diff options
| -rw-r--r-- | src/libstrongswan/asn1/asn1.c | 23 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/asn1_parser.c | 14 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/asn1_parser.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/pkcs7.c | 26 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/pkcs9.c | 33 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gmp/gmp_public_key.c | 7 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c | 69 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 14 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/ietf_attr_list.c | 6 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 20 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 143 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_crl.c | 6 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ocsp_response.c | 42 |
13 files changed, 178 insertions, 229 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 780a589ef..700f56371 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -453,11 +453,11 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c static const asn1Object_t algorithmIdentifierObjects[] = { { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ - { 1, "parameters", ASN1_EOC, ASN1_RAW } /* 2 */ + { 1, "parameters", ASN1_EOC, ASN1_RAW }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define ALGORITHM_ID_ALG 1 -#define ALGORITHM_ID_PARAMETERS 2 -#define ALGORITHM_ID_ROOF 3 +#define ALGORITHM_ID_ALG 1 +#define ALGORITHM_ID_PARAMETERS 2 /* * Defined in header @@ -469,8 +469,7 @@ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters int objectID; int alg = OID_UNKNOWN; - parser = asn1_parser_create(algorithmIdentifierObjects, ALGORITHM_ID_ROOF, - blob); + parser = asn1_parser_create(algorithmIdentifierObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -682,14 +681,14 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) * ASN.1 definition of time */ static const asn1Object_t timeObjects[] = { - { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */ - { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */ - { 0, "generalizeTime",ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 0, "end opt", ASN1_EOC, ASN1_END } /* 3 */ + { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */ + { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */ + { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */ + { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define TIME_UTC 0 #define TIME_GENERALIZED 2 -#define TIME_ROOF 4 /** * extracts and converts a UTCTIME or GENERALIZEDTIME object @@ -701,7 +700,7 @@ time_t asn1_parse_time(chunk_t blob, int level0) int objectID; time_t utc_time = 0; - parser= asn1_parser_create(timeObjects, TIME_ROOF, blob); + parser= asn1_parser_create(timeObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index 5a32d6e64..ce35a9fae 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -46,11 +46,6 @@ struct private_asn1_parser_t { asn1Object_t const *objects; /** - * Total number of syntax definition lines - */ - int roof; - - /** * Current syntax definition line */ int line; @@ -98,12 +93,14 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) *object = chunk_empty; + /* Advance to the next object syntax definition line */ + obj = this->objects[++(this->line)]; + /* Terminate if the end of the object syntax definition has been reached */ - if (++(this->line) >= this->roof) + if (obj.flags & ASN1_EXIT) { return FALSE; } - obj = this->objects[this->line]; if (obj.flags & ASN1_END) /* end of loop or option found */ { @@ -284,7 +281,7 @@ static void destroy(private_asn1_parser_t *this) /** * Defined in header. */ -asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t blob) +asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) { private_asn1_parser_t *this = malloc_thing(private_asn1_parser_t); @@ -292,7 +289,6 @@ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t this->objects = objects; this->blobs[0] = blob; this->line = -1; - this->roof = roof; this->success = TRUE; this->public.iterate = (bool (*)(asn1_parser_t*, int*, chunk_t*))iterate; diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h index 4b8d58dba..285fa4203 100644 --- a/src/libstrongswan/asn1/asn1_parser.h +++ b/src/libstrongswan/asn1/asn1_parser.h @@ -40,6 +40,7 @@ #define ASN1_OBJ 0x10 #define ASN1_BODY 0x20 #define ASN1_RAW 0x40 +#define ASN1_EXIT 0x80 typedef struct asn1Object_t asn1Object_t; @@ -110,10 +111,9 @@ struct asn1_parser_t { * Create an ASN.1 parser * * @param objects syntax definition of the ASN.1 object