Hi all,
All of ROA, MFT, ASPA, and RSC define their respective 'version' field
in ASN.1 as following:
version [0] INTEGER DEFAULT 0,
Each object profile preamble "DEFINITIONS EXPLICIT TAGS ::="
We haven't bumped into an issue yet, because all Signed Objects are at
version 0, which means the field is entirely omitted (including the tag,
be it implicit or explicit). (From X.690 section 11.5: "The encoding of
a set value or a sequence value shall not include an encoding for any
component value which is equal to its default value.")
Then again, lib/libcrypto/asn1/asn1t.h is a mysterious place, so perhaps
I'm holding it wrong.
OK?
Kind regards,
Job
Index: aspa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
retrieving revision 1.4
diff -u -p -r1.4 aspa.c
--- aspa.c 5 Sep 2022 18:07:04 -0000 1.4
+++ aspa.c 13 Oct 2022 04:06:55 -0000
@@ -71,7 +71,7 @@ typedef struct {
} ASProviderAttestation;
ASN1_SEQUENCE(ASProviderAttestation) = {
- ASN1_IMP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
+ ASN1_EXP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(ASProviderAttestation, customerASID, ASN1_INTEGER),
ASN1_SEQUENCE_OF(ASProviderAttestation, providers, ProviderAS),
} ASN1_SEQUENCE_END(ASProviderAttestation);
Index: mft.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
retrieving revision 1.74
diff -u -p -r1.74 mft.c
--- mft.c 30 Aug 2022 18:56:49 -0000 1.74
+++ mft.c 13 Oct 2022 04:06:55 -0000
@@ -78,7 +78,7 @@ ASN1_SEQUENCE(FileAndHash) = {
} ASN1_SEQUENCE_END(FileAndHash);
ASN1_SEQUENCE(Manifest) = {
- ASN1_IMP_OPT(Manifest, version, ASN1_INTEGER, 0),
+ ASN1_EXP_OPT(Manifest, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(Manifest, manifestNumber, ASN1_INTEGER),
ASN1_SIMPLE(Manifest, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_SIMPLE(Manifest, nextUpdate, ASN1_GENERALIZEDTIME),
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
retrieving revision 1.52
diff -u -p -r1.52 roa.c
--- roa.c 3 Sep 2022 14:40:09 -0000 1.52
+++ roa.c 13 Oct 2022 04:06:55 -0000
@@ -86,7 +86,7 @@ ASN1_SEQUENCE(ROAIPAddressFamily) = {
} ASN1_SEQUENCE_END(ROAIPAddressFamily);
ASN1_SEQUENCE(RouteOriginAttestation) = {
- ASN1_IMP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
+ ASN1_EXP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(RouteOriginAttestation, asid, ASN1_INTEGER),
ASN1_SEQUENCE_OF(RouteOriginAttestation, ipAddrBlocks,
ROAIPAddressFamily),
Index: rsc.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v
retrieving revision 1.15
diff -u -p -r1.15 rsc.c
--- rsc.c 3 Sep 2022 14:40:09 -0000 1.15
+++ rsc.c 13 Oct 2022 04:06:55 -0000
@@ -114,7 +114,7 @@ typedef struct {
} RpkiSignedChecklist;
ASN1_SEQUENCE(RpkiSignedChecklist) = {
- ASN1_IMP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
+ ASN1_EXP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(RpkiSignedChecklist, resources, ResourceBlock),
ASN1_SIMPLE(RpkiSignedChecklist, digestAlgorithm, X509_ALGOR),
ASN1_SEQUENCE_OF(RpkiSignedChecklist, checkList, FileNameAndHash),
