8 files changed, 52 insertions, 253 deletions
diff --git a/networking/Config.src b/networking/Config.src
index c4c3c2a58..aa0806a18 100644
--- a/networking/Config.src
+++ b/networking/Config.src
@@ -84,7 +84,7 @@ config FEATURE_TLS_INTERNAL
 config FEATURE_TLS_SCHANNEL
        bool "Schannel SSP"
-        depends on TLS
+        depends on TLS && PLATFORM_MINGW32
        help
        Use the Schannel SSP to provide TLS support.
        Reduces code size and enables certificate checking.
diff --git a/networking/httpd.c b/networking/httpd.c
index 1dae602ee..50595104c 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -3074,7 +3074,7 @@ int httpd_main(int argc UNUSED_PARAM, char **argv)
                salt[0] = '$';
                salt[1] = '1';
                salt[2] = '$';
-                crypt_make_salt(salt + 3, 4);
+                crypt_make_rand64encoded(salt + 3, 8 / 2); /* 8 chars */
                puts(pw_encrypt(pass, salt, /*cleanup:*/ 0));
                return 0;
        }
diff --git a/networking/ntpd.c b/networking/ntpd.c
index 4c4842cb2..dd0a9c91f 100644
--- a/networking/ntpd.c
+++ b/networking/ntpd.c
@@ -1057,7 +1057,7 @@ step_time(double offset)
        }
        tval = tvn.tv_sec;
        strftime_YYYYMMDDHHMMSS(buf, sizeof(buf), &tval);
-        bb_info_msg("setting time to %s.%06u (offset %+fs)", buf, (unsigned)tvn.tv_usec, offset);
+        bb_error_msg("setting time to %s.%06u (offset %+fs)", buf, (unsigned)tvn.tv_usec, offset);
        //maybe? G.FREQHOLD_cnt = 0;
        /* Correct various fields which contain time-relative values: */
@@ -1976,7 +1976,7 @@ recv_and_process_peer_pkt(peer_t *p)
        p->reachable_bits |= 1;
        if ((MAX_VERBOSE && G.verbose) || (option_mask32 & OPT_w)) {
-                bb_info_msg("reply from %s: offset:%+f delay:%f status:0x%02x strat:%d refid:0x%08x rootdelay:%f reach:0x%02x",
+                bb_error_msg("reply from %s: offset:%+f delay:%f status:0x%02x strat:%d refid:0x%08x rootdelay:%f reach:0x%02x",
                        p->p_dotted,
                        offset,
                        p->p_raw_delay,
diff --git a/networking/telnetd.c b/networking/telnetd.c
index bfeea1400..a5a783047 100644
--- a/networking/telnetd.c
+++ b/networking/telnetd.c
@@ -104,8 +104,8 @@
 //usage:#define telnetd_full_usage "\n\n"
 //usage:       "Handle incoming telnet connections"
 //usage:        IF_NOT_FEATURE_TELNETD_STANDALONE(" via inetd") "\n"
-//usage:     "\n        -l LOGIN        Exec LOGIN on connect"
+//usage:     "\n        -l LOGIN        Exec LOGIN on connect (default /bin/login)"
-//usage:     "\n        -f ISSUE_FILE   Display ISSUE_FILE instead of /etc/issue"
+//usage:     "\n        -f ISSUE_FILE   Display ISSUE_FILE instead of /etc/issue.net"
 //usage:     "\n        -K              Close connection as soon as login exits"
 //usage:     "\n                        (normally wait until all programs close slave pty)"
 //usage:        IF_FEATURE_TELNETD_STANDALONE(
diff --git a/networking/tftp.c b/networking/tftp.c
index f5b4367ca..b698a9288 100644
--- a/networking/tftp.c
+++ b/networking/tftp.c
@@ -250,7 +250,7 @@ static int tftp_blksize_check(const char *blksize_str, int maxsize)
                return -1;
        }
 # if ENABLE_TFTP_DEBUG
-        bb_info_msg("using blksize %u", blksize);
+        bb_error_msg("using blksize %u", blksize);
 # endif
        return blksize;
 }
diff --git a/networking/tls.c b/networking/tls.c
index 89726fee0..9c05364ea 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -22,19 +22,7 @@
 #include "tls.h"
-#if ENABLE_FEATURE_TLS_SCHANNEL || ENABLE_FEATURE_USE_CNG_API
-#include <windows.h>
-#endif
 #if !ENABLE_FEATURE_TLS_SCHANNEL
-#if ENABLE_FEATURE_USE_CNG_API
-# include <bcrypt.h>
-// these work on Windows >= 10
-# define BCRYPT_HMAC_SHA1_ALG_HANDLE   ((BCRYPT_ALG_HANDLE) 0x000000a1)
-# define BCRYPT_HMAC_SHA256_ALG_HANDLE ((BCRYPT_ALG_HANDLE) 0x000000b1)
-#endif
 // Usually enabled. You can disable some of them to force only
 // specific ciphers to be advertized to server.
