From bugzilla at busybox.net Mon Nov 1 17:32:57 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Mon, 01 Nov 2021 17:32:57 +0000
Subject: [Bug 14306] New: ash: incorrect tilde expansion
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14306
Bug ID: 14306
Summary: ash: incorrect tilde expansion
Product: Busybox
Version: 1.33.x
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: dg+busybox at atufi.org
CC: busybox-cvs at busybox.net
Target Milestone: ---
On busybox 1.33.1, tilde expansion incorrectly alters words when the
tilde-prefix matches no valid login name (note the missing ending slash):
$ ash -c 'echo ~~nouser/'
~~nouser
$ bash -c 'echo ~~nouser/'
~~nouser/
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Nov 3 04:12:17 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 03 Nov 2021 04:12:17 +0000
Subject: [Bug 14316] New: get_free_loop needs waiting
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14316
Bug ID: 14316
Summary: get_free_loop needs waiting
Product: Busybox
Version: 1.33.x
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: aswjh at 163.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
libbb/loop.c: set_loop
Sometimes loop device is not ready arter get_free_loop,
raise "can't setup loop device: No such file or directory".
It will be ok if usleep before "goto open_lfd":
try = xasprintf(LOOP_FORMAT, i);
for (lc=0; lc<100; lc++) {
if (stat(try, &buf2)==0) break;
usleep(20);
}
goto open_lfd;
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Nov 3 04:23:16 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 03 Nov 2021 04:23:16 +0000
Subject: [Bug 14316] get_free_loop needs waiting
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14316
--- Comment #1 from wjh ---
Linux box 5.3.11-tinycore64 #1 SMP Wed Nov 20 08:16:37 CST 2019 x86_64
GNU/Linux
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Fri Nov 5 00:16:49 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Fri, 05 Nov 2021 00:16:49 +0000
Subject: [Bug 14326] New: [PATCH] pkill: add -e to display the name and PID
of the process being killed
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14326
Bug ID: 14326
Summary: [PATCH] pkill: add -e to display the name and PID of
the process being killed
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: sautier.louis at gmail.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9146
--> https://bugs.busybox.net/attachment.cgi?id=9146&action=edit
0001-pkill-add-e-to-display-the-name-and-PID-of-the-proce.patch
Hello,
I found this pkill feature very useful so I implemented it. Please let me know
if the attached patch is OK.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Nov 7 19:29:45 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 07 Nov 2021 19:29:45 +0000
Subject: =?UTF-8?B?W0J1ZyAxNDMzMV0gTmV3OiB0ciBkb2VzbuKAmXQgdW5kZXJzdGFu?=
=?UTF-8?B?ZCBbOmNsYXNzOl0gY2hhcmFjdGVyIGNsYXNzZXM=?=
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14331
Bug ID: 14331
Summary: tr doesn?t understand [:class:] character classes
Product: Busybox
Version: 1.30.x
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: calestyo at scientia.org
CC: busybox-cvs at busybox.net
Target Milestone: ---
Hey.
Unlike mandated by POSIX:
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/tr.html
busybox' tr doesn't seem to understand any of the character classes,... and I'd
guess neither the other formats given in the EXTENDED DESCRIPTION of POSIX.
Not only does it not understand this, but it even takes such characters literal
so e.g. when using
busybox tr -d '[:alpha:]'
it will remove 'a' and so on.
Cheers,
Chris.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Nov 7 21:30:24 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 07 Nov 2021 21:30:24 +0000
Subject: =?UTF-8?B?W0J1ZyAxNDMzMV0gdHIgZG9lc27igJl0IHVuZGVyc3RhbmQgWzpj?=
=?UTF-8?B?bGFzczpdIGNoYXJhY3RlciBjbGFzc2Vz?=
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14331
--- Comment #1 from Ron Yorston ---
Character classes should work with the default build configuration, though they
can be disabled by turning off FEATURE_TR_CLASSES. Is it possible that's the
case for the binary you're using?
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Nov 7 22:06:08 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 07 Nov 2021 22:06:08 +0000
Subject: =?UTF-8?B?W0J1ZyAxNDMzMV0gdHIgZG9lc27igJl0IHVuZGVyc3RhbmQgWzpj?=
=?UTF-8?B?bGFzczpdIGNoYXJhY3RlciBjbGFzc2Vz?=
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14331
Christoph Anton Mitterer changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #2 from Christoph Anton Mitterer ---
Indeed, Debian seems to have disabled this.
Sorry for the noise.
Thanks,
Chris.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Nov 7 22:55:08 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 07 Nov 2021 22:55:08 +0000
Subject: =?UTF-8?B?W0J1ZyAxNDMzMV0gdHIgZG9lc27igJl0IHVuZGVyc3RhbmQgWzpj?=
=?UTF-8?B?bGFzczpdIGNoYXJhY3RlciBjbGFzc2Vz?=
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14331
--- Comment #3 from Christoph Anton Mitterer ---
Just for the records, forwarded downstream to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998803
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Nov 7 23:44:35 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 07 Nov 2021 23:44:35 +0000
Subject: [Bug 14336] New: busybox sed differs from GNU sed with respect to
NUL (0x00)
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14336
Bug ID: 14336
Summary: busybox sed differs from GNU sed with respect to NUL
(0x00)
Product: Busybox
Version: 1.30.x
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: calestyo at scientia.org
CC: busybox-cvs at busybox.net
Target Milestone: ---
Hey.
Not sure whether this is a "bug" or just something not defined by POSIX (I'm
not really sure whether POSIX says anything with respect to sed and NUL),... at
least it doesn't seem to be a configure option this time.
I've noted a differing behaviour between busybox' sed and GNU sed with respect
to 0x00:
It seems that GNU sed, leaves any 0x00 (as well as other "binary" characters)
in the current line and respects it when matching.
busybox' sed OTOH, doesn't do this but seems to terminate the string upon such
0x00.
Example Files:
$ hd test-with-0x00
00000000 66 6f 6f 0a 62 61 72 0a 7a 65 72 00 0a 62 61 7a |foo.bar.zer..baz|
00000010 0a 7a 65 72 00 0a 65 6e 64 0a |.zer..end.|
0000001a
$ hd test-with-lone-0x00
00000000 66 6f 6f 0a 62 61 72 0a 00 0a 62 61 7a 0a 7a 65 |foo.bar...baz.ze|
00000010 72 00 0a 65 6e 64 0a |r..end.|
00000017
$ hd test-with-0x02-and-0x00
00000000 66 6f 6f 0a 62 61 72 0a 7a 65 02 00 0a 62 61 7a |foo.bar.ze...baz|
00000010 0a 7a 65 72 00 0a 65 6e 64 0a |.zer..end.|
0000001a
$ hd test-with-0x00-followed-by-alpha
00000000 66 6f 6f 0a 62 61 72 0a 7a 65 72 00 6f 6f 0a 62 |foo.bar.zer.oo.b|
00000010 61 7a 0a 7a 65 72 00 74 74 0a 65 6e 64 0a |az.zer.tt.end.|
0000001e
GNU sed:
$ sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-0x00 | hd
00000000 7a 65 72 00 0a |zer..|
00000005
$ sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-lone-0x00 | hd
00000000 00 0a |..|
00000002
$ sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-0x02-and-0x00 | hd
00000000 7a 65 02 00 0a |ze...|
00000005
$ sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-0x00-followed-by-alpha | hd
00000000 7a 65 72 00 6f 6f 0a |zer.oo.|
00000007
(Note that GNU sed's -z option is NOT used.)
busybox' sed:
$ busybox sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-0x00 | hd
$ busybox sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-lone-0x00 | hd
$ busybox sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-0x02-and-0x00 | hd
$ busybox sed -n
'0,/[^[:alnum:][:space:][:punct:]]/{/[^[:alnum:][:space:][:punct:]]/p}'
test-with-0x00-followed-by-alpha | hd
$
So it seems that busybox' sed simply does the matching till the 0x00 (which is
perhaps used as string terminator), while GNU sed goes fully down the end of
line (\n).
Though it's worth to bring this to your attention.
Cheers,
Chris.
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Tue Nov 9 12:51:22 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 9 Nov 2021 13:51:22 +0100
Subject: [git commit] which: add -a to help text
Message-ID: <20211109124747.1A5A48B7EE@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=15f7d618ea7f8c3a0277c98309268b709e20d77c
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
packed_usage 34075 34079 +4
Signed-off-by: Denys Vlasenko
---
debianutils/which.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/debianutils/which.c b/debianutils/which.c
index b9f1b92fd..23692dc6f 100644
--- a/debianutils/which.c
+++ b/debianutils/which.c
@@ -17,9 +17,10 @@
//kbuild:lib-$(CONFIG_WHICH) += which.o
//usage:#define which_trivial_usage
-//usage: "COMMAND..."
+//usage: "[-a] COMMAND..."
//usage:#define which_full_usage "\n\n"
-//usage: "Locate COMMAND"
+//usage: "Locate COMMAND\n"
+//usage: "\n -a Show all matches"
//usage:
//usage:#define which_example_usage
//usage: "$ which login\n"
From bugzilla at busybox.net Wed Nov 10 08:18:13 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 10 Nov 2021 08:18:13 +0000
Subject: =?UTF-8?B?W0J1ZyAxNDM0MV0gTmV3OiBCdXN5Qm94IOKAkyAxNCBuZXcgdnVs?=
=?UTF-8?B?bmVyYWJpbGl0aWVz?=
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14341
Bug ID: 14341
Summary: BusyBox ? 14 new vulnerabilities
Product: Busybox
Version: 1.33.x
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: xiechengliang1 at huawei.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
The jfrog website has disclosed 14 vulnerabilities, and fixed in version
buysbox 1.34.0. but I can?t find which is the repair commit for each CVE.
who can help me?
Reference:
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sat Nov 20 00:17:12 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sat, 20 Nov 2021 00:17:12 +0000
Subject: [Bug 14361] New: udhcpc ignores T1 and T2 values
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14361
Bug ID: 14361
Summary: udhcpc ignores T1 and T2 values
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Networking
Assignee: unassigned at busybox.net
Reporter: luke-jr+busyboxbugs at utopios.org
CC: busybox-cvs at busybox.net
Target Milestone: ---
It seems the code just hard-coded T1 at half the lease time
https://git.busybox.net/busybox/tree/networking/udhcp/dhcpc.c?h=1_34_stable#n1802
Values provided by the DHCP server (opt 58, 59) just get ignored...
Use case: I issue 24 hour leases, and want the lease to be used that long if
necessary (eg, if router is down), but I also want DHCP renewals every minute
so: 1) I can rapidly give static IP leases and have the clients pick up on
them; and 2) router reboots can quickly rebuild their lease table without
persistent state.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sat Nov 20 11:33:22 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sat, 20 Nov 2021 11:33:22 +0000
Subject: [Bug 13736] LABEL/UUID mount in fstab doesn't work
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=13736
--- Comment #1 from stsp ---
Ironically, I reported the same
bug to util-linux and it was fixed:
https://github.com/util-linux/util-linux/issues/1492
I wonder if busybox's mount also
uses libblkid from util-linux, so
maybe in busybox this is now fixed
too?
Or the same bug in an entirely
different code bases?
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Nov 21 10:42:50 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 21 Nov 2021 10:42:50 +0000
Subject: [Bug 13736] LABEL/UUID mount in fstab doesn't work
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=13736
--- Comment #2 from Fabrice Fontaine ---
>From my understanding, this is a different code base:
https://git.busybox.net/busybox/tree/util-linux
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Tue Nov 23 17:34:49 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Tue, 23 Nov 2021 17:34:49 +0000
Subject: [Bug 14376] New: Tar component in busybox version 1.34.1 has a
memory leak bug when trying to unpack a tar file.
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14376
Bug ID: 14376
Summary: Tar component in busybox version 1.34.1 has a memory
leak bug when trying to unpack a tar file.
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: spwpun at gmail.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9156
--> https://bugs.busybox.net/attachment.cgi?id=9156&action=edit
try to unpack this file with cmds above.
Hi~
In libbb/xfuncs_printf.c:50, malloc twice for archive_handle and
archive_hadle->fileheader with 184 and 72 bytes heap space.
Back to tar_main function, the two pointers(tar_handle?tar_handle->file_header)
hasn't been freed when return.
Complie cmds:
```
make O=/path/to/build defconfig
make O=/path/to/build menuconfig # and choice ASAN options
cd /path/to/build && make -j4
```
Reproduce cmd:
```
./busybox_unstripped tar -xf test.tar
```
Backtarce in gdb:
```
[#0] 0x555555e7022e ? tar_main(argc=0x3, argv=0x7fffffffe430)
[#1] 0x555555b06aac ? run_applet_no_and_exit(applet_no=0x148,
name=0x7fffffffe709 "tar", argv=0x7fffffffe430)
[#2] 0x555555b06b6b ? run_applet_and_exit(name=0x7fffffffe709 "tar",
argv=0x7fffffffe430)
[#3] 0x555555b067cf ? busybox_main(argv=0x7fffffffe430)
[#4] 0x555555b06b29 ? run_applet_and_exit(name=0x7fffffffe6f6
"busybox_unstripped", argv=0x7fffffffe428)
[#5] 0x555555b06cbf ? main(argc=0x4, argv=0x7fffffffe428)
```
LeakSanitizer log:
```
=================================================================
==120986==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 184 byte(s) in 1 object(s) allocated from:
#0 0x7efda806bb40 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x555577ed8987 in xmalloc
/home/zy/packages/dhcp-targets/busybox-1.34.1/libbb/xfuncs_printf.c:50
Indirect leak of 72 byte(s) in 1 object(s) allocated from:
#0 0x7efda806bb40 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x555577ed8987 in xmalloc
/home/zy/packages/dhcp-targets/busybox-1.34.1/libbb/xfuncs_printf.c:50
SUMMARY: AddressSanitizer: 256 byte(s) leaked in 2 allocation(s).
```
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Tue Nov 23 04:31:30 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 23 Nov 2021 05:31:30 +0100
Subject: [git commit branch/1_33_stable] unlzma: fix a case where we could
read before beginning of buffer
Message-ID: <20211124132354.46FE78F1C6@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=d326be2850ea2bd78fe2c22d6c45c3b861d82937
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/1_33_stable
Testcase:
21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6
00 17 02 10 11 0f ff 00 16 00 00
Unfortunately, the bug is not reliably causing a segfault,
the behavior depends on what's in memory before the buffer.
function old new delta
unpack_lzma_stream 2762 2768 +6
Signed-off-by: Denys Vlasenko
(cherry picked from commit 04f052c56ded5ab6a904e3a264a73dc0412b2e78)
---
archival/libarchive/decompress_unlzma.c | 5 ++++-
testsuite/unlzma.tests | 17 +++++++++++++----
testsuite/unlzma_issue_3.lzma | Bin 0 -> 27 bytes
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index 0744f231a..fb5aac8fe 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
uint32_t pos;
pos = buffer_pos - rep0;
- if ((int32_t)pos < 0)
+ if ((int32_t)pos < 0) {
pos += header.dict_size;
+ if ((int32_t)pos < 0)
+ goto bad;
+ }
match_byte = buffer[pos];
do {
int bit;
diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests
index 0e98afe09..fcc6e9441 100755
--- a/testsuite/unlzma.tests
+++ b/testsuite/unlzma.tests
@@ -8,14 +8,23 @@
# Damaged encrypted streams
testing "unlzma (bad archive 1)" \
- "unlzma /dev/null; echo \$?" \
-"1
+ "unlzma &1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
# Damaged encrypted streams
testing "unlzma (bad archive 2)" \
- "unlzma /dev/null; echo \$?" \
-"1
+ "unlzma &1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
+" "" ""
+
+# Damaged encrypted streams
+testing "unlzma (bad archive 3)" \
+ "unlzma &1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
exit $FAILCOUNT
diff --git a/testsuite/unlzma_issue_3.lzma b/testsuite/unlzma_issue_3.lzma
new file mode 100644
index 000000000..cc60f29e4
Binary files /dev/null and b/testsuite/unlzma_issue_3.lzma differ
From vda.linux at googlemail.com Tue Nov 23 04:31:30 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 23 Nov 2021 05:31:30 +0100
Subject: [git commit branch/1_33_stable] ash: parser: Fix VSLENGTH parsing
with trailing garbage
Message-ID: <20211124132354.54F288F1C7@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=5b939a6d290651bcd836083d2a3e6fa6ff7bc636
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/1_33_stable
Let's adopt Herbert Xu's patch, not waiting for it to reach dash git:
hush already has a similar fix.
Signed-off-by: Denys Vlasenko
(cherry picked from commit 53a7a9cd8c15d64fcc2278cf8981ba526dfbe0d2)
---
shell/ash.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/shell/ash.c b/shell/ash.c
index a33ab0626..1ca45f9c1 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -12635,7 +12635,7 @@ parsesub: {
do {
STPUTC(c, out);
c = pgetc_eatbnl();
- } while (!subtype && isdigit(c));
+ } while ((subtype == 0 || subtype == VSLENGTH) && isdigit(c));
} else if (c != '}') {
/* $[{[#]][}] */
int cc = c;
@@ -12665,11 +12665,6 @@ parsesub: {
} else
goto badsub;
- if (c != '}' && subtype == VSLENGTH) {
- /* ${#VAR didn't end with } */
- goto badsub;
- }
-
if (subtype == 0) {
static const char types[] ALIGN1 = "}-+?=";
/* ${VAR...} but not $VAR or ${#VAR} */
@@ -12726,6 +12721,8 @@ parsesub: {
#endif
}
} else {
+ if (subtype == VSLENGTH && c != '}')
+ subtype = 0;
badsub:
pungetc();
}
From vda.linux at googlemail.com Wed Nov 24 13:27:03 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Wed, 24 Nov 2021 14:27:03 +0100
Subject: [git commit branch/1_33_stable] Bump version to 1.33.2
Message-ID: <20211124132354.794FF8F1C6@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=db726ae0c61ffec6b58e19749e0c63aaaf4f6989
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/1_33_stable
Signed-off-by: Denys Vlasenko
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 35d1589cb..5af09b38c 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
VERSION = 1
PATCHLEVEL = 33
-SUBLEVEL = 1
+SUBLEVEL = 2
EXTRAVERSION =
NAME = Unnamed
From vda.linux at googlemail.com Tue Nov 23 04:31:30 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 23 Nov 2021 05:31:30 +0100
Subject: [git commit branch/1_33_stable] hush: fix handling of "cmd && &"
Message-ID: <20211124132354.70F2A8F1C7@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=bb612052900542046ce75e61a4e0b030c946984b
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/1_33_stable
function old new delta
done_pipe 213 231 +18
Signed-off-by: Denys Vlasenko
(cherry picked from commit 83a4967e50422867f340328d404994553e56b839)
---
shell/hush.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/shell/hush.c b/shell/hush.c
index 249728b9d..41a4653ea 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -3694,9 +3694,10 @@ static void debug_print_tree(struct pipe *pi, int lvl)
pin = 0;
while (pi) {
- fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n",
+ fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n",
lvl*2, "",
pin,
+ pi->num_cmds,
(IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""),
RES[pi->res_word],
pi->followup, PIPE[pi->followup]
@@ -3839,6 +3840,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type)
#endif
/* Replace all pipes in ctx with one newly created */
ctx->list_head = ctx->pipe = pi;
+ /* for cases like "cmd && &", do not be tricked by last command
+ * being null - the entire {...} & is NOT null! */
+ not_null = 1;
} else {
no_conv:
ctx->pipe->followup = type;
From vda.linux at googlemail.com Tue Nov 23 04:31:30 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 23 Nov 2021 05:31:30 +0100
Subject: [git commit branch/1_33_stable] hush: fix handling of \^C and "^C"
Message-ID: <20211124132354.643E18F1C6@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=56a335378ac100d51c30b21eee499a2effa37fba
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/1_33_stable
function old new delta
parse_stream 2238 2252 +14
encode_string 243 256 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes
Signed-off-by: Denys Vlasenko
(cherry picked from commit 1b7a9b68d0e9aa19147d7fda16eb9a6b54156985)
---
shell/ash_test/ash-misc/control_char3.right | 1 +
shell/ash_test/ash-misc/control_char3.tests | 2 ++
shell/ash_test/ash-misc/control_char4.right | 1 +
shell/ash_test/ash-misc/control_char4.tests | 2 ++
shell/hush.c | 11 +++++++++++
shell/hush_test/hush-misc/control_char3.right | 1 +
shell/hush_test/hush-misc/control_char3.tests | 2 ++
shell/hush_test/hush-misc/control_char4.right | 1 +
shell/hush_test/hush-misc/control_char4.tests | 2 ++
9 files changed, 23 insertions(+)
diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right
new file mode 100644
index 000000000..283e02cbb
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.right
@@ -0,0 +1 @@
+SHELL: line 1: : not found
diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right
new file mode 100644
index 000000000..2bf18e684
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.right
@@ -0,0 +1 @@
+SHELL: line 1: -: not found
diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
diff --git a/shell/hush.c b/shell/hush.c
index 9fead37da..249728b9d 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string,
}
#endif
o_addQchr(dest, ch);
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ /* Convert "^C" to corresponding special variable reference */
+ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS);
+ o_addchr(dest, SPECIAL_VAR_SYMBOL);
+ }
goto again;
#undef as_string
}
@@ -5346,6 +5351,11 @@ static struct pipe *parse_stream(char **pstring,
if (ch == '\n')
continue; /* drop \, get next char */
nommu_addchr(&ctx.as_string, '\\');
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ nommu_addchr(&ctx.as_string, ch);
+ /* Convert \^C to corresponding special variable reference */
+ goto case_SPECIAL_VAR_SYMBOL;
+ }
o_addchr(&ctx.word, '\\');
if (ch == EOF) {
/* Testcase: eval 'echo Ok\' */
@@ -5670,6 +5680,7 @@ static struct pipe *parse_stream(char **pstring,
/* Note: nommu_addchr(&ctx.as_string, ch) is already done */
switch (ch) {
+ case_SPECIAL_VAR_SYMBOL:
case SPECIAL_VAR_SYMBOL:
/* Convert raw ^C to corresponding special variable reference */
o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL);
diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right
new file mode 100644
index 000000000..94b4f8699
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.right
@@ -0,0 +1 @@
+hush: can't execute '': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right
new file mode 100644
index 000000000..698e21427
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.right
@@ -0,0 +1 @@
+hush: can't execute '-': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
From vda at busybox.net Wed Nov 24 13:27:03 2021
From: vda at busybox.net (Denys Vlasenko)
Date: Wed, 24 Nov 2021 14:27:03 +0100
Subject: [tag/1_33_2] new tag created
Message-ID: <20211124132406.675128F1C7@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=db726ae0c61ffec6b58e19749e0c63aaaf4f6989
tag: https://git.busybox.net/busybox/commit/?id=refs/tags/1_33_2
Bump version to 1.33.2
From bugzilla at busybox.net Thu Nov 25 11:44:57 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Thu, 25 Nov 2021 11:44:57 +0000
Subject: [Bug 14381] New: busybox awk '$2 == var' can fail to give only lines
with given search string
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14381
Bug ID: 14381
Summary: busybox awk '$2 == var' can fail to give only lines
with given search string
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: ricercar at tuta.io
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9161
--> https://bugs.busybox.net/attachment.cgi?id=9161&action=edit
.config
Version:1.34.1
Expected: this code to only output second line, but it outputs both lines:
> printf "8 0091\n9 0133\n"|~/busybox-1.34.1/busybox awk '$2 == 0133'
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Thu Nov 25 11:51:37 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Thu, 25 Nov 2021 11:51:37 +0000
Subject: [Bug 14386] New: ls -sh does not show human readable size
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14386
Bug ID: 14386
Summary: ls -sh does not show human readable size
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: ricercar at tuta.io
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9166
--> https://bugs.busybox.net/attachment.cgi?id=9166&action=edit
.config
Version: 1.34.1 and 1.33.1
Expected: Human readable size, but code below show same output as ls -s (only
"total:" is human readable):
~/busybox-1.34.1/busybox ls -sh
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Thu Nov 25 15:46:05 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Thu, 25 Nov 2021 15:46:05 +0000
Subject: [Bug 14381] busybox awk '$2 == var' can fail to give only lines with
given search string
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14381
--- Comment #1 from ricercar at tuta.io ---
I'm on Alpine Linux btw, which uses musl.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Thu Nov 25 21:28:30 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Thu, 25 Nov 2021 21:28:30 +0000
Subject: [Bug 14391] New: sha1sum slow on x64 and possibly others
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14391
Bug ID: 14391
Summary: sha1sum slow on x64 and possibly others
Product: Busybox
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: blazejroszkowski at gmail.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9171
--> https://bugs.busybox.net/attachment.cgi?id=9171&action=edit
dot config file from my build on Fedora VM
sha1sum in BusyBox is over twice as slow as decently optimized C
implementation.
All tests were done on x64-86 (VMs and real OSes, Windws and Linux, two
laptops). I don't know if this is a performance problem on other architectures
(I'd guess it is).
Test file (1 GiB): dd if=/dev/urandom of=gig.gig bs=1024 count=$((1024 * 1024))
GNU coreutils sha1sum (Git for Windows, no libcrypto use) and my own
implementation take (on my personal laptop) 2.8 seconds.
BusyBox takes 6.3 seconds. It's around 2x slower on my work laptop as well.
This is present in at least versions: 1.34.1 (my own build on Fedora 34,
.config attached), 1.34.1 in latest Alpine (3.15.0), 1.34.1 from Fedora 34
repos, 1.34.0 on Windows.
I also remember it being present on Ubuntu 18.04 LTS and 20.04 LTS as well
(busybox from the repos).
My optimized plain C sha1 implementation (that I'm happy to contribute) is
here: https://github.com/FRex/blasha1
The only downside I see from using optimized C version is potential increase in
binary size, since optimized code is heavily unrolled (but I didn't investigate
this increase).
I've searched for "performance", "sha1", "sha1sum", and "speed" on this
Bugzilla and found nothing about this.
I understand it's an old semi-obsolete algorithm but if BusyBox provides this
util, I assume it's better that it's faster rather than slower.
