aboutsummaryrefslogtreecommitdiff
path: root/networking (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tls: various schannel fixesHEADmasterRFL8903 days1-135/+61
|
* Merge branch 'busybox' into mergemergeRon Yorston7 days1-27/+12
|\
| * ftpd: code shrink, move replace_char() to libbbDenys Vlasenko2025-08-021-27/+12
| | | | | | | | | | | | | | | | | | | | | | function old new delta modprobe_main 803 804 +1 escape_text 127 122 -5 replace 18 - -18 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 1/1 up/down: 1/-23) Total: -22 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | Post-merge fixesRon Yorston9 days1-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream has moved some functions from networking/tls.c to a new file, libbb/hash_hmac.c. The merge didn't adjust this code to allow it to work with the native Windows checksum API. This only matters if FEATURE_USE_CNG_API is enabled and CONFIG_FEATURE_TLS_SCHANNEL isn't. In that case the wget applet fails to handle https. None of the default configurations has this combination, but it should work. Make it so. The Windows code doesn't implement hmac_block(), as that's only used for password encryption which isn't currently supported. The variadic function hmac_peek_hash() isn't declared FAST_FUNC, as that causes clang to issue many warnings.
* | Merge branch 'busybox' into mergeRon Yorston10 days7-252/+47
|\|
| * telnetd: improve --helpDenys Vlasenko2025-07-271-2/+2
| | | | | | | | | | | | | | function old new delta packed_usage 34996 35021 +25 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * tftp: use bb_error_msg instead of info_msg for a debug messageDenys Vlasenko2025-07-181-1/+1
| | | | | | | | | | | | This is the only use of bb_info_msg in tftp. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * ntpd: replace two bb_info_msg's with bb_error_msgDenys Vlasenko2025-07-181-2/+2
| | | | | | | | | | | | All other messages are printed via bb_error_msg in this applet. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * libbb: introduce and use block-XOR functionsDenys Vlasenko2025-07-093-38/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On x86_64, they can be done in 16-byte blocks 64-bit: function old new delta xorbuf_3 - 84 +84 xorbuf64_3_aligned64 - 58 +58 smix1 687 712 +25 xwrite_encrypted 520 534 +14 xorbuf16_aligned_long - 13 +13 tls_xread_record 733 742 +9 xorbuf 21 13 -8 xorbuf_aligned_AES_BLOCK_SIZE 15 - -15 blockmix 814 762 -52 blockmix_salsa8 317 198 -119 blockmix_xor_save 1620 1499 -121 blockmix_xor 1543 1322 -221 ------------------------------------------------------------------------------ (add/remove: 4/1 grow/shrink: 3/5 up/down: 203/-536) Total: -333 bytes 32-bit: function old new delta xorbuf_3 - 76 +76 xorbuf64_3_aligned64 - 36 +36 xorbuf16_aligned_long - 23 +23 xwrite_encrypted 499 507 +8 tls_xread_record 646 650 +4 xorbuf 22 11 -11 xorbuf_aligned_AES_BLOCK_SIZE 23 - -23 blockmix 1083 938 -145 blockmix_salsa8 415 210 -205 blockmix_salsa8_xor 601 163 -438 blockmix_xor 2103 1533 -570 blockmix_xor_save 2614 1859 -755 ------------------------------------------------------------------------------ (add/remove: 4/1 grow/shrink: 2/6 up/down: 147/-2147) Total: -2000 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * libbb/yescrypt: remove redundant SHA256 HMAC implementationDenys Vlasenko2025-07-071-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | function old new delta hmac_blocks - 88 +88 static.PBKDF2_SHA256 176 213 +37 yescrypt_kdf32_body 1046 1052 +6 static.smix 759 762 +3 hmac_block 88 64 -24 HMAC_SHA256_Final 53 - -53 HMAC_SHA256_Buf 58 - -58 HMAC_SHA256_Init 159 - -159 ------------------------------------------------------------------------------ (add/remove: 1/3 grow/shrink: 3/1 up/down: 134/-294) Total: -160 