diff options
| author | Robert Sloan <varomodt@google.com> | 2017-01-09 10:53:07 -0800 |
|---|---|---|
| committer | Robert Sloan <varomodt@google.com> | 2017-01-09 15:18:23 -0800 |
| commit | 69939df2891f62f7f00ff2ac275f1cd81a67454c (patch) | |
| tree | 467d0f510b31deef87dc70b119ea143090cc67a6 | |
| parent | e7531f038363d24a103c820cff38898455ff66fe (diff) | |
| download | boringssl-69939df2891f62f7f00ff2ac275f1cd81a67454c.tar.gz | |
external/boringssl: Sync to 9c33ae85621ef8e00a42309b5101e0bedd02b816.android-n-mr2-preview-1
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/629db8cd0c84628e37aa81242b5b07fec7602f55..9c33ae85621ef8e00a42309b5101e0bedd02b816
Bug: 33622440
Test: BoringSSL tests
Change-Id: I20da15ad995a620b6b2f08db20c77ebd0f05ca10
253 files changed, 13272 insertions, 16958 deletions
diff --git a/BORINGSSL_REVISION b/BORINGSSL_REVISION index 1ab89efd..027b126a 100644 --- a/BORINGSSL_REVISION +++ b/BORINGSSL_REVISION @@ -1 +1 @@ -629db8cd0c84628e37aa81242b5b07fec7602f55 +9c33ae85621ef8e00a42309b5101e0bedd02b816 diff --git a/linux-x86_64/crypto/bn/rsaz-x86_64.S b/linux-x86_64/crypto/bn/rsaz-x86_64.S deleted file mode 100644 index 21531d1c..00000000 --- a/linux-x86_64/crypto/bn/rsaz-x86_64.S +++ /dev/null @@ -1,1229 +0,0 @@ -#if defined(__x86_64__) -.text - -.extern OPENSSL_ia32cap_P -.hidden OPENSSL_ia32cap_P - -.globl rsaz_512_sqr -.hidden rsaz_512_sqr -.type rsaz_512_sqr,@function -.align 32 -rsaz_512_sqr: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $128+24,%rsp -.Lsqr_body: - movq %rdx,%rbp - movq (%rsi),%rdx - movq 8(%rsi),%rax - movq %rcx,128(%rsp) - jmp .Loop_sqr - -.align 32 -.Loop_sqr: - movl %r8d,128+8(%rsp) - - movq %rdx,%rbx - mulq %rdx - movq %rax,%r8 - movq 16(%rsi),%rax - movq %rdx,%r9 - - mulq %rbx - addq %rax,%r9 - movq 24(%rsi),%rax - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r10 - movq 32(%rsi),%rax - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r11 - movq 40(%rsi),%rax - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r12 - movq 48(%rsi),%rax - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r13 - movq 56(%rsi),%rax - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r14 - movq %rbx,%rax - movq %rdx,%r15 - adcq $0,%r15 - - addq %r8,%r8 - movq %r9,%rcx - adcq %r9,%r9 - - mulq %rax - movq %rax,(%rsp) - addq %rdx,%r8 - adcq $0,%r9 - - movq %r8,8(%rsp) - shrq $63,%rcx - - - movq 8(%rsi),%r8 - movq 16(%rsi),%rax - mulq %r8 - addq %rax,%r10 - movq 24(%rsi),%rax - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r11 - movq 32(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r11 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r12 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r12 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r13 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r13 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r14 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r14 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r15 - movq %r8,%rax - adcq $0,%rdx - addq %rbx,%r15 - movq %rdx,%r8 - movq %r10,%rdx - adcq $0,%r8 - - addq %rdx,%rdx - leaq (%rcx,%r10,2),%r10 - movq %r11,%rbx - adcq %r11,%r11 - - mulq %rax - addq %rax,%r9 - adcq %rdx,%r10 - adcq $0,%r11 - - movq %r9,16(%rsp) - movq %r10,24(%rsp) - shrq $63,%rbx - - - movq 16(%rsi),%r9 - movq 24(%rsi),%rax - mulq %r9 - addq %rax,%r12 - movq 32(%rsi),%rax - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - addq %rax,%r13 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %rcx,%r13 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - addq %rax,%r14 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %rcx,%r14 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - movq %r12,%r10 - leaq (%rbx,%r12,2),%r12 - addq %rax,%r15 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %rcx,%r15 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - shrq $63,%r10 - addq %rax,%r8 - movq %r9,%rax - adcq $0,%rdx - addq %rcx,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - movq %r13,%rcx - leaq (%r10,%r13,2),%r13 - - mulq %rax - addq %rax,%r11 - adcq %rdx,%r12 - adcq $0,%r13 - - movq %r11,32(%rsp) - movq %r12,40(%rsp) - shrq $63,%rcx - - - movq 24(%rsi),%r10 - movq 32(%rsi),%rax - mulq %r10 - addq %rax,%r14 - movq 40(%rsi),%rax - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r10 - addq %rax,%r15 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r15 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r10 - movq %r14,%r12 - leaq (%rcx,%r14,2),%r14 - addq %rax,%r8 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r8 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r10 - shrq $63,%r12 - addq %rax,%r9 - movq %r10,%rax - adcq $0,%rdx - addq %rbx,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - movq %r15,%rbx - leaq (%r12,%r15,2),%r15 - - mulq %rax - addq %rax,%r13 - adcq %rdx,%r14 - adcq $0,%r15 - - movq %r13,48(%rsp) - movq %r14,56(%rsp) - shrq $63,%rbx - - - movq 32(%rsi),%r11 - movq 40(%rsi),%rax - mulq %r11 - addq %rax,%r8 - movq 48(%rsi),%rax - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r11 - addq %rax,%r9 - movq 56(%rsi),%rax - adcq $0,%rdx - movq %r8,%r12 - leaq (%rbx,%r8,2),%r8 - addq %rcx,%r9 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r11 - shrq $63,%r12 - addq %rax,%r10 - movq %r11,%rax - adcq $0,%rdx - addq %rcx,%r10 - movq %rdx,%r11 - adcq $0,%r11 - - movq %r9,%rcx - leaq (%r12,%r9,2),%r9 - - mulq %rax - addq %rax,%r15 - adcq %rdx,%r8 - adcq $0,%r9 - - movq %r15,64(%rsp) - movq %r8,72(%rsp) - shrq $63,%rcx - - - movq 40(%rsi),%r12 - movq 48(%rsi),%rax - mulq %r12 - addq %rax,%r10 - movq 56(%rsi),%rax - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r12 - addq %rax,%r11 - movq %r12,%rax - movq %r10,%r15 - leaq (%rcx,%r10,2),%r10 - adcq $0,%rdx - shrq $63,%r15 - addq %rbx,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - movq %r11,%rbx - leaq (%r15,%r11,2),%r11 - - mulq %rax - addq %rax,%r9 - adcq %rdx,%r10 - adcq $0,%r11 - - movq %r9,80(%rsp) - movq %r10,88(%rsp) - - - movq 48(%rsi),%r13 - movq 56(%rsi),%rax - mulq %r13 - addq %rax,%r12 - movq %r13,%rax - movq %rdx,%r13 - adcq $0,%r13 - - xorq %r14,%r14 - shlq $1,%rbx - adcq %r12,%r12 - adcq %r13,%r13 - adcq %r14,%r14 - - mulq %rax - addq %rax,%r11 - adcq %rdx,%r12 - adcq $0,%r13 - - movq %r11,96(%rsp) - movq %r12,104(%rsp) - - - movq 56(%rsi),%rax - mulq %rax - addq %rax,%r13 - adcq $0,%rdx - - addq %rdx,%r14 - - movq %r13,112(%rsp) - movq %r14,120(%rsp) - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - movq %r8,%rdx - movq %r9,%rax - movl 128+8(%rsp),%r8d - movq %rdi,%rsi - - decl %r8d - jnz .Loop_sqr - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -.Lsqr_epilogue: - .byte 0xf3,0xc3 -.size rsaz_512_sqr,.