src - OpenBSD base system

diff options


context:
space:
mode:

author	Damien Miller <djm@cvs.openbsd.org>	2008-09-06 12:17:55 +0000
committer	Damien Miller <djm@cvs.openbsd.org>	2008-09-06 12:17:55 +0000
commit	96de7a4399a8c71cbb70d6252fa77acfd76b3f09 (patch)
tree	e6f6e4aad1952944ccd27e9eb47ea48b9a78dde7 /lib/libcrypto/objects
parent	ec7710fe8f10fb624fbc33c0bbad2474e0c26979 (diff)

resolve conflicts

Diffstat (limited to 'lib/libcrypto/objects')

-rw-r--r--

lib/libcrypto/objects/o_names.c

-rw-r--r--

lib/libcrypto/objects/obj_dat.c

254

-rw-r--r--

lib/libcrypto/objects/obj_dat.pl

-rw-r--r--

lib/libcrypto/objects/obj_err.c

-rw-r--r--

lib/libcrypto/objects/obj_lib.c

-rw-r--r--

lib/libcrypto/objects/obj_mac.num

115

-rw-r--r--

lib/libcrypto/objects/objects.h

-rw-r--r--

lib/libcrypto/objects/objects.txt

185

8 files changed, 493 insertions, 90 deletions

diff --git a/lib/libcrypto/objects/o_names.c b/lib/libcrypto/objects/o_names.c
index 28c9370ca3c..adb5731f765 100644
--- a/lib/libcrypto/objects/o_names.c
+++ b/lib/libcrypto/objects/o_names.c

@@ -111,8 +111,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),

static int obj_name_cmp(const void *a_void, const void *b_void)

{

int ret;

- OBJ_NAME *a = (OBJ_NAME *)a_void;

- OBJ_NAME *b = (OBJ_NAME *)b_void;

+ const OBJ_NAME *a = (const OBJ_NAME *)a_void;

+ const OBJ_NAME *b = (const OBJ_NAME *)b_void;

ret=a->type-b->type;

if (ret == 0)

@@ -133,7 +133,7 @@ static int obj_name_cmp(const void *a_void, const void *b_void)

static unsigned long obj_name_hash(const void *a_void)

{

unsigned long ret;

- OBJ_NAME *a = (OBJ_NAME *)a_void;

+ const OBJ_NAME *a = (const OBJ_NAME *)a_void;

if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))

{

diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c
index f549d078ef6..7fd74332417 100644
--- a/lib/libcrypto/objects/obj_dat.c
+++ b/lib/libcrypto/objects/obj_dat.c

@@ -58,10 +58,12 @@

#include <stdio.h>

#include <ctype.h>

+#include <limits.h>

#include "cryptlib.h"

#include <openssl/lhash.h>

#include <openssl/asn1.h>

#include <openssl/objects.h>

+#include <openssl/bn.h>

/* obj_dat.h is generated from objects.h by obj_dat.pl */

#ifndef OPENSSL_NO_OBJECT

@@ -115,7 +117,7 @@ static unsigned long add_hash(const void *ca_void)

int i;

unsigned long ret=0;

unsigned char *p;

- ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;

+ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;

a=ca->obj;

switch (ca->type)

@@ -149,8 +151,8 @@ static int add_cmp(const void *ca_void, const void *cb_void)

{

ASN1_OBJECT *a,*b;

int i;

- ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;

- ADDED_OBJ *cb = (ADDED_OBJ *)cb_void;

+ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;

+ const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;

i=ca->type-cb->type;

if (i) return(i);

@@ -161,7 +163,7 @@ static int add_cmp(const void *ca_void, const void *cb_void)

case ADDED_DATA:

i=(a->length - b->length);

if (i) return(i);

- return(memcmp(a->data,b->data,a->length));

+ return(memcmp(a->data,b->data,(size_t)a->length));

case ADDED_SNAME:

if (a->sn == NULL) return(-1);

else if (b->sn == NULL) return(1);

@@ -382,8 +384,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)

adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

if (adp != NULL) return (adp->obj->nid);

