On Thu, Oct 13, 2022 at 04:25:49AM +0000, Job Snijders wrote: > Hi all, > > All of ROA, MFT, ASPA, and RSC define their respective 'version' field > in ASN.1 as following: > > version [0] INTEGER DEFAULT 0, > > Each object profile preamble "DEFINITIONS EXPLICIT TAGS ::=" > > We haven't bumped into an issue yet, because all Signed Objects are at > version 0, which means the field is entirely omitted (including the tag, > be it implicit or explicit). (From X.690 section 11.5: "The encoding of > a set value or a sequence value shall not include an encoding for any > component value which is equal to its default value.") > > Then again, lib/libcrypto/asn1/asn1t.h is a mysterious place, so perhaps > I'm holding it wrong. > > OK?
Yes, I think that's right. ok tb > > Kind regards, > > Job > > Index: aspa.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v > retrieving revision 1.4 > diff -u -p -r1.4 aspa.c > --- aspa.c 5 Sep 2022 18:07:04 -0000 1.4 > +++ aspa.c 13 Oct 2022 04:06:55 -0000 > @@ -71,7 +71,7 @@ typedef struct { > } ASProviderAttestation; > > ASN1_SEQUENCE(ASProviderAttestation) = { > - ASN1_IMP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0), > + ASN1_EXP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0), > ASN1_SIMPLE(ASProviderAttestation, customerASID, ASN1_INTEGER), > ASN1_SEQUENCE_OF(ASProviderAttestation, providers, ProviderAS), > } ASN1_SEQUENCE_END(ASProviderAttestation); > Index: mft.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v > retrieving revision 1.74 > diff -u -p -r1.74 mft.c > --- mft.c 30 Aug 2022 18:56:49 -0000 1.74 > +++ mft.c 13 Oct 2022 04:06:55 -0000 > @@ -78,7 +78,7 @@ ASN1_SEQUENCE(FileAndHash) = { > } ASN1_SEQUENCE_END(FileAndHash); > > ASN1_SEQUENCE(Manifest) = { > - ASN1_IMP_OPT(Manifest, version, ASN1_INTEGER, 0), > + ASN1_EXP_OPT(Manifest, version, ASN1_INTEGER, 0), > ASN1_SIMPLE(Manifest, manifestNumber, ASN1_INTEGER), > ASN1_SIMPLE(Manifest, thisUpdate, ASN1_GENERALIZEDTIME), > ASN1_SIMPLE(Manifest, nextUpdate, ASN1_GENERALIZEDTIME), > Index: roa.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v > retrieving revision 1.52 > diff -u -p -r1.52 roa.c > --- roa.c 3 Sep 2022 14:40:09 -0000 1.52 > +++ roa.c 13 Oct 2022 04:06:55 -0000 > @@ -86,7 +86,7 @@ ASN1_SEQUENCE(ROAIPAddressFamily) = { > } ASN1_SEQUENCE_END(ROAIPAddressFamily); > > ASN1_SEQUENCE(RouteOriginAttestation) = { > - ASN1_IMP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0), > + ASN1_EXP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0), > ASN1_SIMPLE(RouteOriginAttestation, asid, ASN1_INTEGER), > ASN1_SEQUENCE_OF(RouteOriginAttestation, ipAddrBlocks, > ROAIPAddressFamily), > Index: rsc.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v > retrieving revision 1.15 > diff -u -p -r1.15 rsc.c > --- rsc.c 3 Sep 2022 14:40:09 -0000 1.15 > +++ rsc.c 13 Oct 2022 04:06:55 -0000 > @@ -114,7 +114,7 @@ typedef struct { > } RpkiSignedChecklist; > > ASN1_SEQUENCE(RpkiSignedChecklist) = { > - ASN1_IMP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0), > + ASN1_EXP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0), > ASN1_SIMPLE(RpkiSignedChecklist, resources, ResourceBlock), > ASN1_SIMPLE(RpkiSignedChecklist, digestAlgorithm, X509_ALGOR), > ASN1_SEQUENCE_OF(RpkiSignedChecklist, checkList, FileNameAndHash), >