ChangeLog   [plain text]

2008-04-09  Love Hörnquist Åstrand  <>

	* pkinit.asn1: add id-pkinit-kdf

	* pkinit.asn1: add PkinitSP80056AOtherInfo

2008-04-07  Love Hörnquist Åstrand  <>

	* gen.c: Use unsigned where appropriate.

2008-03-22  Love Hörnquist Åstrand  <>

	* k5.asn1: Match name in ClientCanonicalizedNames with -10

	* k5.asn1: add referral-valid-until

2008-01-13  Love Hörnquist Åstrand  <>

	* asn1-common.h gen.c der.c gen_encode.c: add and use der_{malloc,free}

2007-12-13  Love Hörnquist Åstrand  <>

	* libasn1.h: remove, not used.

2007-12-04  Love Hörnquist Åstrand  <>

	* Add DigestTypes, add --seq to antoher type.

	* digest.asn1: Add supportedMechs request.

2007-10-18  Love Hörnquist Åstrand  <>

	* k5.asn1: Some "old" windows enctypes. From Andy Polyakov.

2007-07-23  Love Hörnquist Åstrand  <>

	* Fold in pk-init-alg-agilty.

	* pkinit.asn1: Fold in pk-init-alg-agilty.

2007-07-16  Love Hörnquist Åstrand  <>

	* parse.y: Passe object id is its part of the module defintion

2007-07-14  Love Hörnquist Åstrand  <>

	* check-gen.c: test SEQ OF SIZE (...)

	* Include more sizeof tests.

2007-07-12  Love Hörnquist Åstrand  <>

	* try to avoid aliasing of pointers enum {} vs int

2007-07-10  Love Hörnquist Åstrand  <>

	* test.asn1: Test SIZE attribute for SEQ and OCTET STRING

	* parse.y (OctetStringType): add SIZE to OCTET STRING.

	* New library version.

2007-07-02  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: Re-add size limits.

	* k5.asn1: Add size limits from RFC 4120.

	* gen_decode.c: Check range on SEQ OF and OCTET STRING.

	* (min|max|exact) constraints.

	* parse.y: Parse size limitations to SEQ OF.

2007-06-28  Love Hörnquist Åstrand  <>

	* Add AuthorityInfoAccessSyntax.

	* rfc2459.asn1: Add AuthorityInfoAccessSyntax.

	* rfc2459.asn1: Add authorityInfoAccess, rename proxyCertInfo.

	* Add authorityInfoAccess, rename proxyCertInfo.

2007-06-27  Love Hörnquist Åstrand  <>

	* der_get.c (der_get_time): avoid using wrapping of octet_string
	and realloc.

	* der_get.c: No need to undef timetm, we don't use it any more.

	* timegm.c: Fix spelling caused by too much query-replace.

	* gen.c: Include <limits.h> for UINT_MAX.

	* gen_decode.c: Check for multipication overrun.

	* gen_encode.c: Paranoia check in buffer overun in output

	* check-der.c: Test boolean.

	* check-der.c: test universal strings.

	* check-der.c: Test failure cases for der_get_tag.

	* check-der.c: test dates from last century.

	* check-der.c: Move zero length integercheck to a better place.

	* check-der.c: Test zero length integer.

2007-06-18  Love Hörnquist Åstrand  <>

	* check-der.c: Init data to something.

2007-06-15  Love Hörnquist Åstrand  <>


2007-06-13  Love Hörnquist Åstrand  <>

	* pkinit.asn1: Make the pkinit nonce signed (like the kerberos

2007-06-03  Love Hörnquist Åstrand  <>

	* check-der.c: Free more memory.

	* der_format.c: Don't accect zero length hex numbers.

	* check-der.c: Also free right memory.

	* main.c: Close asn1 file when done.

	* check-der.c: more check for der_parse_hex_heim_integer

	* der_format.c (der_parse_hex_heim_integer): check length before
	reading data.

	* check-gen.c (test_authenticator): free memory

2007-05-31  Love Hörnquist Åstrand  <>

	* add MS-UPN-SAN

	* pkinit.asn1: add MS-UPN-SAN

	* rfc2459.asn1: Do evil things to handle IMPLICIT encoded
	structures.  Add id-ms-client-authentication.

2007-05-30  Love Hörnquist Åstrand  <>

	* Add asn1_id_ms_cert_enroll_domaincontroller.x

2007-05-10  Love Hörnquist Åstrand  <>

	* gen.c: Add struct units; as a forward declaration. Pointed out
	by Marcus Watts.

	* rfc2459.asn1: Netscape extentions

	* add U.S. Federal PKI Common Policy Framework

	* rfc2459.asn1: add U.S. Federal PKI Common Policy Framework

2007-04-24  Love Hörnquist Åstrand  <>

	* gen_seq.c: Handle the case of resize to 0 and realloc that
	returns NULL.

	* check-gen.c (check_seq): free seq.

2007-04-19  Love Hörnquist Åstrand  <>

	* check-der.c (test_heim_oid_format_same): avoid leaking memory in
	the non failure case too

2007-04-16  Love Hörnquist Åstrand  <>

	* remove extra ^Q

2007-04-11  Love Hörnquist Åstrand  <>

	* der_get.c: Allow trailing NULs. We allow this since MIT Kerberos
	sends an strings in the NEED_PREAUTH case that includes a trailing

2007-02-17  Love Hörnquist Åstrand  <>

	* Add PA-ClientCanonicalized and friends.

	* k5.asn1: Add PA-ClientCanonicalized and friends.

2007-02-08  Love Hörnquist Åstrand  <>

	* check-der.c: Drop one over INT_MAX test-case.

2007-02-05  Love Hörnquist Åstrand  <>

	* pkinit.asn1: add id-pkinit-ms-eku

	* pkinit.asn1: fill in more bits of id-pkinit-ms-san

2007-02-02  Love Hörnquist Åstrand  <>

	* digest.asn1: rename hash-a1 to session key

2007-02-01  Love Hörnquist Åstrand  <>

	* digest.asn1: Add elements to send in requestResponse to KDC and
	get status of the request.