}

- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,

- sizeof(ASN1_OBJECT *),obj_cmp);

+ op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,

+ NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);

if (op == NULL)

return(NID_undef);

return((*op)->nid);

@@ -399,7 +401,9 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)

{

int nid = NID_undef;

ASN1_OBJECT *op=NULL;

- unsigned char *buf,*p;

+ unsigned char *buf;

+ unsigned char *p;

+ const unsigned char *cp;

int i, j;

if(!no_name) {

@@ -411,8 +415,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)

/* Work out size of content octets */

i=a2d_ASN1_OBJECT(NULL,0,s,-1);

if (i <= 0) {

- /* Clear the error */

- ERR_get_error();

+ /* Don't clear the error */

+ /*ERR_clear_error();*/

return NULL;

}

/* Work out total size */

@@ -425,75 +429,170 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)

ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);

/* Write out contents */

a2d_ASN1_OBJECT(p,i,s,-1);

- p=buf;

- op=d2i_ASN1_OBJECT(NULL,&p,j);

+ cp=buf;

+ op=d2i_ASN1_OBJECT(NULL,&cp,j);

OPENSSL_free(buf);

return op;

}

int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)

{

- int i,idx=0,n=0,len,nid;

+ int i,n=0,len,nid, first, use_bn;

+ BIGNUM *bl;

unsigned long l;

unsigned char *p;

- const char *s;

char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];

- if (buf_len <= 0) return(0);

if ((a == NULL) || (a->data == NULL)) {

buf[0]='\0';

return(0);

}

- if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {

- len=a->length;

- p=a->data;

- idx=0;

- l=0;

- while (idx < a->length) {

- l|=(p[idx]&0x7f);

- if (!(p[idx] & 0x80)) break;

- l<<=7L;

- idx++;

+ if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)

+ {

+ const char *s;

+ s=OBJ_nid2ln(nid);

+ if (s == NULL)

+ s=OBJ_nid2sn(nid);

+ if (buf)

+ BUF_strlcpy(buf,s,buf_len);

+ n=strlen(s);

+ return n;

}

- idx++;

- i=(int)(l/40);

- if (i > 2) i=2;

- l-=(long)(i*40);

- BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);

- i=strlen(tbuf);

- BUF_strlcpy(buf,tbuf,buf_len);

- buf_len-=i;

- buf+=i;

- n+=i;

+ len=a->length;

+ p=a->data;

+ first = 1;

+ bl = NULL;

+ while (len > 0)

+ {

l=0;

- for (; idx<len; idx++) {

- l|=p[idx]&0x7f;

- if (!(p[idx] & 0x80)) {

- BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);

- i=strlen(tbuf);

+ use_bn = 0;

+ for (;;)

+ {

+ unsigned char c = *p++;

+ len--;

+ if ((len == 0) && (c & 0x80))

+ goto err;

+ if (use_bn)

+ {

+ if (!BN_add_word(bl, c & 0x7f))

+ goto err;

+ }

+ else

+ l |= c & 0x7f;

+ if (!(c & 0x80))

+ break;

+ if (!use_bn && (l > (ULONG_MAX >> 7L)))

+ {

+ if (!bl && !(bl = BN_new()))

+ goto err;

+ if (!BN_set_word(bl, l))

+ goto err;

+ use_bn = 1;

+ }

+ if (use_bn)

+ {

+ if (!BN_lshift(bl, bl, 7))

+ goto err;

+ }

+ else

+ l<<=7L;

+ }

+ if (first)

+ {

+ first = 0;

+ if (l >= 80)

+ {

+ i = 2;

+ if (use_bn)

+ {

+ if (!BN_sub_word(bl, 80))

+ goto err;

+ }

+ else

+ l -= 80;

+ }

+ else

+ {

+ i=(int)(l/40);

+ l-=(long)(i*40);

+ }

+ if (buf && (buf_len > 0))

+ {

+ *buf++ = i + '0';

+ buf_len--;

+ }

+ n++;

+ }

+ if (use_bn)

+ {

+ char *bndec;

+ bndec = BN_bn2dec(bl);