to be parsed - * @param roof number of syntax definition lines * @param blob ASN.1 coded binary blob * @return ASN.1 context */ -asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t blob); +asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob); #endif /* ASN1_PARSER_H_ @}*/ diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index 159b3eb34..01a5f75bd 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -250,7 +250,8 @@ static const asn1Object_t signedDataObjects[] = { { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */ { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */ - { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 25 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PKCS7_DIGEST_ALG 3 #define PKCS7_SIGNED_CONTENT_INFO 5 @@ -262,7 +263,6 @@ static const asn1Object_t signedDataObjects[] = { #define PKCS7_AUTH_ATTRIBUTES 19 #define PKCS7_DIGEST_ENC_ALGORITHM 21 #define PKCS7_ENCRYPTED_DIGEST 22 -#define PKCS7_SIGNED_ROOF 26 /** * Implements pkcs7_t.parse_signedData. @@ -284,8 +284,7 @@ static bool parse_signedData(private_pkcs7_t *this, x509_t *cacert) return FALSE; } - parser = asn1_parser_create(signedDataObjects, PKCS7_SIGNED_ROOF, - this->content); + parser = asn1_parser_create(signedDataObjects, this->content); parser->set_top_level(parser, this->level); while (parser->iterate(parser, &objectID, &object)) @@ -462,7 +461,8 @@ static const asn1Object_t envelopedDataObjects[] = { { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */ { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */ { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */ - { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */ + { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY }, /* 14 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PKCS7_ENVELOPED_VERSION 1 #define PKCS7_RECIPIENT_INFO_VERSION 4 @@ -473,7 +473,6 @@ static const asn1Object_t envelopedDataObjects[] = { #define PKCS7_CONTENT_TYPE 12 #define PKCS7_CONTENT_ENC_ALGORITHM 13 #define PKCS7_ENCRYPTED_CONTENT 14 -#define PKCS7_ENVELOPED_ROOF 15 /** * Parse PKCS#7 envelopedData content @@ -497,8 +496,7 @@ static bool parse_envelopedData(private_pkcs7_t *this, chunk_t serialNumber, return FALSE; } - parser = asn1_parser_create(envelopedDataObjects, PKCS7_ENVELOPED_ROOF, - this->content); + parser = asn1_parser_create(envelopedDataObjects, this->content); parser->set_top_level(parser, this->level); while (parser->iterate(parser, &objectID, &object)) @@ -959,15 +957,15 @@ static void destroy(private_pkcs7_t *this) * ASN.1 definition of the PKCS#7 ContentInfo type */ static const asn1Object_t contentInfoObjects[] = { - { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */ + { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */ { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_BODY }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */ + ASN1_BODY }, /* 2 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PKCS7_INFO_TYPE 1 #define PKCS7_INFO_CONTENT 2 -#define PKCS7_INFO_ROOF 4 /** * Parse PKCS#7 contentInfo object @@ -979,7 +977,7 @@ static bool parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_t *cInfo int objectID; bool success = FALSE; - parser = asn1_parser_create(contentInfoObjects, PKCS7_INFO_TYPE, blob); + parser = asn1_parser_create(contentInfoObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c index 6b28ae34b..4ba73365c 100644 --- a/src/libstrongswan/crypto/pkcs9.c +++ b/src/libstrongswan/crypto/pkcs9.c @@ -77,21 +77,6 @@ struct attribute_t { }; -/* ASN.1 definition of the X.501 atttribute type */ - -static const asn1Object_t attributesObjects[] = { - { 0, "attributes", ASN1_SET, ASN1_LOOP }, /* 0 */ - { 1, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "type", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "values", ASN1_SET, ASN1_LOOP }, /* 3 */ - { 3, "value", ASN1_EOC, ASN1_RAW }, /* 4 */ - { 2, "end loop", ASN1_EOC, ASN1_END }, /* 5 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 6 */ -}; -#define ATTRIBUTE_OBJ_TYPE 2 -#define ATTRIBUTE_OBJ_VALUE 4 -#define ATTRIBUTE_OBJ_ROOF 7 - /** * PKCS#9 attribute type OIDs */ @@ -391,6 +376,22 @@ pkcs9_t *pkcs9_create(void) } /** + * ASN.1 definition of the X.501 atttribute type + */ +static const asn1Object_t attributesObjects[] = { + { 0, "attributes", ASN1_SET, ASN1_LOOP }, /* 0 */ + { 1, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "type", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "values", ASN1_SET, ASN1_LOOP }, /* 3 */ + { 3, "value", ASN1_EOC, ASN1_RAW }, /* 4 */ + { 2, "end