diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-04-28 16:00:52 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-04-28 16:00:52 +0000 |
| commit | 460025e253a19b190dde7fded8aedd91e828955b (patch) | |
| tree | 6ac1cc0a5d0246b2b14aa72d826ba518d87b1ca9 /src/libstrongswan/plugins/x509 | |
| parent | 63cdbca21196c027b8c13701084522e31ee59775 (diff) | |
| download | strongswan-460025e253a19b190dde7fded8aedd91e828955b.tar.bz2 strongswan-460025e253a19b190dde7fded8aedd91e828955b.tar.xz | |
introduced ASN1_EXIT command in ASN.1 object syntax definition
Diffstat (limited to 'src/libstrongswan/plugins/x509')
| -rw-r--r-- | src/libstrongswan/plugins/x509/ietf_attr_list.c | 6 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 20 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 143 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_crl.c | 6 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ocsp_response.c | 42 |
5 files changed, 86 insertions, 131 deletions
diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.c b/src/libstrongswan/plugins/x509/ietf_attr_list.c index d27cf62df..17f6949b2 100644 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.c +++ b/src/libstrongswan/plugins/x509/ietf_attr_list.c @@ -296,12 +296,12 @@ static const asn1Object_t ietfAttrSyntaxObjects[] = { 2, "string", ASN1_UTF8STRING, ASN1_OPT | ASN1_BODY }, /* 8 */ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ - { 1, "end loop", ASN1_EOC, ASN1_END } /* 10 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define IETF_ATTR_OCTETS 4 #define IETF_ATTR_OID 6 #define IETF_ATTR_STRING 8 -#define IETF_ATTR_ROOF 11 /* * Described in header. @@ -312,7 +312,7 @@ void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int lev chunk_t object; int objectID; - parser = asn1_parser_create(ietfAttrSyntaxObjects, IETF_ATTR_ROOF, chunk); + parser = asn1_parser_create(ietfAttrSyntaxObjects, chunk); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index e650405b2..113306072 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -228,13 +228,13 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi */ static const asn1Object_t roleSyntaxObjects[] = { - { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_OBJ }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ } /* 3 */ + { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | + ASN1_OBJ }, /* 1 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ + { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define ROLE_ROOF 4 /** * Parses roleSyntax @@ -245,7 +245,7 @@ static void parse_roleSyntax(chunk_t blob, int level0) chunk_t object; int objectID; - parser = asn1_parser_create(roleSyntaxObjects, ROLE_ROOF, blob); + parser = asn1_parser_create(roleSyntaxObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -326,7 +326,8 @@ static const asn1Object_t acObjects[] = { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 51 */ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 52 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 53 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 54 */ + { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 54 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define AC_OBJ_CERTIFICATE_INFO 1 #define AC_OBJ_VERSION 2 @@ -346,7 +347,6 @@ static const asn1Object_t acObjects[] = #define AC_OBJ_EXTN_VALUE 51 #define AC_OBJ_ALGORITHM 53 #define AC_OBJ_SIGNATURE 54 -#define AC_OBJ_ROOF 55 /** * Parses an X.509 attribute certificate @@ -362,7 +362,7 @@ static bool parse_certificate(private_x509_ac_t *this) bool success = FALSE; bool critical; - parser = asn1_parser_create(acObjects, AC_OBJ_ROOF, this->encoding); + parser = asn1_parser_create(acObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 3da7b2a93..475a7a62e 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -179,10 +179,10 @@ static const asn1Object_t basicConstraintsObjects[] = { { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */ { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define BASIC_CONSTRAINTS_CA 1 -#define BASIC_CONSTRAINTS_ROOF 4 /** * Extracts the basicConstraints extension @@ -194,8 +194,7 @@ static bool parse_basicConstraints(chunk_t blob, int level0) int objectID; bool isCA = FALSE; - parser = asn1_parser_create(basicConstraintsObjects, BASIC_CONSTRAINTS_ROOF, - blob); + parser = asn1_parser_create(basicConstraintsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -215,12 +214,12 @@ static bool parse_basicConstraints(chunk_t blob, int level0) * ASN.1 definition of otherName */ static const asn1Object_t otherNameObjects[] = { - {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ - {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY } /* 1 */ + {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ + {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY }, /* 1 */ + {0, "exit", ASN1_EOC, ASN1_EXIT } }; #define ON_OBJ_ID_TYPE 0 #define ON_OBJ_VALUE 1 -#define ON_OBJ_ROOF 2 /** * Extracts an otherName @@ -233,7 +232,7 @@ static bool parse_otherName(chunk_t blob, int level0) int oid = OID_UNKNOWN; bool success = FALSE; - parser = asn1_parser_create(otherNameObjects,ON_OBJ_ROOF, blob); + parser = asn1_parser_create(otherNameObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -285,7 +284,8 @@ static const asn1Object_t generalNameObjects[] = { { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */ { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */ { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */ - { 0, "end choice", ASN1_EOC, ASN1_END } /* 17 */ + { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define GN_OBJ_OTHER_NAME 0 #define GN_OBJ_RFC822_NAME 2 @@ -296,7 +296,6 @@ static const asn1Object_t generalNameObjects[] = { #define GN_OBJ_URI 12 #define GN_OBJ_IP_ADDRESS 14 #define GN_OBJ_REGISTERED_ID 16 -#define GN_OBJ_ROOF 18 /** * Extracts a generalName @@ -309,7 +308,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0) identification_t *gn = NULL; - parser = asn1_parser_create(generalNameObjects, GN_OBJ_ROOF, blob); + parser = asn1_parser_create(generalNameObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -362,12 +361,12 @@ end: * ASN.1 definition of generalNames */ static const asn1Object_t generalNamesObjects[] = { - { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */ + { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define GENERAL_NAMES_GN 1 -#define GENERAL_NAMES_ROOF 3 /** * Extracts one or several GNs and puts them into a chained list @@ -378,7 +377,7 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis chunk_t object; int objectID; - parser = asn1_parser_create(generalNamesObjects, GENERAL_NAMES_ROOF, blob); + parser = asn1_parser_create(generalNamesObjects, blob); parser->set_top_level(parser, level0); parser->set_flags(parser, implicit, FALSE); @@ -398,53 +397,22 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis parser->destroy(parser); } -/** - * ASN.1 definition of a keyIdentifier - */ -static const asn1Object_t keyIdentifierObjects[] = { - { 0, "keyIdentifier", ASN1_OCTET_STRING, ASN1_BODY } /* 0 */ -}; -#define KEY_ID_ROOF 1 - -/** - * Extracts a keyIdentifier - */ -static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - - chunk_t keyIdentifier = chunk_empty; - - parser = asn1_parser_create(keyIdentifierObjects, KEY_ID_ROOF, blob); - parser->set_top_level(parser, level0); - parser->set_flags(parser, implicit, FALSE); - - if (parser->iterate(parser, &objectID, &object)) - { - keyIdentifier = object; - } - parser->destroy(parser); - return keyIdentifier; -} - /** * ASN.1 definition of a authorityKeyIdentifier extension */ static const asn1Object_t authKeyIdentifierObjects[] = { - { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_OBJ }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ - { 1, "authorityCertSerialNumber",ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */ + { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ + { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ + { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define AUTH_KEY_ID_KEY_ID 1 #define AUTH_KEY_ID_CERT_ISSUER 3 #define AUTH_KEY_ID_CERT_SERIAL 5 -#define AUTH_KEY_ID_ROOF 7 /** * Extracts an authoritykeyIdentifier @@ -459,7 +427,7 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, *authKeySerialNumber = chunk_empty; - parser = asn1_parser_create(authKeyIdentifierObjects, AUTH_KEY_ID_ROOF,blob); + parser = asn1_parser_create(authKeyIdentifierObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -467,23 +435,12 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, switch (objectID) { case AUTH_KEY_ID_KEY_ID: - { - chunk_t authKeyID = parse_keyIdentifier(object, - parser->get_level(parser)+1, TRUE); - - if (authKeyID.ptr == NULL) - { - goto end; - } authKeyIdentifier = identification_create_from_encoding( - ID_PUBKEY_SHA1, authKeyID); + ID_PUBKEY_SHA1, object); break; - } case AUTH_KEY_ID_CERT_ISSUER: - { /* TODO: x509_parse_generalNames(object, level+1, TRUE); */ break; - } case AUTH_KEY_ID_CERT_SERIAL: *authKeySerialNumber = object; break; @@ -491,8 +448,6 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, break; } } - -end: parser->destroy(parser); return authKeyIdentifier; } @@ -501,15 +456,15 @@ end: * ASN.1 definition of a authorityInfoAccess extension */ static const asn1Object_t authInfoAccessObjects[] = { - { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */ - { 0, "end loop", ASN1_EOC, ASN1_END } /* 4 */ + { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 4 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define AUTH_INFO_ACCESS_METHOD 2 #define AUTH_INFO_ACCESS_LOCATION 3 -#define AUTH_INFO_ACCESS_ROOF 5 /** * Extracts an authorityInfoAcess location @@ -522,8 +477,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, int objectID; int accessMethod = OID_UNKNOWN; - parser = asn1_parser_create(authInfoAccessObjects, AUTH_INFO_ACCESS_ROOF, - blob); + parser = asn1_parser_create(authInfoAccessObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -578,12 +532,12 @@ end: * ASN.1 definition of a extendedKeyUsage extension */ static const asn1Object_t extendedKeyUsageObjects[] = { - { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define EXT_KEY_USAGE_PURPOSE_ID 1 -#define EXT_KEY_USAGE_ROOF 3 /** * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned @@ -595,8 +549,7 @@ static bool parse_extendedKeyUsage(chunk_t blob, int level0) int objectID; bool ocsp_signing = FALSE; - parser = asn1_parser_create(extendedKeyUsageObjects, EXT_KEY_USAGE_ROOF, - blob); + parser = asn1_parser_create(extendedKeyUsageObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -628,10 +581,9 @@ static const asn1Object_t crlDistributionPointsObjects[] = { { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define CRL_DIST_POINTS_FULLNAME 3 -#define CRL_DIST_POINTS_ROOF 13 - /** * Extracts one or several crlDistributionPoints into a list @@ -644,8 +596,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, int objectID; linked_list_t *list = linked_list_create(); - parser = asn1_parser_create(crlDistributionPointsObjects, - CRL_DIST_POINTS_ROOF, blob); + parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -705,7 +656,8 @@ static const asn1Object_t certObjects[] = { { 3, "end loop", ASN1_EOC, ASN1_END }, /* 24 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 25 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 26 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 27 */ + { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 27 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define X509_OBJ_TBS_CERTIFICATE 1 #define X509_OBJ_VERSION 3 @@ -722,7 +674,6 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_EXTN_VALUE 23 #define X509_OBJ_ALGORITHM 26 #define X509_OBJ_SIGNATURE 27 -#define X509_OBJ_ROOF 28 /** * Parses an X.509v3 certificate @@ -738,7 +689,7 @@ static bool parse_certificate(private_x509_cert_t *this) bool success = FALSE; bool critical; - parser = asn1_parser_create(certObjects, X509_OBJ_ROOF, this->encoding); + parser = asn1_parser_create(certObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { @@ -810,10 +761,16 @@ static bool parse_certificate(private_x509_cert_t *this) switch (extn_oid) { case OID_SUBJECT_KEY_ID: - this->subjectKeyID = parse_keyIdentifier(object, level, FALSE); + if (!asn1_parse_simple_object(&object, ASN1_OCTET_STRING, + level, "keyIdentifier")) + { + goto end; + } + this->subjectKeyID = object; break; case OID_SUBJECT_ALT_NAME: - x509_parse_generalNames(object, level, FALSE, this->subjectAltNames); + x509_parse_generalNames(object, level, FALSE, + this->subjectAltNames); break; case OID_BASIC_CONSTRAINTS: if (parse_basicConstraints(object, level)) diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index ade3e0fd1..15ca74bb6 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -169,7 +169,8 @@ static const asn1Object_t crlObjects[] = { { 3, "end loop", ASN1_EOC, ASN1_END }, /* 25 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 27 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 28 */ + { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 28 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define CRL_OBJ_TBS_CERT_LIST 1 #define CRL_OBJ_VERSION 