2007-01-31  Love Hörnquist Åstrand  <>

	* seq rules for CRLDistributionPoints

2007-01-30  Love Hörnquist Åstrand  <>

	* add CRLDistributionPoints and friends

2007-01-20  Love Hörnquist Åstrand  <>

	* check-der.c: check BMPstring oddlength more

	* check-der.c: Test for NUL char in string in GENERAL STRING.

	* der_get.c: Check for NUL characters in string and return
	ASN1_BAD_CHARACTER error-code if we find them.

	* Add BAD_CHARACTER error.

2007-01-16  Love Hörnquist Åstrand <>

	* Add id-at-streetAddress.

	* rfc2459.asn1: Add id-at-streetAddress.

2007-01-12  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: Add PKIXXmppAddr and id-pkix-on-xmppAddr.

2006-12-30  Love Hörnquist Åstrand  <>

	* Add id-pkix-kp oids.

	* rfc2459.asn1: Add id-pkix-kp oids.

2006-12-29  Love Hörnquist Åstrand  <>

	* gen_encode.c: Named bit strings have this horrible, disgusting,
	compress bits until they are no longer really there but stuff in
	an initial octet anyway encoding scheme. Try to get it right and
	calculate the initial octet runtime instead of compiletime.

	* check-gen.c: Check all other silly bitstring combinations.

	* Add --sequence=Extensions to rfc2459.

2006-12-28  Love Hörnquist Åstrand  <>

	* kx509.asn1: Add kx509.

	* Add kx509.

	* Add VisibleString parsing

2006-12-15  Love Hörnquist Åstrand  <>

	* Add ntlm files.

	* digest.asn1: Add bits for handling NTLM.

2006-12-08  Love Hörnquist Åstrand  <>

	* add pkix proxy cert policy lang oids

	* rfc2459.asn1: add pkix proxy cert policy lang oids

2006-12-07  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: unbreak id-pe-proxyCertInfo

	* rfc2459.asn1: Add id-pkix-on-dnsSRV and related oids

2006-11-28  Love Hörnquist Åstrand  <>

	* Add explicit depenency to LIB_roken for,
	make AIX happy.

2006-11-27  Love Hörnquist Åstrand  <>

	* der_format.c (der_print_heim_oid): oid with zero length is
	invalid, fail to print.

2006-11-24  Love Hörnquist Åstrand  <>

	* der_format.c (der_print_heim_oid): use delim when printing.

2006-11-21  Love Hörnquist Åstrand  <>

	* k5.asn1: Make KRB5-PADATA-S4U2SELF pa type 129.

2006-10-24  Love Hörnquist Åstrand  <>


2006-10-21  Love Hörnquist Åstrand  <>

	* check-gen.c: avoid leaking memory

	* check-der.c: avoid leaking memory

	* der_format.c (der_parse_heim_oid): avoid leaking memory

	* check-common.c: Print size_t as (unsigned long) and cast.

	* check-common.c: Try to align data, IA64's gets upset if its

	* lex.l: add missing */

	* lex.c: need %e for hpux lex

2006-10-20  Love Hörnquist Åstrand  <>

	* remove dups from gen_files_test, add check-timegm.

	* include more test.asn1 built files

	* More files, now for make check.

2006-10-19  Love Hörnquist Åstrand  <>

	* Add missing files

	* (asn1_compile_SOURCES): add gen_locl.h

	* check-timegm.c: Add check for _der_timegm.

	* der_get.c (generalizedtime2time): always use _der_timegm.

	* timegm.c: make more strict

	* der_locl.h: Rename timegm to _der_timegm.

2006-10-17  Love Hörnquist Åstrand  <>

	* timegm.c: vJust fail if tm_mon is out of range for now XXXX this
	is wrong.

2006-10-16  Love Hörnquist Åstrand  <>

	* extra depencies on der-protos.h

2006-10-14 Love Hörnquist Åstrand <>

	* check-der.c: Prefix primitive types with der_.

	* timegm.c: rename the buildin timegm to _der_timegm

	* heim_asn1.h: move prototype away from here.

	* der_format.c: Add der_parse_heim_oid

	* gen_free.c: prefix primitive types with der_

	* der_copy.c: prefix primitive types with der_

	* gen_length.c: prefix primitive types with der_

	* der_length.c: prefix primitive types with der_

	* der_cmp.c: prefix primitive types with der_

	* gen_free.c: prefix primitive types with der_

	* der_free.c: prefix primitive types with der_

	* gen_copy.c: prefix primitive types with der_

	* der_copy.c: rename copy_ to der_copy_

	* Add der-protos.h to nodist_include_HEADERS.

	* der.h: use newly built <der-protos.h>

	* Generate der prototypes.

	* gen.c: move any definitions here.

	* asn1-common.h: move any definitions here.

	* der.h: remove der_parse_oid prototype, it was never implemented.

	* der.h: New der_print_heim_oid signature.  Test

	* check-der.c: New der_print_heim_oid signature.  Test

2006-10-07  Love Hörnquist Åstrand <>

	* lex.l: Grow an even larger output table size.

	* split build files into dist_ and noinst_ SOURCES

2006-10-04  Love Hörnquist Åstrand  <>

	* gen_seq.c: In generation of remove_TYPE: if you just removed the
	last element, you must not memmove memory beyond the array.  From
	Andrew Bartlett

2006-10-01  Love Hörnquist Åstrand  <>

	* lex.l: Grow (%p, %a, %n) tables for Solaris 10 lex. From Harald

2006-09-24  Love Hörnquist Åstrand  <>

	* gen_decode.c (decode_type): drop unused variable realtype.

2006-09-11  Love Hörnquist Åstrand <>

	* Add KRB5SignedPath and friends.

	* k5.asn1: Add KRB5SignedPath and friends.

	* Add new sequence generation for GeneralNames.

2006-09-07  Love Hörnquist Åstrand  <>

	* CMS.asn1 (CMSVersion): rename versions from v0 to CMSVersion_v0,

2006-09-05  Love Hörnquist Åstrand  <>

	* Add TESTSeqOf for testing sequence generation code.