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Sat Nov 27 10:28:11 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 11:28:11 +0100
Subject: [git commit] tls: P256: 64-bit optimizations
Message-ID: <20211127105345.39F0C880C3@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=4bc9da10718df7ed9e992b1ddd2e80d53d894177
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
sp_256_proj_point_dbl_8 421 428 +7
sp_256_point_from_bin2x32 78 84 +6
sp_256_cmp_8 38 42 +4
sp_256_to_bin_8 28 31 +3
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/0 up/down: 20/0) Total: 20 bytes
Signed-off-by: Denys Vlasenko
---
include/platform.h | 2 +
networking/tls_sp_c32.c | 114 +++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 101 insertions(+), 15 deletions(-)
diff --git a/include/platform.h b/include/platform.h
index 9e1fb047d..ad27bb31a 100644
--- a/include/platform.h
+++ b/include/platform.h
@@ -239,6 +239,7 @@ typedef uint64_t bb__aliased_uint64_t FIX_ALIASING;
# define move_from_unaligned_long(v, longp) ((v) = *(bb__aliased_long*)(longp))
# define move_from_unaligned16(v, u16p) ((v) = *(bb__aliased_uint16_t*)(u16p))
# define move_from_unaligned32(v, u32p) ((v) = *(bb__aliased_uint32_t*)(u32p))
+# define move_from_unaligned64(v, u64p) ((v) = *(bb__aliased_uint64_t*)(u64p))
# define move_to_unaligned16(u16p, v) (*(bb__aliased_uint16_t*)(u16p) = (v))
# define move_to_unaligned32(u32p, v) (*(bb__aliased_uint32_t*)(u32p) = (v))
# define move_to_unaligned64(u64p, v) (*(bb__aliased_uint64_t*)(u64p) = (v))
@@ -250,6 +251,7 @@ typedef uint64_t bb__aliased_uint64_t FIX_ALIASING;
# define move_from_unaligned_long(v, longp) (memcpy(&(v), (longp), sizeof(long)))
# define move_from_unaligned16(v, u16p) (memcpy(&(v), (u16p), 2))
# define move_from_unaligned32(v, u32p) (memcpy(&(v), (u32p), 4))
+# define move_from_unaligned64(v, u64p) (memcpy(&(v), (u64p), 8))
# define move_to_unaligned16(u16p, v) do { \
uint16_t __t = (v); \
memcpy((u16p), &__t, 2); \
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 4d4ecdd74..d09f7e881 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -29,6 +29,20 @@ static void dump_hex(const char *fmt, const void *vp, int len)
typedef uint32_t sp_digit;
typedef int32_t signed_sp_digit;
+/* 64-bit optimizations:
+ * if BB_UNALIGNED_MEMACCESS_OK && ULONG_MAX > 0xffffffff,
+ * then loads and stores can be done in 64-bit chunks.
+ *
+ * A narrower case is when arch is also little-endian (such as x86_64),
+ * then "LSW first", uint32[8] and uint64[4] representations are equivalent,
+ * and arithmetic can be done in 64 bits too.
+ */
+#if defined(__GNUC__) && defined(__x86_64__)
+# define UNALIGNED_LE_64BIT 1
+#else
+# define UNALIGNED_LE_64BIT 0
+#endif
+
/* The code below is taken from parts of
* wolfssl-3.15.3/wolfcrypt/src/sp_c32.c
* and heavily modified.
@@ -58,6 +72,22 @@ static const sp_digit p256_mod[8] = {
* r A single precision integer.
* a Byte array.
*/
+#if BB_UNALIGNED_MEMACCESS_OK && ULONG_MAX > 0xffffffff
+static void sp_256_to_bin_8(const sp_digit* rr, uint8_t* a)
+{
+ int i;
+ const uint64_t* r = (void*)rr;
+
+ sp_256_norm_8(rr);
+
+ r += 4;
+ for (i = 0; i < 4; i++) {
+ r--;
+ move_to_unaligned64(a, SWAP_BE64(*r));
+ a += 8;
+ }
+}
+#else
static void sp_256_to_bin_8(const sp_digit* r, uint8_t* a)
{
int i;
@@ -71,6 +101,7 @@ static void sp_256_to_bin_8(const sp_digit* r, uint8_t* a)
a += 4;
}
}
+#endif
/* Read big endian unsigned byte array into r.
*
@@ -78,6 +109,21 @@ static void sp_256_to_bin_8(const sp_digit* r, uint8_t* a)
* a Byte array.
* n Number of bytes in array to read.
*/
+#if BB_UNALIGNED_MEMACCESS_OK && ULONG_MAX > 0xffffffff
+static void sp_256_from_bin_8(sp_digit* rr, const uint8_t* a)
+{
+ int i;
+ uint64_t* r = (void*)rr;
+
+ r += 4;
+ for (i = 0; i < 4; i++) {
+ uint64_t v;
+ move_from_unaligned64(v, a);
+ *--r = SWAP_BE64(v);
+ a += 8;
+ }
+}
+#else
static void sp_256_from_bin_8(sp_digit* r, const uint8_t* a)
{
int i;
@@ -90,6 +136,7 @@ static void sp_256_from_bin_8(sp_digit* r, const uint8_t* a)
a += 4;
}
}
+#endif
#if SP_DEBUG
static void dump_256(const char *fmt, const sp_digit* r)
@@ -125,6 +172,20 @@ static void sp_256_point_from_bin2x32(sp_point* p, const uint8_t *bin2x32)
* return -ve, 0 or +ve if a is less than, equal to or greater than b
* respectively.
*/
+#if UNALIGNED_LE_64BIT
+static signed_sp_digit sp_256_cmp_8(const sp_digit* aa, const sp_digit* bb)
+{
+ const uint64_t* a = (void*)aa;
+ const uint64_t* b = (void*)bb;
+ int i;
+ for (i = 3; i >= 0; i--) {
+ if (a[i] == b[i])
+ continue;
+ return (a[i] > b[i]) * 2 - 1;
+ }
+ return 0;
+}
+#else
static signed_sp_digit sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
{
int i;
@@ -140,6 +201,7 @@ static signed_sp_digit sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
}
return 0;
}
+#endif
/* Compare two numbers to determine if they are equal.
*
@@ -196,8 +258,6 @@ static int sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
);
return reg;
#elif ALLOW_ASM && defined(__GNUC__) && defined(__x86_64__)
- /* x86_64 has no alignment restrictions, and is little-endian,
- * so 64-bit and 32-bit representations are identical */
uint64_t reg;
asm volatile (
"\n movq (%0), %3"
@@ -294,8 +354,6 @@ static int sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
);
return reg;
#elif ALLOW_ASM && defined(__GNUC__) && defined(__x86_64__)
- /* x86_64 has no alignment restrictions, and is little-endian,
- * so 64-bit and 32-bit representations are identical */
uint64_t reg;
asm volatile (
"\n movq (%0), %3"
@@ -440,8 +498,6 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
r[15] = accl;
memcpy(r, rr, sizeof(rr));
#elif ALLOW_ASM && defined(__GNUC__) && defined(__x86_64__)
- /* x86_64 has no alignment restrictions, and is little-endian,
- * so 64-bit and 32-bit representations are identical */
const uint64_t* aa = (const void*)a;
const uint64_t* bb = (const void*)b;
uint64_t rr[8];
@@ -551,17 +607,32 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
}
/* Shift number right one bit. Bottom bit is lost. */
-static void sp_256_rshift1_8(sp_digit* r, sp_digit* a, sp_digit carry)
+#if UNALIGNED_LE_64BIT
+static void sp_256_rshift1_8(sp_digit* rr, uint64_t carry)
+{
+ uint64_t *r = (void*)rr;
+ int i;
+
+ carry = (((uint64_t)!!carry) << 63);
+ for (i = 3; i >= 0; i--) {
+ uint64_t c = r[i] << 63;
+ r[i] = (r[i] >> 1) | carry;
+ carry = c;
+ }
+}
+#else
+static void sp_256_rshift1_8(sp_digit* r, sp_digit carry)
{
int i;
- carry = (!!carry << 31);
+ carry = (((sp_digit)!!carry) << 31);
for (i = 7; i >= 0; i--) {
- sp_digit c = a[i] << 31;
- r[i] = (a[i] >> 1) | carry;
+ sp_digit c = r[i] << 31;
+ r[i] = (r[i] >> 1) | carry;
carry = c;
}
}
+#endif
/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) */
static void sp_256_div2_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
@@ -570,7 +641,7 @@ static void sp_256_div2_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
if (a[0] & 1)
carry = sp_256_add_8(r, a, m);
sp_256_norm_8(r);
- sp_256_rshift1_8(r, r, carry);
+ sp_256_rshift1_8(r, carry);
}
/* Add two Montgomery form numbers (r = a + b % m) */
@@ -634,15 +705,28 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
}
/* Shift the result in the high 256 bits down to the bottom. */
-static void sp_256_mont_shift_8(sp_digit* r, const sp_digit* a)
+#if BB_UNALIGNED_MEMACCESS_OK && ULONG_MAX > 0xffffffff
+static void sp_256_mont_shift_8(sp_digit* rr)
+{
+ uint64_t *r = (void*)rr;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ r[i] = r[i+4];
+ r[i+4] = 0;
+ }
+}
+#else
+static void sp_256_mont_shift_8(sp_digit* r)
{
int i;
for (i = 0; i < 8; i++) {
- r[i] = a[i+8];
+ r[i] = r[i+8];
r[i+8] = 0;
}
}
+#endif
/* Mul a by scalar b and add into r. (r += a * b) */
static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
@@ -800,7 +884,7 @@ static void sp_256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/
goto inc_next_word0;
}
}
- sp_256_mont_shift_8(a, a);
+ sp_256_mont_shift_8(a);
if (word16th != 0)
sp_256_sub_8_p256_mod(a);
sp_256_norm_8(a);
@@ -820,7 +904,7 @@ static void sp_256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/
goto inc_next_word;
}
}
- sp_256_mont_shift_8(a, a);
+ sp_256_mont_shift_8(a);
if (word16th != 0)
sp_256_sub_8_p256_mod(a);
sp_256_norm_8(a);
From vda.linux at googlemail.com Sat Nov 27 11:03:43 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 12:03:43 +0100
Subject: [git commit] tls: tweak debug printout
Message-ID: <20211127105932.4C80A88224@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=446d136109633c12d748d63e2034db238f77ef97
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/tls.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/networking/tls.c b/networking/tls.c
index 675ef4b3a..415952f16 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -1883,10 +1883,12 @@ static void process_server_key(tls_state_t *tls, int len)
keybuf += 4;
switch (t32) {
case _0x03001d20: //curve_x25519
+ dbg("got x25519 eccPubKey\n");
tls->flags |= GOT_EC_CURVE_X25519;
memcpy(tls->hsd->ecc_pub_key32, keybuf, 32);
break;
case _0x03001741: //curve_secp256r1 (aka P256)
+ dbg("got P256 eccPubKey\n");
/* P256 point can be transmitted odd- or even-compressed
* (first byte is 3 or 2) or uncompressed (4).
*/
@@ -1899,7 +1901,6 @@ static void process_server_key(tls_state_t *tls, int len)
}
tls->flags |= GOT_EC_KEY;
- dbg("got eccPubKey\n");
}
static void send_empty_client_cert(tls_state_t *tls)
From vda.linux at googlemail.com Sat Nov 27 14:06:57 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 15:06:57 +0100
Subject: [git commit] tls: P256: remove constant-time trick in
sp_256_proj_point_add_8
Message-ID: <20211127152257.67EC98B52C@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=bbda85c74b7a53d8b2bb46f3b44d8f0932a6e95d
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
sp_256_proj_point_add_8 576 544 -32
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 79 +++++++++++++++++++++++--------------------------
1 file changed, 37 insertions(+), 42 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 29dd04293..3b0473036 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -1269,52 +1269,47 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point*
&& (sp_256_cmp_equal_8(p->y, q->y) || sp_256_cmp_equal_8(p->y, t1))
) {
sp_256_proj_point_dbl_8(r, p);
+ return;
}
- else {
- sp_point tp;
- sp_point *v;
-
- v = r;
- if (p->infinity | q->infinity) {
- memset(&tp, 0, sizeof(tp));
- v = &tp;
- }
- *r = p->infinity ? *q : *p; /* struct copy */
- /* U1 = X1*Z2^2 */
- sp_256_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t1, t1, v->x /*, p256_mod, p256_mp_mod*/);
- /* U2 = X2*Z1^2 */
- sp_256_mont_sqr_8(t2, v->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t4, t2, v->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/);
- /* S1 = Y1*Z2^3 */
- sp_256_mont_mul_8(t3, t3, v->y /*, p256_mod, p256_mp_mod*/);
- /* S2 = Y2*Z1^3 */
- sp_256_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/);
- /* H = U2 - U1 */
- sp_256_mont_sub_8(t2, t2, t1 /*, p256_mod*/);
- /* R = S2 - S1 */
- sp_256_mont_sub_8(t4, t4, t3 /*, p256_mod*/);
- /* Z3 = H*Z1*Z2 */
- sp_256_mont_mul_8(v->z, v->z, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(v->z, v->z, t2 /*, p256_mod, p256_mp_mod*/);
- /* X3 = R^2 - H^3 - 2*U1*H^2 */
- sp_256_mont_sqr_8(v->x, t4 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(v->y, t1, t5 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_sub_8(v->x, v->x, t5 /*, p256_mod*/);
- sp_256_mont_dbl_8(t1, v->y /*, p256_mod*/);
- sp_256_mont_sub_8(v->x, v->x, t1 /*, p256_mod*/);
- /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
- sp_256_mont_sub_8(v->y, v->y, v->x /*, p256_mod*/);
- sp_256_mont_mul_8(v->y, v->y, t4 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_sub_8(v->y, v->y, t5 /*, p256_mod*/);
+ if (p->infinity || q->infinity) {
+ *r = p->infinity ? *q : *p; /* struct copy */
+ return;
}
+
+ /* U1 = X1*Z2^2 */
+ sp_256_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t1, t1, r->x /*, p256_mod, p256_mp_mod*/);
+ /* U2 = X2*Z1^2 */
+ sp_256_mont_sqr_8(t2, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t4, t2, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/);
+ /* S1 = Y1*Z2^3 */
+ sp_256_mont_mul_8(t3, t3, r->y /*, p256_mod, p256_mp_mod*/);
+ /* S2 = Y2*Z1^3 */
+ sp_256_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/);
+ /* H = U2 - U1 */
+ sp_256_mont_sub_8(t2, t2, t1 /*, p256_mod*/);
+ /* R = S2 - S1 */
+ sp_256_mont_sub_8(t4, t4, t3 /*, p256_mod*/);
+ /* Z3 = H*Z1*Z2 */
+ sp_256_mont_mul_8(r->z, r->z, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->z, r->z, t2 /*, p256_mod, p256_mp_mod*/);
+ /* X3 = R^2 - H^3 - 2*U1*H^2 */
+ sp_256_mont_sqr_8(r->x, t4 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->y, t1, t5 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sub_8(r->x, r->x, t5 /*, p256_mod*/);
+ sp_256_mont_dbl_8(t1, r->y /*, p256_mod*/);
+ sp_256_mont_sub_8(r->x, r->x, t1 /*, p256_mod*/);
+ /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
+ sp_256_mont_sub_8(r->y, r->y, r->x /*, p256_mod*/);
+ sp_256_mont_mul_8(r->y, r->y, t4 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sub_8(r->y, r->y, t5 /*, p256_mod*/);
}
/* Multiply the point by the scalar and return the result.