 // (this would not exclude code to handle disabled ciphers, no code size win)
@@ -201,8 +189,6 @@
 #define TLS_MAX_OUTBUF          (1 << 14)
 enum {
-        SHA_INSIZE     = 64,
        AES128_KEYSIZE = 16,
        AES256_KEYSIZE = 32,
@@ -348,34 +334,6 @@ void FAST_FUNC tls_get_random(void *buf, unsigned len)
                xfunc_die();
 }
-static void xorbuf3(void *dst, const void *src1, const void *src2, unsigned count)
-{
-        uint8_t *d = dst;
-        const uint8_t *s1 = src1;
-        const uint8_t* s2 = src2;
-        while (count--)
-                *d++ = *s1++ ^ *s2++;
-}
-void FAST_FUNC xorbuf(void *dst, const void *src, unsigned count)
-{
-        xorbuf3(dst, dst, src, count);
-}
-void FAST_FUNC xorbuf_aligned_AES_BLOCK_SIZE(void *dst, const void *src)
-{
-        unsigned long *d = dst;
-        const unsigned long *s = src;
-        d[0] ^= s[0];
-#if ULONG_MAX <= 0xffffffffffffffff
-        d[1] ^= s[1];
- #if ULONG_MAX == 0xffffffff
-        d[2] ^= s[2];
-        d[3] ^= s[3];
- #endif
-#endif
-}
 #if !TLS_DEBUG_HASH
 # define hash_handshake(tls, fmt, buffer, len) \
         hash_handshake(tls, buffer, len)
@@ -406,191 +364,6 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer
 # define TLS_MAC_SIZE(tls) (tls)->MAC_size
 #endif
-// RFC 2104:
-// HMAC(key, text) based on a hash H (say, sha256) is:
-// ipad = [0x36 x INSIZE]
-// opad = [0x5c x INSIZE]
-// HMAC(key, text) = H((key XOR opad) + H((key XOR ipad) + text))
-//
-// H(key XOR opad) and H(key XOR ipad) can be precomputed
-// if we often need HMAC hmac with the same key.
-//
-// text is often given in disjoint pieces.
-#if !ENABLE_FEATURE_USE_CNG_API
-typedef struct hmac_precomputed {
-        md5sha_ctx_t hashed_key_xor_ipad;
-        md5sha_ctx_t hashed_key_xor_opad;
-} hmac_precomputed_t;
-typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
-#define sha1_begin_hmac sha1_begin
-#define sha256_begin_hmac sha256_begin
-#define hmac_uninit(...) ((void)0)
-#if !ENABLE_FEATURE_TLS_SHA1
-#define hmac_begin(pre,key,key_size,begin) \
-        hmac_begin(pre,key,key_size)
-#define begin sha256_begin
-#endif
-static void hmac_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size, md5sha_begin_func *begin)
-{
-        uint8_t key_xor_ipad[SHA_INSIZE];
-        uint8_t key_xor_opad[SHA_INSIZE];
-//      uint8_t tempkey[SHA1_OUTSIZE < SHA256_OUTSIZE ? SHA256_OUTSIZE : SHA1_OUTSIZE];
-        unsigned i;
-        // "The authentication key can be of any length up to INSIZE, the
-        // block length of the hash function.  Applications that use keys longer
-        // than INSIZE bytes will first hash the key using H and then use the
-        // resultant OUTSIZE byte string as the actual key to HMAC."
-        if (key_size > SHA_INSIZE) {
-                bb_simple_error_msg_and_die("HMAC key>64"); //does not happen (yet?)
-//              md5sha_ctx_t ctx;
-//              begin(&ctx);
-//              md5sha_hash(&ctx, key, key_size);
-//              key_size = sha_end(&ctx, tempkey);
-//              //key = tempkey; - right? RIGHT? why does it work without this?
-//              // because SHA_INSIZE is 64, but hmac() is always called with
-//              // key_size = tls->MAC_size = SHA1/256_OUTSIZE (20 or 32),
-//              // and prf_hmac_sha256() -> hmac_sha256() key sizes are:
-//              // - RSA_PREMASTER_SIZE is 48
-//              // - CURVE25519_KEYSIZE is 32
-//              // - master_secret[] is 48
-        }
-        for (i = 0; i < key_size; i++) {
-                key_xor_ipad[i] = key[i] ^ 0x36;
-                key_xor_opad[i] = key[i] ^ 0x5c;
-        }
-        for (; i < SHA_INSIZE; i++) {
-                key_xor_ipad[i] = 0x36;
-                key_xor_opad[i] = 0x5c;
-        }
-        begin(&pre->hashed_key_xor_ipad);
-        begin(&pre->hashed_key_xor_opad);
-        md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);
-        md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);
-}
-#undef begin
-static unsigned hmac_sha_precomputed_v(
-                hmac_precomputed_t *pre,
-                uint8_t *out,
-                va_list va)
-{
-        uint8_t *text;
-        unsigned len;
-        /* pre->hashed_key_xor_ipad contains unclosed "H((key XOR ipad) +" state */
-        /* pre->hashed_key_xor_opad contains unclosed "H((key XOR opad) +" state */
-        /* calculate out = H((key XOR ipad) + text) */
-        while ((text = va_arg(va, uint8_t*)) != NULL) {
-                unsigned text_size = va_arg(va, unsigned);
-                md5sha_hash(&pre->hashed_key_xor_ipad, text, text_size);
-        }
-        len = sha_end(&pre->hashed_key_xor_ipad, out);
-        /* out = H((key XOR opad) + out) */
-        md5sha_hash(&pre->hashed_key_xor_opad, out, len);
-        return sha_end(&pre->hashed_key_xor_opad, out);
-}
-#else
-#define sha1_begin_hmac BCRYPT_HMAC_SHA1_ALG_HANDLE
-#define sha256_begin_hmac BCRYPT_HMAC_SHA256_ALG_HANDLE
-#if !ENABLE_FEATURE_TLS_SHA1
-#define hmac_begin(pre,key,key_size,begin) _hmac_begin(pre, key, key_size, sha256_begin_hmac)
-#else
-#define hmac_begin _hmac_begin
-#endif
-typedef struct bcrypt_hash_ctx_t hmac_precomputed_t;
-static void _hmac_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size, BCRYPT_ALG_HANDLE alg_handle) {
-        DWORD hash_object_length = 0;
-        ULONG _unused;
-        NTSTATUS status;
-        status = BCryptGetProperty(alg_handle, BCRYPT_OBJECT_LENGTH, (PUCHAR)&hash_object_length, sizeof(DWORD), &_unused, 0);
-        mingw_die_if_error(status, "BCryptGetProperty");
-        status = BCryptGetProperty(alg_handle, BCRYPT_HASH_LENGTH, (PUCHAR)&pre->output_size, sizeof(DWORD), &_unused, 0);
-        mingw_die_if_error(status, "BCryptGetProperty");
-        pre->hash_obj = xmalloc(hash_object_length);
-        status = BCryptCreateHash(alg_handle, &pre->handle, pre->hash_obj, hash_object_length, key, key_size, BCRYPT_HASH_REUSABLE_FLAG);
-        mingw_die_if_error(status, "BCryptCreateHash");
-}
-static unsigned hmac_sha_precomputed_v(
-                hmac_precomputed_t *pre,
-                uint8_t *out,
-                va_list va)
-{
-        uint8_t *text;
-        NTSTATUS status;
-        while ((text = va_arg(va, uint8_t*)) != NULL) {
-                unsigned text_size = va_arg(va, unsigned);
-                /*status = */ BCryptHashData(pre->handle, text, text_size, 0);
-                //mingw_die_if_error(status, "BCryptHashData");
-        }
-        status = BCryptFinishHash(pre->handle, out, pre->output_size, 0);
-        mingw_die_if_error(status, "BCryptFinishHash");
-        return pre->output_size;
-}
-static void hmac_uninit(hmac_precomputed_t *pre) {
-        BCryptDestroyHash(pre->handle);
-        free(pre->hash_obj);
-}
-#endif
-static unsigned hmac_sha_precomputed(hmac_precomputed_t *pre_init, uint8_t *out, ...)