	* check-gen.c: Add sequence tests.

	* test.asn1: Add TESTSeqOf for testing sequence generation code.

	* gen_seq.c: fix warning.

	* gen_seq.c: make generated data work

	* setchgpw2.asn1: enctype is part of the krb5 module now, use that
	instead of locally defining it.

	* asn1_compile += gen_seq.c

	* gen_locl.h: add new prototypes, remove unused ones.

	* gen.c: Generate sequence function.

	* main.c: add --sequence

	* gen_seq.c: Add generated add_ and remove_ for "SEQUENCE OF
	TType". I'm tried of writing realloc(foo->data,
	sizeof(foo->data[0]) + (foo->len + 1)); Only generated for those
	type that is enabled by the command flag --sequence.

2006-08-25  Love Hörnquist Åstrand  <>

	* digest.asn1 (DigestRequest): add authid

	* digest.asn1: Comment describing on how to communicate the sasl
	int/conf mode.

2006-08-23  Love Hörnquist Åstrand  <>

	* digest.asn1: Add some missing fields needed for digest.

2006-08-21  Love Hörnquist Åstrand  <>

	* digest.asn1: Tweak to make consisten and more easier to use.

2006-07-20  Love Hörnquist Åstrand  <>

	* Remove CMS symmetric encryption support.  Add

	* digest.asn1: DigestProtocol

	* k5.asn1: Remove CMS symmetric encryption support.

2006-06-22  Love Hörnquist Åstrand  <>

	* check-der.c (check_fail_heim_integer): disable test

	* der_get.c (der_get_heim_integer): revert part of previous

	* der_get.c (der_get_heim_integer): Add more checks

	* asn1_print.c: Add printing of bignums and use der_print_heim_oid

	* check-der.c (test_heim_oid_format_same): add printing on failure

	* check-der.c: Add one check for heim_int, add checking for oid

2006-06-06  Love Hörnquist Åstrand  <>

	* Impersonation support bits (and sort)

	* k5.asn1: Impersonation support bits.

2006-05-13  Love Hörnquist Åstrand  <>

	* der_format.c (der_parse_hex_heim_integer): avoid shadowing.

2006-04-29  Love Hörnquist Åstrand  <>

	* Add ExternalPrincipalIdentifiers, shared between
	several elements.

	* pkinit.asn1: Add ExternalPrincipalIdentifiers, shared between
	several elements.

2006-04-28  Love Hörnquist Åstrand  <>

	* parse.y: Add missing ;'s, found by bison on a SuSE 8.2 machine.

2006-04-26  Love Hörnquist Åstrand  <>

	* Add definitions from RFC 3820, Proxy Certificate

	* rfc2459.asn1: Add definitions from RFC 3820, Proxy Certificate

2006-04-24  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: Add id-Userid

	* Add UID and email

	* pkcs9.asn1: Add id-pkcs9-emailAddress

	* Add attribute type oids from X520 and RFC 2247 DC

	* rfc2459.asn1: Add attribute type oids from X520 and RFC 2247 DC

2006-04-21  Love Hörnquist Åstrand <>

	* add sha-1 and sha-2

	* rfc2459.asn1: add sha-1 and sha-2

2006-04-15  Love Hörnquist Åstrand  <>

	* Add id-pkcs1-sha256WithRSAEncryption and friends

	* rfc2459.asn1: Add id-pkcs1-sha256WithRSAEncryption and friends

	* CMS.asn1: Turn CMSRC2CBCParameter.rc2ParameterVersion into a
	constrained integer

2006-04-08  Love Hörnquist Åstrand  <>

	* hash.c (hashtabnew): check for NULL before setting structure.
	Coverity, NetBSD CID#4

2006-03-31  Love Hörnquist Åstrand  <>

	* gen_files_rfc2459 += asn1_ExtKeyUsage.x

	* rfc2459.asn1: Add ExtKeyUsage.

	* gen.c (generate_header_of_codefile): remove unused variable.

2006-03-30  Love Hörnquist Åstrand  <>

	* gen.c: Put all the IMPORTed headers into the headerfile to avoid
	hidden depencies.

2006-03-27  Love Hörnquist Åstrand  <>

	* Add id-pkinit-ms-san.

	* pkinit.asn1: Add id-pkinit-ms-san.


2006-03-26  Love Hörnquist Åstrand  <>

	* Add pkinit-san.

	* pkinit.asn1: Rename id-pksan to id-pkinit-san

2006-03-08  Love Hörnquist Åstrand  <>

	* gen.c (init_generate): Nothing in the generated files needs
	timegm(), so no need to provide a prototype for it.

2006-02-13  Love Hörnquist Åstrand  <>

	* pkinit.asn1: paChecksum is now OPTIONAL so it can be upgraded to
	something better then SHA1

2006-01-31  Love Hörnquist Åstrand  <>

	* extra.c: Stub-generator now generates alloc statements for
	tagless ANY OPTIONAL, remove workaround.

	* check-gen.c: check for "tagless ANY OPTIONAL"

	* test.asn1: check for "tagless ANY OPTIONAL"

2006-01-30  Love Hörnquist Åstrand  <>

	* der.h: UniversalString and BMPString are both implemented.

	* der.h: Remove , after the last element of enum.

	* asn1_gen.c: Spelling.

2006-01-20  Love Hörnquist Åstrand <>

	* der_length.c (length_heim_integer): Try handle negative length
	of integers better.

	* der_get.c (der_get_heim_integer): handle negative integers.

	* check-der.c: check heim_integer.

2006-01-18  Love Hörnquist Åstrand <>

	* Its cRLReason, not cRLReasons

	* canthandle.asn1: "Allocation is done on CONTEXT tags" works just

	* rfc2459.asn1: Add CRL structures and OIDs.

	* Add CRL and TESTAlloc structures and OIDs.

	* check-gen.c: Check OPTIONAL context-tagless elements.

	* test.asn1: Check OPTIONAL context-tagless elements.

	* der_cmp.c (heim_integer_cmp): make it work with negative

2006-01-17  Love Hörnquist Åstrand  <>

	* check-der.c: check that der_parse_hex_heim_integer() handles odd
	length numbers.

	* der_format.c (der_parse_hex_heim_integer): make more resiliant
	to errors, handle odd length numbers.

2006-01-13  Love Hörnquist Åstrand  <>

	* Add RSAPrivateKey

	* rfc2459.asn1: Add RSAPrivateKey.

2006-01-05  Love Hörnquist Åstrand  <>

	* der_copy.c (copy_heim_integer): copy the negative flag

2005-12-14  Love Hörnquist Åstrand  <>

	* parse.y: Drop ExceptionSpec for now, its not used.

2005-12-06  Love Hörnquist Åstrand  <>

	* test.asn1: Add test string for constraints.

	* symbol.h: Add support for part of the Constraint-s

	* gen.c: Set new constraints pointer in Type to NULL for inline
	constructed types.

	* parse.y: Add support for parsing part of the Constraint-s

2005-10-29  Love Hörnquist Åstrand  <>

	* Add some X9.57 (DSA) oids, sort lines

	* rfc2459.asn1: Add some X9.57 (DSA) oids.

2005-10-07  Love Hörnquist Åstrand  <>

	* Remove pk-init-19 support.

	* pkinit.asn1: Fix comment

	* check-der.c: Add tests for parse and print functions for

	* Add parse and print functions for heim_integer.

	* der_format.c: Add parse and print functions for heim_integer.

	* der.h: Add parse and print functions for heim_integer.

2005-09-22  Love Hörnquist Åstrand  <>

	* (gen_files_rfc2459) += asn1_DHPublicKey.x

	* rfc2459.asn1: Add DHPublicKey, and INTEGER to for storing the DH
	public key in the SubjectPublicKeyInfo.subjectPublicKey BIT

2005-09-20  Love Hörnquist Åstrand  <>

	* gen_decode.c: TSequenceOf/TSetOf: Increase the length of the
	array after successful decoding the next element, so that the
	array don't contain heap-data.

2005-09-13  Love Hörnquist Åstrand  <>

	* check-der.c: Avoid empty array initiators.

	* pkcs8.asn1 (PKCS8PrivateKeyInfo): Inline SET OF to avoid
	compiler "feature"

	* check-common.c: Avoid signedness warnings.

	* check-common.h: Makes bytes native platform signed to avoid
	casting everywhere

	* check-der.c: Don't depend on malloc(very-very-larger-value) will
	fail.  Cast to unsigned long before printing size_t.

	* check-gen.c: Don't depend on malloc(very-very-larger-value) will

	* check-gen.c: Fix signedness warnings.

	* lex.l: unput() have to hanppen in actions for flex 2.5.31, can
	do them in user code sesction, so move up handle_comment and
	handle_string into action, not much sharing was done anyway.

2005-09-09  Love Hörnquist Åstrand  <>

	* check-der.c (test_one_int): len and len_len is size_t

2005-08-23  Love Hörnquist Åstrand  <>

	* gen_encode.c: Change name of oldret for each instance its used
	to avoid shadow warning. From: Stefan Metzmacher

	* gen_length.c: Change name of oldret for each instance its used
	to avoid shadow warning. From: Stefan Metzmacher

	* gen_decode.c: Change name of oldret for each instance its used
	to avoid shadow warning. From: Stefan Metzmacher

	* parse.y: Const poision yyerror.

	* gen.c: Const poision.

2005-08-22 Love Hörnquist Åstrand  <>

	* k5.asn1: Add KRB5-PADATA-PK-AS-09-BINDING, client send
	this (with an empty pa-data.padata-value) to tell the KDC that the
	client support the binding the PA-REP to the AS-REQ packet. This
	is to fix the problem lack of binding the AS-REQ to the PK-AS-REP
	in pre PK-INIT-27. The nonce is replaced with a asCheckSum.

2005-08-11 Love Hörnquist Åstrand  <>

	* canthandle.asn1: Allocation is done on CONTEXT tags.

	* asn1_gen.c: rename optind to optidx to avoid shadow warnings

2005-07-28  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: add id-rsadsi-rc2-cbc

	* add another oid for rc2

2005-07-27  Love Hörnquist Åstrand  <>

	* check-der.c: Make variable initiation constant by moving them to
	global context

	* check-gen.c: change to c89 comment

2005-07-27  Love Hörnquist Åstrand  <>

	* remove duplicate asn1_CMSAttributes.x

2005-07-26  Love Hörnquist Åstrand  <>

	* asn1_print.c: rename optind to optidx

	* Update to pkinit-27

	* pkinit.asn1: Update to pkinit-27

2005-07-25  Love Hörnquist Åstrand  <>

	* check-der.c: make it work for non c99 compilers too

	* check-der.c: start testing BIT STRING

	* der_cmp.c (heim_bit_string_cmp): try handle corner cases better

	* gen_free.c (free_type): free bignum integers

2005-07-23   Love Hörnquist Åstrand  <>

	* add PKCS12-OctetString

	* pkcs12.asn1: add PKCS12-OctetString

	* add new files

	* rfc2459.asn1: include SET OF in Attribute to make the type more

	* CMS.asn1: handle IMPLICIT and share some common structures

2005-07-21  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: Include enough workarounds that this even might

	* check-gen.c: Two implicit tests, one with all structures inlined

	* test.asn1: fix workaround for IMPLICIT CONS case

	* canthandle.asn1: fix workaround for IMPLICIT CONS case

	* asn1_print.c: hint that there are IMPLICIT content when we find

	* check-gen.c: Added #ifdef out test for IMPLICIT tagging.

	* test several IMPLICIT tag level deep

	* test.asn1: test several IMPLICIT tag level deep

	* test.asn1: tests for IMPLICIT

	* tests for IMPLICIT

	* canthandle.asn1: Expand on what is wrong with the IMPLICIT

	* rfc2459.asn1: some of the structure are in the IMPLICIT TAGS

2005-07-19  Love Hörnquist Åstrand  <>

	* asn1_print.c: print size_t by casting to unsigned long and use
	right printf format tags are unsigned integers

	* gen.c (generate_constant): oid elements are unsigned

	* gen_decode.c (decode_type): tagdatalen should be an size_t.