From vda.linux at googlemail.com Sat Nov 27 14:00:14 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 15:00:14 +0100
Subject: [git commit] tls: P256: do not open-code copying of struct variables
Message-ID: <20211127152257.5EB0D8B528@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=26c85225229b0a439bcc66c8ee786d16f23be9ed
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
sp_256_ecc_mulmod_8 536 534 -2
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index d09f7e881..29dd04293 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -1361,13 +1361,13 @@ static void sp_256_ecc_mulmod_8(sp_point* r, const sp_point* g, const sp_digit*
dump_512("t[1].y %s\n", t[1].y);
dump_512("t[1].z %s\n", t[1].z);
dbg("t[2] = t[%d]\n", y);
- memcpy(&t[2], &t[y], sizeof(sp_point));
+ t[2] = t[y]; /* struct copy */
dbg("t[2] *= 2\n");
sp_256_proj_point_dbl_8(&t[2], &t[2]);
dump_512("t[2].x %s\n", t[2].x);
dump_512("t[2].y %s\n", t[2].y);
dump_512("t[2].z %s\n", t[2].z);
- memcpy(&t[y], &t[2], sizeof(sp_point));
+ t[y] = t[2]; /* struct copy */
n <<= 1;
c--;
From vda.linux at googlemail.com Sat Nov 27 15:24:49 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 16:24:49 +0100
Subject: [git commit] tls: P256: fix sp_256_div2_8 - it wouldn't use a[] if
low bit is 0
Message-ID: <20211127152257.88FB58B52C@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=dcfd8d3d1013ba989fa511f44bb0553a88c1ef10
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
It worked by chance because the only caller passed both parameters
as two pointers to the same array.
My fault (I made this error when converting from 26-bit code).
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index baed62f41..b3f7888f5 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -636,12 +636,14 @@ static void sp_256_rshift1_8(sp_digit* r, sp_digit carry)
}
#endif
-/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) */
-static void sp_256_div2_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
+/* Divide the number by 2 mod the modulus (prime). (r = (r / 2) % m) */
+static void sp_256_div2_8(sp_digit* r /*, const sp_digit* m*/)
{
+ const sp_digit* m = p256_mod;
+
int carry = 0;
- if (a[0] & 1)
- carry = sp_256_add_8(r, a, m);
+ if (r[0] & 1)
+ carry = sp_256_add_8(r, r, m);
sp_256_norm_8(r);
sp_256_rshift1_8(r, carry);
}
@@ -1125,7 +1127,7 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
/* T2 = Y * Y */
sp_256to512z_mont_sqr_8(t2, r->y /*, p256_mod, p256_mp_mod*/);
/* T2 = T2/2 */
- sp_256_div2_8(t2, t2, p256_mod);
+ sp_256_div2_8(t2 /*, p256_mod*/);
/* Y = Y * X */
sp_256to512z_mont_mul_8(r->y, r->y, r->x /*, p256_mod, p256_mp_mod*/);
/* X = T1 * T1 */
From vda.linux at googlemail.com Sat Nov 27 14:50:40 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 15:50:40 +0100
Subject: [git commit] tls: P256: remove redundant zeroing in sp_256_map_8
Message-ID: <20211127152257.8031F8820C@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=8cbb70365f653397c8c2b9370214d5aed36ec9fa
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Previous change made it obvious that we zero out already-zeroed high bits
function old new delta
sp_256_ecc_mulmod_8 534 494 -40
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 74ded2cda..baed62f41 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -1062,7 +1062,6 @@ static void sp_256_map_8(sp_point* r, sp_point* p)
/* x /= z^2 */
sp_256to512z_mont_mul_8(r->x, p->x, t2 /*, p256_mod, p256_mp_mod*/);
- memset(r->x + 8, 0, sizeof(r->x) / 2);
sp_512to256_mont_reduce_8(r->x /*, p256_mod, p256_mp_mod*/);
/* Reduce x to less than modulus */
if (sp_256_cmp_8(r->x, p256_mod) >= 0)
@@ -1071,7 +1070,6 @@ static void sp_256_map_8(sp_point* r, sp_point* p)
/* y /= z^3 */
sp_256to512z_mont_mul_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/);
- memset(r->y + 8, 0, sizeof(r->y) / 2);
sp_512to256_mont_reduce_8(r->y /*, p256_mod, p256_mp_mod*/);
/* Reduce y to less than modulus */
if (sp_256_cmp_8(r->y, p256_mod) >= 0)
From vda.linux at googlemail.com Sat Nov 27 14:47:26 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 15:47:26 +0100
Subject: [git commit] tls: P256: explain which functions use double-wide
arrays, no code changes
Message-ID: <20211127152257.725D88B607@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=4415f7bc06f1ee382bcbaabd86c3d7aca0b46d93
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
sp_512to256_mont_reduce_8 - 243 +243
sp_256to512z_mont_mul_8 - 150 +150
sp_256to512z_mont_sqr_8 - 7 +7
sp_256_mont_sqr_8 7 - -7
sp_256_mont_mul_8 150 - -150
sp_256_mont_reduce_8 243 - -243
------------------------------------------------------------------------------
(add/remove: 3/3 grow/shrink: 0/0 up/down: 400/-400) Total: 0 bytes
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 211 +++++++++++++-----------------------------------
1 file changed, 58 insertions(+), 153 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 3b0473036..74ded2cda 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -455,8 +455,10 @@ static void sp_256_sub_8_p256_mod(sp_digit* r)
}
#endif
-/* Multiply a and b into r. (r = a * b) */
-static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
+/* Multiply a and b into r. (r = a * b)
+ * r should be [16] array (512 bits).
+ */
+static void sp_256to512_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
{
#if ALLOW_ASM && defined(__GNUC__) && defined(__i386__)
sp_digit rr[15]; /* in case r coincides with a or b */
@@ -704,9 +706,11 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
}
}
-/* Shift the result in the high 256 bits down to the bottom. */
+/* Shift the result in the high 256 bits down to the bottom.
+ * High half is cleared to zeros.
+ */
#if BB_UNALIGNED_MEMACCESS_OK && ULONG_MAX > 0xffffffff
-static void sp_256_mont_shift_8(sp_digit* rr)
+static void sp_512to256_mont_shift_8(sp_digit* rr)
{
uint64_t *r = (void*)rr;
int i;
@@ -717,7 +721,7 @@ static void sp_256_mont_shift_8(sp_digit* rr)
}
}
#else
-static void sp_256_mont_shift_8(sp_digit* r)
+static void sp_512to256_mont_shift_8(sp_digit* r)
{
int i;
@@ -728,7 +732,10 @@ static void sp_256_mont_shift_8(sp_digit* r)
}
#endif
-/* Mul a by scalar b and add into r. (r += a * b) */
+/* Mul a by scalar b and add into r. (r += a * b)
+ * a = p256_mod
+ * b = r[0]
+ */
static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
{
// const sp_digit* a = p256_mod;
@@ -857,11 +864,11 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
/* Reduce the number back to 256 bits using Montgomery reduction.
*
- * a A single precision number to reduce in place.
+ * a Double-wide number to reduce in place.
* m The single precision number representing the modulus.
* mp The digit representing the negative inverse of m mod 2^n.
*/
-static void sp_256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
+static void sp_512to256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
{
// const sp_digit* m = p256_mod;
sp_digit mp = p256_mp_mod;
@@ -884,7 +891,7 @@ static void sp_256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/
goto inc_next_word0;
}
}
- sp_256_mont_shift_8(a);
+ sp_512to256_mont_shift_8(a);
if (word16th != 0)
sp_256_sub_8_p256_mod(a);
sp_256_norm_8(a);
@@ -892,7 +899,7 @@ static void sp_256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/
else { /* Same code for explicit mp == 1 (which is always the case for P256) */
sp_digit word16th = 0;
for (i = 0; i < 8; i++) {
- /*mu = a[i];*/
+// mu = a[i];
if (sp_256_mul_add_8(a+i /*, m, mu*/)) {
int j = i + 8;
inc_next_word:
@@ -904,148 +911,46 @@ static void sp_256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/
goto inc_next_word;
}
}
- sp_256_mont_shift_8(a);
+ sp_512to256_mont_shift_8(a);
if (word16th != 0)
sp_256_sub_8_p256_mod(a);
sp_256_norm_8(a);
}
}
-#if 0
-//TODO: arm32 asm (also adapt for x86?)
-static void sp_256_mont_reduce_8(sp_digit* a, sp_digit* m, sp_digit mp)
-{
- sp_digit ca = 0;
-
- asm volatile (
- # i = 0
- mov r12, #0
- ldr r10, [%[a], #0]
- ldr r14, [%[a], #4]
-1:
- # mu = a[i] * mp
- mul r8, %[mp], r10
- # a[i+0] += m[0] * mu
- ldr r7, [%[m], #0]
- ldr r9, [%[a], #0]
- umull r6, r7, r8, r7
- adds r10, r10, r6
- adc r5, r7, #0
- # a[i+1] += m[1] * mu
- ldr r7, [%[m], #4]
- ldr r9, [%[a], #4]
- umull r6, r7, r8, r7
- adds r10, r14, r6
- adc r4, r7, #0
- adds r10, r10, r5
- adc r4, r4, #0
- # a[i+2] += m[2] * mu
- ldr r7, [%[m], #8]
- ldr r14, [%[a], #8]
- umull r6, r7, r8, r7
- adds r14, r14, r6
- adc r5, r7, #0
- adds r14, r14, r4
- adc r5, r5, #0
- # a[i+3] += m[3] * mu
- ldr r7, [%[m], #12]
- ldr r9, [%[a], #12]
- umull r6, r7, r8, r7
- adds r9, r9, r6
- adc r4, r7, #0
- adds r9, r9, r5
- str r9, [%[a], #12]
- adc r4, r4, #0
- # a[i+4] += m[4] * mu
- ldr r7, [%[m], #16]
- ldr r9, [%[a], #16]
- umull r6, r7, r8, r7
- adds r9, r9, r6
- adc r5, r7, #0
- adds r9, r9, r4
- str r9, [%[a], #16]
- adc r5, r5, #0
- # a[i+5] += m[5] * mu
- ldr r7, [%[m], #20]
- ldr r9, [%[a], #20]
- umull r6, r7, r8, r7
- adds r9, r9, r6
- adc r4, r7, #0
- adds r9, r9, r5
- str r9, [%[a], #20]
- adc r4, r4, #0
- # a[i+6] += m[6] * mu
- ldr r7, [%[m], #24]
- ldr r9, [%[a], #24]
- umull r6, r7, r8, r7
- adds r9, r9, r6
- adc r5, r7, #0
- adds r9, r9, r4
- str r9, [%[a], #24]
- adc r5, r5, #0
- # a[i+7] += m[7] * mu
- ldr r7, [%[m], #28]
- ldr r9, [%[a], #28]
- umull r6, r7, r8, r7
- adds r5, r5, r6
- adcs r7, r7, %[ca]
- mov %[ca], #0
- adc %[ca], %[ca], %[ca]
- adds r9, r9, r5
- str r9, [%[a], #28]
- ldr r9, [%[a], #32]
- adcs r9, r9, r7
- str r9, [%[a], #32]
- adc %[ca], %[ca], #0
- # i += 1
- add %[a], %[a], #4
- add r12, r12, #4
- cmp r12, #32
- blt 1b
-
- str r10, [%[a], #0]
- str r14, [%[a], #4]
- : [ca] "+r" (ca), [a] "+r" (a)
- : [m] "r" (m), [mp] "r" (mp)
- : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "r14"
- );
-
- memcpy(a, a + 8, 32);
- if (ca)
- a -= m;
-}
-#endif
/* Multiply two Montogmery form numbers mod the modulus (prime).
