From 418d49c276146208894f2b65916c24bc50a5f4c4 Mon Sep 17 00:00:00 2001 From: Martin Peylo Date: Tue, 30 May 2017 15:38:37 +0300 Subject: [PATCH] Adding NID_hmac_sha1 and _md5 to builtin_pbe[] The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential for the common implementations of CMP (Certificate Managing Protocol, RFC4210). HMAC-MD5's OID {1 3 6 1 5 5 8 1 1} (NID_hmac_md5) is in the same branch and it seems to generally exist (-> Internet search), but it is unclear where it is actually defined as it appears not to be referenced by RFCs and practically rather unused. Those OIDs are both duplicates to OIDs from an RSA OID branch, which are already included in builtin_pbe[]: HMAC-SHA1 also has another OID defined in PKCS#5/RFC2898 (NID_hmacWithSHA1). It is also unclear where the other OID for HMAC-MD5 (NID_hmacWithMD5) from the RSA branch is officially specified, as only HMAC-SHA1 from PKCS#5 was found to be defined. Anyway, HMAC-MD5 likely only plays a neglectable role in the future. Reviewed-by: Rich Salz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/3811) --- crypto/evp/evp_pbe.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index ebc74aff41..7a3c61d6a3 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -61,6 +61,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, + {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0}, + {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, -- 2.25.1