introduced ASN1_EXIT command in ASN.1 object syntax definition
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Apr 2008 16:00:52 +0000 (16:00 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Apr 2008 16:00:52 +0000 (16:00 -0000)
13 files changed:
src/libstrongswan/asn1/asn1.c
src/libstrongswan/asn1/asn1_parser.c
src/libstrongswan/asn1/asn1_parser.h
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/crypto/pkcs9.c
src/libstrongswan/plugins/gmp/gmp_public_key.c
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
src/libstrongswan/plugins/x509/ietf_attr_list.c
src/libstrongswan/plugins/x509/x509_ac.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/plugins/x509/x509_crl.c
src/libstrongswan/plugins/x509/x509_ocsp_response.c

index 780a589..700f563 100644 (file)
@@ -453,11 +453,11 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
 static const asn1Object_t algorithmIdentifierObjects[] = {
        { 0, "algorithmIdentifier",     ASN1_SEQUENCE,  ASN1_NONE }, /* 0 */
        { 1,   "algorithm",                     ASN1_OID,               ASN1_BODY }, /* 1 */
-       { 1,   "parameters",            ASN1_EOC,               ASN1_RAW  }  /* 2 */
+       { 1,   "parameters",            ASN1_EOC,               ASN1_RAW  }, /* 2 */
+       { 0, "exit",                            ASN1_EOC,               ASN1_EXIT }
 };
-#define ALGORITHM_ID_ALG               1
-#define ALGORITHM_ID_PARAMETERS        2
-#define ALGORITHM_ID_ROOF              3
+#define ALGORITHM_ID_ALG                       1
+#define ALGORITHM_ID_PARAMETERS                2
 
 /*
  * Defined in header
@@ -469,8 +469,7 @@ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters
        int objectID;
        int alg = OID_UNKNOWN;
        
-       parser = asn1_parser_create(algorithmIdentifierObjects, ALGORITHM_ID_ROOF,
-                                                               blob);
+       parser = asn1_parser_create(algorithmIdentifierObjects, blob);
        parser->set_top_level(parser, level0);
        
        while (parser->iterate(parser, &objectID, &object))
@@ -682,14 +681,14 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...)
  * ASN.1 definition of time
  */
 static const asn1Object_t timeObjects[] = {
-       { 0,   "utcTime",               ASN1_UTCTIME,                   ASN1_OPT|ASN1_BODY      }, /*  0 */
-       { 0,   "end opt",               ASN1_EOC,                               ASN1_END                        }, /*  1 */
-       { 0,   "generalizeTime",ASN1_GENERALIZEDTIME,   ASN1_OPT|ASN1_BODY      }, /*  2 */
-       { 0,   "end opt",               ASN1_EOC,                               ASN1_END                        }  /*  3 */
+       { 0, "utcTime",                 ASN1_UTCTIME,                   ASN1_OPT|ASN1_BODY      }, /* 0 */
+       { 0, "end opt",                 ASN1_EOC,                               ASN1_END                        }, /* 1 */
+       { 0, "generalizeTime",  ASN1_GENERALIZEDTIME,   ASN1_OPT|ASN1_BODY      }, /* 2 */
+       { 0, "end opt",                 ASN1_EOC,                               ASN1_END                        }, /* 3 */
+       { 0, "exit",                    ASN1_EOC,                               ASN1_EXIT                       }
 };
 #define TIME_UTC                       0
 #define TIME_GENERALIZED       2
-#define TIME_ROOF                      4
 
 /**
  * extracts and converts a UTCTIME or GENERALIZEDTIME object
@@ -701,7 +700,7 @@ time_t asn1_parse_time(chunk_t blob, int level0)
        int objectID;
        time_t utc_time = 0;
        
-       parser= asn1_parser_create(timeObjects, TIME_ROOF, blob);
+       parser= asn1_parser_create(timeObjects, blob);
        parser->set_top_level(parser, level0);
        
        while (parser->iterate(parser, &objectID, &object))
index 5a32d6e..ce35a9f 100644 (file)
@@ -46,11 +46,6 @@ struct private_asn1_parser_t {
        asn1Object_t const *objects;
 
        /**
-        * Total number of syntax definition lines
-        */
-       int roof;
-
-       /**
         * Current syntax definition line
         */
        int line;
@@ -98,12 +93,14 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
        
        *object = chunk_empty;
 
+       /* Advance to the next object syntax definition line */
+       obj = this->objects[++(this->line)];
+
        /* Terminate if the end of the object syntax definition has been reached */
-       if (++(this->line) >= this->roof)
+       if (obj.flags & ASN1_EXIT)
        {
                return FALSE;
        }
-       obj = this->objects[this->line];
                
        if (obj.flags & ASN1_END)  /* end of loop or option found */
        {
@@ -284,7 +281,7 @@ static void destroy(private_asn1_parser_t *this)
 /**
  * Defined in header.
  */
-asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t blob)
+asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob)
 {
        private_asn1_parser_t *this = malloc_thing(private_asn1_parser_t);
 
@@ -292,7 +289,6 @@ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t
        this->objects = objects;
        this->blobs[0] = blob;
        this->line = -1;
-       this->roof = roof;
        this->success = TRUE;
 
        this->public.iterate = (bool (*)(asn1_parser_t*, int*, chunk_t*))iterate;
index 4b8d58d..285fa42 100644 (file)
@@ -40,6 +40,7 @@
 #define ASN1_OBJ       0x10
 #define ASN1_BODY      0x20
 #define ASN1_RAW       0x40
+#define ASN1_EXIT      0x80
 
 typedef struct asn1Object_t asn1Object_t;
 
@@ -110,10 +111,9 @@ struct asn1_parser_t {
  * Create an ASN.1 parser
  *
  * @param objects      syntax definition of the ASN.1 object to be parsed
- * @param roof         number of syntax definition lines
  * @param blob         ASN.1 coded binary blob
  * @return                     ASN.1 context
  */
-asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t blob);
+asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob);
 
 #endif /* ASN1_PARSER_H_ @}*/
index 159b3eb..01a5f75 100644 (file)
@@ -250,7 +250,8 @@ static const asn1Object_t signedDataObjects[] = {
        { 3,       "encryptedDigest",                   ASN1_OCTET_STRING,      ASN1_BODY }, /* 22 */
        { 3,       "unauthenticatedAttributes", ASN1_CONTEXT_C_1,       ASN1_OPT  }, /* 23 */
        { 3,       "end opt",                                   ASN1_EOC,                       ASN1_END  }, /* 24 */
-       { 1,   "end loop",                                              ASN1_EOC,                       ASN1_END  }  /* 25 */
+       { 1,   "end loop",                                              ASN1_EOC,                       ASN1_END  }, /* 25 */
+       { 0, "exit",                                                    ASN1_EOC,                       ASN1_EXIT }
 };
 #define PKCS7_DIGEST_ALG                        3
 #define PKCS7_SIGNED_CONTENT_INFO       5
@@ -262,7 +263,6 @@ static const asn1Object_t signedDataObjects[] = {
 #define PKCS7_AUTH_ATTRIBUTES          19
 #define PKCS7_DIGEST_ENC_ALGORITHM     21
 #define PKCS7_ENCRYPTED_DIGEST         22
-#define PKCS7_SIGNED_ROOF                      26
 