* (r = a * b mod m)
*
* r Result of multiplication.
+ * Should be [16] array (512 bits), but high half is cleared to zeros (used as scratch pad).
* a First number to multiply in Montogmery form.
* b Second number to multiply in Montogmery form.
* m Modulus (prime).
* mp Montogmery mulitplier.
*/
-static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b
+static void sp_256to512z_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b
/*, const sp_digit* m, sp_digit mp*/)
{
//const sp_digit* m = p256_mod;
//sp_digit mp = p256_mp_mod;
- sp_256_mul_8(r, a, b);
- sp_256_mont_reduce_8(r /*, m, mp*/);
+ sp_256to512_mul_8(r, a, b);
+ sp_512to256_mont_reduce_8(r /*, m, mp*/);
}
/* Square the Montgomery form number. (r = a * a mod m)
*
* r Result of squaring.
+ * Should be [16] array (512 bits), but high half is cleared to zeros (used as scratch pad).
* a Number to square in Montogmery form.
* m Modulus (prime).
* mp Montogmery mulitplier.
*/
-static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a
+static void sp_256to512z_mont_sqr_8(sp_digit* r, const sp_digit* a
/*, const sp_digit* m, sp_digit mp*/)
{
//const sp_digit* m = p256_mod;
//sp_digit mp = p256_mp_mod;
- sp_256_mont_mul_8(r, a, a /*, m, mp*/);
+ sp_256to512z_mont_mul_8(r, a, a /*, m, mp*/);
}
/* Invert the number, in Montgomery form, modulo the modulus (prime) of the
@@ -1068,15 +973,15 @@ static const uint32_t p256_mod_2[8] = {
#endif
static void sp_256_mont_inv_8(sp_digit* r, sp_digit* a)
{
- sp_digit t[2*8]; //can be just [8]?
+ sp_digit t[2*8];
int i;
memcpy(t, a, sizeof(sp_digit) * 8);
for (i = 254; i >= 0; i--) {
- sp_256_mont_sqr_8(t, t /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(t, t /*, p256_mod, p256_mp_mod*/);
/*if (p256_mod_2[i / 32] & ((sp_digit)1 << (i % 32)))*/
if (i >= 224 || i == 192 || (i <= 95 && i != 1))
- sp_256_mont_mul_8(t, t, a /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t, t, a /*, p256_mod, p256_mp_mod*/);
}
memcpy(r, t, sizeof(sp_digit) * 8);
}
@@ -1152,22 +1057,22 @@ static void sp_256_map_8(sp_point* r, sp_point* p)
sp_256_mont_inv_8(t1, p->z);
- sp_256_mont_sqr_8(t2, t1 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t1, t2, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(t2, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t1, t2, t1 /*, p256_mod, p256_mp_mod*/);
/* x /= z^2 */
- sp_256_mont_mul_8(r->x, p->x, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->x, p->x, t2 /*, p256_mod, p256_mp_mod*/);
memset(r->x + 8, 0, sizeof(r->x) / 2);
- sp_256_mont_reduce_8(r->x /*, p256_mod, p256_mp_mod*/);
+ sp_512to256_mont_reduce_8(r->x /*, p256_mod, p256_mp_mod*/);
/* Reduce x to less than modulus */
if (sp_256_cmp_8(r->x, p256_mod) >= 0)
sp_256_sub_8_p256_mod(r->x);
sp_256_norm_8(r->x);
/* y /= z^3 */
- sp_256_mont_mul_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/);
memset(r->y + 8, 0, sizeof(r->y) / 2);
- sp_256_mont_reduce_8(r->y /*, p256_mod, p256_mp_mod*/);
+ sp_512to256_mont_reduce_8(r->y /*, p256_mod, p256_mp_mod*/);
/* Reduce y to less than modulus */
if (sp_256_cmp_8(r->y, p256_mod) >= 0)
sp_256_sub_8_p256_mod(r->y);
@@ -1202,9 +1107,9 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
}
/* T1 = Z * Z */
- sp_256_mont_sqr_8(t1, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(t1, r->z /*, p256_mod, p256_mp_mod*/);
/* Z = Y * Z */
- sp_256_mont_mul_8(r->z, r->y, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->z, r->y, r->z /*, p256_mod, p256_mp_mod*/);
/* Z = 2Z */
sp_256_mont_dbl_8(r->z, r->z /*, p256_mod*/);
/* T2 = X - T1 */
@@ -1212,21 +1117,21 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
/* T1 = X + T1 */
sp_256_mont_add_8(t1, r->x, t1 /*, p256_mod*/);
/* T2 = T1 * T2 */
- sp_256_mont_mul_8(t2, t1, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t2, t1, t2 /*, p256_mod, p256_mp_mod*/);
/* T1 = 3T2 */
sp_256_mont_tpl_8(t1, t2 /*, p256_mod*/);
/* Y = 2Y */
sp_256_mont_dbl_8(r->y, r->y /*, p256_mod*/);
/* Y = Y * Y */
- sp_256_mont_sqr_8(r->y, r->y /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(r->y, r->y /*, p256_mod, p256_mp_mod*/);
/* T2 = Y * Y */
- sp_256_mont_sqr_8(t2, r->y /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(t2, r->y /*, p256_mod, p256_mp_mod*/);
/* T2 = T2/2 */
sp_256_div2_8(t2, t2, p256_mod);
/* Y = Y * X */
- sp_256_mont_mul_8(r->y, r->y, r->x /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->y, r->y, r->x /*, p256_mod, p256_mp_mod*/);
/* X = T1 * T1 */
- sp_256_mont_mul_8(r->x, t1, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->x, t1, t1 /*, p256_mod, p256_mp_mod*/);
/* X = X - Y */
sp_256_mont_sub_8(r->x, r->x, r->y /*, p256_mod*/);
/* X = X - Y */
@@ -1234,7 +1139,7 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
/* Y = Y - X */
sp_256_mont_sub_8(r->y, r->y, r->x /*, p256_mod*/);
/* Y = Y * T1 */
- sp_256_mont_mul_8(r->y, r->y, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->y, r->y, t1 /*, p256_mod, p256_mp_mod*/);
/* Y = Y - T2 */
sp_256_mont_sub_8(r->y, r->y, t2 /*, p256_mod*/);
dump_512("y2 %s\n", r->y);
@@ -1279,36 +1184,36 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point*
}
/* U1 = X1*Z2^2 */
- sp_256_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t1, t1, r->x /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t1, t1, r->x /*, p256_mod, p256_mp_mod*/);
/* U2 = X2*Z1^2 */
- sp_256_mont_sqr_8(t2, r->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t4, t2, r->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(t2, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t4, t2, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/);
/* S1 = Y1*Z2^3 */
- sp_256_mont_mul_8(t3, t3, r->y /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t3, t3, r->y /*, p256_mod, p256_mp_mod*/);
/* S2 = Y2*Z1^3 */
- sp_256_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/);
/* H = U2 - U1 */
sp_256_mont_sub_8(t2, t2, t1 /*, p256_mod*/);
/* R = S2 - S1 */
sp_256_mont_sub_8(t4, t4, t3 /*, p256_mod*/);
/* Z3 = H*Z1*Z2 */
- sp_256_mont_mul_8(r->z, r->z, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(r->z, r->z, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->z, r->z, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->z, r->z, t2 /*, p256_mod, p256_mp_mod*/);
/* X3 = R^2 - H^3 - 2*U1*H^2 */
- sp_256_mont_sqr_8(r->x, t4 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(r->y, t1, t5 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(r->x, t4 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->y, t1, t5 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/);
sp_256_mont_sub_8(r->x, r->x, t5 /*, p256_mod*/);
sp_256_mont_dbl_8(t1, r->y /*, p256_mod*/);
sp_256_mont_sub_8(r->x, r->x, t1 /*, p256_mod*/);
/* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
sp_256_mont_sub_8(r->y, r->y, r->x /*, p256_mod*/);
- sp_256_mont_mul_8(r->y, r->y, t4 /*, p256_mod, p256_mp_mod*/);
- sp_256_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(r->y, r->y, t4 /*, p256_mod, p256_mp_mod*/);
+ sp_256to512z_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/);
sp_256_mont_sub_8(r->y, r->y, t5 /*, p256_mod*/);
}
From vda.linux at googlemail.com Sat Nov 27 17:42:27 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 18:42:27 +0100
Subject: [git commit] tls: P256: do not open-code copying of struct variables
Message-ID: <20211127182803.A28D58D5F1@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=9c671fe3dd2e46a28c02d266130f56a1a6296791
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index b3f7888f5..3291b553c 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -865,6 +865,8 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
}
/* Reduce the number back to 256 bits using Montgomery reduction.
+ * Note: the result is NOT guaranteed to be less than p256_mod!
+ * (it is only guaranteed to fit into 256 bits).
*
* a Double-wide number to reduce in place.
* m The single precision number representing the modulus.
@@ -1276,7 +1278,7 @@ static void sp_256_ecc_mulmod_8(sp_point* r, const sp_point* g, const sp_digit*
if (map)
sp_256_map_8(r, &t[0]);
else
- memcpy(r, &t[0], sizeof(sp_point));
+ *r = t[0]; /* struct copy */
memset(t, 0, sizeof(t)); //paranoia
}
From vda.linux at googlemail.com Sat Nov 27 18:27:03 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 19:27:03 +0100
Subject: [git commit] tls: P256: change logic so that we don't need
double-wide vectors everywhere
Message-ID: <20211127182803.AB8928D5F8@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=f92ae1dc4bc00e352e683b826609efa5e1e22708
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Change sp_256to512z_mont_{mul,sqr}_8 to not require/zero upper 256 bits.
There is only one place where we actually used that (and that's why there
used to be zeroing memset of top half!). Fix up that place.
As a bonus, 256x256->512 multiply no longer needs to care for
"r overlaps a or b" case.
This shrinks sp_point structure as well, not just temporaries.
function old new delta
sp_256to512z_mont_mul_8 150 - -150
sp_256_mont_mul_8 - 147 +147
sp_256to512z_mont_sqr_8 7 - -7
sp_256_mont_sqr_8 - 7 +7
sp_256_ecc_mulmod_8 494 543 +49
sp_512to256_mont_reduce_8 243 249 +6
sp_256_point_from_bin2x32 73 70 -3
sp_256_proj_point_dbl_8 353 345 -8
sp_256_proj_point_add_8 544 499 -45
------------------------------------------------------------------------------
(add/remove: 2/2 grow/shrink: 2/3 up/down: 209/-213) Total: -4 bytes
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 178 ++++++++++++++++++++----------------------------
1 file changed, 72 insertions(+), 106 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 3291b553c..3452b08b9 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -49,9 +49,9 @@ typedef int32_t signed_sp_digit;
*/
typedef struct sp_point {
- sp_digit x[2 * 8];
- sp_digit y[2 * 8];
- sp_digit z[2 * 8];
+ sp_digit x[8];
+ sp_digit y[8];
+ sp_digit z[8];
int infinity;
} sp_point;
@@ -456,12 +456,11 @@ static void sp_256_sub_8_p256_mod(sp_digit* r)
#endif
/* Multiply a and b into r. (r = a * b)
- * r should be [16] array (512 bits).
+ * r should be [16] array (512 bits), and must not coincide with a or b.
*/
static void sp_256to512_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
{
#if ALLOW_ASM && defined(__GNUC__) && defined(__i386__)
- sp_digit rr[15]; /* in case r coincides with a or b */
int k;
uint32_t accl;
uint32_t acch;
@@ -493,16 +492,15 @@ static void sp_256to512_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
j--;
i++;
} while (i != 8 && i <= k);
- rr[k] = accl;
+ r[k] = accl;
accl = acch;
acch = acc_hi;
}
r[15] = accl;
- memcpy(r, rr, sizeof(rr));
#elif ALLOW_ASM && defined(__GNUC__) && defined(__x86_64__)
const uint64_t* aa = (const void*)a;
const uint64_t* bb = (const void*)b;
- uint64_t rr[8];
+ const uint64_t* rr = (const void*)r;
int k;
uint64_t accl;
uint64_t acch;
@@ -539,11 +537,8 @@ static void sp_256to512_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
acch = acc_hi;
}
rr[7] = accl;
- memcpy(r, rr, sizeof(rr));
#elif 0
//TODO: arm assembly (untested)
- sp_digit tmp[16];
-
asm volatile (
"\n mov r5, #0"
"\n mov r6, #0"
@@ -575,12 +570,10 @@ static void sp_256to512_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
"\n cmp r5, #56"
"\n ble 1b"
"\n str r6, [%[r], r5]"
- : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
+ : [r] "r" (r), [a] "r" (a), [b] "r" (b)
: "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "r14"
);
- memcpy(r, tmp, sizeof(tmp));
#else
- sp_digit rr[15]; /* in case r coincides with a or b */
int i, j, k;
uint64_t acc;
@@ -600,11 +593,10 @@ static void sp_256to512_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
j--;
i++;
} while (i != 8 && i <= k);
- rr[k] = acc;
+ r[k] = acc;
acc = (acc >> 32) | ((uint64_t)acc_hi << 32);
}
r[15] = acc;
- memcpy(r, rr, sizeof(rr));
#endif
}
@@ -709,30 +701,11 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
}
/* Shift the result in the high 256 bits down to the bottom.