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * libbb: factor out HMAC code from TLSDenys Vlasenko2025-07-071-131/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | function old new delta hmac_block - 88 +88 hmac_peek_hash - 61 +61 hmac_end - 50 +50 hmac_begin 140 177 +37 hmac_hash_v - 30 +30 .rodata 105799 105787 -12 hmac_sha_precomputed 54 - -54 hmac_sha_precomputed_v 69 - -69 hmac 83 - -83 ------------------------------------------------------------------------------ (add/remove: 5/3 grow/shrink: 1/1 up/down: 266/-218) Total: 48 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * libbb: add yescrypt password hashing supportDenys Vlasenko2025-07-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems to work, but not at all optimized for size. The extra copy of sha256 code need to be removed. The yescrypt code in libbb/yescrypt/* is adapted from libxcrypt-4.4.38 with minimal edits, hopefully making it easier to track backports by resetting the tree to this commit, then comparing changes in upstream libxcrypt to the tree. function old new delta blockmix_xor_save - 7050 +7050 static.blockmix_xor - 6475 +6475 blockmix - 3390 +3390 SHA256_Transform - 3083 +3083 yescrypt_kdf_body - 1724 +1724 PBKDF2_SHA256 - 1003 +1003 smix1 - 960 +960 yescrypt_r - 890 +890 salsa20 - 804 +804 smix - 790 +790 smix2 - 659 +659 blockmix_salsa8_xor - 601 +601 yescrypt_kdf - 479 +479 blockmix_salsa8 - 415 +415 Krnd - 256 +256 _HMAC_SHA256_Init - 213 +213 _SHA256_Update - 198 +198 _SHA256_Final - 195 +195 decode64_uint32 - 166 +166 encode64 - 153 +153 decode64 - 136 +136 libcperciva_HMAC_SHA256_Buf - 132 +132 SHA256_Pad_Almost - 131 +131 salsa20_simd_unshuffle - 101 +101 salsa20_simd_shuffle - 101 +101 yes_crypt - 90 +90 libcperciva_SHA256_Buf - 86 +86 crypt_make_rand64encoded - 85 +85 static.atoi64_partial - 77 +77 alloc_region - 72 +72 ascii64 - 65 +65 PAD - 64 +64 _HMAC_SHA256_Final - 55 +55 static.cpu_to_be32_vect - 51 +51 free_region - 47 +47 libcperciva_SHA256_Init - 37 +37 yescrypt_init_local - 34 +34 crypt_make_pw_salt 92 125 +33 initial_state - 32 +32 .rodata 105771 105803 +32 atoi64 - 25 +25 explicit_bzero - 22 +22 pw_encrypt 920 941 +21 yescrypt_free_local - 9 +9 crypt_make_salt 85 - -85 ------------------------------------------------------------------------------ (add/remove: 43/1 grow/shrink: 3/0 up/down: 31042/-85) Total: 30957 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | tls: only show schannel config option on mingwrfl89012 days1-1/+1
| |
* | Merge branch 'busybox' into mergeRon Yorston12 days3-12/+10
|\|
| * whitespace fixDenys Vlasenko2025-07-051-2/+2
| | | | | | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * ntpd: Raise MAXDIST to 3s for better tolerance and consistency with chronyMichael Glembotzki2025-07-011-1/+1
| | | | | | | | | | | | | | | | function old new delta select_and_cluster 1088 1093 +5 Signed-off-by: Michael Glembotzki <m.glembo@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * ip route: make cache printing a bit more similar to upstreamDenys Vlasenko2025-07-011-9/+7
| | | | | | | | | | | | | | function old new delta print_route 1573 1565 -8 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | tls: whitespace fixesRon Yorston14 days3-5/+5
| | | | | | | | No functional changes.
* | tls: fix schannel handshake on older WindowsRFL89014 days1-1/+1
| |
* | tls: add Schannel implementationrfl8902025-08-073-12/+592
| | | | | | | | | | | | | | Not enabled by default. When enabled without TLS 1.3 support, saves 16784-18776 bytes. (GitHub PR #510)
* | Call BCryptDestroyHash before freeing memory handleRFL8902025-07-301-0/+1
| |
* | win32: deduplicate die_if_error()Ron Yorston2025-07-111-14/+5
| | | | | | | | | | | | | | There were two copies of the static function die_if_error(). Replace these with a single external function. Saves 16 bytes.
