Go to file
Ivan Abrea 5cb4f9081f tls: fix to handle X.509 v1 certificates correctly
The syntax of public key certificates can be found in RFC 5280 section
4.1. The relevant part of the syntax is the following:

  TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    ... remaining fields omitted ...
  }

The version field has a default value of v1. RFC 5280 section 4.1.2.1
says the following:

  If only basic fields are present, the version SHOULD be 1 (the value
  is omitted from the certificate as the default value); however, the
  version MAY be 2 or 3.

To help detect if the version field is present or not, the type of the
version field has an explicit tag of [0]. Due to this tag, if the
version field is present, its encoding will have an identifier octet
that is distinct from that of the serialNumber field.

ITU-T X.690 specifies how a value of such a type should be encoded with
DER. There is a PDF of X.690 freely available from ITU-T. X.690 section
8.1.2 specifies the format of identifier octets which is the first
component of every encoded value. Identifier octets encode the tag of a
type. Bits 8 and 7 encode the tag class. Bit 6 will be 0 if the encoding
is primitive and 1 if the encoding is constructed. Bits 5 to 1 encode
the tag number.

X.690 section 8.14 specifies what the identifier octet should be for
explicitly tagged types. Section 8.14.3 says if implicit tagging is not
used, then the encoding shall be constructed. The version field uses
explicit tagging and not implicit tagging, so its encoding will be
constructed. This means bit 6 of the identifier octet should be 1.

X.690 section 8.14 and Annex A provide examples. Note from their
examples that the notation for tags could look like [APPLICATION 2]
where both the tag class and tag number are given. For this example, the
tag class is 1 (application) and the tag number is 2. For notation like
[0] where the tag class is omitted and only the tag number is given, the
tag class will be context-specific.

Putting this all together, the identifier octet for the DER encoding of
the version field should have a tag class of 2 (context-specific), bit 6
as 1 (constructed), and a tag number of 0.

Signed-off-by: Ivan Abrea <ivan@algosolutions.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-24 20:05:24 +02:00
applets applets/install: don't try to install nothing 2018-04-15 12:07:22 +02:00
applets_sh applets_sh/*: Add a few more examples of "shell applets" 2012-02-09 18:23:33 +01:00
arch i386: make stack size optimization selectable, and allow i486 insns (bswap) 2018-04-06 19:01:51 +02:00
archival restore documentation on the build config language 2018-06-06 15:16:48 +02:00
configs build system: remove unused CONFIG_FEATURE_HAVE_RPC 2017-08-14 12:25:55 +02:00
console-tools restore documentation on the build config language 2018-06-06 15:16:48 +02:00
coreutils install: fix "-D -t DIR1/DIR2/DIR3" creating only DIR1/DIR2, closes 11106 2018-06-22 18:59:10 +02:00
debianutils restore documentation on the build config language 2018-06-06 15:16:48 +02:00
docs restore documentation on the build config language 2018-06-06 15:16:48 +02:00
e2fsprogs restore documentation on the build config language 2018-06-06 15:16:48 +02:00
editors restore documentation on the build config language 2018-06-06 15:16:48 +02:00
examples examples: update /var/service/getty for Unicode ttys 2018-06-23 13:55:13 +02:00
findutils restore documentation on the build config language 2018-06-06 15:16:48 +02:00
include realpath,readlink -f: coreutils compat, closes 11021 2018-05-24 17:31:00 +02:00
init restore documentation on the build config language 2018-06-06 15:16:48 +02:00
klibc-utils restore documentation on the build config language 2018-06-06 15:16:48 +02:00
libbb restore documentation on the build config language 2018-06-06 15:16:48 +02:00
libpwdgrp whitespace and comment format fixes, no code changes 2017-10-05 15:33:28 +02:00
loginutils restore documentation on the build config language 2018-06-06 15:16:48 +02:00
mailutils popmaildir: placate gcc8 "warning: 'strncpy' output truncated" 2018-05-14 11:14:58 +02:00
miscutils restore documentation on the build config language 2018-06-06 15:16:48 +02:00
modutils restore documentation on the build config language 2018-06-06 15:16:48 +02:00
networking tls: fix to handle X.509 v1 certificates correctly 2018-06-24 20:05:24 +02:00
printutils restore documentation on the build config language 2018-06-06 15:16:48 +02:00
procps restore documentation on the build config language 2018-06-06 15:16:48 +02:00
qemu_multiarch_testing qemu_multiarch_testing: small improvements 2017-01-02 13:48:06 +01:00
runit restore documentation on the build config language 2018-06-06 15:16:48 +02:00
scripts Update release script to generate detached signatures and checksum files 2018-06-09 21:19:35 +02:00
selinux restore documentation on the build config language 2018-06-06 15:16:48 +02:00
shell restore documentation on the build config language 2018-06-06 15:16:48 +02:00
sysklogd restore documentation on the build config language 2018-06-06 15:16:48 +02:00
testsuite unlzma: close another SEGV possibility 2018-05-25 17:03:46 +02:00
util-linux restore documentation on the build config language 2018-06-06 15:16:48 +02:00
.gitignore Makefile: fix cscope target 2014-12-31 21:29:05 +01:00
.indent.pro First revision of the Busybox Style Guide and an accompanying .indent.pro 2000-07-24 22:36:06 +00:00
AUTHORS paste: new applet 2017-03-23 17:35:52 +01:00
Config.in restore documentation on the build config language 2018-06-06 15:16:48 +02:00
INSTALL Tweak INSTALL text 2012-04-17 12:28:13 +02:00
LICENSE LICENSE: update address of the FSF 2009-05-06 05:28:53 -04:00
make_single_applets.sh randomconfig fixes 2017-12-31 17:30:02 +01:00
Makefile build system: fix parallel building issue 2018-04-14 01:55:51 +02:00
Makefile.custom applets/install: don't try to install nothing 2018-04-15 12:07:22 +02:00
Makefile.flags build system: FEATURE_NSLOOKUP_BIG needs -lresolv 2018-04-16 11:04:03 +02:00
Makefile.help build system: "make hosttools" doesn't exist, remove it from "make help" 2014-01-09 11:03:46 +01:00
NOFORK_NOEXEC.lst mv: make it NOEXEC 2018-01-14 14:41:52 +01:00
NOFORK_NOEXEC.sh NOFORK_NOEXEC.sh: a script to find "interesting" applets 2018-01-14 14:44:30 +01:00
README typo fix 2015-05-03 18:24:33 +02:00
size_single_applets.sh size_single_applets.sh: fix a bug which mishandles e.g. "udhcpc6" name 2018-01-14 12:13:16 +01:00
TODO libbb: remove vdprintf 2017-07-29 17:30:21 +02:00
TODO_unicode ls: unicode fixes 2010-01-31 05:15:38 +01:00