	* extra.c (decode_heim_any): tag is unsigned int.

	* der_get.c (der_match_tag): tag is unsigned int.

	* gen_length.c (length_type): cast size_t argument to unsigned
	long and use appropriate printf format

	* check-der.c (check_fail_bitstring): check for length overflow

	* der_get.c: rewrite integer overflow tests w/o SIZE_T_MAX

	* check-common.c (generic_decode_fail): only copy in if checklen
	its less then 0xffffff and larger than 0.

	* gen_decode.c (find_tag): find external references, we can't
	handle those, so tell user that instead of crashing

2005-07-18  Dave Love  <>

	* extra.c (free_heim_any_set): Fix return.

	* gen_decode.c (find_tag): Fix return in TType case.

2005-07-13  Love Hörnquist Åstrand  <>

	* gen_encode.c (TChoice): add () to make sure variable expression
	is evaluated correctly

	* gen_length.c (TChoice): add () to make sure variable expression
	is evaluated correctly

	* k5.asn1: reapply 1.43 that got lost in the merge: rename pvno to

2005-07-12  Love Hörnquist Åstrand  <>

	* gen_decode.c (decode_type): TChoice: set the label

	* check-gen.c (cmp_Name): do at least some checking

	* gen_locl.h: rename function filename() to get_filename() to
	avoid shadowing

	* lex.l: rename function filename() to get_filename() to avoid

	* gen.c: rename function filename() to get_filename() to avoid

	* check-der.c: add failure checks for large oid elements

	* check-gen.c: add failure checks for tag (and large tags)

	* der_get.c: Check for integer overflows in tags and oid elements.

2005-07-10  Assar Westerlund  <>

	* gen_decode.c: Fix decoding of choices to select which branch to
	try based on the tag and return an error if that branch fails.

	* check-gen.c: Fix short choice test cases.

2005-07-09  Assar Westerlund  <>

	* symbol.c:
	* parse.y:
	* main.c:
	* lex.l:
	* gen_length.c:
	* gen_free.c:
	* gen_encode.c:
	* gen_decode.c:
	* gen_copy.c:
	* gen.c:
	* extra.c:
	* check-gen.c:
	* check-der.c:
	* check-common.c:
	* asn1_print.c:
	* asn1_gen.c:
	Use emalloc, ecalloc, and estrdup.
	Check return value from asprintf.
	Make sure that malloc(0) returning NULL is not treated as an

2005-07-10  Love Hörnquist Åstrand  <>

	* check-gen.c: test cases for CHOICE, its too liberal right now,
	it don't fail hard on failure on after it successfully decoded the
	first tag in a choice branch

	* asn1_gen.c: calculate the basename for the output file,
	pretty-print tag number

	* test.gen: sample for asn1_gen

	* check-gen.c: check errors in SEQUENCE

	* build asn1_gen, TESTSeq and new, and class/type/tag
	string<->num converter.

	* test.asn1: TESTSeq, for testing SEQUENCE

	* asn1_gen.c: generator for asn1 data

	* asn1_print.c: use class/type/tag string<->num converter.

	* der.c: Add class/type/tag string<->num converter.

	* der.h: Add class/type/tag string<->num converter.
	Prototypes/structures for new time bits.

2005-07-09  Love Hörnquist Åstrand  <>

	* der_get.c (der_get_unsigned) check for length overflow
	(der_get_integer) ditto
	(der_get_general_string) ditto

	* der_get.c: check for overruns using SIZE_T_MAX

	* check-der.c: check BIT STRING and OBJECT IDENTIFIER error cases

	* check-common.c (generic_decode_fail): allocate 4K for the over
	sized memory test

	* der_get.c (der_get_oid): check for integer overruns and
	unterminated oid correctly

	* check-common.h (map_alloc, generic_decode_fail): prototypes

	* check-common.c (map_alloc): make input buffer const
	(generic_decode_fail): verify decoding failures

2005-07-05  Love Hörnquist Åstrand  <>

	* gen_encode.c: split up the printf for SET OF, also use the
	generate name for the symbol in the SET OF, if not, the name might
	contain non valid variable name characters (like -)

2005-07-04  Love Hörnquist Åstrand  <>

	* move pkcs12 defines into their own namespace

	* pkcs12.asn1: move pkcs12 defines into their own namespace

	* pkcs9.asn1: add PKCS9-friendlyName with workaround for SET OF

	* heim_asn1.h: reuse heim_octet_string for heim_any types

	* main.c: use optidx, handle the case where name is missing and
	use base of filename then

	* asn1-common.h: include ASN1_MALLOC_ENCODE

	* gen_decode.c: use less context so lower indentention level, add
	missing {} where needed

2005-07-02  Love Hörnquist Åstrand  <>

	* gen_copy.c: Use a global variable to keep track of if the 'goto
	fail' was used, and use that to only generate the label if needed.

	* asn1_print.c: do indefinite form loop detection and stop after
	10000 recursive indefinite forms, stops crashing due to running
	out of stack

	* asn1_print.c: catch badly formated indefinite length data
	(missing EndOfContent tag) add (negative) indent flag to speed up

2005-07-01  Love Hörnquist Åstrand  <>

	* canthandle.asn1: Can't handle primitives in CHOICE

	* gen_decode.c: Check if malloc failes

	* gen_copy.c: Make sure to free memory on failure

	* gen_decode.c: Check if malloc failes, rename "reallen" to
	tagdatalen since that is what it is.

2005-05-29  Love Hörnquist Åstrand  <>

	* prefix Der_class with ASN1_C_ to avoid problems with system
	headerfiles that pollute the name space

2005-05-20  Love Hörnquist Åstrand  <>

	* pkcs12.asn1: add PKCS12CertBag

	* pkcs9.asn1: add pkcs9 certtype x509 certificate

	* add pkcs12 certbag and pkcs9 certtype x509

	* pkcs12.asn1: split off PKCS12Attributes from SafeBag so it can
	be reused

	* add PKCS12Attributes

2005-05-10  Love Hörnquist Åstrand  <>

	* canthandle.asn1: fix tags in example

2005-05-02  Love Hörnquist Åstrand  <>

	* pkinit.asn1: Let the Windows nonce be an int32 (signed), if not
	it will fail when using Windows PK-INIT.

2005-05-01  Love Hörnquist Åstrand  <>

	* add pkcs12-PBEParams

	* pkcs12.asn1: add pkcs12-PBEParams

	* parse.y: objid_element: exit when the condition fails

2005-04-26  Love Hörnquist Åstrand  <>

	* gen_glue.c: 1.8: switch the units variable to a
	function. gcc-4.1 needs the size of the structure if its defined
	as extern struct units foo_units[] an we don't want to include
	<parse_units.h> in the generate headerfile

2005-03-20  Love Hörnquist Åstrand  <>

	* add the des-ede3-cbc oid that ansi x9.52 uses

	* rfc2459.asn1: add the des-ede3-cbc oid that ansi x9.52 uses

	* add oids for x509

	* rfc2459.asn1: add oids now when the compiler can handle them

2005-03-19  Love Hörnquist Åstrand  <>

	* add pkcs9 files

	* pkcs9.asn1: add small number of oids from pkcs9

2005-03-14  Love Hörnquist Åstrand  <>

	* add a bunch of pkcs1/pkcs2/pkcs3/aes oids

	* rfc2459.asn1: add a bunch of pkcs1/pkcs2/pkcs3/aes oids

2005-03-10  Love Hörnquist Åstrand  <>

	* k5.asn1: merge pa-numbers

2005-03-09  Love Hörnquist Åstrand  <>

	* add oid's

	* rfc2459.asn1: add encryption oids

	* CMS.asn1: add signedAndEnvelopedData oid

	* pkcs12.asn1: add pkcs12 oids

	* CMS.asn1: add pkcs7 oids

2005-03-08  Love Hörnquist Åstrand  <>

	* gen.c (generate_header_of_codefile): break out the header
	section generation
	(generate_constant): generate a function that return the oid
	inside a heim_oid

	* parse.y: fix the ordering of the oid's

	* parse.y: handle OBJECT IDENTIFIER as value construct

2005-02-24  Love Hörnquist Åstrand  <>

	* Preserve content of CHOICE element that is unknown if ellipsis
	was used when defining the structure

2005-02-13  Love Hörnquist Åstrand  <>

	* parse.y: use ANS1_TAILQ macros

	* *.[ch]: use ASN1_TAILQ macros

	* asn1_queue.h: inline bsd sys/queue.h and rename TAILQ to
	ASN1_TAILQ to avoid problems with name polluting headerfiles

2005-01-19  Love Hörnquist Åstrand  <>

	* gen.c: pull in <krb5-types.h>

2005-01-10  Love Hörnquist Åstrand  <>

	* Add BMPString and UniversalString

	* k5.asn1 (EtypeList): make INTEGER constrained (use krb5int32)

2005-01-07  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: add GeneralNames

2004-11-21  Love Hörnquist Åstrand  <>

	* gen.c: use unsigned integer for len of SequenceOf/SetOf and
	bitstring names

2004-11-10  Love Hörnquist Åstrand  <>

	* switch to krb5int32 and krb5uint32

	* Unify that three integer types TInteger TUInteger and TBigInteger.
	Start to use constrained integers where appropriate.

2004-10-13  Love Hörnquist Åstrand  <>

	* CMS.asn1: remove no longer used commented out elements

	* gen_glue.c: make units structures const

2004-10-12  Love Hörnquist Åstrand  <>

	* lex.l: handle hex number with [a-fA-F] in them

2004-10-07  Love Hörnquist Åstrand  <>

	* gen_free.c: free _save for CHOICE too

	* rfc2459.asn1: use Name and not heim_any

	* gen_decode.c: if malloc for _save failes, goto fail so we free
	the structure

	* gen_copy.c: copy _save for CHOICE too

	* gen.c: add _save for CHOICE too

	* CMS.asn1: RecipientIdentifier and SignerIdentifier is the same
	name is CMSIdentifier and add glue for that so we can share code
	use Name and not heim_any

2004-10-03  Love Hörnquist Åstrand  <>

	* drop AlgorithmIdentifierNonOpt add
	{RC2CBC,}CBCParameter here where they belong

	* CMS.asn1: add {RC2CBC,}CBCParameter here where they belong

	* rfc2459.asn1: drop AlgorithmIdentifierNonOpt

	* rfc2459.asn1: stop using AlgorithmIdentifierNonOpt hint that we
	really want to use Name and some MS stuff

2004-09-05  Love Hörnquist Åstrand  <>

	* asn1_print.c: handle end of content, this is part BER support,
	however, OCTET STRING need some tweeking too.

	* der.h: add UT_EndOfContent

	* test.asn1: test asn1 spec file

	* check-gen.c: check larget tags

	* add test asn1 spec file that we can use for testing
	constructs that doesn't exists in already existing spec (like
	large tags)

	* der_put.c (der_put_tag): make sure there are space for the head
	tag when we are dealing with large tags (>30)

	* check-gen.c: add test for tag length

	* check-common.c: export the map_ functions for OVERRUN/UNDERRUN
	detection restore the SIGSEGV handler when test is done

	* check-common.h: export the map_ functions for OVERRUN/UNDERRUN

	* gen_decode.c: check that the tag-length is not longer the length
	use forwstr on some more places

	* parse.y: revert part of, multiple IMPORT isn't allowed

	* pkinit.asn1: correct usage of IMPORT

	* CMS.asn1: correct usage of IMPORT

	* pkcs8.asn1: pkcs8, encrypting private key

	* pkcs12.asn1: pkcs12, key/crl/certificate file transport PDU

	* add pkcs8 and pkcs12

	* der_free.c: reset length when freing primitives

	* CMS.asn1: add EncryptedData

2004-08-26  Love Hörnquist Åstrand  <>

	* gen_decode.c (decode_type): if the entry is already optional
	when parsing a tag and we allocate the structure, not pass down
	optional since that will case the subtype's decode_type also to
	allocate an entry. and we'll leak an entry. Bug from Luke Howard
	<>. While here, use calloc.