- * High half is cleared to zeros.
*/
-#if BB_UNALIGNED_MEMACCESS_OK && ULONG_MAX > 0xffffffff
-static void sp_512to256_mont_shift_8(sp_digit* rr)
+static void sp_512to256_mont_shift_8(sp_digit* r, sp_digit* a)
{
- uint64_t *r = (void*)rr;
- int i;
-
- for (i = 0; i < 4; i++) {
- r[i] = r[i+4];
- r[i+4] = 0;
- }
+ memcpy(r, a + 8, sizeof(*r) * 8);
}
-#else
-static void sp_512to256_mont_shift_8(sp_digit* r)
-{
- int i;
-
- for (i = 0; i < 8; i++) {
- r[i] = r[i+8];
- r[i+8] = 0;
- }
-}
-#endif
/* Mul a by scalar b and add into r. (r += a * b)
* a = p256_mod
@@ -868,11 +841,12 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
* Note: the result is NOT guaranteed to be less than p256_mod!
* (it is only guaranteed to fit into 256 bits).
*
- * a Double-wide number to reduce in place.
+ * r Result.
+ * a Double-wide number to reduce. Clobbered.
* m The single precision number representing the modulus.
* mp The digit representing the negative inverse of m mod 2^n.
*/
-static void sp_512to256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
+static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
{
// const sp_digit* m = p256_mod;
sp_digit mp = p256_mp_mod;
@@ -895,10 +869,10 @@ static void sp_512to256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit
goto inc_next_word0;
}
}
- sp_512to256_mont_shift_8(a);
+ sp_512to256_mont_shift_8(r, a);
if (word16th != 0)
- sp_256_sub_8_p256_mod(a);
- sp_256_norm_8(a);
+ sp_256_sub_8_p256_mod(r);
+ sp_256_norm_8(r);
}
else { /* Same code for explicit mp == 1 (which is always the case for P256) */
sp_digit word16th = 0;
@@ -915,10 +889,10 @@ static void sp_512to256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit
goto inc_next_word;
}
}
- sp_512to256_mont_shift_8(a);
+ sp_512to256_mont_shift_8(r, a);
if (word16th != 0)
- sp_256_sub_8_p256_mod(a);
- sp_256_norm_8(a);
+ sp_256_sub_8_p256_mod(r);
+ sp_256_norm_8(r);
}
}
@@ -926,35 +900,34 @@ static void sp_512to256_mont_reduce_8(sp_digit* a/*, const sp_digit* m, sp_digit
* (r = a * b mod m)
*
* r Result of multiplication.
- * Should be [16] array (512 bits), but high half is cleared to zeros (used as scratch pad).
* a First number to multiply in Montogmery form.
* b Second number to multiply in Montogmery form.
* m Modulus (prime).
* mp Montogmery mulitplier.
*/
-static void sp_256to512z_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b
+static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b
/*, const sp_digit* m, sp_digit mp*/)
{
//const sp_digit* m = p256_mod;
//sp_digit mp = p256_mp_mod;
- sp_256to512_mul_8(r, a, b);
- sp_512to256_mont_reduce_8(r /*, m, mp*/);
+ sp_digit t[2 * 8];
+ sp_256to512_mul_8(t, a, b);
+ sp_512to256_mont_reduce_8(r, t /*, m, mp*/);
}
/* Square the Montgomery form number. (r = a * a mod m)
*
* r Result of squaring.
- * Should be [16] array (512 bits), but high half is cleared to zeros (used as scratch pad).
* a Number to square in Montogmery form.
* m Modulus (prime).
* mp Montogmery mulitplier.
*/
-static void sp_256to512z_mont_sqr_8(sp_digit* r, const sp_digit* a
+static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a
/*, const sp_digit* m, sp_digit mp*/)
{
//const sp_digit* m = p256_mod;
//sp_digit mp = p256_mp_mod;
- sp_256to512z_mont_mul_8(r, a, a /*, m, mp*/);
+ sp_256_mont_mul_8(r, a, a /*, m, mp*/);
}
/* Invert the number, in Montgomery form, modulo the modulus (prime) of the
@@ -964,11 +937,8 @@ static void sp_256to512z_mont_sqr_8(sp_digit* r, const sp_digit* a
* a Number to invert.
*/
#if 0
-/* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_2[8] = {
- 0xfffffffd,0xffffffff,0xffffffff,0x00000000,
- 0x00000000,0x00000000,0x00000001,0xffffffff,
-};
+//p256_mod - 2:
+//ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff - 2
//Bit pattern:
//2 2 2 2 2 2 2 1...1
//5 5 4 3 2 1 0 9...0 9...1
@@ -977,15 +947,15 @@ static const uint32_t p256_mod_2[8] = {
#endif
static void sp_256_mont_inv_8(sp_digit* r, sp_digit* a)
{
- sp_digit t[2*8];
+ sp_digit t[8];
int i;
memcpy(t, a, sizeof(sp_digit) * 8);
for (i = 254; i >= 0; i--) {
- sp_256to512z_mont_sqr_8(t, t /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t, t /*, p256_mod, p256_mp_mod*/);
/*if (p256_mod_2[i / 32] & ((sp_digit)1 << (i % 32)))*/
if (i >= 224 || i == 192 || (i <= 95 && i != 1))
- sp_256to512z_mont_mul_8(t, t, a /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t, t, a /*, p256_mod, p256_mp_mod*/);
}
memcpy(r, t, sizeof(sp_digit) * 8);
}
@@ -1056,25 +1026,28 @@ static void sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a)
*/
static void sp_256_map_8(sp_point* r, sp_point* p)
{
- sp_digit t1[2*8];
- sp_digit t2[2*8];
+ sp_digit t1[8];
+ sp_digit t2[8];
+ sp_digit rr[2 * 8];
sp_256_mont_inv_8(t1, p->z);
- sp_256to512z_mont_sqr_8(t2, t1 /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(t1, t2, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t2, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t1, t2, t1 /*, p256_mod, p256_mp_mod*/);
/* x /= z^2 */
- sp_256to512z_mont_mul_8(r->x, p->x, t2 /*, p256_mod, p256_mp_mod*/);
- sp_512to256_mont_reduce_8(r->x /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(rr, p->x, t2 /*, p256_mod, p256_mp_mod*/);
+ memset(rr + 8, 0, sizeof(rr) / 2);
+ sp_512to256_mont_reduce_8(r->x, rr /*, p256_mod, p256_mp_mod*/);
/* Reduce x to less than modulus */
if (sp_256_cmp_8(r->x, p256_mod) >= 0)
sp_256_sub_8_p256_mod(r->x);
sp_256_norm_8(r->x);
/* y /= z^3 */
- sp_256to512z_mont_mul_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/);
- sp_512to256_mont_reduce_8(r->y /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(rr, p->y, t1 /*, p256_mod, p256_mp_mod*/);
+ memset(rr + 8, 0, sizeof(rr) / 2);
+ sp_512to256_mont_reduce_8(r->y, rr /*, p256_mod, p256_mp_mod*/);
/* Reduce y to less than modulus */
if (sp_256_cmp_8(r->y, p256_mod) >= 0)
sp_256_sub_8_p256_mod(r->y);
@@ -1091,8 +1064,8 @@ static void sp_256_map_8(sp_point* r, sp_point* p)
*/
static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
{
- sp_digit t1[2*8];
- sp_digit t2[2*8];
+ sp_digit t1[8];
+ sp_digit t2[8];
/* Put point to double into result */
if (r != p)
@@ -1101,17 +1074,10 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
if (r->infinity)
return;
- if (SP_DEBUG) {
- /* unused part of t2, may result in spurios
- * differences in debug output. Clear it.
- */
- memset(t2, 0, sizeof(t2));
- }
-
/* T1 = Z * Z */
- sp_256to512z_mont_sqr_8(t1, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t1, r->z /*, p256_mod, p256_mp_mod*/);
/* Z = Y * Z */
- sp_256to512z_mont_mul_8(r->z, r->y, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->z, r->y, r->z /*, p256_mod, p256_mp_mod*/);
/* Z = 2Z */
sp_256_mont_dbl_8(r->z, r->z /*, p256_mod*/);
/* T2 = X - T1 */
@@ -1119,21 +1085,21 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
/* T1 = X + T1 */
sp_256_mont_add_8(t1, r->x, t1 /*, p256_mod*/);
/* T2 = T1 * T2 */
- sp_256to512z_mont_mul_8(t2, t1, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t2, t1, t2 /*, p256_mod, p256_mp_mod*/);
/* T1 = 3T2 */
sp_256_mont_tpl_8(t1, t2 /*, p256_mod*/);
/* Y = 2Y */
sp_256_mont_dbl_8(r->y, r->y /*, p256_mod*/);
/* Y = Y * Y */
- sp_256to512z_mont_sqr_8(r->y, r->y /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(r->y, r->y /*, p256_mod, p256_mp_mod*/);
/* T2 = Y * Y */
- sp_256to512z_mont_sqr_8(t2, r->y /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t2, r->y /*, p256_mod, p256_mp_mod*/);
/* T2 = T2/2 */
sp_256_div2_8(t2 /*, p256_mod*/);
/* Y = Y * X */
- sp_256to512z_mont_mul_8(r->y, r->y, r->x /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->y, r->y, r->x /*, p256_mod, p256_mp_mod*/);
/* X = T1 * T1 */
- sp_256to512z_mont_mul_8(r->x, t1, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->x, t1, t1 /*, p256_mod, p256_mp_mod*/);
/* X = X - Y */
sp_256_mont_sub_8(r->x, r->x, r->y /*, p256_mod*/);
/* X = X - Y */
@@ -1141,7 +1107,7 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
/* Y = Y - X */
sp_256_mont_sub_8(r->y, r->y, r->x /*, p256_mod*/);
/* Y = Y * T1 */
- sp_256to512z_mont_mul_8(r->y, r->y, t1 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->y, r->y, t1 /*, p256_mod, p256_mp_mod*/);
/* Y = Y - T2 */
sp_256_mont_sub_8(r->y, r->y, t2 /*, p256_mod*/);
dump_512("y2 %s\n", r->y);
@@ -1155,11 +1121,11 @@ static void sp_256_proj_point_dbl_8(sp_point* r, sp_point* p)
*/
static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point* q)
{
- sp_digit t1[2*8];
- sp_digit t2[2*8];
- sp_digit t3[2*8];
- sp_digit t4[2*8];
- sp_digit t5[2*8];
+ sp_digit t1[8];
+ sp_digit t2[8];
+ sp_digit t3[8];
+ sp_digit t4[8];
+ sp_digit t5[8];
/* Ensure only the first point is the same as the result. */
if (q == r) {
@@ -1186,36 +1152,36 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point*
}
/* U1 = X1*Z2^2 */
- sp_256to512z_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(t1, t1, r->x /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t1, t1, r->x /*, p256_mod, p256_mp_mod*/);
/* U2 = X2*Z1^2 */
- sp_256to512z_mont_sqr_8(t2, r->z /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(t4, t2, r->z /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t2, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t4, t2, r->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/);
/* S1 = Y1*Z2^3 */
- sp_256to512z_mont_mul_8(t3, t3, r->y /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t3, t3, r->y /*, p256_mod, p256_mp_mod*/);
/* S2 = Y2*Z1^3 */
- sp_256to512z_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/);
/* H = U2 - U1 */
sp_256_mont_sub_8(t2, t2, t1 /*, p256_mod*/);
/* R = S2 - S1 */
sp_256_mont_sub_8(t4, t4, t3 /*, p256_mod*/);
/* Z3 = H*Z1*Z2 */
- sp_256to512z_mont_mul_8(r->z, r->z, q->z /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(r->z, r->z, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->z, r->z, q->z /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->z, r->z, t2 /*, p256_mod, p256_mp_mod*/);
/* X3 = R^2 - H^3 - 2*U1*H^2 */
- sp_256to512z_mont_sqr_8(r->x, t4 /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(r->y, t1, t5 /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(r->x, t4 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->y, t1, t5 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/);
sp_256_mont_sub_8(r->x, r->x, t5 /*, p256_mod*/);
sp_256_mont_dbl_8(t1, r->y /*, p256_mod*/);
sp_256_mont_sub_8(r->x, r->x, t1 /*, p256_mod*/);
/* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
sp_256_mont_sub_8(r->y, r->y, r->x /*, p256_mod*/);
- sp_256to512z_mont_mul_8(r->y, r->y, t4 /*, p256_mod, p256_mp_mod*/);
- sp_256to512z_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r->y, r->y, t4 /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/);
sp_256_mont_sub_8(r->y, r->y, t5 /*, p256_mod*/);
}
From vda.linux at googlemail.com Sat Nov 27 18:36:23 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sat, 27 Nov 2021 19:36:23 +0100
Subject: [git commit] tls: P256: trivial x86-64 fix
Message-ID: <20211127183312.2BC338DB0C@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=0b13ab66f43fc1a9437361cfcd33b485422eb0ae
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 3452b08b9..4c8f08d4e 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -500,7 +500,7 @@ static void sp_256to512_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
#elif ALLOW_ASM && defined(__GNUC__) && defined(__x86_64__)
const uint64_t* aa = (const void*)a;
const uint64_t* bb = (const void*)b;
- const uint64_t* rr = (const void*)r;
+ uint64_t* rr = (void*)r;
int k;
uint64_t accl;
uint64_t acch;
From vda.linux at googlemail.com Sun Nov 28 01:56:02 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sun, 28 Nov 2021 02:56:02 +0100
Subject: [git commit] tls: P256: pad struct sp_point to 64 bits (on 64-bit
arches)
Message-ID: <20211128015203.3E0788E29B@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=1b93c7c4ecc47318905b6e6f801732b7dd31e0ee
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
curve_P256_compute_pubkey_and_premaster 198 190 -8
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 4c8f08d4e..37e1cfa1c 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -49,14 +49,19 @@ typedef int32_t signed_sp_digit;
*/
typedef struct sp_point {
- sp_digit x[8];
+ sp_digit x[8]
+#if ULONG_MAX > 0xffffffff
+ /* Make sp_point[] arrays to not be 64-bit misaligned */
+ ALIGNED(8)
+#endif
+ ;
sp_digit y[8];
sp_digit z[8];
int infinity;
} sp_point;
/* The modulus (prime) of the curve P256. */
-static const sp_digit p256_mod[8] = {
+static const sp_digit p256_mod[8] ALIGNED(8) = {
0xffffffff,0xffffffff,0xffffffff,0x00000000,
0x00000000,0x00000000,0x00000001,0xffffffff,
};
@@ -903,7 +908,7 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
* a First number to multiply in Montogmery form.
