All of ROA, MFT, ASPA, and RSC define their respective 'version' field

in ASN.1 as following: "version [0] INTEGER DEFAULT 0,". Each object
profile preamble contains "DEFINITIONS EXPLICIT TAGS ::=".

We didn't bump into any issue yet, because all Signed Objects are at
version 0, which means the field is entirely omitted (including the tag,
be it implicit or explicit). (From X.690 section 11.5: "The encoding of
a set value or a sequence value shall not include an encoding for any
component value which is equal to its default value.")

OK tb@

4 files changed, 8 insertions, 8 deletions

diff --git a/usr.sbin/rpki-client/aspa.c b/usr.sbin/rpki-client/aspa.c
index f3ca518353b..c23054bc863 100644
--- a/usr.sbin/rpki-client/aspa.c
+++ b/usr.sbin/rpki-client/aspa.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: aspa.c,v 1.4 2022/09/05 18:07:04 tb Exp $ */
+/*	$OpenBSD: aspa.c,v 1.5 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -71,7 +71,7 @@ typedef struct {
 } ASProviderAttestation;
 
 ASN1_SEQUENCE(ASProviderAttestation) = {
-	ASN1_IMP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(ASProviderAttestation, version, ASN1_INTEGER, 0),
 	ASN1_SIMPLE(ASProviderAttestation, customerASID, ASN1_INTEGER),
 	ASN1_SEQUENCE_OF(ASProviderAttestation, providers, ProviderAS),
 } ASN1_SEQUENCE_END(ASProviderAttestation);
diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index 8631071e753..69f14bb30e7 100644
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mft.c,v 1.74 2022/08/30 18:56:49 job Exp $ */
+/*	$OpenBSD: mft.c,v 1.75 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -78,7 +78,7 @@ ASN1_SEQUENCE(FileAndHash) = {
 } ASN1_SEQUENCE_END(FileAndHash);
 
 ASN1_SEQUENCE(Manifest) = {
-	ASN1_IMP_OPT(Manifest, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(Manifest, version, ASN1_INTEGER, 0),
 	ASN1_SIMPLE(Manifest, manifestNumber, ASN1_INTEGER),
 	ASN1_SIMPLE(Manifest, thisUpdate, ASN1_GENERALIZEDTIME),
 	ASN1_SIMPLE(Manifest, nextUpdate, ASN1_GENERALIZEDTIME),
diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index 4846d6fe26a..93a7cdabf72 100644
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: roa.c,v 1.52 2022/09/03 14:40:09 job Exp $ */
+/*	$OpenBSD: roa.c,v 1.53 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -86,7 +86,7 @@ ASN1_SEQUENCE(ROAIPAddressFamily) = {
 } ASN1_SEQUENCE_END(ROAIPAddressFamily);
 
 ASN1_SEQUENCE(RouteOriginAttestation) = {
-	ASN1_IMP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(RouteOriginAttestation, version, ASN1_INTEGER, 0),
 	ASN1_SIMPLE(RouteOriginAttestation, asid, ASN1_INTEGER),
 	ASN1_SEQUENCE_OF(RouteOriginAttestation, ipAddrBlocks,
 	    ROAIPAddressFamily),
diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c
index 6725287ea63..edc727527c2 100644
--- a/usr.sbin/rpki-client/rsc.c
+++ b/usr.sbin/rpki-client/rsc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsc.c,v 1.15 2022/09/03 14:40:09 job Exp $ */
+/*	$OpenBSD: rsc.c,v 1.16 2022/10/13 04:43:32 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
@@ -114,7 +114,7 @@ typedef struct {
 } RpkiSignedChecklist;
 
 ASN1_SEQUENCE(RpkiSignedChecklist) = {
-	ASN1_IMP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(RpkiSignedChecklist, version, ASN1_INTEGER, 0),
 	ASN1_SIMPLE(RpkiSignedChecklist, resources, ResourceBlock),
 	ASN1_SIMPLE(RpkiSignedChecklist, digestAlgorithm, X509_ALGOR),
 	ASN1_SEQUENCE_OF(RpkiSignedChecklist, checkList, FileNameAndHash),