+ if (!bndec)

+ goto err;

+ i = strlen(bndec);

+ if (buf)

+ {

if (buf_len > 0)

- BUF_strlcpy(buf,tbuf,buf_len);

- buf_len-=i;

- buf+=i;

- n+=i;

- l=0;

+ {

+ *buf++ = '.';

+ buf_len--;

+ }

+ BUF_strlcpy(buf,bndec,buf_len);

+ if (i > buf_len)

+ {

+ buf += buf_len;

+ buf_len = 0;

+ }

+ else

+ {

+ buf+=i;

+ buf_len-=i;

+ }

+ n++;

+ n += i;

+ OPENSSL_free(bndec);

+ }

+ else

+ {

+ BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);

+ i=strlen(tbuf);

+ if (buf && (buf_len > 0))

+ {

+ BUF_strlcpy(buf,tbuf,buf_len);

+ if (i > buf_len)

+ {

+ buf += buf_len;

+ buf_len = 0;

+ }

+ else

+ {

+ buf+=i;

+ buf_len-=i;

+ }

+ n+=i;

+ l=0;

}

- l<<=7L;

}

- } else {

- s=OBJ_nid2ln(nid);

- if (s == NULL)

- s=OBJ_nid2sn(nid);

- BUF_strlcpy(buf,s,buf_len);

- n=strlen(s);

- }

- return(n);

+ if (bl)

+ BN_free(bl);

+ return n;

+ err:

+ if (bl)

+ BN_free(bl);

+ return -1;

}

int OBJ_txt2nid(const char *s)

@@ -519,7 +618,7 @@ int OBJ_ln2nid(const char *s)

adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

if (adp != NULL) return (adp->obj->nid);

}

- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,

+ op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,

sizeof(ASN1_OBJECT *),ln_cmp);

if (op == NULL) return(NID_undef);

return((*op)->nid);

@@ -547,8 +646,8 @@ int OBJ_sn2nid(const char *s)

static int obj_cmp(const void *ap, const void *bp)

{

int j;

- ASN1_OBJECT *a= *(ASN1_OBJECT **)ap;

- ASN1_OBJECT *b= *(ASN1_OBJECT **)bp;

+ const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;

+ const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;

j=(a->length - b->length);

if (j) return(j);

@@ -558,8 +657,14 @@ static int obj_cmp(const void *ap, const void *bp)

const char *OBJ_bsearch(const char *key, const char *base, int num, int size,

int (*cmp)(const void *, const void *))

{

- int l,h,i,c;

- const char *p;

+ return OBJ_bsearch_ex(key, base, num, size, cmp, 0);

+ }

+const char *OBJ_bsearch_ex(const char *key, const char *base, int num,

+ int size, int (*cmp)(const void *, const void *), int flags)

+ {

+ int l,h,i=0,c=0;

+ const char *p = NULL;

if (num == 0) return(NULL);

l=0;

@@ -574,20 +679,33 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size,

else if (c > 0)

l=i+1;

else

- return(p);

+ break;

}

#ifdef CHARSET_EBCDIC

/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and

* I don't have perl (yet), we revert to a *LINEAR* search

* when the object wasn't found in the binary search.

- for (i=0; i<num; ++i) {

- p= &(base[i*size]);

- if ((*cmp)(key,p) == 0)

- return p;

- }

+ if (c != 0)

+ {

+ for (i=0; i<num; ++i)

+ {

+ p= &(base[i*size]);

+ c = (*cmp)(key,p);

+ if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))

+ return p;

+ }

#endif

- return(NULL);

+ if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))

+ p = NULL;

+ else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH))

+ {

+ while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0)

+ i--;

+ p = &(base[i*size]);

+ }

+ return(p);

}

int OBJ_create_objects(BIO *in)

diff --git a/lib/libcrypto/objects/obj_dat.pl b/lib/libcrypto/objects/obj_dat.pl
index d0371661f97..8a09a46ee65 100644
--- a/lib/libcrypto/objects/obj_dat.pl
+++ b/lib/libcrypto/objects/obj_dat.pl