-{
-        hmac_precomputed_t pre;
-        va_list va;
-        unsigned len;
-        va_start(va, out);
-        pre = *pre_init; /* struct copy */
-        len = hmac_sha_precomputed_v(&pre, out, va);
-        va_end(va);
-        return len;
-}
-#if !ENABLE_FEATURE_TLS_SHA1
-#define hmac(tls,out,key,key_size,...) \
-        hmac(out,key,key_size, __VA_ARGS__)
-#endif
-static unsigned hmac(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_size, ...)
-{
-        hmac_precomputed_t pre;
-        va_list va;
-        unsigned len;
-        va_start(va, key_size);
-        hmac_begin(&pre, key, key_size,
-                        (ENABLE_FEATURE_TLS_SHA1 && tls->MAC_size == SHA1_OUTSIZE)
-                                ? sha1_begin_hmac
-                                : sha256_begin_hmac
-        );
-        len = hmac_sha_precomputed_v(&pre, out, va);
-        va_end(va);
-        hmac_uninit(&pre);
-        return len;
-}
 // RFC 5246:
 // 5.  HMAC and the Pseudorandom Function
 //...
@@ -635,7 +408,7 @@ static void prf_hmac_sha256(/*tls_state_t *tls,*/
                const char *label,
                uint8_t *seed, unsigned seed_size)
 {
-        hmac_precomputed_t pre;
+        hmac_ctx_t ctx;
        uint8_t a[TLS_MAX_MAC_SIZE];
        uint8_t *out_p = outbuf;
        unsigned label_size = strlen(label);
@@ -645,29 +418,28 @@ static void prf_hmac_sha256(/*tls_state_t *tls,*/
 #define SEED   label, label_size, seed, seed_size
 #define A      a, MAC_size
-        hmac_begin(&pre, secret, secret_size, sha256_begin_hmac);
+        hmac_begin(&ctx, secret, secret_size, sha256_begin_hmac);
        /* A(1) = HMAC_hash(secret, seed) */
-        hmac_sha_precomputed(&pre, a, SEED, NULL);
+        hmac_peek_hash(&ctx, a, SEED, NULL);
        for (;;) {
                /* HMAC_hash(secret, A(1) + seed) */
                if (outbuf_size <= MAC_size) {
                        /* Last, possibly incomplete, block */
                        /* (use a[] as temp buffer) */
-                        hmac_sha_precomputed(&pre, a, A, SEED, NULL);
+                        hmac_peek_hash(&ctx, a, A, SEED, NULL);
                        memcpy(out_p, a, outbuf_size);
+                        hmac_uninit(&ctx);
                        return;
                }
                /* Not last block. Store directly to result buffer */
-                hmac_sha_precomputed(&pre, out_p, A, SEED, NULL);
+                hmac_peek_hash(&ctx, out_p, A, SEED, NULL);
                out_p += MAC_size;
                outbuf_size -= MAC_size;
                /* A(2) = HMAC_hash(secret, A(1)) */
-                hmac_sha_precomputed(&pre, a, A, NULL);
+                hmac_peek_hash(&ctx, a, A, NULL);
        }
-        hmac_uninit(&pre);
 #undef A
 #undef SECRET
 #undef SEED
@@ -733,6 +505,32 @@ static void *tls_get_zeroed_outbuf(tls_state_t *tls, int len)
        return record;
 }
+/* Calculate the HMAC over the list of blocks */
+#if !ENABLE_FEATURE_TLS_SHA1
+#define hmac_blocks(tls,out,key,key_size,...) \
+        hmac_blocks(out,key,key_size, __VA_ARGS__)
+#endif
+static unsigned hmac_blocks(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_size, ...)
