r);
-                sp_256_norm_8(r);
         }
 }
 
@@ -844,7 +826,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* aa/*, const sp_digi
         sp_512to256_mont_shift_8(r, aa);
         if (carry != 0)
                 sp_256_sub_8_p256_mod(r);
-        sp_256_norm_8(r);
 }
 
 #else /* Generic 32-bit version */
@@ -1003,8 +984,6 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
  * [In our case, it is (p256_mp_mod * a[1]) << 32.]
  * And so on. Eventually T is divisible by R, and after division by R
  * the algorithm is in the same place as the usual Montgomery reduction.
- *
- * TODO: Can conditionally use 64-bit (if bit-little-endian arch) logic?
  */
 static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
 {
@@ -1032,7 +1011,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
                 sp_512to256_mont_shift_8(r, a);
                 if (word16th != 0)
                         sp_256_sub_8_p256_mod(r);
-                sp_256_norm_8(r);
         }
         else { /* Same code for explicit mp == 1 (which is always the case for P256) */
                 sp_digit word16th = 0;
@@ -1052,7 +1030,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
                 sp_512to256_mont_shift_8(r, a);
                 if (word16th != 0)
                         sp_256_sub_8_p256_mod(r);
-                sp_256_norm_8(r);
         }
 }
 #endif
@@ -1208,14 +1185,12 @@ static void sp_256_map_8(sp_point* r, sp_point* p)
         /* Reduce x to less than modulus */
         if (sp_256_cmp_8(r->x, p256_mod) >= 0)
                 sp_256_sub_8_p256_mod(r->x);
-        sp_256_norm_8(r->x);
 
         /* y /= z^3 */
         sp_256_mont_mul_and_reduce_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/);
         /* Reduce y to less than modulus */
         if (sp_256_cmp_8(r->y, p256_mod) >= 0)
                 sp_256_sub_8_p256_mod(r->y);
-        sp_256_norm_8(r->y);
 
         memset(r->z, 0, sizeof(r->z));
         r->z[0] = 1;
@@ -1300,7 +1275,6 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point*
 
         /* Check double */
         sp_256_sub_8(t1, p256_mod, q->y);
-        sp_256_norm_8(t1);
         if (sp_256_cmp_equal_8(p->x, q->x)
          && sp_256_cmp_equal_8(p->z, q->z)
          && (sp_256_cmp_equal_8(p->y, q->y) || sp_256_cmp_equal_8(p->y, t1))
@@ -1422,14 +1396,15 @@ static void sp_256_ecc_mulmod_8(sp_point* r, const sp_point* g, const sp_digit*
 static void sp_256_ecc_mulmod_base_8(sp_point* r, sp_digit* k /*, int map*/)
 {
         /* Since this function is called only once, save space:
-         * don't have "static const sp_point p256_base = {...}",
-         * it would have more zeros than data.
+         * don't have "static const sp_point p256_base = {...}".
          */
         static const uint8_t p256_base_bin[] = {
                 /* x (big-endian) */
-                0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,0xe5,0x63,0xa4,0x40,0xf2,0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,0x45,0xd8,0x98,0xc2,0x96,
+                0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,0xe5,0x63,0xa4,0x40,0xf2,
+                0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,0x45,0xd8,0x98,0xc2,0x96,
                 /* y */
-                0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,0x51,0xf5,
+                0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,0x4a,0x7c,0x0f,0x9e,0x16,
+                0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,0x51,0xf5,
                 /* z will be set to 1, infinity flag to "false" */
         };
         sp_point p256_base;
diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c
index 9fc690315..c7f130a70 100644
--- a/networking/udhcp/d6_dhcpc.c
+++ b/networking/udhcp/d6_dhcpc.c
@@ -295,6 +295,7 @@ static void option_to_env(const uint8_t *option, const uint8_t *option_end)
                         *new_env() = xasprintf("ipv6=%s", ipv6str);
 
                         move_from_unaligned32(v32, option + 4 + 16 + 4);
+                        v32 = ntohl(v32);
                         *new_env() = xasprintf("lease=%u", (unsigned)v32);
                         break;
 
@@ -332,6 +333,7 @@ static void option_to_env(const uint8_t *option, const uint8_t *option_end)
  * +-+-+-+-+-+-+-+-+
  */
                         move_from_unaligned32(v32, option + 4 + 4);
+                        v32 = ntohl(v32);
                         *new_env() = xasprintf("ipv6prefix_lease=%u", (unsigned)v32);
 
                         sprint_nip6(ipv6str, option + 4 + 4 + 4 + 1);
@@ -842,7 +844,7 @@ static NOINLINE int send_d6_renew(struct in6_addr *server_ipv6, struct in6_addr
         uint8_t *opt_ptr;
 
         /* Fill in: msg type, xid, ELAPSED_TIME */
-        opt_ptr = init_d6_packet(&packet, DHCPREQUEST);
+        opt_ptr = init_d6_packet(&packet, D6_MSG_RENEW);
 
         /* server id */
         opt_ptr = mempcpy(opt_ptr, client6_data.server_id, client6_data.server_id->len + 2+2);
@@ -1081,7 +1083,7 @@ static void change_listen_mode(int new_mode)
                 client_data.sockfd = -1;
         }
         if (new_mode == LISTEN_KERNEL)
-                client_data.sockfd = udhcp_listen_socket(/*INADDR_ANY,*/ CLIENT_PORT6, client_data.interface);
+                client_data.sockfd = d6_listen_socket(CLIENT_PORT6, client_data.interface);
         else if (new_mode != LISTEN_NONE)
                 client_data.sockfd = d6_raw_socket(client_data.ifindex);
         /* else LISTEN_NONE: client_data.sockfd stays closed */
@@ -1487,6 +1489,7 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv)
                                         if (opt & OPT_l)
                                                 send_d6_info_request();
                                         else /* send a broadcast renew request */
+//TODO: send_d6_renew uses D6_MSG_RENEW message, should we use D6_MSG_REBIND here instead?
                                                 send_d6_renew(/*server_ipv6:*/ NULL, requested_ipv6);
                                         timeout = discover_timeout;
                                         packet_num++;
diff --git a/networking/udhcp/d6_socket.c b/networking/udhcp/d6_socket.c
index 8ddee5a8e..21cf61c6e 100644
--- a/networking/udhcp/d6_socket.c
+++ b/networking/udhcp/d6_socket.c
@@ -110,7 +110,7 @@ int FAST_FUNC d6_listen_socket(int port, const char *inf)
         int fd;
         struct sockaddr_in6 addr;
 
-        log1("opening listen socket on *:%d %s", port, inf);
+        log2("opening listen socket on *:%d %s", port, inf);
         fd = xsocket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP);
 
         setsockopt_reuseaddr(fd);