@@ -94,7 +94,7 @@ for ($i=0; $i<$n; $i++)

{

if (!defined($nid{$i}))

{

- push(@out,"{NULL,NULL,NID_undef,0,NULL},\n");

+ push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n");

}

else

{

@@ -138,7 +138,7 @@ for ($i=0; $i<$n; $i++)

}

else

{

- $out.="0,NULL";

+ $out.="0,NULL,0";

}

$out.="},\n";

push(@out,$out);

diff --git a/lib/libcrypto/objects/obj_err.c b/lib/libcrypto/objects/obj_err.c
index 0682979b381..12b48850c6b 100644
--- a/lib/libcrypto/objects/obj_err.c
+++ b/lib/libcrypto/objects/obj_err.c

@@ -91,15 +91,12 @@ static ERR_STRING_DATA OBJ_str_reasons[]=

void ERR_load_OBJ_strings(void)

{

- static int init=1;

+#ifndef OPENSSL_NO_ERR

- if (init)

+ if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)

{

- init=0;

-#ifndef OPENSSL_NO_ERR

ERR_load_strings(0,OBJ_str_functs);

ERR_load_strings(0,OBJ_str_reasons);

-#endif

}

+#endif

}

diff --git a/lib/libcrypto/objects/obj_lib.c b/lib/libcrypto/objects/obj_lib.c
index b0b0f2ff24b..706fa0b0e78 100644
--- a/lib/libcrypto/objects/obj_lib.c
+++ b/lib/libcrypto/objects/obj_lib.c

@@ -82,7 +82,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)

r->data=OPENSSL_malloc(o->length);

if (r->data == NULL)

goto err;

- memcpy(r->data,o->data,o->length);

+ if (o->data != NULL)

+ memcpy(r->data,o->data,o->length);

r->length=o->length;

r->nid=o->nid;

r->ln=r->sn=NULL;

diff --git a/lib/libcrypto/objects/obj_mac.num b/lib/libcrypto/objects/obj_mac.num
index 84555d936e8..47815b1e4e8 100644
--- a/lib/libcrypto/objects/obj_mac.num
+++ b/lib/libcrypto/objects/obj_mac.num