* | remove comments from old implementationRFL8902025-07-111-4/+0
| |
* | patch tls.c to work with CNG implementationRFL8902025-07-111-3/+89
| |
* | Merge branch 'busybox' into mergeRon Yorston2025-05-193-88/+179
|\|
| * udhcpd: send DHCPOFFERs as unicast (unless clients specifically asks for bcast)Denys Vlasenko2025-04-071-16/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | RFC 2131 says we should do that. Evidently, since for so many years no one complained, sending them broadcast works too, but finally we've got someone who wants RFC-compliand behavior. function old new delta send_packet 141 179 +38 .rodata 105680 105681 +1 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 39/0) Total: 39 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * udhcpc6: fix copy-paste error in "generate a consistent IAID" commitDenys Vlasenko2025-02-091-1/+1
| | | | | | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * udhcpc6: generate a consistent IAIDZhou Siqi2025-02-091-2/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, udhcpc6 does not meet the requirements for Identity Association in RFC 3315. This is a specific explanation in RFC 3315 protocol: https://datatracker.ietf.org/doc/html/rfc3315#section-10 "The IAID uniquely identifies the IA and must be chosen to be unique among the IAIDs on the client. The IAID is chosen by the client. For any given use of an IA by the client, the IAID for that IA MUST be consistent across restarts of the DHCP client." This patch makes the client generate a consistent IAID based on the MAC address. function old new delta send_d6_discover 285 270 -15 Signed-off-by: Zhou Siqi <zhousiqi5@huawei.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * udhcpc6: move block comment, no code changesDenys Vlasenko2025-02-091-61/+61
| | | | | | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * udhcpc6: improvementsLaurent Bercot2025-02-092-32/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several small improvements to udhcpc6. - Remove usage text for the nonexistent -B option. - Fix a segfault when renewing an IA_PD lease without IA_NA (which means the client hasn't been assigned an ip, so we cannot locally bind to it). - Fix NAK management: check the option length, and print the status code and status message - Add a -m option to always send renew requests as multicast. These last two changes are useful to deal with hopelessly broken DHCPv6 servers such as the one from the Orange Livebox (one of the main French ISPs) which I'm currently having the displeasure to have to talk to, hence the patch. function old new delta static.send_d6_renew - 126 +126 .rodata 105598 105649 +51 udhcpc6_main 2607 2650 +43 packed_usage 34933 34953 +20 d6_send_kernel_packet_from_client_data_ifindex 266 282 +16 send_d6_renew 174 - -174 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 4/0 up/down: 256/-174) Total: 82 bytes Signed-off-by: Laurent Bercot <ska-dietlibc@skarnet.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | Merge branch 'busybox' into mergeRon Yorston2024-10-081-0/+21
|\|
| * networking/libiproute/iplink.c: fix support for older kernelsThomas Devoogdt2024-10-061-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The CAN netlink interface has been added in Linux v2.6.31 with only 3 options [1]: CAN_CTRLMODE_LOOPBACK 0x1 /* Loopback mode */ CAN_CTRLMODE_LISTENONLY 0x2 /* Listen-only mode */ CAN_CTRLMODE_3_SAMPLES 0x4 /* Triple sampling mode */ So define the other options. - IFLA_CAN_TERMINATION has been added in Linux 4.11 [2], define it for older kernels. [1] https://github.com/torvalds/linux/blob/v2.6.31/include/linux/can/netlink.h#L80-L82 [2] https://github.com/torvalds/linux/commit/12a6075cabc0d9ffbc0366b44daa22f278606312 Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | Merge branch 'busybox' into mergeRon Yorston2024-09-281-3/+6
|\|
| * wget: fix compile warnings when WGET_FTP is not selectedDenys Vlasenko2024-09-261-3/+6
| | | | | | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | wget: let user override Content-LengthRon Yorston2024-07-261-0/+21
| | | | | | | | | | | | | | | | | | The wget applet allows several common headers to be overridden by the user. Add 'Content-Length' to the list. Adds 32-64 bytes. (GitHub issue #432)
* | win32: consolidate executable handling in popen.cRon Yorston2024-07-201-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit f444dc586 (win32: only search PATH for compressor) made mingw_fork_compressor() perform a PATH lookup for the xz and lzma compression programs. This avoided relying on CreateProcess() to perform the search. Other callers of the pipe creation code should also avoid reliance on CreateProcess's executable search: - Move the applet test and PATH lookup into mingw_popen_internal(). The first argument to CreateProcess() will always be a path to an executable. - mingw_fork_compressor() uses the new "w+" mode to indicate that xz and lzma compressors should be found on PATH. - mingw_popen() no longer needs to check for an applet itself, as that's now handled in mingw_popen_internal(). - spawn_ssl_client() in 'wget' can rely on the popen code to look up the 'ssl_client' applet. - Remove unnecessary argument checks in mingw_popen_internal(). Adds 0-24 bytes.