loop", ASN1_EOC, ASN1_END }, /* 5 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 6 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define ATTRIBUTE_OBJ_TYPE 2 +#define ATTRIBUTE_OBJ_VALUE 4 + +/** * Parse a PKCS#9 attribute list */ static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this) @@ -401,7 +402,7 @@ static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this) int oid = OID_UNKNOWN; bool success = FALSE; - parser = asn1_parser_create(attributesObjects, ATTRIBUTE_OBJ_ROOF, chunk); + parser = asn1_parser_create(attributesObjects, chunk); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) diff --git a/src/libstrongswan/plugins/gmp/gmp_public_key.c b/src/libstrongswan/plugins/gmp/gmp_public_key.c index 9064addb3..37a079ae3 100644 --- a/src/libstrongswan/plugins/gmp/gmp_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_public_key.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Copyright (C) 2000-2006 Andreas Steffen + * Copyright (C) 2000-2008 Andreas Steffen * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,10 +30,11 @@ static const asn1Object_t pkinfoObjects[] = { { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_OBJ }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 1 #define PKINFO_SUBJECT_PUBLIC_KEY 2 -#define PKINFO_ROOF 3 + /** * Load a public key from an ASN1 encoded blob @@ -46,7 +47,7 @@ static public_key_t *load(chunk_t blob) public_key_t *key = NULL; key_type_t type = KEY_ANY; - parser = asn1_parser_create(pkinfoObjects, PKINFO_ROOF, blob); + parser = asn1_parser_create(pkinfoObjects, blob); while (parser->iterate(parser, &objectID, &object)) { diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 3d6053ed9..b6285dad7 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -112,40 +112,6 @@ struct private_gmp_rsa_private_key_t { }; /** - * ASN.1 definition of a PKCS#1 RSA private key - */ -static const asn1Object_t privkeyObjects[] = { - { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ - { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ - { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ - { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ - { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ - { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ - { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ - { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 10 */ - { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ - { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ - { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ - { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ - { 1, "end opt or loop", ASN1_EOC, ASN1_END } /* 15 */ -}; - -#define PRIV_KEY_VERSION 1 -#define PRIV_KEY_MODULUS 2 -#define PRIV_KEY_PUB_EXP 3 -#define PRIV_KEY_PRIV_EXP 4 -#define PRIV_KEY_PRIME1 5 -#define PRIV_KEY_PRIME2 6 -#define PRIV_KEY_EXP1 7 -#define PRIV_KEY_EXP2 8 -#define PRIV_KEY_COEFF 9 -#define PRIV_KEY_ROOF 16 - -/** * shared functions, implemented in gmp_rsa_public_key.c */ bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid, @@ -673,6 +639,39 @@ static gmp_rsa_private_key_t *generate(size_t key_size) } /** + * ASN.1 definition of a PKCS#1 RSA private key + */ +static const asn1Object_t privkeyObjects[] = { + { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ + { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ + { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ + { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ + { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ + { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ + { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ + { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | + ASN1_LOOP }, /* 10 */ + { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ + { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ + { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ + { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ + { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PRIV_KEY_VERSION 1 +#define PRIV_KEY_MODULUS 2 +#define PRIV_KEY_PUB_EXP 3 +#define PRIV_KEY_PRIV_EXP 4 +#define PRIV_KEY_PRIME1 5 +#define PRIV_KEY_PRIME2 6 +#define PRIV_KEY_EXP1 7 +#define PRIV_KEY_EXP2 8 +#define PRIV_KEY_COEFF 9 + +/** * load private key from a ASN1 encoded blob */ static gmp_rsa_private_key_t *load(chunk_t blob) @@ -693,7 +692,7 @@ static gmp_rsa_private_key_t *load(chunk_t blob) mpz_init(this->exp2); mpz_init(this->coeff); - parser = asn1_parser_create(privkeyObjects, PRIV_KEY_ROOF, blob); + parser = asn1_parser_create(privkeyObjects, blob); parser->set_flags(parser, FALSE, TRUE); while (parser->iterate(parser, &objectID, &object)) diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index b36ddd01d..779da6881 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -117,11 +117,11 @@ static const asn1Object_t digestInfoObjects[] = { { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define DIGEST_INFO 0 #define DIGEST_INFO_ALGORITHM 1 #define DIGEST_INFO_DIGEST 2 -#define DIGEST_INFO_ROOF 3 /** * Verification of an EMPSA PKCS1 signature described in PKCS#1 @@ -194,7 +194,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, int objectID; hash_algorithm_t hash_algorithm = HASH_UNKNOWN; - parser = asn1_parser_create(digestInfoObjects, DIGEST_INFO_ROOF, em); + parser = asn1_parser_create(digestInfoObjects, em); while (parser->iterate(parser, &objectID, &object)) { @@ -453,14 +453,14 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e) * ASN.1 definition of RSApublicKey */ static const asn1Object_t pubkeyObjects[] = { - { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PUB_KEY_RSA_PUBLIC_KEY 0 #define PUB_KEY_MODULUS 1 #define PUB_KEY_EXPONENT 2 -#define PUB_KEY_ROOF 3 /** * Load a public key from an ASN1 encoded blob @@ -477,7 +477,7 @@ static gmp_rsa_public_key_t *load(chunk_t blob) mpz_init(this->n); mpz_init(this->e); - parser = asn1_parser_create(pubkeyObjects, PUB_KEY_ROOF, blob); + parser = asn1_parser_create(pubkeyObjects, blob); while (parser->iterate(parser, &objectID, &object)) { diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.c b/src/libstrongswan/plugins/x509/ietf_attr_list.c index d27cf62df..17f6949b2 100644 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.c +++ b/src/libstrongswan/plugins/x509/ietf_attr_list.c @@ -296,12 +296,12 @@ static const asn1Object_t ietfAttrSyntaxObjects[] = { 2, "string", ASN1_UTF8STRING, ASN1_OPT | ASN1_BODY }, /* 8 */ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ - { 1, "end loop", ASN1_EOC, ASN1_END } /* 10 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define IETF_ATTR_OCTETS 4 #define IETF_ATTR_OID 6 #define IETF_ATTR_STRING 8 -#define IETF_ATTR_ROOF 11 /* * Described in header. @@ -312,7 +312,7 @@ void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int lev chunk_t object; int objectID; - parser = asn1_parser_create(ietfAttrSyntaxObjects, IETF_ATTR_ROOF, chunk); + parser = asn1_parser_create(ietfAttrSyntaxObjects, chunk); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index e650405b2..113306072 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -228,13 +228,13 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi */ static const asn1Object_t roleSyntaxObjects[] = { - { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_OBJ }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ } /* 3 */ + { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | + ASN1_OBJ }, /* 1 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ + { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define ROLE_ROOF 4 /** * Parses roleSyntax @@ -245,7 +245,7 @@ static void parse_roleSyntax(chunk_t blob, int level0) chunk_t object; int objectID; - parser = asn1_parser_create(roleSyntaxObjects, ROLE_ROOF, blob); + parser = asn1_parser_create(roleSyntaxObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -326,7 +326,8 @@ static const asn1Object_t acObjects[] = { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 51 */ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 52 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 53 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 54 */ + { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 54 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define AC_OBJ_CERTIFICATE_INFO 1 #define AC_OBJ_VERSION 2 @@ -346,7 +347,6 @@ static const asn1Object_t acObjects[] = #define AC_OBJ_EXTN_VALUE 51 #define AC_OBJ_ALGORITHM 53 #define AC_OBJ_SIGNATURE 54 -#define AC_OBJ_ROOF 55 /** * Parses an X.509 attribute certificate @@ -362,7 +362,7 @@ static bool parse_certificate(private_x509_ac_t *this) bool success = FALSE; bool critical; - parser = asn1_parser_create(acObjects, AC_OBJ_ROOF, this->encoding); + parser = asn1_parser_create(acObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 3da7b2a93..475a7a62e 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -179,10 +179,10 @@ static const asn1Object_t basicConstraintsObjects[] = { { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */ { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define BASIC_CONSTRAINTS_CA 