+{
+        hmac_ctx_t ctx;
+        va_list va;
+        unsigned len;
+        hmac_begin(&ctx, key, key_size,
+                        (ENABLE_FEATURE_TLS_SHA1 && tls->MAC_size == SHA1_OUTSIZE)
+                                ? sha1_begin_hmac
+                                : sha256_begin_hmac
+        );
+        va_start(va, key_size);
+        hmac_hash_v(&ctx, va);
+        va_end(va);
+        len = hmac_end(&ctx, out);
+        hmac_uninit(&ctx);
+        return len;
+}
 static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, unsigned type)
 {
        uint8_t *buf = tls->outbuf + OUTBUF_PFX;
@@ -754,7 +552,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
        xhdr->len16_lo = size & 0xff;
        /* Calculate MAC signature */
-        hmac(tls, buf + size, /* result */
+        hmac_blocks(tls, buf + size, /* result */
                tls->client_write_MAC_key, TLS_MAC_SIZE(tls),
                &tls->write_seq64_be, sizeof(tls->write_seq64_be),
                xhdr, RECHDR_LEN,
@@ -943,8 +741,13 @@ static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned ty
                cnt++;
                COUNTER(nonce) = htonl(cnt); /* yes, first cnt here is 2 (!) */
                aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch);
-                n = remaining > AES_BLOCK_SIZE ? AES_BLOCK_SIZE : remaining;
+                if (remaining >= AES_BLOCK_SIZE) {
-                xorbuf(buf, scratch, n);
+                        n = AES_BLOCK_SIZE;
+                        xorbuf_AES_BLOCK_SIZE(buf, scratch);
+                } else {
+                        n = remaining;
+                        xorbuf(buf, scratch, n);
+                }
                buf += n;
                remaining -= n;
        }
@@ -1102,7 +905,7 @@ static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size)
                COUNTER(nonce) = htonl(cnt); /* yes, first cnt here is 2 (!) */
                aes_encrypt_one_block(&tls->aes_decrypt, nonce, scratch);
                n = remaining > AES_BLOCK_SIZE ? AES_BLOCK_SIZE : remaining;
-                xorbuf3(buf, scratch, buf + 8, n);
+                xorbuf_3(buf, scratch, buf + 8, n);
                buf += n;
                remaining -= n;
        }
diff --git a/networking/tls.h b/networking/tls.h
index 4fac23993..eee5a7617 100644
--- a/networking/tls.h
+++ b/networking/tls.h
@@ -83,10 +83,9 @@ typedef  int16_t  int16;
 void tls_get_random(void *buf, unsigned len) FAST_FUNC;
-void xorbuf(void* buf, const void* mask, unsigned count) FAST_FUNC;
 #define ALIGNED_long ALIGNED(sizeof(long))
-void xorbuf_aligned_AES_BLOCK_SIZE(void* buf, const void* mask) FAST_FUNC;
+#define xorbuf_aligned_AES_BLOCK_SIZE(dst,src) xorbuf16_aligned_long(dst,src)
+#define xorbuf_AES_BLOCK_SIZE(dst,src)         xorbuf16(dst,src)
 #define matrixCryptoGetPrngData(buf, len, userPtr) (tls_get_random(buf, len), PS_SUCCESS)
diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c
index 5ddcdd2ad..9c2381a57 100644
--- a/networking/tls_aesgcm.c
+++ b/networking/tls_aesgcm.c
@@ -167,10 +167,7 @@ void FAST_FUNC aesgcm_GHASH(byte* h,
        blocks = cSz / AES_BLOCK_SIZE;
        partial = cSz % AES_BLOCK_SIZE;
        while (blocks--) {
-            if (BB_UNALIGNED_MEMACCESS_OK) // c is not guaranteed to be aligned
+            xorbuf_AES_BLOCK_SIZE(x, c);
-                xorbuf_aligned_AES_BLOCK_SIZE(x, c);
-            else
-                xorbuf(x, c, AES_BLOCK_SIZE);
            GMULT(x, h);
            c += AES_BLOCK_SIZE;
        }

diff --git a/networking/Config.src b/networking/Config.src index c4c3c2a58..aa0806a18 100644 --- a/networking/Config.src +++ b/networking/Config.src
@@ -84,7 +84,7 @@ config FEATURE_TLS_INTERNAL
84		84
85	config FEATURE_TLS_SCHANNEL	85	config FEATURE_TLS_SCHANNEL
86	bool "Schannel SSP"	86	bool "Schannel SSP"
87	depends on TLS	87	depends on TLS && PLATFORM_MINGW32
88	help	88	help
89	Use the Schannel SSP to provide TLS support.	89	Use the Schannel SSP to provide TLS support.
90	Reduces code size and enables certificate checking.	90	Reduces code size and enables certificate checking.


diff --git a/networking/httpd.c b/networking/httpd.c index 1dae602ee..50595104c 100644 --- a/networking/httpd.c +++ b/networking/httpd.c
@@ -3074,7 +3074,7 @@ int httpd_main(int argc UNUSED_PARAM, char **argv)
3074	salt[0] = '$';	3074	salt[0] = '$';
3075	salt[1] = '1';	3075	salt[1] = '1';
3076	salt[2] = '$';	3076	salt[2] = '$';
3077	crypt_make_salt(salt + 3, 4);	3077	crypt_make_rand64encoded(salt + 3, 8 / 2); /* 8 chars */
3078	puts(pw_encrypt(pass, salt, /cleanup:/ 0));	3078	puts(pw_encrypt(pass, salt, /cleanup:/ 0));
3079	return 0;	3079	return 0;
3080	}	3080	}


diff --git a/networking/ntpd.c b/networking/ntpd.c index 4c4842cb2..dd0a9c91f 100644 --- a/networking/ntpd.c +++ b/networking/ntpd.c
@@ -1057,7 +1057,7 @@ step_time(double offset)
1057	}	1057	}
1058	tval = tvn.tv_sec;	1058	tval = tvn.tv_sec;
1059	strftime_YYYYMMDDHHMMSS(buf, sizeof(buf), &tval);	1059	strftime_YYYYMMDDHHMMSS(buf, sizeof(buf), &tval);
1060	bb_info_msg("setting time to %s.%06u (offset %+fs)", buf, (unsigned)tvn.tv_usec, offset);	1060	bb_error_msg("setting time to %s.%06u (offset %+fs)", buf, (unsigned)tvn.tv_usec, offset);