@@ -673,3 +673,118 @@ sha256 672

sha384 673

sha512 674

sha224 675

+identified_organization 676

+certicom_arc 677

+wap 678

+wap_wsg 679

+X9_62_id_characteristic_two_basis 680

+X9_62_onBasis 681

+X9_62_tpBasis 682

+X9_62_ppBasis 683

+X9_62_c2pnb163v1 684

+X9_62_c2pnb163v2 685

+X9_62_c2pnb163v3 686

+X9_62_c2pnb176v1 687

+X9_62_c2tnb191v1 688

+X9_62_c2tnb191v2 689

+X9_62_c2tnb191v3 690

+X9_62_c2onb191v4 691

+X9_62_c2onb191v5 692

+X9_62_c2pnb208w1 693

+X9_62_c2tnb239v1 694

+X9_62_c2tnb239v2 695

+X9_62_c2tnb239v3 696

+X9_62_c2onb239v4 697

+X9_62_c2onb239v5 698

+X9_62_c2pnb272w1 699

+X9_62_c2pnb304w1 700

+X9_62_c2tnb359v1 701

+X9_62_c2pnb368w1 702

+X9_62_c2tnb431r1 703

+secp112r1 704

+secp112r2 705

+secp128r1 706

+secp128r2 707

+secp160k1 708

+secp160r1 709

+secp160r2 710

+secp192k1 711

+secp224k1 712

+secp224r1 713

+secp256k1 714

+secp384r1 715

+secp521r1 716

+sect113r1 717

+sect113r2 718

+sect131r1 719

+sect131r2 720

+sect163k1 721

+sect163r1 722

+sect163r2 723

+sect193r1 724

+sect193r2 725

+sect233k1 726

+sect233r1 727

+sect239k1 728

+sect283k1 729

+sect283r1 730

+sect409k1 731

+sect409r1 732

+sect571k1 733

+sect571r1 734

+wap_wsg_idm_ecid_wtls1 735

+wap_wsg_idm_ecid_wtls3 736

+wap_wsg_idm_ecid_wtls4 737

+wap_wsg_idm_ecid_wtls5 738

+wap_wsg_idm_ecid_wtls6 739

+wap_wsg_idm_ecid_wtls7 740

+wap_wsg_idm_ecid_wtls8 741

+wap_wsg_idm_ecid_wtls9 742

+wap_wsg_idm_ecid_wtls10 743

+wap_wsg_idm_ecid_wtls11 744

+wap_wsg_idm_ecid_wtls12 745

+any_policy 746

+policy_mappings 747

+inhibit_any_policy 748

+ipsec3 749

+ipsec4 750

+camellia_128_cbc 751

+camellia_192_cbc 752

+camellia_256_cbc 753

+camellia_128_ecb 754

+camellia_192_ecb 755

+camellia_256_ecb 756

+camellia_128_cfb128 757

+camellia_192_cfb128 758

+camellia_256_cfb128 759

+camellia_128_cfb1 760

+camellia_192_cfb1 761

+camellia_256_cfb1 762

+camellia_128_cfb8 763

+camellia_192_cfb8 764

+camellia_256_cfb8 765

+camellia_128_ofb128 766

+camellia_192_ofb128 767

+camellia_256_ofb128 768

+subject_directory_attributes 769

+issuing_distribution_point 770

+certificate_issuer 771

+korea 772

+kisa 773

+kftc 774

+npki_alg 775

+seed_ecb 776

+seed_cbc 777

+seed_ofb128 778

+seed_cfb128 779

+hmac_md5 780

+hmac_sha1 781

+id_PasswordBasedMAC 782

+id_DHBasedMac 783

+id_it_suppLangTags 784

+caRepository 785

+id_smime_ct_compressedData 786

+id_ct_asciiTextWithCRLF 787

+id_aes128_wrap 788

+id_aes192_wrap 789

+id_aes256_wrap 790

diff --git a/lib/libcrypto/objects/objects.h b/lib/libcrypto/objects/objects.h
index f859d859b85..7242f76fb0f 100644
--- a/lib/libcrypto/objects/objects.h
+++ b/lib/libcrypto/objects/objects.h

@@ -966,7 +966,10 @@

#define OBJ_NAME_TYPE_COMP_METH 0x04

#define OBJ_NAME_TYPE_NUM 0x05

-#define OBJ_NAME_ALIAS 0x8000

+#define OBJ_NAME_ALIAS 0x8000

+#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01

+#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02

#ifdef __cplusplus

@@ -1010,6 +1013,8 @@ int OBJ_sn2nid(const char *s);

int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);

const char * OBJ_bsearch(const char *key,const char *base,int num,int size,

int (*cmp)(const void *, const void *));

+const char * OBJ_bsearch_ex(const char *key,const char *base,int num,

+ int size, int (*cmp)(const void *, const void *), int flags);

int OBJ_new_nid(int num);

int OBJ_add_object(const ASN1_OBJECT *obj);

diff --git a/lib/libcrypto/objects/objects.txt b/lib/libcrypto/objects/objects.txt
index 2635c4e6676..34c8d1d6473 100644
--- a/lib/libcrypto/objects/objects.txt
+++ b/lib/libcrypto/objects/objects.txt