1 -#define BASIC_CONSTRAINTS_ROOF 4 /** * Extracts the basicConstraints extension @@ -194,8 +194,7 @@ static bool parse_basicConstraints(chunk_t blob, int level0) int objectID; bool isCA = FALSE; - parser = asn1_parser_create(basicConstraintsObjects, BASIC_CONSTRAINTS_ROOF, - blob); + parser = asn1_parser_create(basicConstraintsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -215,12 +214,12 @@ static bool parse_basicConstraints(chunk_t blob, int level0) * ASN.1 definition of otherName */ static const asn1Object_t otherNameObjects[] = { - {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ - {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY } /* 1 */ + {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ + {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY }, /* 1 */ + {0, "exit", ASN1_EOC, ASN1_EXIT } }; #define ON_OBJ_ID_TYPE 0 #define ON_OBJ_VALUE 1 -#define ON_OBJ_ROOF 2 /** * Extracts an otherName @@ -233,7 +232,7 @@ static bool parse_otherName(chunk_t blob, int level0) int oid = OID_UNKNOWN; bool success = FALSE; - parser = asn1_parser_create(otherNameObjects,ON_OBJ_ROOF, blob); + parser = asn1_parser_create(otherNameObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -285,7 +284,8 @@ static const asn1Object_t generalNameObjects[] = { { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */ { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */ { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */ - { 0, "end choice", ASN1_EOC, ASN1_END } /* 17 */ + { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define GN_OBJ_OTHER_NAME 0 #define GN_OBJ_RFC822_NAME 2 @@ -296,7 +296,6 @@ static const asn1Object_t generalNameObjects[] = { #define GN_OBJ_URI 12 #define GN_OBJ_IP_ADDRESS 14 #define GN_OBJ_REGISTERED_ID 16 -#define GN_OBJ_ROOF 18 /** * Extracts a generalName @@ -309,7 +308,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0) identification_t *gn = NULL; - parser = asn1_parser_create(generalNameObjects, GN_OBJ_ROOF, blob); + parser = asn1_parser_create(generalNameObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -362,12 +361,12 @@ end: * ASN.1 definition of generalNames */ static const asn1Object_t generalNamesObjects[] = { - { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */ + { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define GENERAL_NAMES_GN 1 -#define GENERAL_NAMES_ROOF 3 /** * Extracts one or several GNs and puts them into a chained list @@ -378,7 +377,7 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis chunk_t object; int objectID; - parser = asn1_parser_create(generalNamesObjects, GENERAL_NAMES_ROOF, blob); + parser = asn1_parser_create(generalNamesObjects, blob); parser->set_top_level(parser, level0); parser->set_flags(parser, implicit, FALSE); @@ -398,53 +397,22 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis parser->destroy(parser); } -/** - * ASN.1 definition of a keyIdentifier - */ -static const asn1Object_t keyIdentifierObjects[] = { - { 0, "keyIdentifier", ASN1_OCTET_STRING, ASN1_BODY } /* 0 */ -}; -#define KEY_ID_ROOF 1 - -/** - * Extracts a keyIdentifier - */ -static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - - chunk_t keyIdentifier = chunk_empty; - - parser = asn1_parser_create(keyIdentifierObjects, KEY_ID_ROOF, blob); - parser->set_top_level(parser, level0); - parser->set_flags(parser, implicit, FALSE); - - if (parser->iterate(parser, &objectID, &object)) - { - keyIdentifier = object; - } - parser->destroy(parser); - return keyIdentifier; -} - /** * ASN.1 definition of a authorityKeyIdentifier extension */ static const asn1Object_t authKeyIdentifierObjects[] = { - { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_OBJ }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ - { 1, "authorityCertSerialNumber",ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */ + { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ + { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ + { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define AUTH_KEY_ID_KEY_ID 1 #define AUTH_KEY_ID_CERT_ISSUER 3 #define AUTH_KEY_ID_CERT_SERIAL 5 -#define AUTH_KEY_ID_ROOF 7 /** * Extracts an authoritykeyIdentifier @@ -459,7 +427,7 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, *authKeySerialNumber = chunk_empty; - parser = asn1_parser_create(authKeyIdentifierObjects, AUTH_KEY_ID_ROOF,blob); + parser = asn1_parser_create(authKeyIdentifierObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -467,23 +435,12 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, switch (objectID) { case