 /**
  * Implements pkcs7_t.parse_signedData.
@@ -284,8 +284,7 @@ static bool parse_signedData(private_pkcs7_t *this, x509_t *cacert)
                return FALSE;
        }
 
-       parser = asn1_parser_create(signedDataObjects, PKCS7_SIGNED_ROOF,
-                                                               this->content);
+       parser = asn1_parser_create(signedDataObjects, this->content);
        parser->set_top_level(parser, this->level);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -462,7 +461,8 @@ static const asn1Object_t envelopedDataObjects[] = {
        { 1,   "encryptedContentInfo",                  ASN1_SEQUENCE,          ASN1_OBJ  }, /* 11 */
        { 2,     "contentType",                                 ASN1_OID,                       ASN1_BODY }, /* 12 */
        { 2,     "contentEncryptionAlgorithm",  ASN1_EOC,                       ASN1_RAW  }, /* 13 */
-       { 2,     "encryptedContent",                    ASN1_CONTEXT_S_0,       ASN1_BODY }  /* 14 */
+       { 2,     "encryptedContent",                    ASN1_CONTEXT_S_0,       ASN1_BODY }, /* 14 */
+       { 0, "exit",                                                    ASN1_EOC,                       ASN1_EXIT }
 };
 #define PKCS7_ENVELOPED_VERSION                         1
 #define PKCS7_RECIPIENT_INFO_VERSION    4
@@ -473,7 +473,6 @@ static const asn1Object_t envelopedDataObjects[] = {
 #define PKCS7_CONTENT_TYPE                             12
 #define PKCS7_CONTENT_ENC_ALGORITHM            13
 #define PKCS7_ENCRYPTED_CONTENT                        14
-#define PKCS7_ENVELOPED_ROOF                   15
 
 /**
  * Parse PKCS#7 envelopedData content
@@ -497,8 +496,7 @@ static bool parse_envelopedData(private_pkcs7_t *this, chunk_t serialNumber,
                return FALSE;
        }
 
-       parser = asn1_parser_create(envelopedDataObjects, PKCS7_ENVELOPED_ROOF,
-                                                               this->content);
+       parser = asn1_parser_create(envelopedDataObjects, this->content);
        parser->set_top_level(parser, this->level);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -959,15 +957,15 @@ static void destroy(private_pkcs7_t *this)
  * ASN.1 definition of the PKCS#7 ContentInfo type
  */
 static const asn1Object_t contentInfoObjects[] = {
-       { 0, "contentInfo",             ASN1_SEQUENCE,          ASN1_NONE }, /*  0 */
-       { 1,   "contentType",   ASN1_OID,                       ASN1_BODY }, /*  1 */
+       { 0, "contentInfo",             ASN1_SEQUENCE,          ASN1_NONE }, /* 0 */
+       { 1,   "contentType",   ASN1_OID,                       ASN1_BODY }, /* 1 */
        { 1,   "content",               ASN1_CONTEXT_C_0,       ASN1_OPT |
-                                                                                               ASN1_BODY }, /*  2 */
-       { 1,   "end opt",               ASN1_EOC,                       ASN1_END  }  /*  3 */
+                                                                                               ASN1_BODY }, /* 2 */
+       { 1,   "end opt",               ASN1_EOC,                       ASN1_END  }, /* 3 */
+       { 0, "exit",                    ASN1_EOC,                       ASN1_EXIT }
 };
 #define PKCS7_INFO_TYPE                1
 #define PKCS7_INFO_CONTENT     2
-#define PKCS7_INFO_ROOF                4
 
 /**
  * Parse PKCS#7 contentInfo object
@@ -979,7 +977,7 @@ static bool parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_t *cInfo
        int objectID;
        bool success = FALSE;
 
-       parser = asn1_parser_create(contentInfoObjects, PKCS7_INFO_TYPE, blob);
+       parser = asn1_parser_create(contentInfoObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
index 6b28ae3..4ba7336 100644 (file)
@@ -77,21 +77,6 @@ struct attribute_t {
 
 };
 
-/* ASN.1 definition of the X.501 atttribute type */
-
-static const asn1Object_t attributesObjects[] = {
-       { 0, "attributes",              ASN1_SET,               ASN1_LOOP }, /* 0 */
-       { 1,   "attribute",             ASN1_SEQUENCE,  ASN1_NONE }, /* 1 */
-       { 2,     "type",                ASN1_OID,               ASN1_BODY }, /* 2 */
-       { 2,     "values",              ASN1_SET,               ASN1_LOOP }, /* 3 */
-       { 3,       "value",             ASN1_EOC,               ASN1_RAW  }, /* 4 */
-       { 2,     "end loop",    ASN1_EOC,               ASN1_END  }, /* 5 */
-       { 0, "end loop",                ASN1_EOC,               ASN1_END  }, /* 6 */
-};
-#define ATTRIBUTE_OBJ_TYPE     2
-#define ATTRIBUTE_OBJ_VALUE    4
-#define ATTRIBUTE_OBJ_ROOF     7
-
 /**
  * PKCS#9 attribute type OIDs
  */
@@ -391,6 +376,22 @@ pkcs9_t *pkcs9_create(void)
 }
 
 /**
+ * ASN.1 definition of the X.501 atttribute type
+ */
+static const asn1Object_t attributesObjects[] = {
+       { 0, "attributes",              ASN1_SET,               ASN1_LOOP }, /* 0 */
+       { 1,   "attribute",             ASN1_SEQUENCE,  ASN1_NONE }, /* 1 */
+       { 2,     "type",                ASN1_OID,               ASN1_BODY }, /* 2 */
+       { 2,     "values",              ASN1_SET,               ASN1_LOOP }, /* 3 */
+       { 3,       "value",             ASN1_EOC,               ASN1_RAW  }, /* 4 */
+       { 2,     "end loop",    ASN1_EOC,               ASN1_END  }, /* 5 */
+       { 0, "end loop",                ASN1_EOC,               ASN1_END  }, /* 6 */
+       { 0, "exit",                    ASN1_EOC,               ASN1_EXIT }
+};
+#define ATTRIBUTE_OBJ_TYPE     2
+#define ATTRIBUTE_OBJ_VALUE    4
+
+/**
  * Parse a PKCS#9 attribute list
  */
 static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this)
@@ -401,7 +402,7 @@ static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this)
        int oid = OID_UNKNOWN;
        bool success = FALSE;
 