1061	//maybe? G.FREQHOLD_cnt = 0;	1061	//maybe? G.FREQHOLD_cnt = 0;
1062		1062
1063	/* Correct various fields which contain time-relative values: */	1063	/* Correct various fields which contain time-relative values: */
@@ -1976,7 +1976,7 @@ recv_and_process_peer_pkt(peer_t *p)
1976		1976
1977	p->reachable_bits \|= 1;	1977	p->reachable_bits \|= 1;
1978	if ((MAX_VERBOSE && G.verbose) \|\| (option_mask32 & OPT_w)) {	1978	if ((MAX_VERBOSE && G.verbose) \|\| (option_mask32 & OPT_w)) {
1979	bb_info_msg("reply from %s: offset:%+f delay:%f status:0x%02x strat:%d refid:0x%08x rootdelay:%f reach:0x%02x",	1979	bb_error_msg("reply from %s: offset:%+f delay:%f status:0x%02x strat:%d refid:0x%08x rootdelay:%f reach:0x%02x",
1980	p->p_dotted,	1980	p->p_dotted,
1981	offset,	1981	offset,
1982	p->p_raw_delay,	1982	p->p_raw_delay,


diff --git a/networking/telnetd.c b/networking/telnetd.c index bfeea1400..a5a783047 100644 --- a/networking/telnetd.c +++ b/networking/telnetd.c
@@ -104,8 +104,8 @@
104	//usage:#define telnetd_full_usage "\n\n"	104	//usage:#define telnetd_full_usage "\n\n"
105	//usage: "Handle incoming telnet connections"	105	//usage: "Handle incoming telnet connections"
106	//usage: IF_NOT_FEATURE_TELNETD_STANDALONE(" via inetd") "\n"	106	//usage: IF_NOT_FEATURE_TELNETD_STANDALONE(" via inetd") "\n"
107	//usage: "\n -l LOGIN Exec LOGIN on connect"	107	//usage: "\n -l LOGIN Exec LOGIN on connect (default /bin/login)"
108	//usage: "\n -f ISSUE_FILE Display ISSUE_FILE instead of /etc/issue"	108	//usage: "\n -f ISSUE_FILE Display ISSUE_FILE instead of /etc/issue.net"
109	//usage: "\n -K Close connection as soon as login exits"	109	//usage: "\n -K Close connection as soon as login exits"
110	//usage: "\n (normally wait until all programs close slave pty)"	110	//usage: "\n (normally wait until all programs close slave pty)"
111	//usage: IF_FEATURE_TELNETD_STANDALONE(	111	//usage: IF_FEATURE_TELNETD_STANDALONE(


diff --git a/networking/tftp.c b/networking/tftp.c index f5b4367ca..b698a9288 100644 --- a/networking/tftp.c +++ b/networking/tftp.c
@@ -250,7 +250,7 @@ static int tftp_blksize_check(const char *blksize_str, int maxsize)
250	return -1;	250	return -1;
251	}	251	}
252	# if ENABLE_TFTP_DEBUG	252	# if ENABLE_TFTP_DEBUG
253	bb_info_msg("using blksize %u", blksize);	253	bb_error_msg("using blksize %u", blksize);
254	# endif	254	# endif
255	return blksize;	255	return blksize;
256	}	256	}


diff --git a/networking/tls.c b/networking/tls.c index 89726fee0..9c05364ea 100644 --- a/networking/tls.c +++ b/networking/tls.c
@@ -22,19 +22,7 @@
22		22
23	#include "tls.h"	23	#include "tls.h"
24		24
25	#if ENABLE_FEATURE_TLS_SCHANNEL \|\| ENABLE_FEATURE_USE_CNG_API
26	#include <windows.h>
27	#endif
28
29	#if !ENABLE_FEATURE_TLS_SCHANNEL	25	#if !ENABLE_FEATURE_TLS_SCHANNEL
30	#if ENABLE_FEATURE_USE_CNG_API
31	# include <bcrypt.h>
32
33	// these work on Windows >= 10
34	# define BCRYPT_HMAC_SHA1_ALG_HANDLE ((BCRYPT_ALG_HANDLE) 0x000000a1)
35	# define BCRYPT_HMAC_SHA256_ALG_HANDLE ((BCRYPT_ALG_HANDLE) 0x000000b1)
36	#endif
37
38	// Usually enabled. You can disable some of them to force only	26	// Usually enabled. You can disable some of them to force only
39	// specific ciphers to be advertized to server.	27	// specific ciphers to be advertized to server.
40	// (this would not exclude code to handle disabled ciphers, no code size win)	28	// (this would not exclude code to handle disabled ciphers, no code size win)
@@ -201,8 +189,6 @@
201	#define TLS_MAX_OUTBUF (1 << 14)	189	#define TLS_MAX_OUTBUF (1 << 14)
202		190
203	enum {	191	enum {
204	SHA_INSIZE = 64,
205
206	AES128_KEYSIZE = 16,	192	AES128_KEYSIZE = 16,
207	AES256_KEYSIZE = 32,	193	AES256_KEYSIZE = 32,
208		194
@@ -348,34 +334,6 @@ void FAST_FUNC tls_get_random(void *buf, unsigned len)
348	xfunc_die();	334	xfunc_die();
349	}	335	}
350		336
351	static void xorbuf3(void dst, const void src1, const void *src2, unsigned count)
352	{
353	uint8_t *d = dst;
354	const uint8_t *s1 = src1;
355	const uint8_t* s2 = src2;
356	while (count--)
357	d++ = s1++ ^ *s2++;
358	}
359
360	void FAST_FUNC xorbuf(void dst, const void src, unsigned count)
361	{
362	xorbuf3(dst, dst, src, count);
363	}
364
365	void FAST_FUNC xorbuf_aligned_AES_BLOCK_SIZE(void dst, const void src)
366	{
367	unsigned long *d = dst;
368	const unsigned long *s = src;
369	d[0] ^= s[0];
370	#if ULONG_MAX <= 0xffffffffffffffff
371	d[1] ^= s[1];
372	#if ULONG_MAX == 0xffffffff
373	d[2] ^= s[2];
374	d[3] ^= s[3];
375	#endif
376	#endif
377	}
378
379	#if !TLS_DEBUG_HASH	337	#if !TLS_DEBUG_HASH
380	# define hash_handshake(tls, fmt, buffer, len) \	338	# define hash_handshake(tls, fmt, buffer, len) \
381	hash_handshake(tls, buffer, len)	339	hash_handshake(tls, buffer, len)
@@ -406,191 +364,6 @@ static void hash_handshake(tls_state_t tls, const char fmt, const void *buffer
406	# define TLS_MAC_SIZE(tls) (tls)->MAC_size	364	# define TLS_MAC_SIZE(tls) (tls)->MAC_size
407	#endif	365	#endif
408		366
409	// RFC 2104:
410	// HMAC(key, text) based on a hash H (say, sha256) is:
411	// ipad = [0x36 x INSIZE]
412	// opad = [0x5c x INSIZE]
413	// HMAC(key, text) = H((key XOR opad) + H((key XOR ipad) + text))
414	//
415	// H(key XOR opad) and H(key XOR ipad) can be precomputed
416	// if we often need HMAC hmac with the same key.
