All of ROA, MFT, ASPA, and RSC define their respective 'version' field

in ASN.1 as following: "version [0] INTEGER DEFAULT 0,". Each object
profile preamble contains "DEFINITIONS EXPLICIT TAGS ::=".

We didn't bump into any issue yet, because all Signed Objects are at
version 0, which means the field is entirely omitted (including the tag,
be it implicit or explicit). (From X.690 section 11.5: "The encoding of
a set value or a sequence value shall not include an encoding for any
component value which is equal to its default value.")

OK tb@

diff --git a/usr.sbin/rpki-client/aspa.c b/usr.sbin/rpki-client/aspa.c
index f3ca518..c23054b 100644 (file)
--- a/usr.sbin/rpki-client/aspa.c
+++ b/usr.sbin/rpki-client/aspa.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: aspa.c,v 1.4 2022/09/05 18:07:04 tb Exp $ */
+/*     $OpenBSD: aspa.c,v 1.5 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -71,7 +71,7 @@ typedef struct {
 } ASProviderAttestation;
 
 ASN1_SEQUENCE(ASProviderAttestation) = {
-       ASN1_IMP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
+       ASN1_EXP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
        ASN1_SIMPLE(ASProviderAttestation, customerASID, ASN1_INTEGER),
        ASN1_SEQUENCE_OF(ASProviderAttestation, providers, ProviderAS),
 } ASN1_SEQUENCE_END(ASProviderAttestation);

diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index 8631071..69f14bb 100644 (file)
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mft.c,v 1.74 2022/08/30 18:56:49 job Exp $ */
+/*     $OpenBSD: mft.c,v 1.75 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -78,7 +78,7 @@ ASN1_SEQUENCE(FileAndHash) = {
 } ASN1_SEQUENCE_END(FileAndHash);
 
 ASN1_SEQUENCE(Manifest) = {
-       ASN1_IMP_OPT(Manifest, version, ASN1_INTEGER, 0),
+       ASN1_EXP_OPT(Manifest, version, ASN1_INTEGER, 0),
        ASN1_SIMPLE(Manifest, manifestNumber, ASN1_INTEGER),
        ASN1_SIMPLE(Manifest, thisUpdate, ASN1_GENERALIZEDTIME),
        ASN1_SIMPLE(Manifest, nextUpdate, ASN1_GENERALIZEDTIME),

diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index 4846d6f..93a7cda 100644 (file)
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: roa.c,v 1.52 2022/09/03 14:40:09 job Exp $ */
+/*     $OpenBSD: roa.c,v 1.53 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -86,7 +86,7 @@ ASN1_SEQUENCE(ROAIPAddressFamily) = {
 } ASN1_SEQUENCE_END(ROAIPAddressFamily);
 
 ASN1_SEQUENCE(RouteOriginAttestation) = {
-       ASN1_IMP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
+       ASN1_EXP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
        ASN1_SIMPLE(RouteOriginAttestation, asid, ASN1_INTEGER),
        ASN1_SEQUENCE_OF(RouteOriginAttestation, ipAddrBlocks,
            ROAIPAddressFamily),

diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c
index 6725287..edc7275 100644 (file)
--- a/usr.sbin/rpki-client/rsc.c
+++ b/usr.sbin/rpki-client/rsc.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rsc.c,v 1.15 2022/09/03 14:40:09 job Exp $ */
+/*     $OpenBSD: rsc.c,v 1.16 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
@@ -114,7 +114,7 @@ typedef struct {
 } RpkiSignedChecklist;
 
 ASN1_SEQUENCE(RpkiSignedChecklist) = {
-       ASN1_IMP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
+       ASN1_EXP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
        ASN1_SIMPLE(RpkiSignedChecklist, resources, ResourceBlock),
        ASN1_SIMPLE(RpkiSignedChecklist, digestAlgorithm, X509_ALGOR),
        ASN1_SEQUENCE_OF(RpkiSignedChecklist, checkList, FileNameAndHash),