On Thu, Oct 13, 2022 at 04:25:49AM +0000, Job Snijders wrote:
> Hi all,
>
> All of ROA, MFT, ASPA, and RSC define their respective 'version' field
> in ASN.1 as following:
>
> version [0] INTEGER DEFAULT 0,
>
> Each object profile preamble "DEFINITIONS EXPLICIT TAGS ::="
>
> We haven't bumped into an issue yet, because all Signed Objects are at
> version 0, which means the field is entirely omitted (including the tag,
> be it implicit or explicit). (From X.690 section 11.5: "The encoding of
> a set value or a sequence value shall not include an encoding for any
> component value which is equal to its default value.")
>
> Then again, lib/libcrypto/asn1/asn1t.h is a mysterious place, so perhaps
> I'm holding it wrong.
>
> OK?
Yes, I think that's right.
ok tb
>
> Kind regards,
>
> Job
>
> Index: aspa.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 aspa.c
> --- aspa.c 5 Sep 2022 18:07:04 -0000 1.4
> +++ aspa.c 13 Oct 2022 04:06:55 -0000
> @@ -71,7 +71,7 @@ typedef struct {
> } ASProviderAttestation;
>
> ASN1_SEQUENCE(ASProviderAttestation) = {
> - ASN1_IMP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
> + ASN1_EXP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
> ASN1_SIMPLE(ASProviderAttestation, customerASID, ASN1_INTEGER),
> ASN1_SEQUENCE_OF(ASProviderAttestation, providers, ProviderAS),
> } ASN1_SEQUENCE_END(ASProviderAttestation);
> Index: mft.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
> retrieving revision 1.74
> diff -u -p -r1.74 mft.c
> --- mft.c 30 Aug 2022 18:56:49 -0000 1.74
> +++ mft.c 13 Oct 2022 04:06:55 -0000
> @@ -78,7 +78,7 @@ ASN1_SEQUENCE(FileAndHash) = {
> } ASN1_SEQUENCE_END(FileAndHash);
>
> ASN1_SEQUENCE(Manifest) = {
> - ASN1_IMP_OPT(Manifest, version, ASN1_INTEGER, 0),
> + ASN1_EXP_OPT(Manifest, version, ASN1_INTEGER, 0),
> ASN1_SIMPLE(Manifest, manifestNumber, ASN1_INTEGER),
> ASN1_SIMPLE(Manifest, thisUpdate, ASN1_GENERALIZEDTIME),
> ASN1_SIMPLE(Manifest, nextUpdate, ASN1_GENERALIZEDTIME),
> Index: roa.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
> retrieving revision 1.52
> diff -u -p -r1.52 roa.c
> --- roa.c 3 Sep 2022 14:40:09 -0000 1.52
> +++ roa.c 13 Oct 2022 04:06:55 -0000
> @@ -86,7 +86,7 @@ ASN1_SEQUENCE(ROAIPAddressFamily) = {
> } ASN1_SEQUENCE_END(ROAIPAddressFamily);
>
> ASN1_SEQUENCE(RouteOriginAttestation) = {
> - ASN1_IMP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
> + ASN1_EXP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
> ASN1_SIMPLE(RouteOriginAttestation, asid, ASN1_INTEGER),
> ASN1_SEQUENCE_OF(RouteOriginAttestation, ipAddrBlocks,
> ROAIPAddressFamily),
> Index: rsc.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 rsc.c
> --- rsc.c 3 Sep 2022 14:40:09 -0000 1.15
> +++ rsc.c 13 Oct 2022 04:06:55 -0000
> @@ -114,7 +114,7 @@ typedef struct {
> } RpkiSignedChecklist;
>
> ASN1_SEQUENCE(RpkiSignedChecklist) = {
> - ASN1_IMP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
> + ASN1_EXP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
> ASN1_SIMPLE(RpkiSignedChecklist, resources, ResourceBlock),
> ASN1_SIMPLE(RpkiSignedChecklist, digestAlgorithm, X509_ALGOR),
> ASN1_SEQUENCE_OF(RpkiSignedChecklist, checkList, FileNameAndHash),
>