417	//
418	// text is often given in disjoint pieces.
419	#if !ENABLE_FEATURE_USE_CNG_API
420	typedef struct hmac_precomputed {
421	md5sha_ctx_t hashed_key_xor_ipad;
422	md5sha_ctx_t hashed_key_xor_opad;
423	} hmac_precomputed_t;
424
425	typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
426
427	#define sha1_begin_hmac sha1_begin
428	#define sha256_begin_hmac sha256_begin
429	#define hmac_uninit(...) ((void)0)
430
431	#if !ENABLE_FEATURE_TLS_SHA1
432	#define hmac_begin(pre,key,key_size,begin) \
433	hmac_begin(pre,key,key_size)
434	#define begin sha256_begin
435	#endif
436
437	static void hmac_begin(hmac_precomputed_t pre, uint8_t key, unsigned key_size, md5sha_begin_func *begin)
438	{
439	uint8_t key_xor_ipad[SHA_INSIZE];
440	uint8_t key_xor_opad[SHA_INSIZE];
441	// uint8_t tempkey[SHA1_OUTSIZE < SHA256_OUTSIZE ? SHA256_OUTSIZE : SHA1_OUTSIZE];
442	unsigned i;
443
444	// "The authentication key can be of any length up to INSIZE, the
445	// block length of the hash function. Applications that use keys longer
446	// than INSIZE bytes will first hash the key using H and then use the
447	// resultant OUTSIZE byte string as the actual key to HMAC."
448	if (key_size > SHA_INSIZE) {
449	bb_simple_error_msg_and_die("HMAC key>64"); //does not happen (yet?)
450	// md5sha_ctx_t ctx;
451	// begin(&ctx);
452	// md5sha_hash(&ctx, key, key_size);
453	// key_size = sha_end(&ctx, tempkey);
454	// //key = tempkey; - right? RIGHT? why does it work without this?
455	// // because SHA_INSIZE is 64, but hmac() is always called with
456	// // key_size = tls->MAC_size = SHA1/256_OUTSIZE (20 or 32),
457	// // and prf_hmac_sha256() -> hmac_sha256() key sizes are:
458	// // - RSA_PREMASTER_SIZE is 48
459	// // - CURVE25519_KEYSIZE is 32
460	// // - master_secret[] is 48
461	}
462
463	for (i = 0; i < key_size; i++) {
464	key_xor_ipad[i] = key[i] ^ 0x36;
465	key_xor_opad[i] = key[i] ^ 0x5c;
466	}
467	for (; i < SHA_INSIZE; i++) {
468	key_xor_ipad[i] = 0x36;
469	key_xor_opad[i] = 0x5c;
470	}
471
472	begin(&pre->hashed_key_xor_ipad);
473	begin(&pre->hashed_key_xor_opad);
474	md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);
475	md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);
476	}
477	#undef begin
478
479	static unsigned hmac_sha_precomputed_v(
480	hmac_precomputed_t *pre,
481	uint8_t *out,
482	va_list va)
483	{
484	uint8_t *text;
485	unsigned len;
486
487	/* pre->hashed_key_xor_ipad contains unclosed "H((key XOR ipad) +" state */
488	/* pre->hashed_key_xor_opad contains unclosed "H((key XOR opad) +" state */
489
490	/* calculate out = H((key XOR ipad) + text) */
491	while ((text = va_arg(va, uint8_t*)) != NULL) {
492	unsigned text_size = va_arg(va, unsigned);
493	md5sha_hash(&pre->hashed_key_xor_ipad, text, text_size);
494	}
495	len = sha_end(&pre->hashed_key_xor_ipad, out);
496
497	/* out = H((key XOR opad) + out) */
498	md5sha_hash(&pre->hashed_key_xor_opad, out, len);
499	return sha_end(&pre->hashed_key_xor_opad, out);
500	}
501	#else
502	#define sha1_begin_hmac BCRYPT_HMAC_SHA1_ALG_HANDLE
503	#define sha256_begin_hmac BCRYPT_HMAC_SHA256_ALG_HANDLE
504
505	#if !ENABLE_FEATURE_TLS_SHA1
506	#define hmac_begin(pre,key,key_size,begin) _hmac_begin(pre, key, key_size, sha256_begin_hmac)
507	#else
508	#define hmac_begin _hmac_begin
509	#endif
510
511	typedef struct bcrypt_hash_ctx_t hmac_precomputed_t;
512
513	static void _hmac_begin(hmac_precomputed_t pre, uint8_t key, unsigned key_size, BCRYPT_ALG_HANDLE alg_handle) {
514	DWORD hash_object_length = 0;
515	ULONG _unused;
516	NTSTATUS status;
517
518	status = BCryptGetProperty(alg_handle, BCRYPT_OBJECT_LENGTH, (PUCHAR)&hash_object_length, sizeof(DWORD), &_unused, 0);
519	mingw_die_if_error(status, "BCryptGetProperty");
520	status = BCryptGetProperty(alg_handle, BCRYPT_HASH_LENGTH, (PUCHAR)&pre->output_size, sizeof(DWORD), &_unused, 0);
521	mingw_die_if_error(status, "BCryptGetProperty");
522
523
524	pre->hash_obj = xmalloc(hash_object_length);
525
526	status = BCryptCreateHash(alg_handle, &pre->handle, pre->hash_obj, hash_object_length, key, key_size, BCRYPT_HASH_REUSABLE_FLAG);
527	mingw_die_if_error(status, "BCryptCreateHash");
528	}
529
530	static unsigned hmac_sha_precomputed_v(
531	hmac_precomputed_t *pre,
532	uint8_t *out,
533	va_list va)
534	{
535	uint8_t *text;
536	NTSTATUS status;
537
538	while ((text = va_arg(va, uint8_t*)) != NULL) {
539	unsigned text_size = va_arg(va, unsigned);
540	/status = / BCryptHashData(pre->handle, text, text_size, 0);
541	//mingw_die_if_error(status, "BCryptHashData");
542	}
543
544	status = BCryptFinishHash(pre->handle, out, pre->output_size, 0);
545	mingw_die_if_error(status, "BCryptFinishHash");
546
547	return pre->output_size;
548	}
549
550	static void hmac_uninit(hmac_precomputed_t *pre) {
551	BCryptDestroyHash(pre->handle);
552	free(pre->hash_obj);
553	}
554
555	#endif
556
557	static unsigned hmac_sha_precomputed(hmac_precomputed_t pre_init, uint8_t out, ...)