Please see the LICENSE file for details on copying and usage.
Please refer to the INSTALL file for instructions on how to build.

What is busybox:

  BusyBox combines tiny versions of many common UNIX utilities into a single
  small executable.  It provides minimalist replacements for most of the
  utilities you usually find in bzip2, coreutils, dhcp, diffutils, e2fsprogs,
  file, findutils, gawk, grep, inetutils, less, modutils, net-tools, procps,
  sed, shadow, sysklogd, sysvinit, tar, util-linux, and vim.  The utilities
  in BusyBox often have fewer options than their full-featured cousins;
  however, the options that are included provide the expected functionality
  and behave very much like their larger counterparts.

  BusyBox has been written with size-optimization and limited resources in
  mind, both to produce small binaries and to reduce run-time memory usage.
  Busybox is also extremely modular so you can easily include or exclude
  commands (or features) at compile time.  This makes it easy to customize
  embedded systems; to create a working system, just add /dev, /etc, and a
  Linux kernel.  Busybox (usually together with uClibc) has also been used as
  a component of "thin client" desktop systems, live-CD distributions, rescue
  disks, installers, and so on.

  BusyBox provides a fairly complete POSIX environment for any small system,
  both embedded environments and more full featured systems concerned about
  space.  Busybox is slowly working towards implementing the full Single Unix
  Specification V3 (http://www.opengroup.org/onlinepubs/009695399/), but isn't
  there yet (and for size reasons will probably support at most UTF-8 for
  internationalization).  We are also interested in passing the Linux Test
  Project (http://ltp.sourceforge.net).

----------------

Using busybox:

  BusyBox is extremely configurable.  This allows you to include only the
  components and options you need, thereby reducing binary size.  Run 'make
  config' or 'make menuconfig' to select the functionality that you wish to
  enable.  (See 'make help' for more commands.)

  The behavior of busybox is determined by the name it's called under: as
  "cp" it behaves like cp, as "sed" it behaves like sed, and so on.  Called
  as "busybox" it takes the second argument as the name of the applet to
  run (I.E. "./busybox ls -l /proc").

  The "standalone shell" mode is an easy way to try out busybox; this is a
  command shell that calls the built-in applets without needing them to be
  installed in the path.  (Note that this requires /proc to be mounted, if
  testing from a boot floppy or in a chroot environment.)

  The build automatically generates a file "busybox.links", which is used by
  'make install' to create symlinks to the BusyBox binary for all compiled in
  commands.  This uses the CONFIG_PREFIX environment variable to specify
  where to install, and installs hardlinks or symlinks depending
  on the configuration preferences.  (You can also manually run
  the install script at "applets/install.sh").