@@ -1,12 +1,28 @@

-0 : CCITT : ccitt

+# CCITT was renamed to ITU-T quite some time ago

+0 : ITU-T : itu-t

+!Alias ccitt itu-t

1 : ISO : iso

-2 : JOINT-ISO-CCITT : joint-iso-ccitt

+2 : JOINT-ISO-ITU-T : joint-iso-itu-t

+!Alias joint-iso-ccitt joint-iso-itu-t

iso 2 : member-body : ISO Member Body

-joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types

+iso 3 : identified-organization

+# HMAC OIDs

+identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5

+identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1

+identified-organization 132 : certicom-arc

+joint-iso-itu-t 23 : international-organizations : International Organizations

+international-organizations 43 : wap

+wap 13 : wap-wsg

+joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types

selected-attribute-types 55 : clearance

@@ -24,12 +40,34 @@ ISO-US 10045 : ansi-X9-62 : ANSI X9.62

!Alias id-fieldType ansi-X9-62 1

X9-62_id-fieldType 1 : prime-field

X9-62_id-fieldType 2 : characteristic-two-field

-# ... characteristic-two-field OID subtree

+X9-62_characteristic-two-field 3 : id-characteristic-two-basis

+X9-62_id-characteristic-two-basis 1 : onBasis

+X9-62_id-characteristic-two-basis 2 : tpBasis

+X9-62_id-characteristic-two-basis 3 : ppBasis

!Alias id-publicKeyType ansi-X9-62 2

X9-62_id-publicKeyType 1 : id-ecPublicKey

!Alias ellipticCurve ansi-X9-62 3

!Alias c-TwoCurve X9-62_ellipticCurve 0

-# ... characteristic 2 curve OIDs

+X9-62_c-TwoCurve 1 : c2pnb163v1

+X9-62_c-TwoCurve 2 : c2pnb163v2

+X9-62_c-TwoCurve 3 : c2pnb163v3

+X9-62_c-TwoCurve 4 : c2pnb176v1

+X9-62_c-TwoCurve 5 : c2tnb191v1

+X9-62_c-TwoCurve 6 : c2tnb191v2

+X9-62_c-TwoCurve 7 : c2tnb191v3

+X9-62_c-TwoCurve 8 : c2onb191v4

+X9-62_c-TwoCurve 9 : c2onb191v5

+X9-62_c-TwoCurve 10 : c2pnb208w1

+X9-62_c-TwoCurve 11 : c2tnb239v1

+X9-62_c-TwoCurve 12 : c2tnb239v2

+X9-62_c-TwoCurve 13 : c2tnb239v3

+X9-62_c-TwoCurve 14 : c2onb239v4

+X9-62_c-TwoCurve 15 : c2onb239v5

+X9-62_c-TwoCurve 16 : c2pnb272w1

+X9-62_c-TwoCurve 17 : c2pnb304w1

+X9-62_c-TwoCurve 18 : c2tnb359v1

+X9-62_c-TwoCurve 19 : c2pnb368w1

+X9-62_c-TwoCurve 20 : c2tnb431r1

!Alias primeCurve X9-62_ellipticCurve 1

X9-62_primeCurve 1 : prime192v1

X9-62_primeCurve 2 : prime192v2

@@ -42,6 +80,60 @@ X9-62_primeCurve 7 : prime256v1

!global

X9-62_id-ecSigType 1 : ecdsa-with-SHA1

+# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"

+# (http://www.secg.org/)