AUTH_KEY_ID_KEY_ID: - { - chunk_t authKeyID = parse_keyIdentifier(object, - parser->get_level(parser)+1, TRUE); - - if (authKeyID.ptr == NULL) - { - goto end; - } authKeyIdentifier = identification_create_from_encoding( - ID_PUBKEY_SHA1, authKeyID); + ID_PUBKEY_SHA1, object); break; - } case AUTH_KEY_ID_CERT_ISSUER: - { /* TODO: x509_parse_generalNames(object, level+1, TRUE); */ break; - } case AUTH_KEY_ID_CERT_SERIAL: *authKeySerialNumber = object; break; @@ -491,8 +448,6 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, break; } } - -end: parser->destroy(parser); return authKeyIdentifier; } @@ -501,15 +456,15 @@ end: * ASN.1 definition of a authorityInfoAccess extension */ static const asn1Object_t authInfoAccessObjects[] = { - { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */ - { 0, "end loop", ASN1_EOC, ASN1_END } /* 4 */ + { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 4 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define AUTH_INFO_ACCESS_METHOD 2 #define AUTH_INFO_ACCESS_LOCATION 3 -#define AUTH_INFO_ACCESS_ROOF 5 /** * Extracts an authorityInfoAcess location @@ -522,8 +477,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, int objectID; int accessMethod = OID_UNKNOWN; - parser = asn1_parser_create(authInfoAccessObjects, AUTH_INFO_ACCESS_ROOF, - blob); + parser = asn1_parser_create(authInfoAccessObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -578,12 +532,12 @@ end: * ASN.1 definition of a extendedKeyUsage extension */ static const asn1Object_t extendedKeyUsageObjects[] = { - { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define EXT_KEY_USAGE_PURPOSE_ID 1 -#define EXT_KEY_USAGE_ROOF 3 /** * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned @@ -595,8 +549,7 @@ static bool parse_extendedKeyUsage(chunk_t blob, int level0) int objectID; bool ocsp_signing = FALSE; - parser = asn1_parser_create(extendedKeyUsageObjects, EXT_KEY_USAGE_ROOF, - blob); + parser = asn1_parser_create(extendedKeyUsageObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -628,10 +581,9 @@ static const asn1Object_t crlDistributionPointsObjects[] = { { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define CRL_DIST_POINTS_FULLNAME 3 -#define CRL_DIST_POINTS_ROOF 13 - /** * Extracts one or several crlDistributionPoints into a list @@ -644,8 +596,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, int objectID; linked_list_t *list = linked_list_create(); - parser = asn1_parser_create(crlDistributionPointsObjects, - CRL_DIST_POINTS_ROOF, blob); + parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -705,7 +656,8 @@ static const asn1Object_t certObjects[] = { { 3, "end loop", ASN1_EOC, ASN1_END }, /* 24 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 25 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 26 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 27 */ + { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 27 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define X509_OBJ_TBS_CERTIFICATE 1 #define X509_OBJ_VERSION 3 @@ -722,7 +674,6 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_EXTN_VALUE 23 #define X509_OBJ_ALGORITHM 26 #define X509_OBJ_SIGNATURE 27 -#define X509_OBJ_ROOF 28 /** * Parses an X.509v3 certificate @@ -738,7 +689,7 @@ static bool parse_certificate(private_x509_cert_t *this) bool success = FALSE; bool critical; - parser = asn1_parser_create(certObjects, X509_OBJ_ROOF, this->encoding); + parser = asn1_parser_create(certObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { @@ -810,10 +761,16 @@ static bool parse_certificate(private_x509_cert_t *this) switch (extn_oid) { case OID_SUBJECT_KEY_ID: - this->subjectKeyID = parse_keyIdentifier(object, level, FALSE); + if (!asn1_parse_simple_object(&object, ASN1_OCTET_STRING, + level, "keyIdentifier")) + { + goto end; + } + this->subjectKeyID = object; break; case OID_SUBJECT_ALT_NAME: - x509_parse_generalNames(object, level, FALSE, this->subjectAltNames); + x509_parse_generalNames(object, level, FALSE, + this->subjectAltNames); break; case OID_BASIC_CONSTRAINTS: if (parse_basicConstraints(object, level)) diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index ade3e0fd1..15ca74bb6 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -169,7 +169,8 @@ static const asn1Object_t crlObjects[] = { { 3, "end loop", ASN1_EOC, ASN1_END }, /* 25 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 27 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 28 */ + { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 28 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define