-       parser = asn1_parser_create(attributesObjects, ATTRIBUTE_OBJ_ROOF, chunk);
+       parser = asn1_parser_create(attributesObjects, chunk);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
index 9064add..37a079a 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2000-2006 Andreas Steffen
+ * Copyright (C) 2000-2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -30,10 +30,11 @@ static const asn1Object_t pkinfoObjects[] = {
        { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE,              ASN1_NONE       }, /* 0 */
        { 1,   "algorithm",                     ASN1_EOC,                       ASN1_RAW        }, /* 1 */
        { 1,   "subjectPublicKey",      ASN1_BIT_STRING,        ASN1_OBJ        }, /* 2 */
+       { 0, "exit",                            ASN1_EOC,                       ASN1_EXIT       }
 };
 #define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM    1
 #define PKINFO_SUBJECT_PUBLIC_KEY                      2
-#define PKINFO_ROOF                                                    3
+
 
 /**
  * Load a public key from an ASN1 encoded blob
@@ -46,7 +47,7 @@ static public_key_t *load(chunk_t blob)
        public_key_t *key = NULL;
        key_type_t type = KEY_ANY;
 
-       parser = asn1_parser_create(pkinfoObjects, PKINFO_ROOF, blob);
+       parser = asn1_parser_create(pkinfoObjects, blob);
        
        while (parser->iterate(parser, &objectID, &object))
        {
index 3d6053e..b6285da 100644 (file)
@@ -112,40 +112,6 @@ struct private_gmp_rsa_private_key_t {
 };
 
 /**
- * ASN.1 definition of a PKCS#1 RSA private key
- */
-static const asn1Object_t privkeyObjects[] = {
-       { 0, "RSAPrivateKey",           ASN1_SEQUENCE,     ASN1_NONE }, /*  0 */
-       { 1,   "version",                       ASN1_INTEGER,      ASN1_BODY }, /*  1 */
-       { 1,   "modulus",                       ASN1_INTEGER,      ASN1_BODY }, /*  2 */
-       { 1,   "publicExponent",        ASN1_INTEGER,      ASN1_BODY }, /*  3 */
-       { 1,   "privateExponent",       ASN1_INTEGER,      ASN1_BODY }, /*  4 */
-       { 1,   "prime1",                        ASN1_INTEGER,      ASN1_BODY }, /*  5 */
-       { 1,   "prime2",                        ASN1_INTEGER,      ASN1_BODY }, /*  6 */
-       { 1,   "exponent1",                     ASN1_INTEGER,      ASN1_BODY }, /*  7 */
-       { 1,   "exponent2",                     ASN1_INTEGER,      ASN1_BODY }, /*  8 */
-       { 1,   "coefficient",           ASN1_INTEGER,      ASN1_BODY }, /*  9 */
-       { 1,   "otherPrimeInfos",       ASN1_SEQUENCE,     ASN1_OPT |
-                                                                                                  ASN1_LOOP }, /* 10 */
-       { 2,     "otherPrimeInfo",      ASN1_SEQUENCE,     ASN1_NONE }, /* 11 */
-       { 3,       "prime",                     ASN1_INTEGER,      ASN1_BODY }, /* 12 */
-       { 3,       "exponent",          ASN1_INTEGER,      ASN1_BODY }, /* 13 */
-       { 3,       "coefficient",       ASN1_INTEGER,      ASN1_BODY }, /* 14 */
-       { 1,   "end opt or loop",       ASN1_EOC,          ASN1_END  }  /* 15 */
-};
-
-#define PRIV_KEY_VERSION                1
-#define PRIV_KEY_MODULUS                2
-#define PRIV_KEY_PUB_EXP                3
-#define PRIV_KEY_PRIV_EXP               4
-#define PRIV_KEY_PRIME1                         5
-#define PRIV_KEY_PRIME2                         6
-#define PRIV_KEY_EXP1                   7
-#define PRIV_KEY_EXP2                   8
-#define PRIV_KEY_COEFF                  9
-#define PRIV_KEY_ROOF                  16
-
-/**
  * shared functions, implemented in gmp_rsa_public_key.c
  */
 bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid,
@@ -673,6 +639,39 @@ static gmp_rsa_private_key_t *generate(size_t key_size)
 }
 
 /**
+ * ASN.1 definition of a PKCS#1 RSA private key
+ */
+static const asn1Object_t privkeyObjects[] = {
+       { 0, "RSAPrivateKey",           ASN1_SEQUENCE,     ASN1_NONE }, /*  0 */
+       { 1,   "version",                       ASN1_INTEGER,      ASN1_BODY }, /*  1 */
+       { 1,   "modulus",                       ASN1_INTEGER,      ASN1_BODY }, /*  2 */
+       { 1,   "publicExponent",        ASN1_INTEGER,      ASN1_BODY }, /*  3 */
+       { 1,   "privateExponent",       ASN1_INTEGER,      ASN1_BODY }, /*  4 */
+       { 1,   "prime1",                        ASN1_INTEGER,      ASN1_BODY }, /*  5 */
+       { 1,   "prime2",                        ASN1_INTEGER,      ASN1_BODY }, /*  6 */
+       { 1,   "exponent1",                     ASN1_INTEGER,      ASN1_BODY }, /*  7 */
+       { 1,   "exponent2",                     ASN1_INTEGER,      ASN1_BODY }, /*  8 */
+       { 1,   "coefficient",           ASN1_INTEGER,      ASN1_BODY }, /*  9 */
+       { 1,   "otherPrimeInfos",       ASN1_SEQUENCE,     ASN1_OPT |
+                                                                                                  ASN1_LOOP }, /* 10 */
+       { 2,     "otherPrimeInfo",      ASN1_SEQUENCE,     ASN1_NONE }, /* 11 */
+       { 3,       "prime",                     ASN1_INTEGER,      ASN1_BODY }, /* 12 */
+       { 3,       "exponent",          ASN1_INTEGER,      ASN1_BODY }, /* 13 */
+       { 3,       "coefficient",       ASN1_INTEGER,      ASN1_BODY }, /* 14 */
+       { 1,   "end opt or loop",       ASN1_EOC,          ASN1_END  }, /* 15 */
+       { 0, "exit",                            ASN1_EOC,          ASN1_EXIT }
+};
+#define PRIV_KEY_VERSION                1
+#define PRIV_KEY_MODULUS                2
+#define PRIV_KEY_PUB_EXP                3
+#define PRIV_KEY_PRIV_EXP               4
+#define PRIV_KEY_PRIME1                         5
+#define PRIV_KEY_PRIME2                         6
+#define PRIV_KEY_EXP1                   7
+#define PRIV_KEY_EXP2                   8
+#define PRIV_KEY_COEFF                  9
+
+/**
  * load private key from a ASN1 encoded blob
  */
 static gmp_rsa_private_key_t *load(chunk_t blob)
@@ -693,7 +692,7 @@ static gmp_rsa_private_key_t *load(chunk_t blob)
        mpz_init(this->exp2);
        mpz_init(this->coeff);
        
-       parser = asn1_parser_create(privkeyObjects, PRIV_KEY_ROOF, blob);
+       parser = asn1_parser_create(privkeyObjects, blob);
        parser->set_flags(parser, FALSE, TRUE);
        
        while (parser->iterate(parser, &objectID, &object))
index b36ddd0..779da68 100644 (file)
@@ -117,11 +117,11 @@ static const asn1Object_t digestInfoObjects[] = {
        { 0, "digestInfo",                      ASN1_SEQUENCE,          ASN1_OBJ  }, /*  0 */
        { 1,   "digestAlgorithm",       ASN1_EOC,                       ASN1_RAW  }, /*  1 */
        { 1,   "digest",                        ASN1_OCTET_STRING,      ASN1_BODY }, /*  2 */
+       { 0, "exit",                            ASN1_EOC,                       ASN1_EXIT }
 };
 #define DIGEST_INFO                                    0
 #define DIGEST_INFO_ALGORITHM          1
 #define DIGEST_INFO_DIGEST                     2
-#define DIGEST_INFO_ROOF                       3
 
 /**
  * Verification of an EMPSA PKCS1 signature described in PKCS#1
@@ -194,7 +194,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
                int objectID;
                hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
 
-               parser = asn1_parser_create(digestInfoObjects, DIGEST_INFO_ROOF, em);
+               parser = asn1_parser_create(digestInfoObjects, em);
 
                while (parser->iterate(parser, &objectID, &object))
                {
@@ -453,14 +453,14 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e)
  * ASN.1 definition of RSApublicKey
  */
 static const asn1Object_t pubkeyObjects[] = {
-       { 0, "RSAPublicKey",            ASN1_SEQUENCE,     ASN1_OBJ  }, /*  0 */
-       { 1,   "modulus",                       ASN1_INTEGER,      ASN1_BODY }, /*  1 */
-       { 1,   "publicExponent",        ASN1_INTEGER,      ASN1_BODY }, /*  2 */
+       { 0, "RSAPublicKey",            ASN1_SEQUENCE,  ASN1_OBJ  }, /*  0 */
+       { 1,   "modulus",                       ASN1_INTEGER,   ASN1_BODY }, /*  1 */
+       { 1,   "publicExponent",        ASN1_INTEGER,   ASN1_BODY }, /*  2 */
+       { 0, "exit",                            ASN1_EOC,               ASN1_EXIT }
 };
 #define PUB_KEY_RSA_PUBLIC_KEY         0
 #define PUB_KEY_MODULUS                                1
 #define PUB_KEY_EXPONENT                       2
-#define PUB_KEY_ROOF                           3
 
 /**
  * Load a public key from an ASN1 encoded blob
@@ -477,7 +477,7 @@ static gmp_rsa_public_key_t *load(chunk_t blob)
        mpz_init(this->n);
        mpz_init(this->e);
        
-       parser = asn1_parser_create(pubkeyObjects, PUB_KEY_ROOF, blob);
+       parser = asn1_parser_create(pubkeyObjects, blob);
        
        while (parser->iterate(parser, &objectID, &object))
        {
index d27cf62..17f6949 100644 (file)
@@ -296,12 +296,12 @@ static const asn1Object_t ietfAttrSyntaxObjects[] =
        { 2,     "string",                      ASN1_UTF8STRING,        ASN1_OPT |
                                                                                                        ASN1_BODY }, /*  8 */
        { 2,     "end choice",          ASN1_EOC,                       ASN1_END  }, /*  9 */
-       { 1,   "end loop",                      ASN1_EOC,                       ASN1_END  }  /* 10 */
+       { 1,   "end loop",                      ASN1_EOC,                       ASN1_END  }, /* 10 */
+       { 0, "exit",                            ASN1_EOC,                       ASN1_EXIT }
 };
 #define IETF_ATTR_OCTETS        4
 #define IETF_ATTR_OID           6
 #define IETF_ATTR_STRING        8
-#define IETF_ATTR_ROOF         11
 
 /*
  * Described in header.
@@ -312,7 +312,7 @@ void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int lev
        chunk_t object;
        int objectID;
 
-       parser = asn1_parser_create(ietfAttrSyntaxObjects, IETF_ATTR_ROOF, chunk);
+       parser = asn1_parser_create(ietfAttrSyntaxObjects, chunk);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
index e650405..1133060 100644 (file)
@@ -228,13 +228,13 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
  */
 static const asn1Object_t roleSyntaxObjects[] =
 {
-       { 0, "roleSyntax",                      ASN1_SEQUENCE,          ASN1_NONE }, /*  0 */
-       { 1,   "roleAuthority",         ASN1_CONTEXT_C_0,       ASN1_OPT |
-                                                                                                       ASN1_OBJ  }, /*  1 */
-       { 1,   "end opt",                       ASN1_EOC,                       ASN1_END  }, /*  2 */
-       { 1,   "roleName",                      ASN1_CONTEXT_C_1,       ASN1_OBJ  }  /*  3 */
+       { 0, "roleSyntax",              ASN1_SEQUENCE,          ASN1_NONE }, /* 0 */
+       { 1,   "roleAuthority", ASN1_CONTEXT_C_0,       ASN1_OPT |
+                                                                                               ASN1_OBJ  }, /* 1 */
+       { 1,   "end opt",               ASN1_EOC,                       ASN1_END  }, /* 2 */
+       { 1,   "roleName",              ASN1_CONTEXT_C_1,       ASN1_OBJ  }, /* 3 */
+       { 0, "exit",                    ASN1_EOC,                       ASN1_EXIT }
 };
-#define ROLE_ROOF              4
 
 /**
  * Parses roleSyntax
@@ -245,7 +245,7 @@ static void parse_roleSyntax(chunk_t blob, int level0)
        chunk_t object;
        int objectID;
 
-       parser = asn1_parser_create(roleSyntaxObjects, ROLE_ROOF, blob);
+       parser = asn1_parser_create(roleSyntaxObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -326,7 +326,8 @@ static const asn1Object_t acObjects[] =
        { 4,         "extnValue",                               ASN1_OCTET_STRING,        ASN1_BODY }, /* 51 */
        { 2,     "end loop",                                    ASN1_EOC,                         ASN1_END  }, /* 52 */
        { 1,   "signatureAlgorithm",                    ASN1_EOC,                         ASN1_RAW  }, /* 53 */
-       { 1,   "signatureValue",                                ASN1_BIT_STRING,          ASN1_BODY }  /* 54 */
+       { 1,   "signatureValue",                                ASN1_BIT_STRING,          ASN1_BODY }, /* 54 */
+       { 0, "exit",                                                    ASN1_EOC,                         ASN1_EXIT }
 };
 #define AC_OBJ_CERTIFICATE_INFO                 1
 #define AC_OBJ_VERSION                          2
@@ -346,7 +347,6 @@ static const asn1Object_t acObjects[] =
 #define AC_OBJ_EXTN_VALUE                      51
 #define AC_OBJ_ALGORITHM                       53
 #define AC_OBJ_SIGNATURE                       54
-#define AC_OBJ_ROOF                                    55
 
 /**
  * Parses an X.509 attribute certificate
@@ -362,7 +362,7 @@ static bool parse_certificate(private_x509_ac_t *this)
        bool success = FALSE;
        bool critical;
 
-       parser = asn1_parser_create(acObjects, AC_OBJ_ROOF, this->encoding);
+       parser = asn1_parser_create(acObjects, this->encoding);
 
        while (parser->iterate(parser, &objectID, &object))
        {
index 3da7b2a..475a7a6 100644 (file)
@@ -179,10 +179,10 @@ static const asn1Object_t basicConstraintsObjects[] = {
        { 0, "basicConstraints",        ASN1_SEQUENCE,  ASN1_NONE                       }, /*  0 */
        { 1,   "CA",                            ASN1_BOOLEAN,   ASN1_DEF|ASN1_BODY      }, /*  1 */
        { 1,   "pathLenConstraint",     ASN1_INTEGER,   ASN1_OPT|ASN1_BODY      }, /*  2 */
-       { 1,   "end opt",                       ASN1_EOC,               ASN1_END                        }  /*  3 */
+       { 1,   "end opt",                       ASN1_EOC,               ASN1_END                        }, /*  3 */
+       { 0, "exit",                            ASN1_EOC,               ASN1_EXIT                       }
 };
 #define BASIC_CONSTRAINTS_CA   1
-#define BASIC_CONSTRAINTS_ROOF 4
 
 /**
  * Extracts the basicConstraints extension
@@ -194,8 +194,7 @@ static bool parse_basicConstraints(chunk_t blob, int level0)
        int objectID;
        bool isCA = FALSE;
 
-       parser = asn1_parser_create(basicConstraintsObjects, BASIC_CONSTRAINTS_ROOF,
-                                                               blob);
+       parser = asn1_parser_create(basicConstraintsObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -215,12 +214,12 @@ static bool parse_basicConstraints(chunk_t blob, int level0)
  * ASN.1 definition of otherName 
  */
 static const asn1Object_t otherNameObjects[] = {
-       {0, "type-id",  ASN1_OID,                       ASN1_BODY       }, /*  0 */
-       {0, "value",    ASN1_CONTEXT_C_0,       ASN1_BODY       }  /*  1 */
+       {0, "type-id",  ASN1_OID,                       ASN1_BODY       }, /* 0 */
+       {0, "value",    ASN1_CONTEXT_C_0,       ASN1_BODY       }, /* 1 */
+       {0, "exit",             ASN1_EOC,                       ASN1_EXIT       }
 };
 #define ON_OBJ_ID_TYPE         0
 #define ON_OBJ_VALUE           1
-#define ON_OBJ_ROOF                    2
 
 /**
  * Extracts an otherName
@@ -233,7 +232,7 @@ static bool parse_otherName(chunk_t blob, int level0)
        int oid = OID_UNKNOWN;
        bool success = FALSE;
 
-       parser = asn1_parser_create(otherNameObjects,ON_OBJ_ROOF, blob);
+       parser = asn1_parser_create(otherNameObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -285,7 +284,8 @@ static const asn1Object_t generalNameObjects[] = {
        { 0,   "ipAddress",             ASN1_CONTEXT_S_7,  ASN1_OPT|ASN1_BODY   }, /* 14 */
        { 0,   "end choice",    ASN1_EOC,          ASN1_END                             }, /* 15 */
        { 0,   "registeredID",  ASN1_CONTEXT_S_8,  ASN1_OPT|ASN1_BODY   }, /* 16 */
-       { 0,   "end choice",    ASN1_EOC,          ASN1_END                             }  /* 17 */
+       { 0,   "end choice",    ASN1_EOC,          ASN1_END                             }, /* 17 */
+       { 0,   "exit",                  ASN1_EOC,          ASN1_EXIT                    }
 };
 #define GN_OBJ_OTHER_NAME               0
 #define GN_OBJ_RFC822_NAME              2
@@ -296,7 +296,6 @@ static const asn1Object_t generalNameObjects[] = {
 #define GN_OBJ_URI                             12
 #define GN_OBJ_IP_ADDRESS              14
 #define GN_OBJ_REGISTERED_ID   16
-#define GN_OBJ_ROOF                            18
 
 /**
  * Extracts a generalName
@@ -309,7 +308,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
 
        identification_t *gn = NULL;
 
-       parser = asn1_parser_create(generalNameObjects, GN_OBJ_ROOF, blob);
+       parser = asn1_parser_create(generalNameObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -362,12 +361,12 @@ end:
  * ASN.1 definition of generalNames 
  */
 static const asn1Object_t generalNamesObjects[] = {
-       { 0, "generalNames",    ASN1_SEQUENCE,  ASN1_LOOP }, /*  0 */
-       { 1,   "generalName",   ASN1_EOC,               ASN1_RAW  }, /*  1 */
-       { 0, "end loop",                ASN1_EOC,               ASN1_END  }  /*  2 */
+       { 0, "generalNames",    ASN1_SEQUENCE,  ASN1_LOOP }, /* 0 */
+       { 1,   "generalName",   ASN1_EOC,               ASN1_RAW  }, /* 1 */
+       { 0, "end loop",                ASN1_EOC,               ASN1_END  }, /* 2 */
+       { 0, "exit",                    ASN1_EOC,               ASN1_EXIT }
 };
 #define GENERAL_NAMES_GN       1
-#define GENERAL_NAMES_ROOF     3
 
 /**
  * Extracts one or several GNs and puts them into a chained list
@@ -378,7 +377,7 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis
        chunk_t object;
        int objectID;
 
-       parser = asn1_parser_create(generalNamesObjects, GENERAL_NAMES_ROOF, blob);
+       parser = asn1_parser_create(generalNamesObjects, blob);
        parser->set_top_level(parser, level0);
        parser->set_flags(parser, implicit, FALSE);
 
@@ -398,53 +397,22 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis
        parser->destroy(parser);
 }
 
-/** 
- * ASN.1 definition of a keyIdentifier 
- */
-static const asn1Object_t keyIdentifierObjects[] = {
-       { 0,   "keyIdentifier", ASN1_OCTET_STRING,      ASN1_BODY }  /*  0 */
-};
-#define KEY_ID_ROOF    1
-
-/**
- * Extracts a keyIdentifier
- */
-static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
-{
-       asn1_parser_t *parser;
-       chunk_t object;
-       int objectID;
-
-       chunk_t keyIdentifier = chunk_empty;
-       
-       parser = asn1_parser_create(keyIdentifierObjects, KEY_ID_ROOF, blob);
-       parser->set_top_level(parser, level0);
-       parser->set_flags(parser, implicit, FALSE);
-
-       if (parser->iterate(parser, &objectID, &object))
-       {
-               keyIdentifier = object;
-       }
-       parser->destroy(parser);
-       return keyIdentifier;
-}
-
 /**
  * ASN.1 definition of a authorityKeyIdentifier extension 
  */
 static const asn1Object_t authKeyIdentifierObjects[] = {
-       { 0,   "authorityKeyIdentifier",        ASN1_SEQUENCE,          ASN1_NONE                       }, /*  0 */
-       { 1,     "keyIdentifier",                       ASN1_CONTEXT_S_0,       ASN1_OPT|ASN1_OBJ       }, /*  1 */
-       { 1,     "end opt",                                     ASN1_EOC,                       ASN1_END                        }, /*  2 */
-       { 1,     "authorityCertIssuer",         ASN1_CONTEXT_C_1,       ASN1_OPT|ASN1_OBJ       }, /*  3 */
-       { 1,     "end opt",                                     ASN1_EOC,                       ASN1_END                        }, /*  4 */
-       { 1,     "authorityCertSerialNumber",ASN1_CONTEXT_S_2,  ASN1_OPT|ASN1_BODY      }, /*  5 */
-       { 1,     "end opt",                                     ASN1_EOC,                       ASN1_END                        }  /*  6 */
+       { 0, "authorityKeyIdentifier",          ASN1_SEQUENCE,          ASN1_NONE                       }, /* 0 */
+       { 1,   "keyIdentifier",                         ASN1_CONTEXT_S_0,       ASN1_OPT|ASN1_BODY      }, /* 1 */
+       { 1,   "end opt",                                       ASN1_EOC,                       ASN1_END                        }, /* 2 */
+       { 1,   "authorityCertIssuer",           ASN1_CONTEXT_C_1,       ASN1_OPT|ASN1_OBJ       }, /* 3 */
+       { 1,   "end opt",                                       ASN1_EOC,                       ASN1_END                        }, /* 4 */
+       { 1,   "authorityCertSerialNumber",     ASN1_CONTEXT_S_2,       ASN1_OPT|ASN1_BODY      }, /* 5 */
+       { 1,   "end opt",                                       ASN1_EOC,                       ASN1_END                        }, /* 6 */
+       { 0, "exit",                                            ASN1_EOC,                       ASN1_EXIT                       }
 };
 #define AUTH_KEY_ID_KEY_ID                     1
 #define AUTH_KEY_ID_CERT_ISSUER                3
 #define AUTH_KEY_ID_CERT_SERIAL                5
-#define AUTH_KEY_ID_ROOF                       7
 
 /**
  * Extracts an authoritykeyIdentifier
@@ -459,7 +427,7 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0,
 
        *authKeySerialNumber = chunk_empty;
 
-       parser = asn1_parser_create(authKeyIdentifierObjects, AUTH_KEY_ID_ROOF,blob);
+       parser = asn1_parser_create(authKeyIdentifierObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -467,23 +435,12 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0,
                switch (objectID) 
                {
                        case AUTH_KEY_ID_KEY_ID:
-                       {
-                               chunk_t authKeyID = parse_keyIdentifier(object,
-                                                                               parser->get_level(parser)+1, TRUE);
-
-                               if (authKeyID.ptr == NULL)
-                               {
-                                       goto end;
-                               }
                                authKeyIdentifier = identification_create_from_encoding(
-                                                                                       ID_PUBKEY_SHA1, authKeyID); 
+                                                                                               ID_PUBKEY_SHA1, object); 
                                break;
-                       }
                        case AUTH_KEY_ID_CERT_ISSUER:
-                       {
                                /* TODO: x509_parse_generalNames(object, level+1, TRUE); */
                                break;
-                       }
                        case AUTH_KEY_ID_CERT_SERIAL:
                                *authKeySerialNumber = object;
                                break;
@@ -491,8 +448,6 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0,
                                break;
                }
        }
-
-end:
        parser->destroy(parser);
        return authKeyIdentifier;
 }
@@ -501,15 +456,15 @@ end:
  * ASN.1 definition of a authorityInfoAccess extension 
  */
 static const asn1Object_t authInfoAccessObjects[] = {
-       { 0,   "authorityInfoAccess",   ASN1_SEQUENCE,  ASN1_LOOP }, /*  0 */
-       { 1,     "accessDescription",   ASN1_SEQUENCE,  ASN1_NONE }, /*  1 */
-       { 2,       "accessMethod",              ASN1_OID,               ASN1_BODY }, /*  2 */
-       { 2,       "accessLocation",    ASN1_EOC,               ASN1_RAW  }, /*  3 */
-       { 0,   "end loop",                              ASN1_EOC,               ASN1_END  }  /*  4 */
+       { 0, "authorityInfoAccess",     ASN1_SEQUENCE,  ASN1_LOOP }, /* 0 */
+       { 1,   "accessDescription",     ASN1_SEQUENCE,  ASN1_NONE }, /* 1 */
+       { 2,     "accessMethod",        ASN1_OID,               ASN1_BODY }, /* 2 */
+       { 2,     "accessLocation",      ASN1_EOC,               ASN1_RAW  }, /* 3 */
+       { 0, "end loop",                        ASN1_EOC,               ASN1_END  }, /* 4 */
+       { 0, "exit",                            ASN1_EOC,               ASN1_EXIT }
 };
 #define AUTH_INFO_ACCESS_METHOD                2
 #define AUTH_INFO_ACCESS_LOCATION      3
-#define AUTH_INFO_ACCESS_ROOF          5
 
 /**
  * Extracts an authorityInfoAcess location
@@ -522,8 +477,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
        int objectID;
        int accessMethod = OID_UNKNOWN;
        
-       parser = asn1_parser_create(authInfoAccessObjects, AUTH_INFO_ACCESS_ROOF,
-                                                               blob);
+       parser = asn1_parser_create(authInfoAccessObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -578,12 +532,12 @@ end:
  * ASN.1 definition of a extendedKeyUsage extension
  */
 static const asn1Object_t extendedKeyUsageObjects[] = {
-       { 0, "extendedKeyUsage",        ASN1_SEQUENCE,  ASN1_LOOP }, /*  0 */
-       { 1,   "keyPurposeID",          ASN1_OID,               ASN1_BODY }, /*  1 */
-       { 0, "end loop",                        ASN1_EOC,               ASN1_END  }, /*  2 */
+       { 0, "extendedKeyUsage",        ASN1_SEQUENCE,  ASN1_LOOP }, /* 0 */
+       { 1,   "keyPurposeID",          ASN1_OID,               ASN1_BODY }, /* 1 */
+       { 0, "end loop",                        ASN1_EOC,               ASN1_END  }, /* 2 */
+       { 0, "exit",                            ASN1_EOC,               ASN1_EXIT }
 };
 #define EXT_KEY_USAGE_PURPOSE_ID       1
-#define EXT_KEY_USAGE_ROOF                     3
 
 /**
  * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned
@@ -595,8 +549,7 @@ static bool parse_extendedKeyUsage(chunk_t blob, int level0)
        int objectID;
        bool ocsp_signing = FALSE;
        
-       parser = asn1_parser_create(extendedKeyUsageObjects, EXT_KEY_USAGE_ROOF,
-                                                               blob);
+       parser = asn1_parser_create(extendedKeyUsageObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -628,10 +581,9 @@ static const asn1Object_t crlDistributionPointsObjects[] = {
        { 2,     "crlIssuer",                   ASN1_CONTEXT_C_2,       ASN1_OPT|ASN1_BODY      }, /* 10 */
        { 2,     "end opt",                             ASN1_EOC,                       ASN1_END                        }, /* 11 */
        { 0, "end loop",                                ASN1_EOC,                       ASN1_END                        }, /* 12 */
+       { 0, "exit",                                    ASN1_EOC,                       ASN1_EXIT                       }
 };
 #define CRL_DIST_POINTS_FULLNAME        3
-#define CRL_DIST_POINTS_ROOF           13
-
 
 /**
  * Extracts one or several crlDistributionPoints into a list
@@ -644,8 +596,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0,
        int objectID;
        linked_list_t *list = linked_list_create();
        
-       parser = asn1_parser_create(crlDistributionPointsObjects,
-                                                               CRL_DIST_POINTS_ROOF, blob);
+       parser = asn1_parser_create(crlDistributionPointsObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -705,7 +656,8 @@ static const asn1Object_t certObjects[] = {
        { 3,       "end loop",                  ASN1_EOC,                       ASN1_END                        }, /* 24 */
        { 2,     "end opt",                             ASN1_EOC,                       ASN1_END                        }, /* 25 */
        { 1,   "signatureAlgorithm",    ASN1_EOC,                       ASN1_RAW                        }, /* 26 */
-       { 1,   "signatureValue",                ASN1_BIT_STRING,        ASN1_BODY                       }  /* 27 */
+       { 1,   "signatureValue",                ASN1_BIT_STRING,        ASN1_BODY                       }, /* 27 */
+       { 0, "exit",                                    ASN1_EOC,                       ASN1_EXIT                       }
 };
 #define X509_OBJ_TBS_CERTIFICATE                                1
 #define X509_OBJ_VERSION                                                3
@@ -722,7 +674,6 @@ static const asn1Object_t certObjects[] = {
 #define X509_OBJ_EXTN_VALUE                                            23
 #define X509_OBJ_ALGORITHM                                             26
 #define X509_OBJ_SIGNATURE                                             27
-#define X509_OBJ_ROOF                                                  28
 
 /**
  * Parses an X.509v3 certificate
@@ -738,7 +689,7 @@ static bool parse_certificate(private_x509_cert_t *this)
        bool success = FALSE;
        bool critical;
        
-       parser = asn1_parser_create(certObjects, X509_OBJ_ROOF, this->encoding);
+       parser = asn1_parser_create(certObjects, this->encoding);
 
        while (parser->iterate(parser, &objectID, &object))
        {
@@ -810,10 +761,16 @@ static bool parse_certificate(private_x509_cert_t *this)
                                switch (extn_oid)
                                {
                                        case OID_SUBJECT_KEY_ID:
-                                               this->subjectKeyID = parse_keyIdentifier(object, level, FALSE);
+                                               if (!asn1_parse_simple_object(&object, ASN1_OCTET_STRING,
+                                                                                                         level, "keyIdentifier"))
+                                               {
+                                                       goto end;
+                                               }
+                                               this->subjectKeyID = object;
                                                break;
                                        case OID_SUBJECT_ALT_NAME:
-                                               x509_parse_generalNames(object, level, FALSE, this->subjectAltNames);
+                                               x509_parse_generalNames(object, level, FALSE,
+                                                                                               this->subjectAltNames);
                                                break;
                                        case OID_BASIC_CONSTRAINTS:
                                                if (parse_basicConstraints(object, level))
index ade3e0f..15ca74b 100644 (file)
@@ -169,7 +169,8 @@ static const asn1Object_t crlObjects[] = {
        { 3,       "end loop",                          ASN1_EOC,          ASN1_END  }, /* 25 */
        { 2,     "end opt",                                     ASN1_EOC,          ASN1_END  }, /* 26 */
        { 1,   "signatureAlgorithm",            ASN1_EOC,          ASN1_RAW  }, /* 27 */
-       { 1,   "signatureValue",                        ASN1_BIT_STRING,   ASN1_BODY }  /* 28 */
+       { 1,   "signatureValue",                        ASN1_BIT_STRING,   ASN1_BODY }, /* 28 */
+       { 0, "exit",                                            ASN1_EOC,                  ASN1_EXIT }
 };
 #define CRL_OBJ_TBS_CERT_LIST                   1
 #define CRL_OBJ_VERSION                                         2
@@ -187,7 +188,6 @@ static const asn1Object_t crlObjects[] = {
 #define CRL_OBJ_EXTN_VALUE                             24
 #define CRL_OBJ_ALGORITHM                              27
 #define CRL_OBJ_SIGNATURE                              28
-#define CRL_OBJ_ROOF                                   29
 
 /**
  *  Parses an X.509 Certificate Revocation List (CRL)
@@ -204,7 +204,7 @@ static bool parse(private_x509_crl_t *this)
        bool critical;
        revoked_t *revoked = NULL;
 