+!Alias secg_ellipticCurve certicom-arc 0

+# SECG prime curves OIDs

+secg-ellipticCurve 6 : secp112r1

+secg-ellipticCurve 7 : secp112r2

+secg-ellipticCurve 28 : secp128r1

+secg-ellipticCurve 29 : secp128r2

+secg-ellipticCurve 9 : secp160k1

+secg-ellipticCurve 8 : secp160r1

+secg-ellipticCurve 30 : secp160r2

+secg-ellipticCurve 31 : secp192k1

+# NOTE: the curve secp192r1 is the same as prime192v1 defined above

+# and is therefore omitted

+secg-ellipticCurve 32 : secp224k1

+secg-ellipticCurve 33 : secp224r1

+secg-ellipticCurve 10 : secp256k1

+# NOTE: the curve secp256r1 is the same as prime256v1 defined above

+# and is therefore omitted

+secg-ellipticCurve 34 : secp384r1

+secg-ellipticCurve 35 : secp521r1

+# SECG characteristic two curves OIDs

+secg-ellipticCurve 4 : sect113r1

+secg-ellipticCurve 5 : sect113r2

+secg-ellipticCurve 22 : sect131r1

+secg-ellipticCurve 23 : sect131r2

+secg-ellipticCurve 1 : sect163k1

+secg-ellipticCurve 2 : sect163r1

+secg-ellipticCurve 15 : sect163r2

+secg-ellipticCurve 24 : sect193r1

+secg-ellipticCurve 25 : sect193r2

+secg-ellipticCurve 26 : sect233k1

+secg-ellipticCurve 27 : sect233r1

+secg-ellipticCurve 3 : sect239k1

+secg-ellipticCurve 16 : sect283k1

+secg-ellipticCurve 17 : sect283r1

+secg-ellipticCurve 36 : sect409k1

+secg-ellipticCurve 37 : sect409r1

+secg-ellipticCurve 38 : sect571k1

+secg-ellipticCurve 39 : sect571r1

+# WAP/TLS curve OIDs (http://www.wapforum.org/)

+!Alias wap-wsg-idm-ecid wap-wsg 4

+wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1

+wap-wsg-idm-ecid 3 : wap-wsg-idm-ecid-wtls3

+wap-wsg-idm-ecid 4 : wap-wsg-idm-ecid-wtls4

+wap-wsg-idm-ecid 5 : wap-wsg-idm-ecid-wtls5

+wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6

+wap-wsg-idm-ecid 7 : wap-wsg-idm-ecid-wtls7

+wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8

+wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9

+wap-wsg-idm-ecid 10 : wap-wsg-idm-ecid-wtls10

+wap-wsg-idm-ecid 11 : wap-wsg-idm-ecid-wtls11

+wap-wsg-idm-ecid 12 : wap-wsg-idm-ecid-wtls12

ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc

@@ -53,6 +145,10 @@ ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc

!Cname pbeWithMD5AndCast5-CBC

ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC

+# Macs for CMP and CRMF

+ISO-US 113533 7 66 13 : id-PasswordBasedMAC : password based MAC

+ISO-US 113533 7 66 30 : id-DHBasedMac : Diffie-Hellman based MAC

ISO-US 113549 : rsadsi : RSA Data Security, Inc.

rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS

@@ -149,6 +245,8 @@ id-smime-ct 5 : id-smime-ct-TDTInfo

id-smime-ct 6 : id-smime-ct-contentInfo

id-smime-ct 7 : id-smime-ct-DVCSRequestData

id-smime-ct 8 : id-smime-ct-DVCSResponseData

+id-smime-ct 9 : id-smime-ct-compressedData

+id-smime-ct 27 : id-ct-asciiTextWithCRLF

# S/MIME Attributes

id-smime-aa 1 : id-smime-aa-receiptRequest

@@ -396,6 +494,7 @@ id-it 12 : id-it-revPassphrase

id-it 13 : id-it-implicitConfirm

id-it 14 : id-it-confirmWaitTime

id-it 15 : id-it-origPKIMessage

+id-it 16 : id-it-suppLangTags

# CRMF registration

id-pkip 1 : id-regCtrl

@@ -482,6 +581,7 @@ id-ad 2 : caIssuers : CA Issuers

id-ad 3 : ad_timestamping : AD Time Stamping

!Cname ad-dvcs

id-ad 4 : AD_DVCS : ad dvcs

+id-ad 5 : caRepository : CA Repository

!Alias id-pkix-OCSP ad-OCSP

@@ -569,6 +669,8 @@ X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA

X500algorithms 3 101 : MDC2 : mdc2

X500 29 : id-ce

+!Cname subject-directory-attributes

+id-ce 9 : subjectDirectoryAttributes : X509v3 Subject Directory Attributes

!Cname subject-key-identifier

id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier

!Cname key-usage

@@ -589,18 +691,28 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code

id-ce 24 : invalidityDate : Invalidity Date

!Cname delta-crl

id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator

+!Cname issuing-distribution-point

+id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point

+!Cname certificate-issuer

+id-ce 29 : certificateIssuer : X509v3 Certificate Issuer

!Cname name-constraints

id-ce 30 : nameConstraints : X509v3 Name Constraints

!Cname crl-distribution-points

id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points

!Cname certificate-policies

id-ce 32 : certificatePolicies : X509v3 Certificate Policies

+!Cname any-policy

+certificate-policies 0 : anyPolicy : X509v3 Any Policy

+!Cname policy-mappings

+id-ce 33 : policyMappings : X509v3 Policy Mappings

!Cname authority-key-identifier

id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier

!Cname policy-constraints

id-ce 36 : policyConstraints : X509v3 Policy Constraints

!Cname ext-key-usage

id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage

+!Cname inhibit-any-policy

+id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy

!Cname target-information

id-ce 55 : targetInformation : X509v3 AC Targeting

!Cname no-rev-avail

@@ -668,7 +780,7 @@ mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message