* b Second number to multiply in Montogmery form.
* m Modulus (prime).
- * mp Montogmery mulitplier.
+ * mp Montogmery multiplier.
*/
static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b
/*, const sp_digit* m, sp_digit mp*/)
@@ -920,7 +925,7 @@ static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b
* r Result of squaring.
* a Number to square in Montogmery form.
* m Modulus (prime).
- * mp Montogmery mulitplier.
+ * mp Montogmery multiplier.
*/
static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a
/*, const sp_digit* m, sp_digit mp*/)
@@ -1145,7 +1150,6 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point*
return;
}
-
if (p->infinity || q->infinity) {
*r = p->infinity ? *q : *p; /* struct copy */
return;
From rep.dot.nop at gmail.com Sun Nov 28 09:53:22 2021
From: rep.dot.nop at gmail.com (Bernhard Reutner-Fischer)
Date: Sun, 28 Nov 2021 10:53:22 +0100
Subject: [git commit] libarchive: remove duplicate forward declaration
Message-ID: <20211128095007.D8F8E8D36F@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=bfefa6ab6cf30507009cca7182c7302900fb5534
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Bernhard Reutner-Fischer
---
include/bb_archive.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/include/bb_archive.h b/include/bb_archive.h
index dc5e55f0a..e0ef8fc4e 100644
--- a/include/bb_archive.h
+++ b/include/bb_archive.h
@@ -195,7 +195,6 @@ char get_header_ar(archive_handle_t *archive_handle) FAST_FUNC;
char get_header_cpio(archive_handle_t *archive_handle) FAST_FUNC;
char get_header_tar(archive_handle_t *archive_handle) FAST_FUNC;
char get_header_tar_gz(archive_handle_t *archive_handle) FAST_FUNC;
-char get_header_tar_xz(archive_handle_t *archive_handle) FAST_FUNC;
char get_header_tar_bz2(archive_handle_t *archive_handle) FAST_FUNC;
char get_header_tar_lzma(archive_handle_t *archive_handle) FAST_FUNC;
char get_header_tar_xz(archive_handle_t *archive_handle) FAST_FUNC;
From vda.linux at googlemail.com Sun Nov 28 10:15:34 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sun, 28 Nov 2021 11:15:34 +0100
Subject: [git commit] tls: P256: simplify sp_256_mont_inv_8 (no need for a
temporary)
Message-ID: <20211128101115.1778F8D47D@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=cfb615781df5c7439fe0060a85e6b6a56d10dc7f
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
sp_256_ecc_mulmod_8 543 517 -26
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 37e1cfa1c..9bd5c6832 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -938,7 +938,7 @@ static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a
/* Invert the number, in Montgomery form, modulo the modulus (prime) of the
* P256 curve. (r = 1 / a mod m)
*
- * r Inverse result.
+ * r Inverse result. Must not coincide with a.
* a Number to invert.
*/
#if 0
@@ -952,17 +952,15 @@ static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a
#endif
static void sp_256_mont_inv_8(sp_digit* r, sp_digit* a)
{
- sp_digit t[8];
int i;
- memcpy(t, a, sizeof(sp_digit) * 8);
+ memcpy(r, a, sizeof(sp_digit) * 8);
for (i = 254; i >= 0; i--) {
- sp_256_mont_sqr_8(t, t /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_sqr_8(r, r /*, p256_mod, p256_mp_mod*/);
/*if (p256_mod_2[i / 32] & ((sp_digit)1 << (i % 32)))*/
if (i >= 224 || i == 192 || (i <= 95 && i != 1))
- sp_256_mont_mul_8(t, t, a /*, p256_mod, p256_mp_mod*/);
+ sp_256_mont_mul_8(r, r, a /*, p256_mod, p256_mp_mod*/);
}
- memcpy(r, t, sizeof(sp_digit) * 8);
}
/* Multiply a number by Montogmery normalizer mod modulus (prime).
From vda.linux at googlemail.com Sun Nov 28 11:21:23 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sun, 28 Nov 2021 12:21:23 +0100
Subject: [git commit] libbb: code shrink in des encryption, in setup_salt()
Message-ID: <20211128112225.5A6958F29C@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=00b5051cd25ef7e42ac62637ba16b70d3ac1014a
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
pw_encrypt 978 971 -7
.rodata 108208 108192 -16
des_crypt 1211 1181 -30
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-53) Total: -53 bytes
Signed-off-by: Denys Vlasenko
---
libbb/pw_encrypt_des.c | 29 ++++++++++++++---------------
testsuite/cryptpw.tests | 14 ++++++++++++++
2 files changed, 28 insertions(+), 15 deletions(-)
diff --git a/libbb/pw_encrypt_des.c b/libbb/pw_encrypt_des.c
index dcd3521e2..fe8237cfe 100644
--- a/libbb/pw_encrypt_des.c
+++ b/libbb/pw_encrypt_des.c
@@ -363,7 +363,7 @@ des_init(struct des_ctx *ctx, const struct const_des_ctx *cctx)
old_rawkey0 = old_rawkey1 = 0;
old_salt = 0;
#endif
- saltbits = 0;
+ //saltbits = 0; /* not needed: we call setup_salt() before do_des() */
bits28 = bits32 + 4;
bits24 = bits28 + 4;
@@ -481,12 +481,11 @@ des_init(struct des_ctx *ctx, const struct const_des_ctx *cctx)
return ctx;
}
-
+/* Accepts 24-bit salt at max */
static void
setup_salt(struct des_ctx *ctx, uint32_t salt)
{
- uint32_t obit, saltbit;
- int i;
+ uint32_t invbits;
#if USE_REPETITIVE_SPEEDUP
if (salt == old_salt)
@@ -494,15 +493,15 @@ setup_salt(struct des_ctx *ctx, uint32_t salt)
old_salt = salt;
#endif
- saltbits = 0;
- saltbit = 1;
- obit = 0x800000;
- for (i = 0; i < 24; i++) {
- if (salt & saltbit)
- saltbits |= obit;
- saltbit <<= 1;
- obit >>= 1;
- }
+ invbits = 0;
+
+ salt |= (1 << 24);
+ do {
+ invbits = (invbits << 1) + (salt & 1);
+ salt >>= 1;
+ } while (salt != 1);
+
+ saltbits = invbits;
}
static void
@@ -736,14 +735,14 @@ des_crypt(struct des_ctx *ctx, char output[DES_OUT_BUFSIZE],
des_setkey(ctx, (char *)keybuf);
/*
- * salt_str - 2 bytes of salt
+ * salt_str - 2 chars of salt (converted to 12 bits)
* key - up to 8 characters
*/
output[0] = salt_str[0];
output[1] = salt_str[1];
salt = (ascii_to_bin(salt_str[1]) << 6)
| ascii_to_bin(salt_str[0]);
- setup_salt(ctx, salt);
+ setup_salt(ctx, salt); /* set ctx->saltbits for do_des() */
/* Do it. */
do_des(ctx, /*0, 0,*/ &r0, &r1, 25 /* count */);
diff --git a/testsuite/cryptpw.tests b/testsuite/cryptpw.tests
index 8ec476c9f..0dd91fe15 100755
--- a/testsuite/cryptpw.tests
+++ b/testsuite/cryptpw.tests
@@ -7,6 +7,20 @@
# testing "description" "command" "result" "infile" "stdin"
+#optional USE_BB_CRYPT
+testing "cryptpw des 12" \
+ "cryptpw -m des QWErty '123456789012345678901234567890'" \
+ '12MnB3PqfVbMA\n' "" ""
+
+testing "cryptpw des 55" \
+ "cryptpw -m des QWErty 55" \
+ '55tgFLtkT1Y72\n' "" ""
+
+testing "cryptpw des zz" \
+ "cryptpw -m des QWErty zz" \
+ 'zzIZaaXWOkxVk\n' "" ""
+#SKIP=
+
optional USE_BB_CRYPT_SHA
testing "cryptpw sha256" \
"cryptpw -m sha256 QWErty '123456789012345678901234567890'" \
From vda.linux at googlemail.com Sun Nov 28 11:55:20 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sun, 28 Nov 2021 12:55:20 +0100
Subject: [git commit] tls: P256: add comment on logic in
sp_512to256_mont_reduce_8, no code changes
Message-ID: <20211128115118.298808F2A3@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=832626227ea3798403159080532f763a37273a91
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 33 +++++++++++++++++++++++----------
1 file changed, 23 insertions(+), 10 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 9bd5c6832..eb6cc2431 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -850,6 +850,20 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
* a Double-wide number to reduce. Clobbered.
* m The single precision number representing the modulus.
* mp The digit representing the negative inverse of m mod 2^n.
+ *
+ * Montgomery reduction on multiprecision integers:
+ * Montgomery reduction requires products modulo R.
+ * When R is a power of B [in our case R=2^128, B=2^32], there is a variant
+ * of Montgomery reduction which requires products only of machine word sized
+ * integers. T is stored as an little-endian word array a[0..n]. The algorithm
+ * reduces it one word at a time. First an appropriate multiple of modulus
+ * is added to make T divisible by B. [In our case, it is p256_mp_mod * a[0].]
+ * Then a multiple of modulus is added to make T divisible by B^2.
+ * [In our case, it is (p256_mp_mod * a[1]) << 32.]
+ * And so on. Eventually T is divisible by R, and after division by R
+ * the algorithm is in the same place as the usual Montgomery reduction was.
+ *
+ * TODO: Can conditionally use 64-bit (if bit-little-endian arch) logic?
*/
static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
{
@@ -941,15 +955,6 @@ static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a
* r Inverse result. Must not coincide with a.
* a Number to invert.
*/
-#if 0
-//p256_mod - 2:
-//ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff - 2
-//Bit pattern:
-//2 2 2 2 2 2 2 1...1
-//5 5 4 3 2 1 0 9...0 9...1
-//543210987654321098765432109876543210987654321098765432109876543210...09876543210...09876543210
-//111111111111111111111111111111110000000000000000000000000000000100...00000111111...11111111101
-#endif
static void sp_256_mont_inv_8(sp_digit* r, sp_digit* a)
{
int i;
@@ -957,7 +962,15 @@ static void sp_256_mont_inv_8(sp_digit* r, sp_digit* a)
memcpy(r, a, sizeof(sp_digit) * 8);
for (i = 254; i >= 0; i--) {
sp_256_mont_sqr_8(r, r /*, p256_mod, p256_mp_mod*/);
- /*if (p256_mod_2[i / 32] & ((sp_digit)1 << (i % 32)))*/
+/* p256_mod - 2:
+ * ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff - 2
+ * Bit pattern:
+ * 2 2 2 2 2 2 2 1...1
+ * 5 5 4 3 2 1 0 9...0 9...1
+ * 543210987654321098765432109876543210987654321098765432109876543210...09876543210...09876543210
+ * 111111111111111111111111111111110000000000000000000000000000000100...00000111111...11111111101
+ */
+ /*if (p256_mod_minus_2[i / 32] & ((sp_digit)1 << (i % 32)))*/
if (i >= 224 || i == 192 || (i <= 95 && i != 1))
sp_256_mont_mul_8(r, r, a /*, p256_mod, p256_mp_mod*/);
}
From vda.linux at googlemail.com Sun Nov 28 14:44:08 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sun, 28 Nov 2021 15:44:08 +0100
Subject: [git commit] tls: P256: add 64-bit montgomery reduce (disabled),
small optimization in 32-bit code
Message-ID: <20211128144102.094C390981@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=90b0d3304455ad432c49f38e0419ac7820a625f7
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
sp_512to256_mont_reduce_8 191 185 -6
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 177 +++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 159 insertions(+), 18 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index eb6cc2431..b1c410037 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -705,36 +705,174 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
}
}
-/* Shift the result in the high 256 bits down to the bottom.
