[Swan-dev] oid.c

D. Hugh Redelmeier hugh at mimosa.com
Tue Apr 29 05:25:36 EEST 2014 

This table is fairly simple but not really great for humans to read.  I 
wrote a program to check its structure, and it seems OK.  I did find a 
couple of anomalies.

OID 51 octet code steps backward from 0x55 to 0x2a

	Normally alternatives are in numerical order but OID 51 breaks
	that convention.  I don't see this as an actual problem.

OID 89 is terminal but has no name

	I don't know what OID names are used for, but this is the only
	terminal that has no name.  Odd.

Should we see what look to see if StrongSwan has improved the table?

I don't know the pattern of what is included in the table.  "Germany
ITU-T member" and "Deutsche Telekom AG" are mentioned, but no other
countries.

Why does lib/libswan/oid.pl generate code that requires <stdlib.h>?
The struct for oid_t has fields of type u_char and u_int.  What's
wrong with unsigned char and unsigned int?  Then the header isn't
needed.

Use of oid names:
- dn_parse uses it in a call to format_chunk
- check_signature uses it in a DBG_log for signature algorithm
- extract_object uses it in a DBG_log
-------------- next part --------------
/*
 * Check Libreswan's oid_names table
 *
 * compile: gcc -g -Iinclude -Wall check-oid.c
 *
 * DHR 2014 Apr 28
 */
#include <stdio.h>
#include <assert.h>

#include "lib/libswan/oid.c"

static const int max_oid = sizeof(oid_names) /  sizeof(oid_names[0]);

static void check_subtable(int basement, int oid, int roof)
{
	assert(oid <= roof);
	while (oid != roof) {
		const oid_t *o = &oid_names[oid];
		/* next alternative (or end) */
		int alt = o->next == 0 ? roof : o->next;

		assert(oid < alt);
		assert(alt <= roof);
		assert(oid_names[alt-1].down == 0);	/* must be terminal */

		if (o->octet <= basement)
			printf("OID %d octet code steps backward from 0x%2x to 0x%2x\n",
				oid, basement, o->octet);
		assert(o->down == 0 || o->down == 1);	/* down is bool */
		assert(o->next != 0 || o->down == 1 || oid + 1 == roof);

		if (o->down) {
			check_subtable(-1, oid + 1, alt);
		} else {
			/* terminal */
			assert(oid + 1 == alt);
			if (o->name[0] == '\0')
				printf("OID %d is terminal but has no name\n", oid);
		}

		basement = o->octet;
		oid = alt;
	}
}

int main()
{
	check_subtable(-1, 0, max_oid);
	return 0;
}

More information about the Swan-dev mailing list