558	{
559	hmac_precomputed_t pre;
560	va_list va;
561	unsigned len;
562
563	va_start(va, out);
564	pre = pre_init; / struct copy */
565	len = hmac_sha_precomputed_v(&pre, out, va);
566	va_end(va);
567	return len;
568	}
569
570	#if !ENABLE_FEATURE_TLS_SHA1
571	#define hmac(tls,out,key,key_size,...) \
572	hmac(out,key,key_size, __VA_ARGS__)
573	#endif
574	static unsigned hmac(tls_state_t tls, uint8_t out, uint8_t *key, unsigned key_size, ...)
575	{
576	hmac_precomputed_t pre;
577	va_list va;
578	unsigned len;
579
580	va_start(va, key_size);
581
582	hmac_begin(&pre, key, key_size,
583	(ENABLE_FEATURE_TLS_SHA1 && tls->MAC_size == SHA1_OUTSIZE)
584	? sha1_begin_hmac
585	: sha256_begin_hmac
586	);
587	len = hmac_sha_precomputed_v(&pre, out, va);
588
589	va_end(va);
590	hmac_uninit(&pre);
591	return len;
592	}
593
594	// RFC 5246:	367	// RFC 5246:
595	// 5. HMAC and the Pseudorandom Function	368	// 5. HMAC and the Pseudorandom Function
596	//...	369	//...
@@ -635,7 +408,7 @@ static void prf_hmac_sha256(/tls_state_t tls,*/
635	const char *label,	408	const char *label,
636	uint8_t *seed, unsigned seed_size)	409	uint8_t *seed, unsigned seed_size)
637	{	410	{
638	hmac_precomputed_t pre;	411	hmac_ctx_t ctx;
639	uint8_t a[TLS_MAX_MAC_SIZE];	412	uint8_t a[TLS_MAX_MAC_SIZE];
640	uint8_t *out_p = outbuf;	413	uint8_t *out_p = outbuf;
641	unsigned label_size = strlen(label);	414	unsigned label_size = strlen(label);
@@ -645,29 +418,28 @@ static void prf_hmac_sha256(/tls_state_t tls,*/
645	#define SEED label, label_size, seed, seed_size	418	#define SEED label, label_size, seed, seed_size
646	#define A a, MAC_size	419	#define A a, MAC_size
647		420
648	hmac_begin(&pre, secret, secret_size, sha256_begin_hmac);	421	hmac_begin(&ctx, secret, secret_size, sha256_begin_hmac);
649		422
650	/* A(1) = HMAC_hash(secret, seed) */	423	/* A(1) = HMAC_hash(secret, seed) */
651	hmac_sha_precomputed(&pre, a, SEED, NULL);	424	hmac_peek_hash(&ctx, a, SEED, NULL);
652		425
653	for (;;) {	426	for (;;) {
654	/* HMAC_hash(secret, A(1) + seed) */	427	/* HMAC_hash(secret, A(1) + seed) */
655	if (outbuf_size <= MAC_size) {	428	if (outbuf_size <= MAC_size) {
656	/* Last, possibly incomplete, block */	429	/* Last, possibly incomplete, block */
657	/* (use a[] as temp buffer) */	430	/* (use a[] as temp buffer) */
658	hmac_sha_precomputed(&pre, a, A, SEED, NULL);	431	hmac_peek_hash(&ctx, a, A, SEED, NULL);
659	memcpy(out_p, a, outbuf_size);	432	memcpy(out_p, a, outbuf_size);
		433	hmac_uninit(&ctx);
660	return;	434	return;
661	}	435	}
662	/* Not last block. Store directly to result buffer */	436	/* Not last block. Store directly to result buffer */
663	hmac_sha_precomputed(&pre, out_p, A, SEED, NULL);	437	hmac_peek_hash(&ctx, out_p, A, SEED, NULL);
664	out_p += MAC_size;	438	out_p += MAC_size;
665	outbuf_size -= MAC_size;	439	outbuf_size -= MAC_size;
666	/* A(2) = HMAC_hash(secret, A(1)) */	440	/* A(2) = HMAC_hash(secret, A(1)) */
667	hmac_sha_precomputed(&pre, a, A, NULL);	441	hmac_peek_hash(&ctx, a, A, NULL);
668	}	442	}
669
670	hmac_uninit(&pre);
671	#undef A	443	#undef A
672	#undef SECRET	444	#undef SECRET
673	#undef SEED	445	#undef SEED
@@ -733,6 +505,32 @@ static void tls_get_zeroed_outbuf(tls_state_t tls, int len)
733	return record;	505	return record;
734	}	506	}
735		507
		508	/* Calculate the HMAC over the list of blocks */
		509	#if !ENABLE_FEATURE_TLS_SHA1
		510	#define hmac_blocks(tls,out,key,key_size,...) \
		511	hmac_blocks(out,key,key_size, __VA_ARGS__)
		512	#endif
		513	static unsigned hmac_blocks(tls_state_t tls, uint8_t out, uint8_t *key, unsigned key_size, ...)
