OID Implementation flaws of dumpasn1.c by Peter Gutmann ( https://www.cs.auckland.ac.nz/~pgut001/#standards ) by Daniel Marschall 1. Max arc size: 2^62-1 (4611686018427387903) Actually, OID arcs shall always be unlimited 2. Doesn't allow OIDs 2.yyy where yyy is greater than 50, with exception of yyy=100. So it doesn't recognize gs1(51) and example(999) The second arc of 2.yyy shall NOT be limited, as ITU can always define any OID without limitations of the arcs. asn1dump has not the job to check if an OID seems to be legally assigned by its RA. if( x < 0 || x > 2 || y < 0 || \ ( ( x < 2 && y > 39 ) || \ ( x == 2 && ( y > 50 && y != 100 ) ) ) ) { /* If x = 0 or 1 then y has to be 0...39, for x = 3 it can take any value but there are no known assigned values over 50 except for one contrived example in X.690 which sets y = 100, so if we see something outside this range it's most likely an encoding error rather than some bizarre new ID that's just appeared */ validEncoding = FALSE; break; } Patch Remove ( x == 2 && ( y > 50 && y != 100 ) ) 3. UUIDs are not correctly handled a. UUID OIDs are shown in a non-standard format The OID 2.25.201846626916932054805713482466966777339 will be shown as '2 25 { 97da3f0d-353e-4d0f-b845-67a91c3a2dfb }' Although this notation can be accepted, it makes research of a specific OID harder. Code: /* An insane ITU facility lets people register UUIDs as OIDs (see http://www.itu.int/ITU-T/asn1/uuid.html), if we find one of these, which live under the arc '2 25' = 0x69 we have to continue decoding the OID as a UUID instead of a standard OID */ if( data == 0x69 ) isUUID = TRUE; } b. UUIDs which have a specific low value will be marked as invalid This UUID OID will not be accepted 2.25.85070591730234615865843651857942052863 06 13 69 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 7F DER 3fffffff-ffff-ffff-ffff-ffffffffffff This UUID OID will be accepted 2.25.85070591730234615865843651857942052864 06 14 69 81 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 00 40000000-0000-0000-0000-000000000000 So, OIDs 2.25.yyy with yyy<85070591730234615865843651857942052864 won't be accepted Code: /* The following check isn't completely accurate since we could have less than 16 bytes present if there are leading zeroes, however to handle this properly we'd have to decode the entire value as a bignum and then format it appropriately, and given the fact that the use of these things is practically nonexistent it's probably not worth the code space to deal with this */ if( uuidBufPos != 16 ) { validEncoding = FALSE; break; } c. UUID OIDs with children are displayed wrong Input OID: 2.25.201846626916932054805713482466966777339.1 => Input BER: 06 15 69 82 AF DA 9F C3 A6 D3 F2 B4 9F B8 A2 D9 F5 91 E1 E8 DB 7B 01 Actual result: '2 25 { 97da3f0d-353e-4d0f-b845-67a91c3a2dfb } { 97da3f0d-353e-4d0f-b845-67a91c3a2dfb }' Expected result: '2 25 { 97da3f0d-353e-4d0f-b845-67a91c3a2dfb } 1' Patch After length += sprintf( textOID + length, " { %02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x }", please add isUUID = FALSE; d. Overflow error at UUID OIDs Input OID: 2.25.340282366920938463463374607431768211456 => Input BER: 06 14 69 84 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 00 Actual result: '2 25 { 00000000-0000-0000-0000-000000000000 }' Expected result: Invalid UUID 4. The primitive ASN.1 type RELATIVE-OID (0x0D) is not supported Input OID: 2.25.201846626916932054805713482466966777339.1 => Input BER: 0D 16 02 19 82 AF DA 9F C3 A6 D3 F2 B4 9F B8 A2 D9 F5 91 E1 E8 DB 7B 01 Partially patch: - Please add #define RELATIVEOID 0x0D /* 13: Relative Object Identifier */ after #define UTF8STRING 0x0C /* 12: UTF8 string */ - Please add in idstr(): case RELATIVEOID: return( "RELATIVE OBJECT IDENTIFIER" ); - It will stay printASN1object(), but at least now the user will get to know what type of primitive it is. 5. The BER encoding can only be max. 32 bytes long.