2004-04-29  Love Hörnquist Åstrand  <>

	* k5.asn1: shift the last added etypes one step so rc2 doesn't
	stomp on cram-md5

2004-04-26  Love Hörnquist Åstrand  <>

	* k5.asn1: add ETYPE_AESNNN_CBC_NONE

	* CMS.asn1: add CMS symmetrical parameters moved to k5.asn1

	* k5.asn1: add CMS symmetrical parameters here, more nametypes
	enctype rc2-cbc

2004-04-25  Love Hörnquist Åstrand  <>

	* gen_decode.c: free data on decode failure

2004-04-24  Love Hörnquist Åstrand  <>

	* add CBCParameter and RC2CBCParameter

	* CMS.asn1: add CBCParameter and RC2CBCParameter

2004-04-20  Love Hörnquist Åstrand  <>

	* check-der.c: add simple test for oid's, used to trigger malloc
	bugs in you have picky malloc (like valgrind/purify/third)

	* der_get.c (der_get_oid): handle all oid components being smaller
	then 127 and allocate one extra element since first byte is split
	to to elements.

2004-04-16  Love Hörnquist Åstrand  <>

	* canthandle.asn1: one thing handled

	* gen_decode.c: handle OPTIONAL CONS-tag-less elements

	* der_length.c (length_len): since length is no longer the same as
	an unsigned, do the length counting here. ("unsigned" is zero
	padded when most significate bit is set, length is not)

2004-04-12  Love Hörnquist Åstrand  <>

	* canthandle.asn1: document by example what the encoder can't
	handle right now

	* add more stuff needed whem implementing x509
	preserve TBSCertificate

	* rfc2459.asn1: add more stuff needed whem implementing x509

	* CMS.asn1: move some type to rfc2459.asn1 where they belong (and
	import them)

	* gen.c: preserve the raw data when asked too

	* gen_decode.c: preserve the raw data when asked too

	* gen_copy.c: preserve the raw data when asked too

	* gen_free.c: preserve the raw data when asked too

	* gen_locl.h: add preserve_type

	* heim_asn1.h: add heim_any_cmp

	* main.c: add flag --preserve-binary=Symbol1,Symbol2,... that make
	the compiler generate stubs to save the raw data, its not used
	right now when generating the stat

	* k5.asn1: Windows uses PADATA 15 for the request too

	* extra.c: add heim_any_cmp

	* der_put.c: implement UTCtime correctly

	* der_locl.h: remove #ifdef HAVE_TIMEGM\ntimegm\n#endif here from
	der.h so one day der.h can get installed

	* der_length.c: implement UTCtime correctly

	* der_get.c: implement UTCtime correctly, prefix dce_fix with

	* der_copy.c: make copy_bit_string work again

	* der_cmp.c: add octet_string, integer, bit_string cmp functions

	* der.h: hide away more symbols, add more _cmp functions

2004-03-06  Love Hörnquist Åstrand  <>

	* add more pkix types make k5 use rfc150 bitstrings,
	everything else use der bitstrings

	* main.c: as a compile time option, handle no rfc1510 bitstrings

	* gen_locl.h: rfc1510 bitstrings flag

	* gen_length.c: as a compile time option, handle no rfc1510

	* gen_encode.c: as a compile time option, handle no rfc1510

	* gen_decode.c: handle no rfc1510 bitstrings

	* check-gen.c: test for bitstrings

	* rfc2459.asn1: add Certificates and KeyUsage

2004-02-22  Love Hörnquist Åstrand  <>

	* pkinit.asn1: use Name from PKIX

	* rfc2459.asn1: add more silly string types to DirectoryString

	* gen_encode.c: add checks for data overflow when encoding
	TBitString with members encode SET OF correctly by bytewise
	sorting the members

	* gen_decode.c: add checks for data overrun when encoding
	TBitString with members

	* der_put.c: add _heim_der_set_sort

	* der_cmp.c: rename oid_cmp to heim_oid_cmp

	* der.h: rename oid_cmp to heim_oid_cmp, add _heim_der_set_sort

	* check-gen.c: add check for Name and (commented out) heim_integer

	* check-der.c: test for "der_length.c: Fix len_unsigned for
	certain negative integers, it got the length wrong" , from
	Panasas, Inc.

	* der_length.c: Fix len_unsigned for certain negative integers, it
	got the length wrong, fix from Panasas, Inc.

	rename len_int and len_unsigned to _heim_\&

	* gen_length.c: 1.14: (length_type): TSequenceOf: add up the size
	of all the elements, don't use just the size of the last element.

2004-02-20  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: include defintion of Name

	* pkinit.asn1: no need for ContentType, its cms internal

	* CMS.asn1: move ContentInfo to CMS

	* pkinit.asn1: update to pk-init-18, move ContentInfo to CMS

	* align with pk-init-18, move contentinfo to cms

2004-02-17  Love Hörnquist Åstrand  <>

	* der_get.c: rewrite previous commit

	* der_get.c (der_get_heim_integer): handle positive integer
	starting with 0

	* der_length.c (der_put_heim_integer): try handle negative
	integers better (?)