-rsaz_512_sqr -.globl rsaz_512_mul -.hidden rsaz_512_mul -.type rsaz_512_mul,@function -.align 32 -rsaz_512_mul: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $128+24,%rsp -.Lmul_body: -.byte 102,72,15,110,199 -.byte 102,72,15,110,201 - movq %r8,128(%rsp) - movq (%rdx),%rbx - movq %rdx,%rbp - call __rsaz_512_mul - -.byte 102,72,15,126,199 -.byte 102,72,15,126,205 - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -.Lmul_epilogue: - .byte 0xf3,0xc3 -.size rsaz_512_mul,.-rsaz_512_mul -.globl rsaz_512_mul_gather4 -.hidden rsaz_512_mul_gather4 -.type rsaz_512_mul_gather4,@function -.align 32 -rsaz_512_mul_gather4: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $152,%rsp -.Lmul_gather4_body: - movd %r9d,%xmm8 - movdqa .Linc+16(%rip),%xmm1 - movdqa .Linc(%rip),%xmm0 - - pshufd $0,%xmm8,%xmm8 - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 - paddd %xmm0,%xmm1 - pcmpeqd %xmm8,%xmm0 - movdqa %xmm7,%xmm3 - paddd %xmm1,%xmm2 - pcmpeqd %xmm8,%xmm1 - movdqa %xmm7,%xmm4 - paddd %xmm2,%xmm3 - pcmpeqd %xmm8,%xmm2 - movdqa %xmm7,%xmm5 - paddd %xmm3,%xmm4 - pcmpeqd %xmm8,%xmm3 - movdqa %xmm7,%xmm6 - paddd %xmm4,%xmm5 - pcmpeqd %xmm8,%xmm4 - paddd %xmm5,%xmm6 - pcmpeqd %xmm8,%xmm5 - paddd %xmm6,%xmm7 - pcmpeqd %xmm8,%xmm6 - pcmpeqd %xmm8,%xmm7 - - movdqa 0(%rdx),%xmm8 - movdqa 16(%rdx),%xmm9 - movdqa 32(%rdx),%xmm10 - movdqa 48(%rdx),%xmm11 - pand %xmm0,%xmm8 - movdqa 64(%rdx),%xmm12 - pand %xmm1,%xmm9 - movdqa 80(%rdx),%xmm13 - pand %xmm2,%xmm10 - movdqa 96(%rdx),%xmm14 - pand %xmm3,%xmm11 - movdqa 112(%rdx),%xmm15 - leaq 128(%rdx),%rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd $0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 -.byte 102,76,15,126,195 - - movq %r8,128(%rsp) - movq %rdi,128+8(%rsp) - movq %rcx,128+16(%rsp) - - movq (%rsi),%rax - movq 8(%rsi),%rcx - mulq %rbx - movq %rax,(%rsp) - movq %rcx,%rax - movq %rdx,%r8 - - mulq %rbx - addq %rax,%r8 - movq 16(%rsi),%rax - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r9 - movq 24(%rsi),%rax - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r10 - movq 32(%rsi),%rax - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r11 - movq 40(%rsi),%rax - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r12 - movq 48(%rsi),%rax - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r13 - movq 56(%rsi),%rax - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r14 - movq (%rsi),%rax - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rsp),%rdi - movl $7,%ecx - jmp .Loop_mul_gather - -.align 32 -.Loop_mul_gather: - movdqa 0(%rbp),%xmm8 - movdqa 16(%rbp),%xmm9 - movdqa 32(%rbp),%xmm10 - movdqa 48(%rbp),%xmm11 - pand %xmm0,%xmm8 - movdqa 64(%rbp),%xmm12 - pand %xmm1,%xmm9 - movdqa 80(%rbp),%xmm13 - pand %xmm2,%xmm10 - movdqa 96(%rbp),%xmm14 - pand %xmm3,%xmm11 - movdqa 112(%rbp),%xmm15 - leaq 128(%rbp),%rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd $0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 -.byte 102,76,15,126,195 - - mulq %rbx - addq %rax,%r8 - movq 8(%rsi),%rax - movq %r8,(%rdi) - movq %rdx,%r8 - adcq $0,%r8 - - mulq %rbx - addq %rax,%r9 - movq 16(%rsi),%rax - adcq $0,%rdx - addq %r9,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r10 - movq 