2 @@ -187,7 +188,6 @@ static const asn1Object_t crlObjects[] = { #define CRL_OBJ_EXTN_VALUE 24 #define CRL_OBJ_ALGORITHM 27 #define CRL_OBJ_SIGNATURE 28 -#define CRL_OBJ_ROOF 29 /** * Parses an X.509 Certificate Revocation List (CRL) @@ -204,7 +204,7 @@ static bool parse(private_x509_crl_t *this) bool critical; revoked_t *revoked = NULL; - parser = asn1_parser_create(crlObjects, CRL_OBJ_ROOF, this->encoding); + parser = asn1_parser_create(crlObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index bcfc0f589..8ba311077 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -282,7 +282,8 @@ static const asn1Object_t singleResponseObjects[] = { ASN1_DEF }, /* 24 */ { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 25 */ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 26 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 27 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 27 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define SINGLE_RESPONSE_ALGORITHM 2 #define SINGLE_RESPONSE_ISSUER_NAME_HASH 3 @@ -298,7 +299,6 @@ static const asn1Object_t singleResponseObjects[] = { #define SINGLE_RESPONSE_EXT_ID 23 #define SINGLE_RESPONSE_CRITICAL 24 #define SINGLE_RESPONSE_EXT_VALUE 25 -#define SINGLE_RESPONSE_ROOF 28 /** * Parse a single OCSP response @@ -325,8 +325,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, /* if nextUpdate is missing, we give it a short lifetime */ response->nextUpdate = this->producedAt + OCSP_DEFAULT_LIFETIME; - parser = asn1_parser_create(singleResponseObjects, SINGLE_RESPONSE_ROOF, - blob); + parser = asn1_parser_create(singleResponseObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -393,12 +392,12 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, * ASN.1 definition of responses */ static const asn1Object_t responsesObjects[] = { - { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */ + { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define RESPONSES_SINGLE_RESPONSE 1 -#define RESPONSES_ROOF 3 /** * Parse all responses @@ -411,7 +410,7 @@ static bool parse_responses(private_x509_ocsp_response_t *this, int objectID; bool success = FALSE; - parser = asn1_parser_create(responsesObjects, RESPONSES_ROOF, blob); + parser = asn1_parser_create(responsesObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -468,7 +467,8 @@ static const asn1Object_t basicResponseObjects[] = { { 2, "certs", ASN1_SEQUENCE, ASN1_LOOP }, /* 23 */ { 3, "certificate", ASN1_SEQUENCE, ASN1_RAW }, /* 24 */ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 25 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 26 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define BASIC_RESPONSE_TBS_DATA 1 #define BASIC_RESPONSE_VERSION 3 @@ -482,7 +482,6 @@ static const asn1Object_t basicResponseObjects[] = { #define BASIC_RESPONSE_ALGORITHM 20 #define BASIC_RESPONSE_SIGNATURE 21 #define BASIC_RESPONSE_CERTIFICATE 24 -#define BASIC_RESPONSE_ROOF 27 /** * Parse a basicOCSPResponse @@ -500,7 +499,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, bool success = FALSE; bool critical; - parser = asn1_parser_create(basicResponseObjects, BASIC_RESPONSE_ROOF, blob); + parser = asn1_parser_create(basicResponseObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -592,18 +591,18 @@ end: * ASN.1 definition of ocspResponse */ static const asn1Object_t ocspResponseObjects[] = { - { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */ - { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */ - { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */ - { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */ - { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */ + { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */ + { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */ + { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */ + { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */ + { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define OCSP_RESPONSE_STATUS 1 #define OCSP_RESPONSE_TYPE 4 #define OCSP_RESPONSE 5 -#define OCSP_RESPONSE_ROOF 7 /** * Parse OCSPResponse object @@ -617,8 +616,7 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this) bool success = FALSE; ocsp_status_t status; - parser = asn1_parser_create(ocspResponseObjects, OCSP_RESPONSE_ROOF, - this->encoding); + parser = asn1_parser_create(ocspResponseObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { |