diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-21 16:50:22 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-22 10:32:52 +0100 |
commit | 4ea99d10f844aa93e78a9dff81ca38616701ceeb (patch) | |
tree | f7963651f9d6e9b78cd05c82ebbed77032c2402d | |
parent | 5b42ce9c4e39a436d0129f3a6ef9ff47a4a8e1ac (diff) | |
download | gnutls-tmp-minimize-pkix-asn.tar.gz |
Removed unnecessary entries in pkix.asn and gnutls.asntmp-minimize-pkix-asn
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/gnutls.asn | 6 | ||||
-rw-r--r-- | lib/gnutls_asn1_tab.c | 4 | ||||
-rw-r--r-- | lib/pkix.asn | 109 | ||||
-rw-r--r-- | lib/pkix_asn1_tab.c | 89 |
4 files changed, 37 insertions, 171 deletions
diff --git a/lib/gnutls.asn b/lib/gnutls.asn index 744403403a..cce748d52b 100644 --- a/lib/gnutls.asn +++ b/lib/gnutls.asn @@ -60,13 +60,11 @@ AlgorithmIdentifier ::= SEQUENCE { DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, - digest Digest + digest OCTET STRING } DigestAlgorithmIdentifier ::= AlgorithmIdentifier -Digest ::= OCTET STRING - DSAPublicKey ::= INTEGER DSAParameters ::= SEQUENCE { @@ -98,8 +96,6 @@ DHParameter ::= SEQUENCE { } -- ECC from RFC5480 -ECPoint ::= OCTET STRING - ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER } diff --git a/lib/gnutls_asn1_tab.c b/lib/gnutls_asn1_tab.c index bc0e85ef5d..4d69728163 100644 --- a/lib/gnutls_asn1_tab.c +++ b/lib/gnutls_asn1_tab.c @@ -41,9 +41,8 @@ const asn1_static_node gnutls_asn1_tab[] = { { "algorithm", 1, NULL }, { "DigestInfo", 1610612741, NULL }, { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, - { "digest", 2, "Digest"}, + { "digest", 7, NULL }, { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - { "Digest", 1073741831, NULL }, { "DSAPublicKey", 1073741827, NULL }, { "DSAParameters", 1610612741, NULL }, { "p", 1073741827, NULL }, @@ -65,7 +64,6 @@ const asn1_static_node gnutls_asn1_tab[] = { { "prime", 1073741827, NULL }, { "base", 1073741827, NULL }, { "privateValueLength", 16387, NULL }, - { "ECPoint", 1073741831, NULL }, { "ECParameters", 1610612754, NULL }, { "namedCurve", 12, NULL }, { "ECPrivateKey", 1610612741, NULL }, diff --git a/lib/pkix.asn b/lib/pkix.asn index 5ea07ca7a2..1113355e0b 100644 --- a/lib/pkix.asn +++ b/lib/pkix.asn @@ -6,11 +6,6 @@ DEFINITIONS IMPLICIT TAGS ::= BEGIN -- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules. - -id-pkix OBJECT IDENTIFIER ::= - { iso(1) identified-organization(3) dod(6) internet(1) - security(5) mechanisms(5) pkix(7) } - -- ISO arc for standard certificate and CRL extensions -- authority key identifier OID and syntax @@ -20,17 +15,15 @@ PrivateKeyUsagePeriod ::= SEQUENCE { notAfter [1] GeneralizedTime OPTIONAL } AuthorityKeyIdentifier ::= SEQUENCE { - keyIdentifier [0] KeyIdentifier OPTIONAL, + keyIdentifier [0] OCTET STRING OPTIONAL, --KeyIdentifier authorityCertIssuer [1] GeneralNames OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } -- authorityCertIssuer and authorityCertSerialNumber shall both -- be present or both be absgent -KeyIdentifier ::= OCTET STRING - -- subject key identifier OID and syntax -SubjectKeyIdentifier ::= KeyIdentifier +SubjectKeyIdentifier ::= OCTET STRING -- key usage extension OID and syntax @@ -59,7 +52,7 @@ GeneralName ::= CHOICE { dNSName [2] IA5String, x400Address [3] ANY, -- Changed to work with the libtasn1 parser. - directoryName [4] EXPLICIT RDNSequence, --Name, + directoryName [4] EXPLICIT SEQUENCE OF RelativeDistinguishedName, --Name, ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, @@ -101,9 +94,7 @@ ReasonFlags ::= BIT STRING -- extended key usage extension OID and syntax -ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - -KeyPurposeId ::= OBJECT IDENTIFIER +ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER --ExtKeyUsageSyntax -- authority info access @@ -129,59 +120,28 @@ AccessDescription ::= SEQUENCE { -- attribute data types -- Attribute ::= SEQUENCE { - type AttributeType, - values SET OF AttributeValue + type OBJECT IDENTIFIER, -- AttributeType + values SET OF ANY -- AttributeValue -- at least one value is required -- } -AttributeType ::= OBJECT IDENTIFIER +-- AttributeType ::= OBJECT IDENTIFIER -AttributeValue ::= ANY DEFINED BY type +-- AttributeValue ::= ANY DEFINED BY type AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - --- suggested naming attributes: Definition of the following --- information object set may be augmented to meet local --- requirements. Note that deleting members of the set may --- prevent interoperability with conforming implementations. --- presented in pairs: the AttributeType followed by the --- type definition for the corresponding AttributeValue - --- Arc for standard naming attributes -id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} - --- Attributes of type NameDirectoryString - --- gnutls: Note that the Object ID (id-at*) is being set just before the --- actual definition. This is done in order for asn1_find_structure_from_oid --- to work (locate structure from OID). --- Maybe this is inefficient and memory consuming. Should we replace with --- a table that maps OIDs to structures? - --- PostalAddress ::= SEQUENCE OF DirectoryString - - -- Legacy attributes - -emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 } - --- Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length)) - --- naming data types -- + type OBJECT IDENTIFIER, -- AttributeType + value ANY } -- AttributeValue Name ::= CHOICE { -- only one possibility for now -- - rdnSequence RDNSequence } - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + rdnSequence SEQUENCE OF RelativeDistinguishedName } -DistinguishedName ::= RDNSequence +DistinguishedName ::= SEQUENCE OF RelativeDistinguishedName -- RDNSequence RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue - -- -------------------------------------------------------- -- certificate and CRL specific structures begin here -- -------------------------------------------------------- @@ -290,36 +250,9 @@ Dss-Parms ::= SEQUENCE { q INTEGER, g INTEGER } --- x400 address syntax starts here --- OR Names - -CountryName ::= [APPLICATION 1] CHOICE { - x121-dcc-code NumericString - (SIZE (ub-country-name-numeric-length)), - iso-3166-alpha2-code PrintableString - (SIZE (ub-country-name-alpha-length)) } - -OrganizationName ::= PrintableString - (SIZE (1..ub-organization-name-length)) --- see also teletex-organization-name - -NumericUserIdentifier ::= NumericString - (SIZE (1..ub-numeric-user-id-length)) - --- see also teletex-personal-name - -OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) - OF OrganizationalUnitName --- see also teletex-organizational-unit-names - -OrganizationalUnitName ::= PrintableString (SIZE - (1..ub-organizational-unit-name-length)) - -- Extension types and attribute values -- -CommonName ::= PrintableString - -- END of PKIX1Implicit88 @@ -385,7 +318,7 @@ SignedAttributes ::= SET SIZE (1..MAX) OF Attribute SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, - subjectKeyIdentifier [0] SubjectKeyIdentifier + subjectKeyIdentifier [0] OCTET STRING } pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo @@ -645,7 +578,7 @@ ResponseData ::= SEQUENCE { ResponderID ::= CHOICE { -- Changed to work with the libtasn1 parser. - byName [1] EXPLICIT RDNSequence, --Name + byName [1] EXPLICIT SEQUENCE OF RelativeDistinguishedName, --Name byKey [2] EXPLICIT OCTET STRING --SHA-1 hash of responder's public key } @@ -663,24 +596,12 @@ CertStatus ::= CHOICE { RevokedInfo ::= SEQUENCE { revocationTime GeneralizedTime, - revocationReason [0] EXPLICIT CRLReason OPTIONAL } + revocationReason [0] EXPLICIT ENUMERATED { unspecified(0) } OPTIONAL } UnknownInfo ::= NULL -- this can be replaced with an enumeration -- rfc5280 -CRLReason ::= ENUMERATED { - unspecified (0), - keyCompromise (1), - cACompromise (2), - affiliationChanged (3), - superseded (4), - cessationOfOperation (5), - certificateHold (6), - removeFromCRL (8), - privilegeWithdrawn (9), - aACompromise (10) } - NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c index 7ff417ab9e..e8719152a0 100644 --- a/lib/pkix_asn1_tab.c +++ b/lib/pkix_asn1_tab.c @@ -7,28 +7,19 @@ const asn1_static_node pkix_asn1_tab[] = { { "PKIX1", 536875024, NULL }, { NULL, 1073741836, NULL }, - { "id-pkix", 1879048204, NULL }, - { "iso", 1073741825, "1"}, - { "identified-organization", 1073741825, "3"}, - { "dod", 1073741825, "6"}, - { "internet", 1073741825, "1"}, - { "security", 1073741825, "5"}, - { "mechanisms", 1073741825, "5"}, - { "pkix", 1, "7"}, { "PrivateKeyUsagePeriod", 1610612741, NULL }, { "notBefore", 1610637349, NULL }, { NULL, 4104, "0"}, { "notAfter", 536895525, NULL }, { NULL, 4104, "1"}, { "AuthorityKeyIdentifier", 1610612741, NULL }, - { "keyIdentifier", 1610637314, "KeyIdentifier"}, + { "keyIdentifier", 1610637319, NULL }, { NULL, 4104, "0"}, { "authorityCertIssuer", 1610637314, "GeneralNames"}, { NULL, 4104, "1"}, { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, { NULL, 4104, "2"}, - { "KeyIdentifier", 1073741831, NULL }, - { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, + { "SubjectKeyIdentifier", 1073741831, NULL }, { "KeyUsage", 1073741830, NULL }, { "DirectoryString", 1610612754, NULL }, { "teletexString", 1612709918, NULL }, @@ -56,8 +47,9 @@ const asn1_static_node pkix_asn1_tab[] = { { NULL, 4104, "2"}, { "x400Address", 1610620941, NULL }, { NULL, 4104, "3"}, - { "directoryName", 1610620930, "RDNSequence"}, - { NULL, 2056, "4"}, + { "directoryName", 1610620939, NULL }, + { NULL, 1073743880, "4"}, + { NULL, 2, "RelativeDistinguishedName"}, { "ediPartyName", 1610620941, NULL }, { NULL, 4104, "5"}, { "uniformResourceIdentifier", 1610620957, NULL }, @@ -95,8 +87,7 @@ const asn1_static_node pkix_asn1_tab[] = { { "ReasonFlags", 1073741830, NULL }, { "ExtKeyUsageSyntax", 1612709899, NULL }, { "MAX", 1074266122, "1"}, - { NULL, 2, "KeyPurposeId"}, - { "KeyPurposeId", 1073741836, NULL }, + { NULL, 12, NULL }, { "AuthorityInfoAccessSyntax", 1612709899, NULL }, { "MAX", 1074266122, "1"}, { NULL, 2, "AccessDescription"}, @@ -104,32 +95,17 @@ const asn1_static_node pkix_asn1_tab[] = { { "accessMethod", 1073741836, NULL }, { "accessLocation", 2, "GeneralName"}, { "Attribute", 1610612741, NULL }, - { "type", 1073741826, "AttributeType"}, + { "type", 1073741836, NULL }, { "values", 536870927, NULL }, - { NULL, 2, "AttributeValue"}, - { "AttributeType", 1073741836, NULL }, - { "AttributeValue", 1614807053, NULL }, - { "type", 1, NULL }, + { NULL, 13, NULL }, { "AttributeTypeAndValue", 1610612741, NULL }, - { "type", 1073741826, "AttributeType"}, - { "value", 2, "AttributeValue"}, - { "id-at", 1879048204, NULL }, - { "joint-iso-ccitt", 1073741825, "2"}, - { "ds", 1073741825, "5"}, - { NULL, 1, "4"}, - { "emailAddress", 1880096780, "AttributeType"}, - { "iso", 1073741825, "1"}, - { "member-body", 1073741825, "2"}, - { "us", 1073741825, "840"}, - { "rsadsi", 1073741825, "113549"}, - { "pkcs", 1073741825, "1"}, - { NULL, 1073741825, "9"}, - { NULL, 1, "1"}, + { "type", 1073741836, NULL }, + { "value", 13, NULL }, { "Name", 1610612754, NULL }, - { "rdnSequence", 2, "RDNSequence"}, - { "RDNSequence", 1610612747, NULL }, + { "rdnSequence", 536870923, NULL }, + { NULL, 2, "RelativeDistinguishedName"}, + { "DistinguishedName", 1610612747, NULL }, { NULL, 2, "RelativeDistinguishedName"}, - { "DistinguishedName", 1073741826, "RDNSequence"}, { "RelativeDistinguishedName", 1612709903, NULL }, { "MAX", 1074266122, "1"}, { NULL, 2, "AttributeTypeAndValue"}, @@ -209,22 +185,6 @@ const asn1_static_node pkix_asn1_tab[] = { { "p", 1073741827, NULL }, { "q", 1073741827, NULL }, { "g", 3, NULL }, - { "CountryName", 1610620946, NULL }, - { NULL, 1073746952, "1"}, - { "x121-dcc-code", 1612709916, NULL }, - { NULL, 1048586, "ub-country-name-numeric-length"}, - { "iso-3166-alpha2-code", 538968095, NULL }, - { NULL, 1048586, "ub-country-name-alpha-length"}, - { "OrganizationName", 1612709919, NULL }, - { "ub-organization-name-length", 524298, "1"}, - { "NumericUserIdentifier", 1612709916, NULL }, - { "ub-numeric-user-id-length", 524298, "1"}, - { "OrganizationalUnitNames", 1612709899, NULL }, - { "ub-organizational-units", 1074266122, "1"}, - { NULL, 2, "OrganizationalUnitName"}, - { "OrganizationalUnitName", 1612709919, NULL }, - { "ub-organizational-unit-name-length", 524298, "1"}, - { "CommonName", 1073741855, NULL }, { "pkcs-7-ContentInfo", 1610612741, NULL }, { "contentType", 1073741836, NULL }, { "content", 541073421, NULL }, @@ -272,7 +232,7 @@ const asn1_static_node pkix_asn1_tab[] = { { NULL, 2, "Attribute"}, { "SignerIdentifier", 1610612754, NULL }, { "issuerAndSerialNumber", 1073741826, "IssuerAndSerialNumber"}, - { "subjectKeyIdentifier", 536879106, "SubjectKeyIdentifier"}, + { "subjectKeyIdentifier", 536879111, NULL }, { NULL, 4104, "0"}, { "pkcs-7-SignerInfos", 1610612751, NULL }, { NULL, 2, "pkcs-7-SignerInfo"}, @@ -488,8 +448,9 @@ const asn1_static_node pkix_asn1_tab[] = { { "responseExtensions", 536895490, "Extensions"}, { NULL, 2056, "1"}, { "ResponderID", 1610612754, NULL }, - { "byName", 1610620930, "RDNSequence"}, - { NULL, 2056, "1"}, + { "byName", 1610620939, NULL }, + { NULL, 1073743880, "1"}, + { NULL, 2, "RelativeDistinguishedName"}, { "byKey", 536879111, NULL }, { NULL, 2056, "2"}, { "SingleResponse", 1610612741, NULL }, @@ -509,20 +470,10 @@ const asn1_static_node pkix_asn1_tab[] = { { NULL, 4104, "2"}, { "RevokedInfo", 1610612741, NULL }, { "revocationTime", 1073741861, NULL }, - { "revocationReason", 536895490, "CRLReason"}, - { NULL, 2056, "0"}, + { "revocationReason", 537157653, NULL }, + { NULL, 1073743880, "0"}, + { "unspecified", 1, "0"}, { "UnknownInfo", 1073741844, NULL }, - { "CRLReason", 1610874901, NULL }, - { "unspecified", 1073741825, "0"}, - { "keyCompromise", 1073741825, "1"}, - { "cACompromise", 1073741825, "2"}, - { "affiliationChanged", 1073741825, "3"}, - { "superseded", 1073741825, "4"}, - { "cessationOfOperation", 1073741825, "5"}, - { "certificateHold", 1073741825, "6"}, - { "removeFromCRL", 1073741825, "8"}, - { "privilegeWithdrawn", 1073741825, "9"}, - { "aACompromise", 1, "10"}, { "NameConstraints", 1610612741, NULL }, { "permittedSubtrees", 1610637314, "GeneralSubtrees"}, { NULL, 4104, "0"}, |