!Cname rle-compression

1 1 1 1 666 1 : RLE : run length compression

!Cname zlib-compression

-1 1 1 1 666 2 : ZLIB : zlib compression

+id-smime-alg 8 : ZLIB : zlib compression

# AES aka Rijndael

@@ -710,6 +822,10 @@ aes 44 : AES-256-CFB : aes-256-cfb

: DES-EDE3-CFB1 : des-ede3-cfb1

: DES-EDE3-CFB8 : des-ede3-cfb8

+aes 5 : id-aes128-wrap

+aes 25 : id-aes192-wrap

+aes 45 : id-aes256-wrap

# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.

!Alias nist_hashalgs nistAlgorithms 2

nist_hashalgs 1 : SHA256 : sha256

@@ -728,9 +844,9 @@ holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer

!Cname hold-instruction-reject

holdInstruction 3 : holdInstructionReject : Hold Instruction Reject

-# OID's from CCITT. Most of this is defined in RFC 1274. A couple of

+# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of

# them are also mentioned in RFC 2247

-ccitt 9 : data

+itu-t 9 : data

data 2342 : pss

pss 19200300 : ucl

ucl 100 : pilot

@@ -804,7 +920,7 @@ pilotAttributeType 54 : : dITRedirect

pilotAttributeType 55 : audio

pilotAttributeType 56 : : documentPublisher

-2 23 42 : id-set : Secure Electronic Transactions

+international-organizations 42 : id-set : Secure Electronic Transactions

id-set 0 : set-ctype : content types

id-set 1 : set-msgExt : message extensions

@@ -950,3 +1066,54 @@ set-brand 6011 : set-brand-Novus

rsadsi 3 10 : DES-CDMF : des-cdmf

rsadsi 1 1 6 : rsaOAEPEncryptionSET

+ : Oakley-EC2N-3 : ipsec3

+ : Oakley-EC2N-4 : ipsec4

+# Definitions for Camellia cipher - CBC MODE

+1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc

+1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc

+1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc

+# Definitions for Camellia cipher - ECB, CFB, OFB MODE

+!Alias ntt-ds 0 3 4401 5

+!Alias camellia ntt-ds 3 1 9

+camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb

+!Cname camellia-128-ofb128

+camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb

+!Cname camellia-128-cfb128

+camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb

+camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb

+!Cname camellia-192-ofb128

+camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb

+!Cname camellia-192-cfb128

+camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb

+camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb

+!Cname camellia-256-ofb128

+camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb

+!Cname camellia-256-cfb128

+camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb

+# There are no OIDs for these modes...

+ : CAMELLIA-128-CFB1 : camellia-128-cfb1

+ : CAMELLIA-192-CFB1 : camellia-192-cfb1

+ : CAMELLIA-256-CFB1 : camellia-256-cfb1

+ : CAMELLIA-128-CFB8 : camellia-128-cfb8

+ : CAMELLIA-192-CFB8 : camellia-192-cfb8

+ : CAMELLIA-256-CFB8 : camellia-256-cfb8

+# Definitions for SEED cipher - ECB, CBC, OFB mode

+member-body 410 200004 : KISA : kisa

+kisa 1 3 : SEED-ECB : seed-ecb

+kisa 1 4 : SEED-CBC : seed-cbc

+!Cname seed-cfb128

+kisa 1 5 : SEED-CFB : seed-cfb

+!Cname seed-ofb128

+kisa 1 6 : SEED-OFB : seed-ofb