CRL_OBJ_TBS_CERT_LIST 1 #define CRL_OBJ_VERSION 2 @@ -187,7 +188,6 @@ static const asn1Object_t crlObjects[] = { #define CRL_OBJ_EXTN_VALUE 24 #define CRL_OBJ_ALGORITHM 27 #define CRL_OBJ_SIGNATURE 28 -#define CRL_OBJ_ROOF 29 /** * Parses an X.509 Certificate Revocation List (CRL) @@ -204,7 +204,7 @@ static bool parse(private_x509_crl_t *this) bool critical; revoked_t *revoked = NULL; - parser = asn1_parser_create(crlObjects, CRL_OBJ_ROOF, this->encoding); + parser = asn1_parser_create(crlObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index bcfc0f589..8ba311077 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -282,7 +282,8 @@ static const asn1Object_t singleResponseObjects[] = { ASN1_DEF }, /* 24 */ { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 25 */ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 26 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 27 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 27 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define SINGLE_RESPONSE_ALGORITHM 2 #define SINGLE_RESPONSE_ISSUER_NAME_HASH 3 @@ -298,7 +299,6 @@ static const asn1Object_t singleResponseObjects[] = { #define SINGLE_RESPONSE_EXT_ID 23 #define SINGLE_RESPONSE_CRITICAL 24 #define SINGLE_RESPONSE_EXT_VALUE 25 -#define SINGLE_RESPONSE_ROOF 28 /** * Parse a single OCSP response @@ -325,8 +325,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, /* if nextUpdate is missing, we give it a short lifetime */ response->nextUpdate = this->producedAt + OCSP_DEFAULT_LIFETIME; - parser = asn1_parser_create(singleResponseObjects, SINGLE_RESPONSE_ROOF, - blob); + parser = asn1_parser_create(singleResponseObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -393,12 +392,12 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, * ASN.1 definition of responses */ static const asn1Object_t responsesObjects[] = { - { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */ + { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define RESPONSES_SINGLE_RESPONSE 1 -#define RESPONSES_ROOF 3 /** * Parse all responses @@ -411,7 +410,7 @@ static bool parse_responses(private_x509_ocsp_response_t *this, int objectID; bool success = FALSE; - parser = asn1_parser_create(responsesObjects, RESPONSES_ROOF, blob); + parser = asn1_parser_create(responsesObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -468,7 +467,8 @@ static const asn1Object_t basicResponseObjects[] = { { 2, "certs", ASN1_SEQUENCE, ASN1_LOOP }, /* 23 */ { 3, "certificate", ASN1_SEQUENCE, ASN1_RAW }, /* 24 */ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 25 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 26 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define BASIC_RESPONSE_TBS_DATA 1 #define BASIC_RESPONSE_VERSION 3 @@ -482,7 +482,6 @@ static const asn1Object_t basicResponseObjects[] = { #define BASIC_RESPONSE_ALGORITHM 20 #define BASIC_RESPONSE_SIGNATURE 21 #define BASIC_RESPONSE_CERTIFICATE 24 -#define BASIC_RESPONSE_ROOF 27 /** * Parse a basicOCSPResponse @@ -500,7 +499,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, bool success = FALSE; bool critical; - parser = asn1_parser_create(basicResponseObjects, BASIC_RESPONSE_ROOF, blob); + parser = asn1_parser_create(basicResponseObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -592,18 +591,18 @@ end: * ASN.1 definition of ocspResponse */ static const asn1Object_t ocspResponseObjects[] = { - { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */ - { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */ - { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */ - { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */ - { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */ - { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */ + { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */ + { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */ + { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */ + { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */ + { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define OCSP_RESPONSE_STATUS 1 #define OCSP_RESPONSE_TYPE 4 #define OCSP_RESPONSE 5 -#define OCSP_RESPONSE_ROOF 7 /** * Parse OCSPResponse object @@ -617,8 +616,7 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this) bool success = FALSE; ocsp_status_t status; - parser = asn1_parser_create(ocspResponseObjects, OCSP_RESPONSE_ROOF, - this->encoding); + parser = asn1_parser_create(ocspResponseObjects, this->encoding); while (parser->iterate(parser, &objectID, &object)) { |