		514	{
		515	hmac_ctx_t ctx;
		516	va_list va;
		517	unsigned len;
		518
		519	hmac_begin(&ctx, key, key_size,
		520	(ENABLE_FEATURE_TLS_SHA1 && tls->MAC_size == SHA1_OUTSIZE)
		521	? sha1_begin_hmac
		522	: sha256_begin_hmac
		523	);
		524
		525	va_start(va, key_size);
		526	hmac_hash_v(&ctx, va);
		527	va_end(va);
		528
		529	len = hmac_end(&ctx, out);
		530	hmac_uninit(&ctx);
		531	return len;
		532	}
		533
736	static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, unsigned type)	534	static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, unsigned type)
737	{	535	{
738	uint8_t *buf = tls->outbuf + OUTBUF_PFX;	536	uint8_t *buf = tls->outbuf + OUTBUF_PFX;
@@ -754,7 +552,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
754	xhdr->len16_lo = size & 0xff;	552	xhdr->len16_lo = size & 0xff;
755		553
756	/* Calculate MAC signature */	554	/* Calculate MAC signature */
757	hmac(tls, buf + size, /* result */	555	hmac_blocks(tls, buf + size, /* result */
758	tls->client_write_MAC_key, TLS_MAC_SIZE(tls),	556	tls->client_write_MAC_key, TLS_MAC_SIZE(tls),
759	&tls->write_seq64_be, sizeof(tls->write_seq64_be),	557	&tls->write_seq64_be, sizeof(tls->write_seq64_be),
760	xhdr, RECHDR_LEN,	558	xhdr, RECHDR_LEN,
@@ -943,8 +741,13 @@ static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned ty
943	cnt++;	741	cnt++;
944	COUNTER(nonce) = htonl(cnt); /* yes, first cnt here is 2 (!) */	742	COUNTER(nonce) = htonl(cnt); /* yes, first cnt here is 2 (!) */
945	aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch);	743	aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch);
946	n = remaining > AES_BLOCK_SIZE ? AES_BLOCK_SIZE : remaining;	744	if (remaining >= AES_BLOCK_SIZE) {
947	xorbuf(buf, scratch, n);	745	n = AES_BLOCK_SIZE;
		746	xorbuf_AES_BLOCK_SIZE(buf, scratch);
		747	} else {
		748	n = remaining;
		749	xorbuf(buf, scratch, n);
		750	}
948	buf += n;	751	buf += n;
949	remaining -= n;	752	remaining -= n;
950	}	753	}
@@ -1102,7 +905,7 @@ static void tls_aesgcm_decrypt(tls_state_t tls, uint8_t buf, int size)
1102	COUNTER(nonce) = htonl(cnt); /* yes, first cnt here is 2 (!) */	905	COUNTER(nonce) = htonl(cnt); /* yes, first cnt here is 2 (!) */
1103	aes_encrypt_one_block(&tls->aes_decrypt, nonce, scratch);	906	aes_encrypt_one_block(&tls->aes_decrypt, nonce, scratch);
1104	n = remaining > AES_BLOCK_SIZE ? AES_BLOCK_SIZE : remaining;	907	n = remaining > AES_BLOCK_SIZE ? AES_BLOCK_SIZE : remaining;
1105	xorbuf3(buf, scratch, buf + 8, n);	908	xorbuf_3(buf, scratch, buf + 8, n);
1106	buf += n;	909	buf += n;
1107	remaining -= n;	910	remaining -= n;
1108	}	911	}


diff --git a/networking/tls.h b/networking/tls.h index 4fac23993..eee5a7617 100644 --- a/networking/tls.h +++ b/networking/tls.h
@@ -83,10 +83,9 @@ typedef int16_t int16;
83		83
84	void tls_get_random(void *buf, unsigned len) FAST_FUNC;	84	void tls_get_random(void *buf, unsigned len) FAST_FUNC;
85		85
86	void xorbuf(void* buf, const void* mask, unsigned count) FAST_FUNC;
87
88	#define ALIGNED_long ALIGNED(sizeof(long))	86	#define ALIGNED_long ALIGNED(sizeof(long))
89	void xorbuf_aligned_AES_BLOCK_SIZE(void* buf, const void* mask) FAST_FUNC;	87	#define xorbuf_aligned_AES_BLOCK_SIZE(dst,src) xorbuf16_aligned_long(dst,src)
		88	#define xorbuf_AES_BLOCK_SIZE(dst,src) xorbuf16(dst,src)
90		89
91	#define matrixCryptoGetPrngData(buf, len, userPtr) (tls_get_random(buf, len), PS_SUCCESS)	90	#define matrixCryptoGetPrngData(buf, len, userPtr) (tls_get_random(buf, len), PS_SUCCESS)
92		91


diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c index 5ddcdd2ad..9c2381a57 100644 --- a/networking/tls_aesgcm.c +++ b/networking/tls_aesgcm.c
@@ -167,10 +167,7 @@ void FAST_FUNC aesgcm_GHASH(byte* h,
167	blocks = cSz / AES_BLOCK_SIZE;	167	blocks = cSz / AES_BLOCK_SIZE;
168	partial = cSz % AES_BLOCK_SIZE;	168	partial = cSz % AES_BLOCK_SIZE;
169	while (blocks--) {	169	while (blocks--) {
170	if (BB_UNALIGNED_MEMACCESS_OK) // c is not guaranteed to be aligned	170	xorbuf_AES_BLOCK_SIZE(x, c);
171	xorbuf_aligned_AES_BLOCK_SIZE(x, c);
172	else
173	xorbuf(x, c, AES_BLOCK_SIZE);
174	GMULT(x, h);	171	GMULT(x, h);
175	c += AES_BLOCK_SIZE;	172	c += AES_BLOCK_SIZE;
176	}	173	}