Package: dumpasn1 Version: 20191022-2 Severity: wishlist Tags: patch Peter Gutmann released dumpasn1 20200928 last year. It'd be great to have it in debian, as it includes a default configuration with many more OIDs than the version currently patched.
I looked into the packaging and it looks like a straightforward upgrade. In reviewing the two outstanding patches, i realized that they're actually the same feature (handling non-ASCII strings) -- one was a cleanup of the other patch, so i consolidated them. I also updated to dh 13, trimmed out unused files for debian packaging, added a couple build-time and runtime tests to exercise the non-ASCII handling. I'm attaching a consolidated diff here, but I've pushed my edits to the debian/experimental branch in salsa so the individual commits have better detail. Mathieu, given that you're listed at https://wiki.debian.org/LowThresholdNmu, i'll probably NMU the update to experimental DELAYED/7 shortly unless I hear an objection (i'm sure this kind of change is too much to expect in unstable during the freeze). Feel free to reject it if there are problems, my feelings won't be hurt, and I'd be happy to learn what you prefer. Regards, --dkg
diff --git a/debian/changelog b/debian/changelog index 59fab36..996f357 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,23 @@ +dumpasn1 (20200928-0.1) UNRELEASED; urgency=medium + + * Non-maintainer upload + * New upstream release + * use https:// in debian-specific files + * move to idiomatic dh 13 + * bump standards-version to 4.5.1 (no changes needed) + * Rules-Requires-Root: no + * add hardening features + * build and clean up generated manpage + * d/copyright: move to DEP 5 + * drop unneeded files from debian/ + * wrap-and-sort -ast + * add tests (both build-time and autopkgtest) covering certificates + with UTF8Strings and BMPStrings + * get-orig-source: avoid using deprecated $GZIP env var + * refresh and consolidate patches + + -- Daniel Kahn Gillmor <d...@fifthhorseman.net> Mon, 24 May 2021 14:13:11 -0400 + dumpasn1 (20191022-2) unstable; urgency=medium * d/rules: Make sure to build man page during build @@ -27,13 +47,13 @@ dumpasn1 (20170309-1) unstable; urgency=medium dumpasn1 (20150808-3) unstable; urgency=medium - * Really fix segfaults on valid certificate. Closes: #840771 + * Really fix segfaults on valid certificate. Closes: #840771 -- Mathieu Malaterre <ma...@debian.org> Thu, 20 Oct 2016 09:18:29 +0200 dumpasn1 (20150808-2) unstable; urgency=medium - * Fix segfaults on valid certificate. Closes: #840771 + * Fix segfaults on valid certificate. Closes: #840771 * Bump Std-Vers to 3.9.8, no changes needed -- Mathieu Malaterre <ma...@debian.org> Wed, 19 Oct 2016 20:33:47 +0200 @@ -120,4 +140,3 @@ dumpasn1 (20020612-1) unstable; urgency=low * Initial Release. -- Oliver Kurth <o...@masqmail.cx> Mon, 2 Sep 2002 17:13:04 +0200 - diff --git a/debian/clean b/debian/clean index bdc3274..b2eca8a 100644 --- a/debian/clean +++ b/debian/clean @@ -1,2 +1,4 @@ dumpasn1 Makefile +debian/dumpasn1.1 +dumpasn1.o diff --git a/debian/compat b/debian/compat deleted file mode 100644 index ec63514..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -9 diff --git a/debian/control b/debian/control index 4870ded..a3ebc8b 100644 --- a/debian/control +++ b/debian/control @@ -2,15 +2,21 @@ Source: dumpasn1 Section: utils Priority: optional Maintainer: Mathieu Malaterre <ma...@debian.org> -Build-Depends: debhelper (>= 9), help2man -Homepage: http://www.cs.auckland.ac.nz/~pgut001/ +Build-Depends: + debhelper-compat (= 13), + help2man, + valgrind <!nocheck>, +Homepage: https://www.cs.auckland.ac.nz/~pgut001/ Vcs-Git: https://salsa.debian.org/debian/dumpasn1.git Vcs-Browser: https://salsa.debian.org/debian/dumpasn1 -Standards-Version: 4.5.0 +Standards-Version: 4.5.1 +Rules-Requires-Root: no Package: dumpasn1 Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends} +Depends: + ${misc:Depends}, + ${shlibs:Depends}, Description: ASN.1 object dump program An ASN.1 object dump program which will dump data encoded using any of the ASN.1 encoding rules in a variety of user-specified formats. diff --git a/debian/copyright b/debian/copyright index 7c6df59..3844b49 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,27 +1,38 @@ -This package was debianized by Oliver Kurth <o...@masqmail.cx> on -Mon, 2 Sep 2002 17:13:04 +0200. +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: dumpasn1 +Upstream-Contact: Peter Gutmann <pgut...@cs.auckland.ac.nz> +Source: https://www.cs.auckland.ac.nz/~pgut001/ -It was downloaded from http://www.cs.auckland.ac.nz/~pgut001/ +Files: * +Copyright: 1997-2020 dumpasn1 authors, including Peter Gutmann, + David Kemp, + Matthew Hamrick, + Bruno Couillard, + Hallvard Furuseth, + Geoff Thorpe, + David Boyce, + John Hughes, + 'Life is hard, and then you die', + Hans-Olof Hermansson, + Tor Rustad, + Kjetil Barvik, + James Sweeny, + Chris Ridd, + David Lemley, + John Tobey, + James Manger, + Igor Perminov +License: Permissive -Upstream Author: Peter Gutmann <pgut...@cs.auckland.ac.nz> +Files: debian/* +Copyright: + 2002-2005 Oliver Kurth + 2008 Lucas Nussbaum + 2009-2010 Pierre Habouzit + 2012-2019 Mathieu Malaterre + 2021 Daniel Kahn Gillmor +License: Permissive -Copyright: 1997 - 2010 Peter Gutmann - -Excerpts from dumpasn1.c: - - ASN.1 object dumping code, copyright Peter Gutmann - <pgut...@cs.auckland.ac.nz>, based on ASN.1 dump program by David Kemp - <dpk...@missi.ncsc.mil>, with contributions from various people including - Matthew Hamrick <hamr...