----------------

Downloading the current source code:

  Source for the latest released version, as well as daily snapshots, can always
  be downloaded from

    http://busybox.net/downloads/

  You can browse the up to the minute source code and change history online.

    http://git.busybox.net/busybox/

  Anonymous GIT access is available.  For instructions, check out:

    http://www.busybox.net/source.html

  For those that are actively contributing and would like to check files in,
  see:

    http://busybox.net/developer.html

  The developers also have a bug and patch tracking system
  (https://bugs.busybox.net) although posting a bug/patch to the mailing list
  is generally a faster way of getting it fixed, and the complete archive of
  what happened is the git changelog.

  Note: if you want to compile busybox in a busybox environment you must
  select CONFIG_DESKTOP.

----------------

Getting help:

  when you find you need help, you can check out the busybox mailing list
  archives at http://busybox.net/lists/busybox/ or even join
  the mailing list if you are interested.

----------------

Bugs:

  if you find bugs, please submit a detailed bug report to the busybox mailing
  list at busybox@busybox.net.  a well-written bug report should include a
  transcript of a shell session that demonstrates the bad behavior and enables
  anyone else to duplicate the bug on their own machine. the following is such
  an example:

    to: busybox@busybox.net
    from: diligent@testing.linux.org
    subject: /bin/date doesn't work

    package: busybox
    version: 1.00

    when i execute busybox 'date' it produces unexpected results.
    with gnu date i get the following output:

	$ date
	fri oct  8 14:19:41 mdt 2004

    but when i use busybox date i get this instead:

	$ date
	illegal instruction

    i am using debian unstable, kernel version 2.4.25-vrs2 on a netwinder,
    and the latest uclibc from cvs.

	-diligent

  note the careful description and use of examples showing not only what
  busybox does, but also a counter example showing what an equivalent app
  does (or pointing to the text of a relevant standard).  Bug reports lacking
  such detail may never be fixed...  Thanks for understanding.

----------------

Portability:

  Busybox is developed and tested on Linux 2.4 and 2.6 kernels, compiled
  with gcc (the unit-at-a-time optimizations in version 3.4 and later are
  worth upgrading to get, but older versions should work), and linked against
  uClibc (0.9.27 or greater) or glibc (2.2 or greater).  In such an
  environment, the full set of busybox features should work, and if
  anything doesn't we want to know about it so we can fix it.

  There are many other environments out there, in which busybox may build
  and run just fine.  We just don't test them.  Since busybox consists of a
  large number of more or less independent applets, portability is a question
  of which features work where.  Some busybox applets (such as cat and rm) are
  highly portable and likely to work just about anywhere, while others (such as
  insmod and losetup) require recent Linux kernels with recent C libraries.

  Earlier versions of Linux and glibc may or may not work, for any given
  configuration.  Linux 2.2 or earlier should mostly work (there's still
  some support code in things like mount.c) but this is no longer regularly
  tested, and inherently won't support certain features (such as long files
  and --bind mounts).  The same is true for glibc 2.0 and 2.1: expect a higher
  testing and debugging burden using such old infrastructure.  (The busybox
  developers are not very interested in supporting these older versions, but
  will probably accept small self-contained patches to fix simple problems.)

  Some environments are not recommended.  Early versions of uClibc were buggy
  and missing many features: upgrade.  Linking against libc5 or dietlibc is
  not supported and not interesting to the busybox developers.  (The first is
  obsolete and has no known size or feature advantages over uClibc, the second
  has known bugs that its developers have actively refused to fix.)  Ancient
  Linux kernels (2.0.x and earlier) are similarly uninteresting.

  In theory it's possible to use Busybox under other operating systems (such as
  MacOS X, Solaris, Cygwin, or the BSD Fork Du Jour).  This generally involves
  a different kernel and a different C library at the same time.  While it
  should be possible to port the majority of the code to work in one of
  these environments, don't be surprised if it doesn't work out of the box.  If
  you're into that sort of thing, start small (selecting just a few applets)
  and work your way up.

  In 2005 Shaun Jackman has ported busybox to a combination of newlib
  and libgloss, and some of his patches have been integrated.

Supported hardware:

  BusyBox in general will build on any architecture supported by gcc.  We
  support both 32 and 64 bit platforms, and both big and little endian
  systems.

  Under 2.4 Linux kernels, kernel module loading was implemented in a
  platform-specific manner.  Busybox's insmod utility has been reported to
  work under ARM, CRIS, H8/300, x86, ia64, x86_64, m68k, MIPS, PowerPC, S390,
  SH3/4/5, Sparc, and v850e.  Anything else probably won't work.

  The module loading mechanism for the 2.6 kernel is much more generic, and
  we believe 2.6.x kernel module loading support should work on all
  architectures supported by the kernel.

----------------

Please feed suggestions, bug reports, insults, and bribes back to the busybox
mailing list:

	busybox@busybox.net

and/or maintainer:

	Denys Vlasenko
	<vda.linux@googlemail.com>