* | Merge branch 'busybox' into mergeRon Yorston2024-07-131-29/+62
|\|
| * tls: P256: improve x86_64 multiplication asm codeDenys Vlasenko2024-07-121-22/+36
| | | | | | | | | | | | | | | | | | | | | | | | gcc is being rather silly. Usues suboptimal registers, and does not realize that i and j are never negative, thus usese even _more_ registers for temporaries to sign-extend i/j to 64-bit offsets. function old new delta sp_256_mont_mul_8 155 132 -23 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * tls: P256: fix obscure x86_64 asm misbehavior, closes 15679Denys Vlasenko2024-07-111-10/+29
| | | | | | | | | | | | | | | | | | | | gcc does not necessarily clear upper bits in 64-bit regs if you ask it to load a 32-bit constant. Cast it to unsigned long. Better yet, hand-write loading of the constant with a smaller instruction. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | Merge branch 'busybox' into mergeRon Yorston2024-07-101-1/+1
|\|
| * wget: ignore header casingSertonix2024-07-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | HTTP headers are case insensitive and therefore the check if a default header has been overwritten needs to be case insensitive. Without this patch `--header 'user-agent: test'` results in `User-Agent: Wget` and `user-agent: test` being send. function old new delta ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/0 up/down: 0/0) Total: 0 bytes text data bss dec hex filename 1040876 16443 1840 1059159 102957 busybox_old 1040876 16443 1840 1059159 102957 busybox_unstripped Signed-off-by: Sertonix <sertonix@posteo.net> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | win32: code shrink system drive handlingRon Yorston2024-07-071-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A previous commit (e3bfe3695) revised the use of getsysdir() to obtain the system directory, and hence the system drive. See the commit message for the history to that point. Further improvements are possible: - Remove getsysdir() and push the calls to GetSystemDirectory() down into get_system_drive() and get_proc_addr(). - Check the return value of GetSystemDirectory(). It's unlikely to fail, but better safe than sorry. - Instead of making all callers of get_system_drive() check for a NULL return value always return a non-NULL pointer. If the drive can't be found an empty string is returned instead (which is what the callers were using anyway). - The function need_system_drive() was only used in one place (in httpd). Move the code there and remove the function. - Use concat_path_file() where possible. Saves 76-144 bytes.
* | Merge branch 'busybox' into mergeRon Yorston2024-06-238-59/+343
|\|
| * typo fixDenys Vlasenko2024-06-012-2/+2
| | | | | | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * libbb: add bit counting function, use where appropriateDenys Vlasenko2024-05-314-46/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although "naive" counting function is not too slow and is smaller, using it on e.g. each of 1024 words of CPU mask feels wrong. function old new delta bb_popcnt_32 - 52 +52 get_prefix 323 321 -2 nproc_main 206 199 -7 d4_run_script 739 731 -8 ipcalc_main 533 507 -26 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 0/4 up/down: 52/-43) Total: 9 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| * ip link: support for the CAN netlinkDario Binacchi2024-02-262-11/+332
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I developed this application to test the Linux kernel series [1]. As described in it I could not use the iproute2 package since the microcontroller is without MMU. function old new delta do_set_can - 920 +920 packed_usage 34645 34908 +263 get_float_1000 - 164 +164 .rodata 105427 105539 +112 do_iplink 1313 1381 +68 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 3/0 up/down: 1527/0) Total: 1527 bytes cc: Marc Kleine-Budde <mkl@pengutronix.de> [1] https://marc.info/?l=linux-netdev&m=167999323611710&w=2 Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* | tls: use C code for x86_64 sp_256_sub_8_p256_mod()Ron Yorston2024-03-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's an upstream bug report: https://bugs.busybox.net/show_bug.cgi?id=15679 that if BusyBox is built for x86_64 with gcc and the use of OpenSSL for wget is disabled, failures ensue. A similar issue also affects the busybox-w32 build with the comparable configuration. The problem appears to be in the assembly code for the function sp_256_sub_8_p256_mod(), as forcing the use of the provided C code seems to fix both upstream and busybox-w32. Since my knowledge of x64_64 assembler is non-existent, someone else will need to determine the actual issue. For the moment, just avoid the faulty code. Saves 32 bytes in the 64-bit build. (GitHub issue #263)
* | build system: avoid full rebuild when EXTRAVERSION changesRon Yorston2024-02-161-0/+3
| | | | | | | | | | | | | | | | | | | | The last two commits allow EXTRAVERSION to track the current state of a git repository. The build system was unable to determine which files were affected by changes to EXTRAVERSION and caused a full rebuild when it changed. Alter how the version information is passed to the code so only a handful of files need to be rebuilt when it changes.
* | httpd: enable interpreter script featureRon Yorston2024-02-111-10/+30
| | | | | | | | | | | | | | | | | | | | | | | | The web server in BusyBox has an optional feature to allow pages with a given suffix to be processed by a script interpreter: PHP, for example. Enable this in the busybox-w32 build. Costs 256-320 bytes. (GitHub issue #266)
* | httpd: code shrinkRon Yorston2024-02-111-10/+7
| | | | | | | | | | | | | | | | | | | | When setting up the arguments for the CGI handler: - Use '-I0' rather than two separate arguments. - Use memcpy() to copy the server arguments. Saves 32 bytes.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-21 22:44:37 +0000