@rsa.com>, Bruno Couillard - <bcouill...@chrysalis-its.com>, Hallvard Furuseth - <h.b.furus...@usit.uio.no>, Geoff Thorpe <ge...@raas.co.nz>, David Boyce - <d.bo...@isode.com>, John Hughes <john.hug...@entegrity.com>, Life is hard, - and then you die <ron...@trustpoint.com>, Hans-Olof Hermansson - <hans-olof.hermans...@postnet.se>, Tor Rustad <tor.rus...@bbs.no>, - Kjetil Barvik <kjetil.bar...@bbs.no>, James Sweeny <jswe...@us.ibm.com>, - and several other people whose names I've misplaced. - -... - - You can use this code in whatever way you want, as long as you don't - try to claim you wrote it. +License: Permissive + You can use this code in whatever way you want, as long as you don't + try to claim you wrote it. diff --git a/debian/dirs b/debian/dirs deleted file mode 100644 index 71c7e21..0000000 --- a/debian/dirs +++ /dev/null @@ -1,2 +0,0 @@ -etc/dumpasn1 -usr/bin diff --git a/debian/dumpasn1.1.in b/debian/dumpasn1.1.in index ca2a78d..2fc2c6d 100644 --- a/debian/dumpasn1.1.in +++ b/debian/dumpasn1.1.in @@ -28,7 +28,7 @@ then you die <ron...@trustpoint.com>, Hans-Olof Hermansson Barvik <kjetil.bar...@bbs.no>, James Sweeny <jswe...@us.ibm.com>, and several other people whose names I've misplaced. -dumpasn1 is available at http://www.cs.auckland.ac.nz/~pgut001/ +dumpasn1 is available at https://www.cs.auckland.ac.nz/~pgut001/ [COPYRIGHT] Copyright Peter Gutmann 1997 - 2016. Last updated 22 October 2019. diff --git a/debian/dumpasn1.1.xml b/debian/dumpasn1.1.xml deleted file mode 100644 index f1db1b7..0000000 --- a/debian/dumpasn1.1.xml +++ /dev/null @@ -1,197 +0,0 @@ -<?xml version="1.0" standalone='no'?> -<!DOCTYPE manpage PUBLIC "http://masqmail.cx/xmltoman/xmltoman.dtd" "file:///usr/share/xmltoman/xmltoman.dtd"> -<?xml-stylesheet type="text/xsl" href="file:///usr/share/xmltoman/xmltoman.xsl" ?> - - <manpage name="dumpasn1" section="1" desc="ASN.1 object dump/syntax check program"> - - <synopsis> - <cmd>dumpasn1 [<arg>options</arg>] <arg>file</arg></cmd> - </synopsis> - - <description> - - <p>An ASN.1 object dump program which will dump data encoded - using any of the ASN.1 encoding rules in a variety of - user-specified formats.</p> - - </description> - - <options> - - <option> - <p><opt>-</opt></p> - <optdesc><p> - Take input from stdin (some options may not work properly). - </p></optdesc> - </option> - - <option> - <p><opt>-</opt><arg>number</arg></p> - <optdesc><p> - Start <arg>number</arg> bytes into the file. - </p></optdesc> - </option> - - <option> - <p><opt>--</opt></p> - <optdesc><p> - End of arg list. - </p></optdesc> - </option> - - <option> - <p><opt>-a</opt></p> - <optdesc><p> - Print all data in long data blocks, not just the first 128 bytes. - </p></optdesc> - </option> - - <option> - <p><opt>-c</opt> <arg>file</arg></p> - <optdesc><p> - Read Object Identifier info from alternate config file - (values will override equivalents in global config file) - </p></optdesc> - </option> - - <option> - <p><opt>-d</opt></p> - <optdesc><p> - Print dots to show column alignment. - </p></optdesc> - </option> - - <option> - <p><opt>-e</opt></p> - <optdesc><p> - Don't print encapsulated data inside OCTET/BIT STRINGs. - </p></optdesc> - </option> - - <option> - <p><opt>-f</opt> <arg>file</arg></p> - <optdesc><p> - Dump object at offset -<arg>number</arg> to file (allows data to be - extracted from encapsulating objects) - </p></optdesc> - </option> - - <option> - <p><opt>-h</opt></p> - <optdesc><p> - Hex dump object header (tag+length) before the decoded output - </p></optdesc> - </option> - - <option> - <p><opt>-hh</opt></p> - <optdesc><p> - Same as -h but display more of the object as hex data. - </p></optdesc> - </option> - - <option> - <p><opt>-l</opt></p> - <optdesc><p> - Long format, display extra info about Object Identifiers. - </p></optdesc> - </option> - - <option> - <p><opt>-o</opt></p> - <optdesc><p> - Don't check validity of character strings hidden in octet strings. - </p></optdesc> - </option> - - <option> - <p><opt>-p</opt></p> - <optdesc><p> - Pure ASN.1 output without encoding information. - </p></optdesc> - </option> - - <option> - <p><opt>-r</opt></p> - <optdesc><p> - Print bits in BIT STRING as encoded in reverse order - </p></optdesc> - </option> - - <option> - <p><opt>-s</opt></p> - <optdesc><p> - Syntax check only, don't dump ASN.1 structures. - </p></optdesc> - </option> - - <option> - <p><opt>-t</opt></p> - <optdesc><p> - Display text values next to hex dump of data. - </p></optdesc> - </option> - - <option> - <p><opt>-u</opt></p> - <optdesc><p> - Don't format UTCTime/GeneralizedTime string data. - </p></optdesc> - </option> - - <option> - <p><opt>-w</opt></p> - <optdesc><p> - Set output width (default 80). - </p></optdesc> - </option> - - <option> - <p><opt>-x</opt></p> - <optdesc><p> - Display size and offset in hex not decimal. - </p></optdesc> - </option> - - </options> - - <section name="Files"> - - <p> - <file>./dumpasn1.cfg, $HOME/.dumpasn1.cfg, - /etc/dumpasn1/dumpasn1.cfg</file>: This is the configuration - file, it will be searched in this order. It contains OIDs - commonly used. - </p> - - </section> - - <section name="Authors"> - - <p>quote from Peter Gutmann:</p> - <p> -ASN.1 object dumping code, copyright Peter Gutmann -<pgut...@cs.auckland.ac.nz>, based on ASN.1 dump program by -David Kemp <dpk...@missi.ncsc.mil>, with contributions from -various people including Matthew Hamrick <hamr...@rsa.com>, -Bruno Couillard <bcouill...@chrysalis-its.com>, Hallvard -Furuseth <h.b.furus...@usit.uio.no>, Geoff Thorpe -<ge...@raas.co.nz>, David Boyce <d.bo...@isode.com>, John -Hughes <john.hug...@entegrity.com>, Life is hard, and then you -die <ron...@trustpoint.com>, Hans-Olof Hermansson -<hans-olof.hermans...@postnet.se>, Tor Rustad -<tor.rus...@bbs.no>, Kjetil Barvik <kjetil.bar...@bbs.no>, -James Sweeny <jswe...@us.ibm.com>, and several other people -whose names I've misplaced.</p> - - <p>dumpasn1 is available at <url - href="http://www.cs.auckland.ac.nz/~pgut001/"/></p> - - </section> - - <section name="Comments"> - <p>This man page was written using <manref name="xmltoman" section="1" - href="http://masqmail.cx/xml2man/"/> by Oliver Kurth for Debian.</p> - </section> - - </manpage> diff --git a/debian/get-orig-source b/debian/get-orig-source index d4a6975..f1d01a5 100755 --- a/debian/get-orig-source +++ b/debian/get-orig-source @@ -6,12 +6,12 @@ DEBIAN_SRC_TAR=dumpasn1_${VER_FULL}.orig.tar.gz mkdir $DEBIAN_SRC_DIR cd $DEBIAN_SRC_DIR -wget -c http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c -wget -c http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg +wget -c https://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c +wget -c https://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg cd .. VERSION_STRING=`grep "if you prefer it that way" $DEBIAN_SRC_DIR/dumpasn1.c` VERSION=`echo $VERSION_STRING | sed -e 's/^.*\([0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\).*$/\1/'` -GZIP="--best --no-name" tar czf $DEBIAN_SRC_TAR $DEBIAN_SRC_DIR +tar c $DEBIAN_SRC_DIR | gzip --best --no-name > "$DEBIAN_SRC_TAR" rm -rf $DEBIAN_SRC_DIR if [ "$VERSION" != "$VER_FULL" ]; then diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..357aa61 --- /dev/null +++ b/debian/install @@ -0,0 +1,2 @@ +dumpasn1 usr/bin +dumpasn1.cfg etc/dumpasn1 diff --git a/debian/patches/0001-Handle-and-display-non-ASCII-strings.patch b/debian/patches/0001-Handle-and-display-non-ASCII-strings.patch new file mode 100644 index 0000000..0e5d74d --- /dev/null +++ b/debian/patches/0001-Handle-and-display-non-ASCII-strings.patch @@ -0,0 +1,130 @@ +From: "Victor B. Wagner" <vi...@45.free.net> +Date: Mon, 24 May 2021 15:00:58 -0400 +Subject: Handle and display non-ASCII strings + +This is a combination of a patch from Victor B. Wagner +<vi...@45.free.net> (from Debian bug #348856), and a cleanup patch +from Dmitry Eremin-Solenikov <dbarysh...@gmail.com>, which avoids a +crash (from Debian bug #840771). + +See also debian/tests/bmp-strings and debian/tests/unicode-strings, +which exercise different forms of non-ASCII strings. +--- + dumpasn1.c | 36 +++++++++++++++++++----------------- + 1 file changed, 19 insertions(+), 17 deletions(-) + +diff --git a/dumpasn1.c b/dumpasn1.c +index 4afe522..e78d0e0 100644 +--- a/dumpasn1.c ++++ b/dumpasn1.c +@@ -63,6 +63,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#include <locale.h> + #ifdef OS390 + #include <unistd.h> + #endif /* OS390 */ +@@ -1328,13 +1329,13 @@ static int adjustLevel( const int level, const int maxLevel ) + use wcstombs() to see if anything can be displayed, if it can't we drop + back to trying to display the data as non-Unicode */ + +-static int displayUnicode( const wchar_t wCh, const int level ) ++static int displayUnicode( const wchar_t wCh[], const int level ) + { + char outBuf[ 8 ]; + int outLen; + + /* Check whether we can display this character */ +- outLen = wcstombs( outBuf, &wCh, 8 ); ++ outLen = wcstombs( outBuf, wCh, 8 ); + if( outLen < 1 ) + { + /* Tell the caller that this can't be displayed as Unicode */ +@@ -1374,7 +1375,7 @@ static int displayUnicode( const wchar_t wCh, const int level ) + #elif 1 + /* This (and the "%ls" variant below) seem to be the least broken + options */ +- fprintf( output, "%lc", wCh ); ++ fprintf( output, "%lc", wCh[0] ); + #elif 0 + wchar_t wChString[ 2 ]; + +@@ -1382,13 +1383,7 @@ static int displayUnicode( const wchar_t wCh, const int level ) + wChString[ 1 ] = 0; + fprintf( output, "%ls", wChString ); + #else +- if( fwide( output, 1 ) > 0 ) +- { +- fputwc( wCh, output ); +- fwide( output, -1 ); +- } +- else +- fputc( wCh, output ); ++ fprintf( output, "%s", outBuf ); + #endif + } + #else +@@ -1917,7 +1912,7 @@ static void displayString( FILE *inFile, long length, int level, + } + else + { +- const wchar_t wCh = ( ch << 8 ) | getc( inFile ); ++ const wchar_t wCh[2] ={ ( ch << 8 ) | getc( inFile ),0}; + + if( displayUnicode( wCh, level ) ) + { +@@ -1929,19 +1924,19 @@ static void displayString( FILE *inFile, long length, int level, + + /* The value can't be displayed as Unicode, fall back to + displaying it as normal text */ +- ungetc( wCh & 0xFF, inFile ); ++ ungetc( wCh[0] & 0xFF, inFile ); + } + } + if( strOption == STR_UTF8 && ( ch & 0x80 ) ) + { + const int secondCh = getc( inFile ); +- wchar_t wCh; ++ wchar_t wCh[2] = { 0, 0 }; + + /* It's a multibyte UTF8 character, read it as a widechar */ + if( ( ch & 0xE0 ) == 0xC0 ) /* 111xxxxx -> 110xxxxx */ + { + /* 2-byte character in the range 0x80...0x7FF */ +- wCh = ( ( ch & 0x1F ) << 6 ) | ( secondCh & 0x3F ); ++ wCh[0] = ( ( ch & 0x1F ) << 6 ) | ( secondCh & 0x3F ); + i++; /* We've read 2 characters */ + fPos += 2; + } +@@ -1952,12 +1947,12 @@ static void displayString( FILE *inFile, long length, int level, + const int thirdCh = getc( inFile ); + + /* 3-byte character in the range 0x800...0xFFFF */ +- wCh = ( ( ch & 0x1F ) << 12 ) | \ ++ wCh[0] = ( ( ch & 0x1F ) << 12 ) | \ + ( ( secondCh & 0x3F ) << 6 ) | \ + ( thirdCh & 0x3F ); + } + else +- wCh = '.'; ++ wCh[0] = '.'; + i += 2; /* We've read 3 characters */ + fPos += 3; + } +@@ -3296,7 +3291,14 @@ int main( int argc, char *argv[] ) + #endif /* __OS390__ */ + long offset = 0; + int moreArgs = TRUE, doCheckOnly = FALSE; +- ++ ++ setlocale(LC_ALL, ++#ifdef __WIN32__ ++ ".OCP" ++#else ++ "" ++#endif ++); + #ifdef __OS390__ + memset( pathPtr, '\0', sizeof( pathPtr ) ); + getcwd( pathPtr, sizeof( pathPtr ) ); diff --git a/debian/patches/bug348856.patch b/debian/patches/bug348856.patch deleted file mode 100644 index 4beb53d..0000000 --- a/debian/patches/bug348856.patch +++ /dev/null @@ -1,84 +0,0 @@ -Description: dumpasn1 doesn't properly display localized BMPString -Author: Victor B. Wagner <vi...@45.free.net> -Bug-Debian: http://bugs.debian.org/348856 -Reviewed-By: Mathieu Malaterre <ma...@debian.org> -Forwarded: http://bugs.debian.org/348856#59 - - -Index: dumpasn1/dumpasn1.c -=================================================================== ---- dumpasn1.orig/dumpasn1.c -+++ dumpasn1/dumpasn1.c -@@ -63,6 +63,7 @@ - #include <stdio.h> - #include <stdlib.h> - #include <string.h> -+#include <locale.h> - #ifdef OS390 - #include <unistd.h> - #endif /* OS390 */ -@@ -1328,13 +1329,13 @@ static int adjustLevel( const int level, - use wcstombs() to see if anything can be displayed, if it can't we drop - back to trying to display the data as non-Unicode */ - --static int displayUnicode( const wchar_t wCh, const int level ) -+static int displayUnicode( const wchar_t wCh[], const int level ) - { - char outBuf[ 8 ]; - int outLen; - - /* Check whether we can display this character */ -- outLen = wcstombs( outBuf, &wCh, 8 ); -+ outLen = wcstombs( outBuf, wCh, 8 ); - if( outLen < 1 ) - { - /* Tell the caller that this can't be displayed as Unicode */ -@@ -1382,13 +1383,7 @@ static int displayUnicode( const wchar_t - wChString[ 1 ] = 0; - fprintf( output, "%ls", wChString ); - #else -- if( fwide( output, 1 ) > 0 ) -- { -- fputwc( wCh, output ); -- fwide( output, -1 ); -- } -- else -- fputc( wCh, output ); -+ fprintf( output, "%s", outBuf ); - #endif - } - #else -@@ -1916,7 +1911,7 @@ static void displayString( FILE *inFile, - } - else - { -- const wchar_t wCh = ( ch << 8 ) | getc( inFile ); -+ const wchar_t wCh[2] ={ ( ch << 8 ) | getc( inFile ),0}; - - if( displayUnicode( wCh, level ) ) - { -@@ -1928,7 +1923,7 @@ static void displayString( FILE *inFile, - - /* The value can't be displayed as Unicode, fall back to - displaying it as normal text */ -- ungetc( wCh & 0xFF, inFile ); -+ ungetc( wCh[0] & 0xFF, inFile ); - } - } - if( strOption == STR_UTF8 && ( ch & 0x80 ) ) -@@ -3265,7 +3260,14 @@ int main( int argc, char *argv[] ) - #endif /* __OS390__ */ - long offset = 0; - int moreArgs = TRUE, doCheckOnly = FALSE; -- -+ -+ setlocale(LC_ALL, -+#ifdef __WIN32__ -+ ".OCP" -+#else -+ "" -+#endif -+); - #ifdef __OS390__ - memset( pathPtr, '\0', sizeof( pathPtr ) ); - getcwd( pathPtr, sizeof( pathPtr ) ); diff --git a/debian/patches/bug840771.patch b/debian/patches/bug840771.patch deleted file mode 100644 index 92b05d2..0000000 --- a/debian/patches/bug840771.patch +++ /dev/null @@ -1,51 +0,0 @@ -Description: segfaults on valid certificate - Fix stack smashing -Author: Dmitry Eremin-Solenikov <dbarysh...@gmail.com> -Origin: https://bugs.debian.org/840771#17 -Bug-Debian: https://bugs.debian.org/840771 -Reviewed-by: Mathieu Malaterre <ma...@debian.org> - -Index: dumpasn1/dumpasn1.c -=================================================================== ---- dumpasn1.orig/dumpasn1.c -+++ dumpasn1/dumpasn1.c -@@ -1375,7 +1375,7 @@ static int displayUnicode( const wchar_t - #elif 1 - /* This (and the "%ls" variant below) seem to be the least broken - options */ -- fprintf( output, "%lc", wCh ); -+ fprintf( output, "%lc", wCh[0] ); - #elif 0 - wchar_t wChString[ 2 ]; - -@@ -1929,13 +1929,13 @@ static void displayString( FILE *inFile, - if( strOption == STR_UTF8 && ( ch & 0x80 ) ) - { - const int secondCh = getc( inFile ); -- wchar_t wCh; -+ wchar_t wCh[2] = { 0, 0 }; - - /* It's a multibyte UTF8 character, read it as a widechar */ - if( ( ch & 0xE0 ) == 0xC0 ) /* 111xxxxx -> 110xxxxx */ - { - /* 2-byte character in the range 0x80...0x7FF */ -- wCh = ( ( ch & 0x1F ) << 6 ) | ( secondCh & 0x3F ); -+ wCh[0] = ( ( ch & 0x1F ) << 6 ) | ( secondCh & 0x3F ); - i++; /* We've read 2 characters */ - fPos += 2; - } -@@ -1946,12 +1946,12 @@ static void displayString( FILE *inFile, - const int thirdCh = getc( inFile ); - - /* 3-byte character in the range 0x800...0xFFFF */ -- wCh = ( ( ch & 0x1F ) << 12 ) | \ -+ wCh[0] = ( ( ch & 0x1F ) << 12 ) | \ - ( ( secondCh & 0x3F ) << 6 ) | \ - ( thirdCh & 0x3F ); - } - else -- wCh = '.'; -+ wCh[0] = '.'; - i += 2; /* We've read 3 characters */ - fPos += 3; - } diff --git a/debian/patches/series b/debian/patches/series index 38a1bec..ba4f552 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1 @@ -bug348856.patch -bug840771.patch +0001-Handle-and-display-non-ASCII-strings.patch diff --git a/debian/rules b/debian/rules index 4128d49..82ea0c1 100755 --- a/debian/rules +++ b/debian/rules @@ -1,10 +1,12 @@ #!/usr/bin/make -f #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + -include /usr/share/dpkg/buildtools.mk %: - dh $@ --parallel + dh $@ dumpasn1: dumpasn1.o $(CC) -o dumpasn1 dumpasn1.o $(CFLAGS) $(LDFLAGS) @@ -12,20 +14,19 @@ dumpasn1: dumpasn1.o dumpasn1.o: dumpasn1.c $(CC) -o dumpasn1.o -DDEBIAN $(CPPFLAGS) $(CFLAGS) -c dumpasn1.c -override_dh_auto_build: dumpasn1 - -override_dh_clean: - dh_clean dumpasn1.o +override_dh_auto_build: dumpasn1 debian/dumpasn1.1 -override_dh_install: debian/dumpasn1.1 - dh_install dumpasn1 $(DESTDIR)/usr/bin/ - dh_install dumpasn1.cfg $(DESTDIR)/etc/dumpasn1/ +override_dh_auto_test: dumpasn1 +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + debian/tests/unicode-strings ./dumpasn1 + debian/tests/bmp-strings ./dumpasn1 +endif get-orig-source: ./debian/get-orig-source VER_FULL = $(shell dpkg-parsechangelog | grep '^Version' | cut -d' ' -f2 | cut -f1 -d-) -debian/dumpasn1.1: debian/dumpasn1.1.in +debian/dumpasn1.1: debian/dumpasn1.1.in dumpasn1 help2man --include=$< --output=$@ \ --name="ASN.1 object dump/syntax check program" \ --no-info ./`basename $@ .1` --version-string=$(VER_FULL) diff --git a/debian/test-data/bmp-strings.crt b/debian/test-data/bmp-strings.crt new file mode 100644 index 0000000..a9f535c --- /dev/null +++ b/debian/test-data/bmp-strings.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnTCCAgagAwIBAgIBETANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJESzET +MBEGA1UEBx4KAMUAcgBoAHUAczEVMBMGA1UEChMMQ3J5cHRvbWF0aGljMScwJQYD +VQQLHh4AVABlAHMAdABpAG4AZwAgAMYAxQDYACAA5gDlAPgxEDAOBgNVBAMTB1Rl +c3QgQ0EwHhcNMDAwOTMwMDY0ODIyWhcNMDEwOTMwMDY0ODIyWjCBozELMAkGA1UE +BhMCREsxEzARBgNVBAceCgDFAHIAaAB1AHMxFTATBgNVBAoTDENyeXB0b21hdGhp +YzEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UEBB4OAE4A+AByAGcA5QByAGQxITAf +BgNVBCoeGADFAHMAZQAgAMYAYgBsAGUAZwByAPgAZDEaMBgGA1UEBRMRUElEOjAw +MDMtMDAwMDAwMDkwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAo2tGgtbX8wxBZxvE +R3JzJ1yCLnI5um1B2ApU+qdxntBKEC0Q9cXwwcdmA9NK62DXNDlSiGUSwqpaLJCW +KhlQneoriYA0ER+mB2i7SFKguRxYxnQFPCikrMhXr41seLCTAgMBAAGjMzAxMAsG +A1UdDwQEAwIFoDAiBgNVHREEGzAZgRdhYnlza292QGNyeXB0b21hdGhpYy5kazAN +BgkqhkiG9w0BAQUFAAOBgQAN+v4zpIAdx30L1Tc+ZwMhgkYB6KFUgDoIPVtM49L6 +Ob65Jg4b+jWEBgTzug9lZXYKlRe2SmgsQSQZl66QtfNN8sn8PQ7dAYmKsfsCNGHh +iz9Pnu9ZQl/fTSKgh+VUbSkhd2kP51Vyz8ZYwHXFRD562AYW/SZUJbUxdswhCizd +mQ== +-----END CERTIFICATE----- diff --git a/debian/test-data/unicode-strings.crt b/debian/test-data/unicode-strings.crt new file mode 100644 index 0000000..9528182 --- /dev/null +++ b/debian/test-data/unicode-strings.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw +FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4 +MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ +tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1 +MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG +A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi +MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz +ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3 +OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx +0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq +hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI +DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa +BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj +0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA +BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W +eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/ +0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB +KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu +NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa +0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR +gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv +MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR +gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw +MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE +HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f +Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j +KW64bgG0AywHjyc3 +-----END CERTIFICATE----- diff --git a/debian/tests/bmp-strings b/debian/tests/bmp-strings new file mode 100755 index 0000000..40f7e22 --- /dev/null +++ b/debian/tests/bmp-strings @@ -0,0 +1,61 @@ +#!/bin/bash + +DUMPASN1=${1:-dumpasn1} + +# this test evaluates a sample certificate suggested by Peter Gutmann +# in https://bugs.debian.org/348856#27 + +# Without debian/patches/bug348856.patch, valgrind will likely fail with: + +# 48 17: SEQUENCE { +# 50 3: OBJECT IDENTIFIER localityName (2 5 4 7) +# ==2818855== Conditional jump or move depends on uninitialised value(s) +# ==2818855== at 0x4840D5E: wcsnlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) +# ==2818855== by 0x491E116: wcsrtombs (wcsrtombs.c:104) +# ==2818855== by 0x48B3FE0: wcstombs (wcstombs.c:34) +# ==2818855== by 0x10BCD2: displayUnicode (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10CE8B: displayString (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10F424: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== +# ==2818855== Conditional jump or move depends on uninitialised value(s) +# ==2818855== at 0x48A0511: internal_ascii_loop (loop.c:336) +# ==2818855== by 0x48A0511: __gconv_transform_internal_ascii (skeleton.c:620) +# ==2818855== by 0x491E14D: wcsrtombs (wcsrtombs.c:110) +# ==2818855== by 0x48B3FE0: wcstombs (wcstombs.c:34) +# ==2818855== by 0x10BCD2: displayUnicode (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10CE8B: displayString (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10F424: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== +# ==2818855== Conditional jump or move depends on uninitialised value(s) +# ==2818855== at 0x48A0690: internal_ascii_loop (loop.c:336) +# ==2818855== by 0x48A0690: __gconv_transform_internal_ascii (skeleton.c:620) +# ==2818855== by 0x491E14D: wcsrtombs (wcsrtombs.c:110) +# ==2818855== by 0x48B3FE0: wcstombs (wcstombs.c:34) +# ==2818855== by 0x10BCD2: displayUnicode (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10CE8B: displayString (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10F424: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2818855== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2818855== +# 55 10: BMPString '...r.h.u.s' +# : } +# : } + +< debian/test-data/bmp-strings.crt grep -v ^- | base64 -d | \ + valgrind --error-exitcode=17 -- "$DUMPASN1" - diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..97d7be1 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,5 @@ +Tests: unicode-strings, bmp-strings +Depends: + valgrind, + @, +Restrictions: allow-stderr diff --git a/debian/tests/unicode-strings b/debian/tests/unicode-strings new file mode 100755 index 0000000..3aad0c4 --- /dev/null +++ b/debian/tests/unicode-strings @@ -0,0 +1,35 @@ +#!/bin/bash + +DUMPASN1=${1:-dumpasn1} + +# this test evaluates a certificate extracted from the PKCS7 object +# https://www.grfc.ru/upload/medialibrary/eec/016301.p7b as found in +# https://bugs.debian.org/840771 + +# Without debian/patches/bug840771.patch, valgrind will likely fail with: + +# 99 58: SET { +# 101 56: SEQUENCE { +# 103 3: OBJECT IDENTIFIER streetAddress (2 5 4 9) +# 108 49: UTF8String +# ==2816751== Conditional jump or move depends on uninitialised value(s) +# ==2816751== at 0x4840D5E: wcsnlen (in /usr/lib/…/valgrind/vgpreload_memcheck-amd64-linux.so) +# ==2816751== by 0x491E116: wcsrtombs (wcsrtombs.c:104) +# ==2816751== by 0x48B3FE0: wcstombs (wcstombs.c:34) +# ==2816751== by 0x10BCD2: displayUnicode (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10CFA1: displayString (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10F3D1: printASN1object (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10FBF2: printAsn1 (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10E27E: printConstructed (in …/dumpasn1/dumpasn1) +# ==2816751== by 0x10E8CF: printASN1object (in …/dumpasn1/dumpasn1) +# ==2816751== +# : '............ .... .. 7 .... 15' +# : } +# : } + + +< debian/test-data/unicode-strings.crt grep -v ^- | base64 -d | \ + valgrind --error-exitcode=17 -- "$DUMPASN1" - diff --git a/dumpasn1.c b/dumpasn1.c index b7e3485..4afe522 100644 --- a/dumpasn1.c +++ b/dumpasn1.c @@ -8,7 +8,7 @@ misplaced. Available from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c. Last - updated 22 October 2019 (version 20191022, if you prefer it that way, + updated 28 September 2020 (version 20200928, if you prefer it that way, see also UPDATE_STRING below). To build under Windows, use 'cl /MD dumpasn1.c'. To build on OS390 or z/OS, use '/bin/c89 -D OS390 -o dumpasn1 dumpasn1.c'. @@ -37,8 +37,8 @@ This code assumes that the input data is binary, having come from a MIME- aware mailer or been piped through a decoding utility if the original format used base64 encoding. If you need to decode it, it's recommended - that you use a utility like uudeview, which will strip virtually any kind - of encoding (MIME, PEM, PGP, whatever) to recover the binary original. + that you use a utility like uudeview, which will strip most kinds of + encoding (MIME, PEM, PGP, whatever) to recover the binary original. You can use this code in whatever way you want, as long as you don't try to claim you wrote it. @@ -69,7 +69,7 @@ /* The update string, printed as part of the help screen */ -#define UPDATE_STRING "22 October 2019" +#define UPDATE_STRING "28 September 2020" /* Useful defines */ @@ -1869,6 +1869,7 @@ static void displayString( FILE *inFile, long length, int level, int lineLength = 48, i; int firstTime = TRUE, doTimeStr = FALSE, warnIA5 = FALSE; int warnPrintable = FALSE, warnTime = FALSE, warnBMP = FALSE; + int warnTimeT = FALSE, warnTimeCrazy = FALSE, warnTimeCrazyAlt = FALSE; if( noBytes > 384 && !printAllData ) noBytes = 384; /* Only output a maximum of 384 bytes */ @@ -2077,11 +2078,22 @@ static void displayString( FILE *inFile, long length, int level, else { printString( level, "%c%c", timeStr[ 0 ], timeStr[ 1 ] ); + if( timeStr[ 0 ] == '2' && timeStr[ 1 ] >= '1' ) + { + /* There actually are certificates like this out + there... */ + warnTimeT = warnTimeCrazy = TRUE; + } + if( timeStrPtr[ 0 ] >= '7' ) + warnTimeCrazy = warnTimeCrazyAlt = TRUE; } printString( level, "%c%c %c%c:%c%c:%c%c GMT", timeStrPtr[ 0 ], timeStrPtr[ 1 ], timeStrPtr[ 6 ], timeStrPtr[ 7 ], timeStrPtr[ 8 ], timeStrPtr[ 9 ], timeStrPtr[ 10 ], timeStrPtr[ 11 ] ); + if( ( timeStrPtr[ 0 ] == '3' && timeStrPtr[ 1 ] >= '8' ) || \ + ( timeStrPtr[ 0 ] >= '4' ) ) + warnTimeT = TRUE; } else printString( level, "%c", '\'' ); @@ -2095,6 +2107,15 @@ static void displayString( FILE *inFile, long length, int level, complain( "IA5String contains illegal character(s)", 0, level ); if( warnTime ) complain( "Time is encoded incorrectly", 0, level ); + if( warnTimeT ) + complain( "Time value cannot be represented in a 32-bit time_t", 0, level ); + if( warnTimeCrazy ) + { + complain( warnTimeCrazyAlt ? \ + "Time value is either more than twenty years in the past or " + "more than half a century in the future" : \ + "Time value is more than half a century in the future", 0, level ); + } if( warnBMP ) complain( "BMPString has missing final byte/half character", 0, level ); } @@ -2727,8 +2748,12 @@ static void printASN1object( FILE *inFile, ASN1_ITEM *item, int level ) { int ch; - if( item->length < 2 ) + if( item->length < 1 ) + { + /* A bitstring always has to contain at least one byte, the unused-bits + count */ complainLength( item, level ); + } if( ( ch = getc( inFile ) ) != 0 ) { if( ch == EOF ) @@ -2738,12 +2763,18 @@ static void printASN1object( FILE *inFile, ASN1_ITEM *item, int level ) } printString( level, " %d unused bit%s", ch, ( ch != 1 ) ? "s" : "" ); + if( item->length <= 1 ) + { + complain( "Empty BIT STRING has non-zero unused-bits " + "value", 0, level ); + return; + } } + item->length--; fPos++; - if( !--item->length && !ch ) + if( item->length <= 0 ) { - printString( level, "%c", '\n' ); - complain( "Object has zero length", 0, level ); + printString( level, " %s\n", "(no bits set)" ); if( item->nonCanonical ) complainLengthCanonical( item, level ); return; @@ -3549,3 +3580,4 @@ int main( int argc, char *argv[] ) return( ( noErrors ) ? noErrors : EXIT_SUCCESS ); } + diff --git a/dumpasn1.cfg b/dumpasn1.cfg index 95f92e5..10ae219 100644 --- a/dumpasn1.cfg +++ b/dumpasn1.cfg @@ -2934,6 +2934,11 @@ OID = 1 2 840 113549 1 9 16 1 Comment = S/MIME Description = contentType +# RFC 6010 +OID = 1 2 840 113549 1 9 16 1 0 +Comment = S/MIME Content Types +Description = anyContentType + OID = 1 2 840 113549 1 9 16 1 1 Comment = S/MIME Content Types Description = receipt @@ -3071,6 +3076,68 @@ OID = 1 2 840 113549 1 9 16 1 34 Comment = S/MIME Content Types Description = trustAnchorList +# RFC 6493 +OID = 1 2 840 113549 1 9 16 1 35 +Comment = S/MIME Content Types +Description = rpkiGhostbusters + +# draft-michaelson-rpki-rta +OID = 1 2 840 113549 1 9 16 1 36 +Comment = S/MIME Content Types +Description = resourceTaggedAttest + +# RFC 8358 +OID = 1 2 840 113549 1 9 16 1 37 +Comment = S/MIME Content Types +Description = utf8TextWithCRLF + +OID = 1 2 840 113549 1 9 16 1 38 +Comment = S/MIME Content Types +Description = htmlWithCRLF + +OID = 1 2 840 113549 1 9 16 1 39 +Comment = S/MIME Content Types +Description = epub + +# RFC 8366 +OID = 1 2 840 113549 1 9 16 1 40 +Comment = S/MIME Content Types +Description = animaJSONVoucher + +# RFC 8520 +OID = 1 2 840 113549 1 9 16 1 41 +Comment = S/MIME Content Types +Description = mudType + +# RFC 8572 +OID = 1 2 840 113549 1 9 16 1 42 +Comment = S/MIME Content Types +Description = sztpConveyedInfoXML + +OID = 1 2 840 113549 1 9 16 1 43 +Comment = S/MIME Content Types +Description = sztpConveyedInfoJSON + +# RFC 8769 +OID = 1 2 840 113549 1 9 16 1 44 +Comment = S/MIME Content Types +Description = cbor + +OID = 1 2 840 113549 1 9 16 1 45 +Comment = S/MIME Content Types +Description = cborSequence + +# Reserved and Obsolete +OID = 1 2 840 113549 1 9 16 1 46 +Comment = S/MIME Content Types +Description = animaCBORVoucher +Warning + +# draft-ymbk-opsawg-finding-geofeeds +OID = 1 2 840 113549 1 9 16 1 47 +Comment = S/MIME Content Types +Description = geofeedCSVwithCRLF + # S/MIME attributes OID = 1 2 840 113549 1 9 16 2 @@ -3284,6 +3351,39 @@ OID = 1 2 840 113549 1 9 16 2 51 Comment = S/MIME Authenticated Attributes Description = multipleSignatures +# RFC 6211 +OID = 1 2 840 113549 1 9 16 2 52 +Comment = S/MIME Authenticated Attributes +Description = cmsAlgorithmProtect + +# draft-herzog-setkey +OID = 1 2 840 113549 1 9 16 2 53 +Comment = S/MIME Authenticated Attributes +Description = setKeyInformation + +# RFC 7030 and RFC 8951 +OID = 1 2 840 113549 1 9 16 2 54 +Comment = S/MIME Authenticated Attributes +Description = asymmDecryptKeyID + +# RFC 7508 +OID = 1 2 840 113549 1 9 16 2 55 +Comment = S/MIME Authenticated Attributes +Description = secureHeaderFieldsIdentifier + +# RFC 7894 +OID = 1 2 840 113549 1 9 16 2 56 +Comment = S/MIME Authenticated Attributes +Description = otpChallenge + +OID = 1 2 840 113549 1 9 16 2 57 +Comment = S/MIME Authenticated Attributes +Description = revocationChallenge + +OID = 1 2 840 113549 1 9 16 2 58 +Comment = S/MIME Authenticated Attributes +Description = estIdentityLinking + # S/MIME algorithms OID = 1 2 840 113549 1 9 16 3 1 @@ -3449,6 +3549,24 @@ OID = 1 2 840 113549 1 9 16 6 6 Comment = S/MIME Commitment Type Identifiers Description = proofOfCreation +# RFC3114 +OID = 1 2 840 113549 1 9 16 7 1 +Comment = S/MIMETest Security Policies +Description = testAmoco + +OID = 1 2 840 113549 1 9 16 7 2 +Comment = S/MIMETest Security Policies +Description = testCaterpillar + +OID = 1 2 840 113549 1 9 16 7 3 +Comment = S/MIMETest Security Policies +Description = testWhirlpool + +OID = 1 2 840 113549 1 9 16 7 4 +Comment = S/MIMETest Security Policies +Description = testWhirlpoolCategories + + OID = 1 2 840 113549 1 9 16 8 1 Comment = S/MIME Symmetric Key Distribution Attributes Description = glUseKEK @@ -3530,6 +3648,35 @@ OID = 1 2 840 113549 1 9 16 9 4 Comment = S/MIME Signature Type Identifier Description = reviewSig +# RFC 3855 +OID = 1 2 840 113549 1 9 16 10 1 +Comment = S/MIME X.400 Encoded Information Types +Description = envelopedData + +OID = 1 2 840 113549 1 9 16 10 2 +Comment = S/MIME X.400 Encoded Information Types +Description = signedData + +OID = 1 2 840 113549 1 9 16 10 3 +Comment = S/MIME X.400 Encoded Information Types +Description = certsOnly + +OID = 1 2 840 113549 1 9 16 10 4 +Comment = S/MIME X.400 Encoded Information Types +Description = signedReceipt + +OID = 1 2 840 113549 1 9 16 10 5 +Comment = S/MIME X.400 Encoded Information Types +Description = envelopedX400 + +OID = 1 2 840 113549 1 9 16 10 6 +Comment = S/MIME X.400 Encoded Information Types +Description = signedX400 + +OID = 1 2 840 113549 1 9 16 10 7 +Comment = S/MIME X.400 Encoded Information Types +Description = compressedData + OID = 1 2 840 113549 1 9 16 11 Comment = S/MIME Description = capabilities @@ -3650,6 +3797,18 @@ OID = 1 2 840 113549 1 9 16 12 27 Comment = S/MIME Portable Symmetric Key Container Attributes Description = pskcKeyuserid +OID = 1 2 840 113549 1 9 16 13 +Comment = S/MIME Other Recipient Info Identifiers +Description = otherRecipientInfoIds + +OID = 1 2 840 113549 1 9 16 13 1 +Comment = S/MIME Other Recipient Info Identifiers +Description = keyTransPSK + +OID = 1 2 840 113549 1 9 16 13 2 +Comment = S/MIME Other Recipient Info Identifiers +Description = keyAgreePSK + # PKCS #9 for use with PKCS #12 OID = 1 2 840 113549 1 9 20 @@ -4506,6 +4665,18 @@ OID = 1 2 840 113635 100 6 1 3 Comment = Apple certificate extension Description = appleCertificateExtensionADCAppleSigning +OID = 1 2 840 113635 100 15 1 +Comment = Apple custom certificate extension +Description = appleCustomCertificateExtension1 + +OID = 1 2 840 113635 100 15 2 +Comment = Apple custom certificate extension +Description = appleCustomCertificateExtension2 + +OID = 1 2 840 113635 100 15 3 +Comment = Apple custom certificate extension +Description = appleCustomCertificateExtension3 + # More Microsoft under the IETF arc OID = 1 3 6 1 4 1 311 2 1 4 @@ -4968,6 +5139,10 @@ OID = 1 3 6 1 4 1 311 60 2 1 3 Comment = Microsoft (???) Description = jurisdictionOfIncorporationC +OID = 1 3 6 1 4 1 311 76 509 1 1 +Comment = Microsoft PKI services +Description = microsoftCPS + OID = 1 3 6 1 4 1 311 88 Comment = Microsoft attribute Description = capiCom @@ -5454,6 +5629,12 @@ OID = 1 3 6 1 4 1 23629 1 4 2 2 1 Comment = SafeNet Description = safenetKeyDigest +# RFC 8649 + +OID = 1 3 6 1 4 1 51483 2 1 +Comment = CTIA +Description = hashOfRootKey + # RFC 4556 / Kerberos OID = 1 3 6 1 5 2 3 1 @@ -5618,6 +5799,11 @@ OID = 1 3 6 1 5 5 7 1 31 Comment = PKIX private extension Description = acmeIdentifier +# draft-ietf-anima-bootstrapping-keyinfra +OID = 1 3 6 1 5 5 7 1 32 +Comment = PKIX private extension +Description = masaURL + OID = 1 3 6 1 5 5 7 2 Comment = PKIX Description = policyQualifierIds @@ -5634,6 +5820,15 @@ OID = 1 3 6 1 5 5 7 2 3 Comment = PKIX policy qualifier Description = textNotice +# RFC 4476 +OID = 1 3 6 1 5 5 7 2 4 +Comment = PKIX policy qualifier +Description = acps + +OID = 1 3 6 1 5 5 7 2 5 +Comment = PKIX policy qualifier +Description = acunotice + OID = 1 3 6 1 5 5 7 3 Comment = PKIX Description = keyPurpose @@ -5763,6 +5958,25 @@ OID = 1 3 6 1 5 5 7 3 30 Comment = PKIX key purpose Description = bgpsecRouter +# draft-chuang-bimi-certificate +OID = 1 3 6 1 5 5 7 3 31 +Comment = PKIX key purpose +Description = bimi + +# draft-ietf-lamps-cmp-updates +OID = 1 3 6 1 5 5 7 3 32 +Comment = PKIX key purpose +Description = cmKGA + +# draft-ietf-nfsv4-rpc-tls +OID = 1 3 6 1 5 5 7 3 33 +Comment = PKIX key purpose +Description = rpcTLSClient + +OID = 1 3 6 1 5 5 7 3 34 +Comment = PKIX key purpose +Description = rpcTLSServer + OID = 1 3 6 1 5 5 7 4 Comment = PKIX Description = cmpInformationTypes @@ -5959,10 +6173,18 @@ OID = 1 3 6 1 5 5 7 8 2 Comment = PKIX other name Description = userGroup +OID = 1 3 6 1 5 5 7 8 3 +Comment = PKIX other name +Description = permanentIdentifier + OID = 1 3 6 1 5 5 7 8 5 Comment = PKIX other name Description = xmppAddr +OID = 1 3 6 1 5 5 7 8 6 +Comment = PKIX other name +Description = SIM + OID = 1 3 6 1 5 5 7 9 Comment = PKIX qualified certificates Description = personalData @@ -6023,6 +6245,18 @@ OID = 1 3 6 1 5 5 7 11 1 Comment = PKIX qualified certificates Description = pkixQCSyntax-v1 +OID = 1 3 6 1 5 5 7 12 +Comment = PKIX CMC Content Types +Description = pkixCCT + +OID = 1 3 6 1 5 5 7 12 2 +Comment = PKIX CMC Content Types +Description = pkiData + +OID = 1 3 6 1 5 5 7 12 3 +Comment = PKIX CMC Content Types +Description = pkiResponse + OID = 1 3 6 1 5 5 7 14 2 Comment = PKIX policies Description = resourceCertificatePolicy @@ -9231,6 +9465,10 @@ OID = 2 16 840 1 101 3 4 1 8 Comment = NIST Algorithm Description = aes128-wrap-pad +OID = 2 16 840 1 101 3 4 1 9 +Comment = NIST Algorithm +Description = aes128-GMAC + OID = 2 16 840 1 101 3 4 1 21 Comment = NIST Algorithm Description = aes192-ECB @@ -9263,6 +9501,10 @@ OID = 2 16 840 1 101 3 4 1 28 Comment = NIST Algorithm Description = aes192-wrap-pad +OID = 2 16 840 1 101 3 4 1 29 +Comment = NIST Algorithm +Description = aes192-GMAC + OID = 2 16 840 1 101 3 4 1 41 Comment = NIST Algorithm Description = aes256-ECB @@ -9295,6 +9537,10 @@ OID = 2 16 840 1 101 3 4 1 48 Comment = NIST Algorithm Description = aes256-wrap-pad +OID = 2 16 840 1 101 3 4 1 49 +Comment = NIST Algorithm +Description = aes256-GMAC + OID = 2 16 840 1 101 3 4 2 Comment = NIST Algorithm Description = hashAlgos @@ -9315,6 +9561,22 @@ OID = 2 16 840 1 101 3 4 2 4 Comment = NIST Algorithm Description = sha-224 +OID = 2 16 840 1 101 3 4 2 7 +Comment = NIST Algorithm +Description = sha3-224 + +OID = 2 16 840 1 101 3 4 2 8 +Comment = NIST Algorithm +Description = sha3-256 + +OID = 2 16 840 1 101 3 4 2 9 +Comment = NIST Algorithm +Description = sha3-384 + +OID = 2 16 840 1 101 3 4 2 10 +Comment = NIST Algorithm +Description = sha3-512 + OID = 2 16 840 1 101 3 4 2 11 Comment = NIST Algorithm Description = shake128 @@ -10446,3 +10708,4 @@ Comment = Wells Fargo WellsSecure Public Root Certificate Authority Description = Wells Fargo EV policy # End of Fahnenstange +
signature.asc
Description: PGP signature