-       parser = asn1_parser_create(crlObjects, CRL_OBJ_ROOF, this->encoding);
+       parser = asn1_parser_create(crlObjects, this->encoding);
 
        while (parser->iterate(parser, &objectID, &object))
        {
index bcfc0f5..8ba3110 100644 (file)
@@ -282,7 +282,8 @@ static const asn1Object_t singleResponseObjects[] = {
                                                                                                                                ASN1_DEF  }, /* 24 */
        { 4,         "extnValue",                       ASN1_OCTET_STRING,              ASN1_BODY }, /* 25 */
        { 2,     "end loop",                            ASN1_EOC,                               ASN1_END  }, /* 26 */
-       { 1,   "end opt",                                       ASN1_EOC,                               ASN1_END  }  /* 27 */
+       { 1,   "end opt",                                       ASN1_EOC,                               ASN1_END  }, /* 27 */
+       { 0, "exit",                                            ASN1_EOC,                               ASN1_EXIT }
 };
 #define SINGLE_RESPONSE_ALGORITHM                                       2
 #define SINGLE_RESPONSE_ISSUER_NAME_HASH                        3
@@ -298,7 +299,6 @@ static const asn1Object_t singleResponseObjects[] = {
 #define SINGLE_RESPONSE_EXT_ID                                         23
 #define SINGLE_RESPONSE_CRITICAL                                       24
 #define SINGLE_RESPONSE_EXT_VALUE                                      25
-#define SINGLE_RESPONSE_ROOF                                           28
 
 /**
  * Parse a single OCSP response
@@ -325,8 +325,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this,
        /* if nextUpdate is missing, we give it a short lifetime */
        response->nextUpdate = this->producedAt + OCSP_DEFAULT_LIFETIME;
 
-       parser = asn1_parser_create(singleResponseObjects, SINGLE_RESPONSE_ROOF,
-                                                               blob);
+       parser = asn1_parser_create(singleResponseObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -393,12 +392,12 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this,
  * ASN.1 definition of responses
  */
 static const asn1Object_t responsesObjects[] = {
-       { 0, "responses",                       ASN1_SEQUENCE,  ASN1_LOOP }, /*  0 */
-       { 1,   "singleResponse",        ASN1_EOC,               ASN1_RAW  }, /*  1 */
-       { 0, "end loop",                        ASN1_EOC,               ASN1_END  }  /*  2 */
+       { 0, "responses",                       ASN1_SEQUENCE,  ASN1_LOOP }, /* 0 */
+       { 1,   "singleResponse",        ASN1_EOC,               ASN1_RAW  }, /* 1 */
+       { 0, "end loop",                        ASN1_EOC,               ASN1_END  }, /* 2 */
+       { 0, "exit",                            ASN1_EOC,               ASN1_EXIT }
 };
 #define RESPONSES_SINGLE_RESPONSE      1
-#define RESPONSES_ROOF                         3
 
 /**
  * Parse all responses
@@ -411,7 +410,7 @@ static bool parse_responses(private_x509_ocsp_response_t *this,
        int objectID;
        bool success = FALSE;
        
-       parser = asn1_parser_create(responsesObjects, RESPONSES_ROOF, blob);
+       parser = asn1_parser_create(responsesObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -468,7 +467,8 @@ static const asn1Object_t basicResponseObjects[] = {
        { 2,     "certs",                                               ASN1_SEQUENCE,                  ASN1_LOOP }, /* 23 */
        { 3,       "certificate",                               ASN1_SEQUENCE,                  ASN1_RAW  }, /* 24 */
        { 2,     "end loop",                                    ASN1_EOC,                               ASN1_END  }, /* 25 */
-       { 1,   "end opt",                                               ASN1_EOC,                               ASN1_END  }  /* 26 */
+       { 1,   "end opt",                                               ASN1_EOC,                               ASN1_END  }, /* 26 */
+       { 0, "exit",                                                    ASN1_EOC,                               ASN1_EXIT }
 };
 #define BASIC_RESPONSE_TBS_DATA                 1
 #define BASIC_RESPONSE_VERSION          3
@@ -482,7 +482,6 @@ static const asn1Object_t basicResponseObjects[] = {
 #define BASIC_RESPONSE_ALGORITHM       20
 #define BASIC_RESPONSE_SIGNATURE       21
 #define BASIC_RESPONSE_CERTIFICATE     24
-#define BASIC_RESPONSE_ROOF                    27
 
 /**
  * Parse a basicOCSPResponse
@@ -500,7 +499,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
        bool success = FALSE;
        bool critical;
        
-       parser = asn1_parser_create(basicResponseObjects, BASIC_RESPONSE_ROOF, blob);
+       parser = asn1_parser_create(basicResponseObjects, blob);
        parser->set_top_level(parser, level0);
 
        while (parser->iterate(parser, &objectID, &object))
@@ -592,18 +591,18 @@ end:
  * ASN.1 definition of ocspResponse
  */
 static const asn1Object_t ocspResponseObjects[] = {
-       { 0, "OCSPResponse",                    ASN1_SEQUENCE,          ASN1_NONE }, /*  0 */
-       { 1,   "responseStatus",                ASN1_ENUMERATED,        ASN1_BODY }, /*  1 */
-       { 1,   "responseBytesContext",  ASN1_CONTEXT_C_0,       ASN1_OPT  }, /*  2 */
-       { 2,     "responseBytes",               ASN1_SEQUENCE,          ASN1_NONE }, /*  3 */
-       { 3,       "responseType",              ASN1_OID,                       ASN1_BODY }, /*  4 */
-       { 3,       "response",                  ASN1_OCTET_STRING,      ASN1_BODY }, /*  5 */
-       { 1,   "end opt",                               ASN1_EOC,                       ASN1_END  }  /*  6 */
+       { 0, "OCSPResponse",                    ASN1_SEQUENCE,          ASN1_NONE }, /* 0 */
+       { 1,   "responseStatus",                ASN1_ENUMERATED,        ASN1_BODY }, /* 1 */
+       { 1,   "responseBytesContext",  ASN1_CONTEXT_C_0,       ASN1_OPT  }, /* 2 */
+       { 2,     "responseBytes",               ASN1_SEQUENCE,          ASN1_NONE }, /* 3 */
+       { 3,       "responseType",              ASN1_OID,                       ASN1_BODY }, /* 4 */
+       { 3,       "response",                  ASN1_OCTET_STRING,      ASN1_BODY }, /* 5 */
+       { 1,   "end opt",                               ASN1_EOC,                       ASN1_END  }, /* 6 */
+       { 0, "exit",                                    ASN1_EOC,                       ASN1_EXIT }
 };
 #define OCSP_RESPONSE_STATUS   1
 #define OCSP_RESPONSE_TYPE             4
 #define OCSP_RESPONSE                  5
-#define OCSP_RESPONSE_ROOF             7
 
 /**
  * Parse OCSPResponse object
@@ -617,8 +616,7 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this)
        bool success = FALSE;
        ocsp_status_t status;
 
-       parser = asn1_parser_create(ocspResponseObjects, OCSP_RESPONSE_ROOF,
-                                                               this->encoding);
+       parser = asn1_parser_create(ocspResponseObjects, this->encoding);
 
        while (parser->iterate(parser, &objectID, &object))
        {