- */
+/* Shift the result in the high 256 bits down to the bottom. */
static void sp_512to256_mont_shift_8(sp_digit* r, sp_digit* a)
{
memcpy(r, a + 8, sizeof(*r) * 8);
}
+// Disabled for now. Seems to work, but ugly and 40 bytes larger on x86-64.
+#if 0 //UNALIGNED_LE_64BIT
+/* 64-bit little-endian optimized version.
+ * See generic 32-bit version below for explanation.
+ * The benefit of this version is: even though r[3] calculation is atrocious,
+ * we call sp_256_mul_add_4() four times, not 8.
+ */
+static int sp_256_mul_add_4(uint64_t *r /*, const uint64_t* a, uint64_t b*/)
+{
+ uint64_t b = r[0];
+
+# if 0
+ const uint64_t* a = (const void*)p256_mod;
+//a[3..0] = ffffffff00000001 0000000000000000 00000000ffffffff ffffffffffffffff
+ uint128_t t;
+ int i;
+ t = 0;
+ for (i = 0; i < 4; i++) {
+ uint32_t t_hi;
+ uint128_t m = ((uint128_t)b * a[i]) + r[i];
+ t += m;
+ t_hi = (t < m);
+ r[i] = (uint64_t)t;
+ t = (t >> 64) | ((uint128_t)t_hi << 64);
+ }
+ r[4] += (uint64_t)t;
+ return (r[4] < (uint64_t)t); /* 1 if addition overflowed */
+# else
+ // Unroll, then optimize the above loop:
+ //uint32_t t_hi;
+ //uint128_t m;
+ uint64_t t64, t64u;
+
+ //m = ((uint128_t)b * a[0]) + r[0];
+ // Since b is r[0] and a[0] is ffffffffffffffff, the above optimizes to:
+ // m = r[0] * ffffffffffffffff + r[0] = (r[0] << 64 - r[0]) + r[0] = r[0] << 64;
+ //t += m;
+ // t = r[0] << 64 = b << 64;
+ //t_hi = (t < m);
+ // t_hi = 0;
+ //r[0] = (uint64_t)t;
+// r[0] = 0;
+//the store can be eliminated since caller won't look at lower 256 bits of the result
+ //t = (t >> 64) | ((uint128_t)t_hi << 64);
+ // t = b;
+
+ //m = ((uint128_t)b * a[1]) + r[1];
+ // Since a[1] is 00000000ffffffff, the above optimizes to:
+ // m = b * ffffffff + r[1] = (b * 100000000 - b) + r[1] = (b << 32) - b + r[1];
+ //t += m;
+ // t = b + (b << 32) - b + r[1] = (b << 32) + r[1];
+ //t_hi = (t < m);
+ // t_hi = 0;
+ //r[1] = (uint64_t)t;
+ r[1] += (b << 32);
+ //t = (t >> 64) | ((uint128_t)t_hi << 64);
+ t64 = (r[1] < (b << 32));
+ t64 += (b >> 32);
+
+ //m = ((uint128_t)b * a[2]) + r[2];
+ // Since a[2] is 0000000000000000, the above optimizes to:
+ // m = b * 0 + r[2] = r[2];
+ //t += m;
+ // t = t64 + r[2];
+ //t_hi = (t < m);
+ // t_hi = 0;
+ //r[2] = (uint64_t)t;
+ r[2] += t64;
+ //t = (t >> 64) | ((uint128_t)t_hi << 64);
+ t64 = (r[2] < t64);
+
+ //m = ((uint128_t)b * a[3]) + r[3];
+ // Since a[3] is ffffffff00000001, the above optimizes to:
+ // m = b * ffffffff00000001 + r[3];
+ // m = b + b*ffffffff00000000 + r[3]
+ // m = b + (b*ffffffff << 32) + r[3]
+ // m = b + (((b<<32) - b) << 32) + r[3]
+ //t += m;
+ // t = t64 + (uint128_t)b + ((((uint128_t)b << 32) - b) << 32) + r[3];
+ t64 += b;
+ t64u = (t64 < b);
+ t64 += r[3];
+ t64u += (t64 < r[3]);
+ {
+ uint64_t lo,hi;
+ //lo = (((b << 32) - b) << 32
+ //hi = (((uint128_t)b << 32) - b) >> 32
+ //but without uint128_t:
+ hi = (b << 32) - b; /* form lower 32 bits of "hi" part 1 */
+ b = (b >> 32) - (/*borrowed above?*/(b << 32) < b); /* upper 32 bits of "hi" are in b */
+ lo = hi << 32; /* (use "hi" value to calculate "lo",... */
+ t64 += lo; /* ...consume... */
+ t64u += (t64 < lo); /* ..."lo") */
+ hi >>= 32; /* form lower 32 bits of "hi" part 2 */
+ hi |= (b << 32); /* combine lower and upper */
+ t64u += hi; /* consume "hi" */
+ }
+ //t_hi = (t < m);
+ // t_hi = 0;
+ //r[3] = (uint64_t)t;
+ r[3] = t64;
+ //t = (t >> 64) | ((uint128_t)t_hi << 64);
+ // t = t64u;
+
+ r[4] += t64u;
+ return (r[4] < t64u); /* 1 if addition overflowed */
+# endif
+}
+
+static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* aa/*, const sp_digit* m, sp_digit mp*/)
+{
+// const sp_digit* m = p256_mod;
+ int i;
+ uint64_t *a = (void*)aa;
+
+ sp_digit carry = 0;
+ for (i = 0; i < 4; i++) {
+// mu = a[i];
+ if (sp_256_mul_add_4(a+i /*, m, mu*/)) {
+ int j = i + 4;
+ inc_next_word:
+ if (++j > 7) { /* a[8] array has no more words? */
+ carry++;
+ continue;
+ }
+ if (++a[j] == 0) /* did this overflow too? */
+ goto inc_next_word;
+ }
+ }
+ sp_512to256_mont_shift_8(r, aa);
+ if (carry != 0)
+ sp_256_sub_8_p256_mod(r);
+ sp_256_norm_8(r);
+}
+
+#else /* Generic 32-bit version */
+
/* Mul a by scalar b and add into r. (r += a * b)
* a = p256_mod
* b = r[0]
*/
static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
{
-// const sp_digit* a = p256_mod;
-//a[7..0] = ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff
sp_digit b = r[0];
-
uint64_t t;
-// t = 0;
-// for (i = 0; i < 8; i++) {
-// uint32_t t_hi;
-// uint64_t m = ((uint64_t)b * a[i]) + r[i];
-// t += m;
-// t_hi = (t < m);
-// r[i] = (sp_digit)t;
-// t = (t >> 32) | ((uint64_t)t_hi << 32);
-// }
-// r[8] += (sp_digit)t;
-
+# if 0
+ const sp_digit* a = p256_mod;
+//a[7..0] = ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff
+ int i;
+ t = 0;
+ for (i = 0; i < 8; i++) {
+ uint32_t t_hi;
+ uint64_t m = ((uint64_t)b * a[i]) + r[i];
+ t += m;
+ t_hi = (t < m);
+ r[i] = (sp_digit)t;
+ t = (t >> 32) | ((uint64_t)t_hi << 32);
+ }
+ r[8] += (sp_digit)t;
+ return (r[8] < (sp_digit)t); /* 1 if addition overflowed */
+# else
// Unroll, then optimize the above loop:
//uint32_t t_hi;
uint64_t m;
@@ -748,7 +886,8 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
//t_hi = (t < m);
// t_hi = 0;
//r[0] = (sp_digit)t;
- r[0] = 0;
+// r[0] = 0;
+//the store can be eliminated since caller won't look at lower 256 bits of the result
//t = (t >> 32) | ((uint64_t)t_hi << 32);
// t = b;
@@ -840,6 +979,7 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
r[8] += (sp_digit)t;
return (r[8] < (sp_digit)t); /* 1 if addition overflowed */
+# endif
}
/* Reduce the number back to 256 bits using Montgomery reduction.
@@ -861,7 +1001,7 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
* Then a multiple of modulus is added to make T divisible by B^2.
* [In our case, it is (p256_mp_mod * a[1]) << 32.]
* And so on. Eventually T is divisible by R, and after division by R
- * the algorithm is in the same place as the usual Montgomery reduction was.
+ * the algorithm is in the same place as the usual Montgomery reduction.
*
* TODO: Can conditionally use 64-bit (if bit-little-endian arch) logic?
*/
@@ -914,6 +1054,7 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
sp_256_norm_8(r);
}
}
+#endif
/* Multiply two Montogmery form numbers mod the modulus (prime).
* (r = a * b mod m)
From vda.linux at googlemail.com Sun Nov 28 20:43:51 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sun, 28 Nov 2021 21:43:51 +0100
Subject: [git commit] tls: P256: enable 64-bit version of montgomery reduction
Message-ID: <20211128204212.CC9C390AC1@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=8514b4166d7a9d7720006d852ae67f43baed8ef1
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
After more testing, (1) I'm more sure it is indeed correct, and
(2) it is a significant speedup - we do a lot of those multiplications.
function old new delta
sp_512to256_mont_reduce_8 191 223 +32
Signed-off-by: Denys Vlasenko
---
networking/tls_sp_c32.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index b1c410037..cb166e413 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -711,12 +711,13 @@ static void sp_512to256_mont_shift_8(sp_digit* r, sp_digit* a)
memcpy(r, a + 8, sizeof(*r) * 8);
}
-// Disabled for now. Seems to work, but ugly and 40 bytes larger on x86-64.
-#if 0 //UNALIGNED_LE_64BIT
+#if UNALIGNED_LE_64BIT
/* 64-bit little-endian optimized version.
* See generic 32-bit version below for explanation.
* The benefit of this version is: even though r[3] calculation is atrocious,
* we call sp_256_mul_add_4() four times, not 8.
+ * Measured run time improvement of curve_P256_compute_pubkey_and_premaster()
+ * call on x86-64: from ~1500us to ~900us. Code size +32 bytes.
*/
static int sp_256_mul_add_4(uint64_t *r /*, const uint64_t* a, uint64_t b*/)
{
@@ -794,18 +795,18 @@ static int sp_256_mul_add_4(uint64_t *r /*, const uint64_t* a, uint64_t b*/)
t64u = (t64 < b);
t64 += r[3];
t64u += (t64 < r[3]);
- {
- uint64_t lo,hi;
+ { // add ((((uint128_t)b << 32) - b) << 32):
+ uint64_t lo, hi;
//lo = (((b << 32) - b) << 32
//hi = (((uint128_t)b << 32) - b) >> 32
//but without uint128_t:
- hi = (b << 32) - b; /* form lower 32 bits of "hi" part 1 */
+ hi = (b << 32) - b; /* make lower 32 bits of "hi", part 1 */
b = (b >> 32) - (/*borrowed above?*/(b << 32) < b); /* upper 32 bits of "hi" are in b */
lo = hi << 32; /* (use "hi" value to calculate "lo",... */
t64 += lo; /* ...consume... */
t64u += (t64 < lo); /* ..."lo") */
- hi >>= 32; /* form lower 32 bits of "hi" part 2 */
- hi |= (b << 32); /* combine lower and upper */
+ hi >>= 32; /* make lower 32 bits of "hi", part 2 */
+ hi |= (b << 32); /* combine lower and upper 32 bits */
t64u += hi; /* consume "hi" */
}
//t_hi = (t < m);
From bugzilla at busybox.net Mon Nov 29 08:18:13 2021
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Mon, 29 Nov 2021 08:18:13 +0000
Subject: [Bug 14401] New: The unzip Binary is from older version which has
security vulnerabilities.
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14401
Bug ID: 14401
Summary: The unzip Binary is from older version which has
security vulnerabilities.
Product: Busybox
Version: 1.33.x
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: sandep121 at gmail.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Current unzip binary has following security issues:
https://nvd.nist.gov/vuln/detail/CVE-2005-0602
https://nvd.nist.gov/vuln/detail/CVE-2001-1268
https://nvd.nist.gov/vuln/detail/CVE-2001-1269
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Tue Nov 30 22:41:13 2021
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 30 Nov 2021 23:41:13 +0100
Subject: [git commit] Announce 1.33.2
Message-ID: <20211130223754.BABBD92198@busybox.osuosl.org>
commit: https://git.busybox.net/busybox-website/commit/?id=76db5f4e96656f869defbbddf2d572a87daf3ddd
branch: https://git.busybox.net/busybox-website/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
news.html | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/news.html b/news.html
index bdffc39..fc1f8fb 100644
--- a/news.html
+++ b/news.html
@@ -34,6 +34,16 @@
+ 30 November 2021 -- BusyBox 1.33.2 (stable)
+ BusyBox 1.33.2.
+ (git)
+
+ Bug fix release. 1.33.2 has fixes for
+ hush and ash (parsing fixes) and
+ unlzma (fix a case where we could read before beginning of buffer).
+
+
+
30 September 2021 -- BusyBox 1.34.1 (stable)
BusyBox 1.34.1.
(git)