	* der_put.c (der_put_heim_integer): try handle negative integers

	* der_get.c (der_get_heim_integer): dont abort on negative integer just
	return ASN1_OVERRUN for now

	* parse.y: add ia5string, and printablestring

	* gen_length.c: add ia5string, and printablestring

	* gen_free.c: add ia5string, and printablestring

	* gen_decode.c: add ia5string, and printablestring

	* gen_copy.c: add ia5string, and printablestring

	* gen.c: add ia5string, printablestring, and utf8string change
	implemetation of heim_integer and store the data as bigendian byte
	array with a external flag for signedness

	* der_put.c: add ia5string, printablestring, and utf8string change
	implemetation of heim_integer and store the data as bigendian byte
	array with a external flag for signedness

	* der_length.c: add ia5string, printablestring, and utf8string
	change implemetation of heim_integer and store the data as
	bigendian byte array with a external flag for signedness

	* der_get.c: add ia5string, printablestring, and utf8string change
	implemetation of heim_integer and store the data as bigendian byte
	array with a external flag for signedness

	* der_free.c: add ia5string, printablestring, and utf8string

	* der_copy.c: add ia5string, printablestring, and utf8string

	* der.h: add ia5string, printablestring, and utf8string

	* asn1-common.h: add signedness flag to heim_integer, add
	ia5string and printablestring

2004-02-13  Love Hörnquist Åstrand  <>

	* rfc2459.asn1: use BIGINTEGER where appropriate

	* setchgpw2.asn1: spelling and add op-req again

2004-02-12  Love Hörnquist Åstrand  <>

	* clean up better

2004-02-11  Love Hörnquist Åstrand  <>

	* gen_decode.c (decode_type): TTag, don't overshare the reallen

	* adapt to log file name change

	* gen.c: genereate log file name based on base name

2003-11-26  Love Hörnquist Åstrand  <>

	* += asn1_AlgorithmIdentifierNonOpt.x

	* rfc2459.asn1: add AlgorithmIdentifierNonOpt and use it where
	it's needed, make DomainParameters.validationParms heim_any as a
	hack. Both are workarounds for the problem with heimdal's asn1
	compiler have with decoing context tagless OPTIONALs.

	* pkinit.asn1: don't import AlgorithmIdentifier

2003-11-25  Love Hörnquist Åstrand  <>

	* der_put.c (der_put_bit_string): make it work somewhat better
	(should really prune off all trailing zeros)

	* gen_encode.c (encode_type): bit string is not a constructed type

	* der_length.c (length_bit_string): calculate right length for

2003-11-24  Love Hörnquist Åstrand  <>

	* der_cmp.c (oid_cmp): compare the whole array, not just

	* check-common.c: mmap the scratch areas, mprotect before and
	after, align data to the edge of the mprotect()ed area to provoke

	* add DomainParameters, ValidationParms

	* rfc2459.asn1: add DomainParameters, ValidationParms

	* check-der.c: add free function

	* check-common.h: add free function

	* check-common.c: add free function

	* check-gen.c: check KRB-ERROR

	* asn1_print.c: check end of tag_names loop into APPL class tags

2003-11-23  Love Hörnquist Åstrand  <>

	* der_put.c (der_put_generalized_time): check size, not *size

2003-11-11  Love Hörnquist Åstrand  <>

	* gen_decode.c (decode_type/TBitString): skip over
	skipped-bits-in-last-octet octet

	* gen_glue.c (generate_units): generate units in reverse order to
	keep unparse_units happy

2003-11-08  Love Hörnquist Åstrand  <>

	* generate all silly pkinit files

	* pkinit.asn1: make it work again, add strange ms structures

	* k5.asn1: PROV-SRV-LOCATION, PacketCable provisioning server
	location, PKT-SP-SEC-I09-030728

	* asn1-common.h: add bit string

	* der_put.c: add bit string and utctime

	* gen.c: add bit string and utctime

	* gen_copy.c: add bit string and utctime

	* der_copy.c: add bit string

	* gen_decode.c: add utctime and bitstring

	* gen_encode.c: add utctime and bitstring

	* gen_free.c: add utctime and bitstring

	* gen_glue.c: don't generate glue for member-less bit strings

	* der_cmp.c: compare function for oids

	* gen_length.c: add utc time, make bit string work for bits
	strings w/o any members

	* der_cmp.c: compare function for oids

	* der.h: update boolean prototypes add utctime and bit_string

	* der_free.c: add free_bit_string

	* der_get.c: add bit string and utctime

	* der_length.c: add bit string and utctime, fix memory leak in

	* CMS.asn1: make EncryptedContentInfo.encryptedContent a OCTET
	STRING to make the generator do the right thing with IMPLICIT
	mumble OPTIONAL, make CertificateSet a heim_any_set

	* extra.c, heim_asn1.h: add any_set, instead of just consuming one
	der object, its consumes the rest of the data avaible

	* extra.c, heim_asn1.h: extern implementation of ANY, decoder
	needs to have hack removed when generator handles tagless optional

	* pkinit.asn1: add KdcDHKeyInfo-Win2k

2003-11-07  Love Hörnquist Åstrand  <>

	* der_copy.c (copy_oid): copy all components

	* parse.y: parse UTCTime, allow multiple IMPORT

	* symbol.h: add TUTCTime

	* rfc2459.asn1: update

	* x509.asn1: update

	* pkinit.asn1: update

	* CMS.asn1: new file

	* asn1_print.c: print some more lengths, check length before
	steping out in the void, parse SET, only go down CONTEXT of type
	CONS (not PRIM)

2003-09-17  Love Hörnquist Åstrand  <>

	* gen_encode.c (TChoice, TSequence): code element in reverse

2003-09-16  Love Hörnquist Åstrand  <>

	* gen.c: store NULL's as int's for now

	* parse.y: remove dup of type def of UsefulType

2003-09-11  Love Hörnquist Åstrand  <>

	* gen_decode.c (decode_type): if malloc failes, return ENOMEM

2003-09-10  Love Hörnquist Åstrand  <>

	* parse.y: kw_UTF8String is a token put tag around the OID

	* asn1_print.c (UT_Integer): when the integer is larger then int
	can handle, just print BIG INT and its size

2003-09-10  Love Hörnquist Åstrand  <>

	* gen_decode.c (decode_type): TTag, try to generate prettier code
	in the non optional case, also remember to update length

2003-01-22  Johan Danielsson  <>

	* gen_decode.c: add flag to decode broken DCE BER encoding

	* gen_locl.h: add flag to decode broken DCE BER encoding

	* main.c: add flag to decode broken DCE BER encoding