24(%rsi),%rax - adcq $0,%rdx - addq %r10,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r11 - movq 32(%rsi),%rax - adcq $0,%rdx - addq %r11,%r10 - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r12 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %r12,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r13 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %r13,%r12 - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r14 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %r14,%r13 - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r15 - movq (%rsi),%rax - adcq $0,%rdx - addq %r15,%r14 - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rdi),%rdi - - decl %ecx - jnz .Loop_mul_gather - - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - movq 128+8(%rsp),%rdi - movq 128+16(%rsp),%rbp - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -.Lmul_gather4_epilogue: - .byte 0xf3,0xc3 -.size rsaz_512_mul_gather4,.-rsaz_512_mul_gather4 -.globl rsaz_512_mul_scatter4 -.hidden rsaz_512_mul_scatter4 -.type rsaz_512_mul_scatter4,@function -.align 32 -rsaz_512_mul_scatter4: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - movl %r9d,%r9d - subq $128+24,%rsp -.Lmul_scatter4_body: - leaq (%r8,%r9,8),%r8 -.byte 102,72,15,110,199 -.byte 102,72,15,110,202 -.byte 102,73,15,110,208 - movq %rcx,128(%rsp) - - movq %rdi,%rbp - movq (%rdi),%rbx - call __rsaz_512_mul - -.byte 102,72,15,126,199 -.byte 102,72,15,126,205 - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 -.byte 102,72,15,126,214 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - movq %r8,0(%rsi) - movq %r9,128(%rsi) - movq %r10,256(%rsi) - movq %r11,384(%rsi) - movq %r12,512(%rsi) - movq %r13,640(%rsi) - movq %r14,768(%rsi) - movq %r15,896(%rsi) - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -.Lmul_scatter4_epilogue: - .byte 0xf3,0xc3 -.size rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4 -.globl rsaz_512_mul_by_one -.hidden rsaz_512_mul_by_one -.type rsaz_512_mul_by_one,@function -.align 32 -rsaz_512_mul_by_one: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $128+24,%rsp -.Lmul_by_one_body: - movq %rdx,%rbp - movq %rcx,128(%rsp) - - movq (%rsi),%r8 - pxor %xmm0,%xmm0 - movq 8(%rsi),%r9 - movq 16(%rsi),%r10 - movq 24(%rsi),%r11 - movq 32(%rsi),%r12 - movq 40(%rsi),%r13 - movq 48(%rsi),%r14 - movq 56(%rsi),%r15 - - movdqa %xmm0,(%rsp) - movdqa %xmm0,16(%rsp) - movdqa %xmm0,32(%rsp) - movdqa %xmm0,48(%rsp) - movdqa %xmm0,64(%rsp) - movdqa %xmm0,80(%rsp) - movdqa %xmm0,96(%rsp) - call __rsaz_512_reduce - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -.Lmul_by_one_epilogue: - .byte 0xf3,0xc3 -.size rsaz_512_mul_by_one,.-rsaz_512_mul_by_one -.type __rsaz_512_reduce,@function -.align 32 -__rsaz_512_reduce: - movq %r8,%rbx - imulq 128+8(%rsp),%rbx - movq 0(%rbp),%rax - movl $8,%ecx - jmp .Lreduction_loop - -.align 32 -.Lreduction_loop: - mulq %rbx - movq 8(%rbp),%rax - negq %r8 - movq %rdx,%r8 - adcq $0,%r8 - - mulq %rbx - addq %rax,%r9 - movq 16(%rbp),%rax - adcq $0,%rdx - addq %r9,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r10 - movq 24(%rbp),%rax - adcq $0,%rdx - addq %r10,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r11 - movq 32(%rbp),%rax - adcq $0,%rdx - addq %r11,%r10 - movq 128+8(%rsp),%rsi - - - adcq $0,%rdx - movq %rdx,%r11 - - mulq %rbx - addq %rax,%r12 - movq 40(%rbp),%rax - adcq $0,%rdx - imulq %r8,%rsi - addq %r12,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r13 - movq 48(%rbp),%rax - adcq $0,%rdx - addq %r13,%r12 - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r14 - movq 56(%rbp),%rax - adcq $0,%rdx - addq %r14,%r13 - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - movq %rsi,%rbx - addq %rax,%r15 - movq 0(%rbp),%rax - adcq $0,%rdx - addq %r15,%r14 - movq %rdx,%r15 - adcq $0,%r15 - - decl %ecx - jne .Lreduction_loop - - .byte 0xf3,0xc3 -.size __rsaz_512_reduce,.-__rsaz_512_reduce -.type __rsaz_512_subtract,@function -.align 32 -__rsaz_512_subtract: - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - movq 0(%rbp),%r8 - movq 8(%rbp),%r9 - negq %r8 - notq %r9 - andq %rcx,%r8 - movq 16(%rbp),%r10 - andq %rcx,%r9 - notq %r10 - movq 24(%rbp),%r11 - andq %rcx,%r10 - notq %r11 - movq 32(%rbp),%r12 - andq %rcx,%r11 - notq %r12 - movq 40(%rbp),%r13 - andq %rcx,%r12 - notq %r13 - movq 48(%rbp),%r14 - andq %rcx,%r13 - notq %r14 - movq 56(%rbp),%r15 - andq %rcx,%r14 - notq %r15 - andq %rcx,%r15 - - addq (%rdi),%r8 - adcq 8(%rdi),%r9 - adcq 16(%rdi),%r10 - adcq 24(%rdi),%r11 - adcq 32(%rdi),%r12 - adcq 40(%rdi),%r13 - adcq 48(%rdi),%r14 - adcq 56(%rdi),%r15 - - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - .byte 0xf3,0xc3 -.size __rsaz_512_subtract,.-__rsaz_512_subtract -.type __rsaz_512_mul,@function -.align 32 -__rsaz_512_mul: - leaq 8(%rsp),%rdi - - movq (%rsi),%rax - mulq %rbx - movq %rax,(%rdi) - movq 8(%rsi),%rax - movq %rdx,%r8 - - mulq %rbx - addq %rax,%r8 - movq 16(%rsi),%rax - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r9 - movq 24(%rsi),%rax - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r10 - movq 32(%rsi),%rax - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r11 - movq 40(%rsi),%rax - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r12 - movq 48(%rsi),%rax - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r13 - movq 56(%rsi),%rax - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r14 - movq (%rsi),%rax - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rbp),%rbp - leaq 8(%rdi),%rdi - - movl $7,%ecx - jmp .Loop_mul - -.align 32 -.Loop_mul: - movq (%rbp),%rbx - mulq %rbx - addq %rax,%r8 - movq 8(%rsi),%rax - movq %r8,(%rdi) - movq %rdx,%r8 - adcq $0,%r8 - - mulq %rbx - addq %rax,%r9 - movq 16(%rsi),%rax - adcq $0,%rdx - addq %r9,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r10 - movq 24(%rsi),%rax - adcq $0,%rdx - addq %r10,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r11 - movq 32(%rsi),%rax - adcq $0,%rdx - addq %r11,%r10 - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r12 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %r12,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r13 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %r13,%r12 - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r14 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %r14,%r13 - movq %rdx,%r14 - leaq 8(%rbp),%rbp - adcq $0,%r14 - - mulq %rbx - addq %rax,%r15 - movq (%rsi),%rax - adcq $0,%rdx - addq %r15,%r14 - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rdi),%rdi - - decl %ecx - jnz .Loop_mul - - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - .byte 0xf3,0xc3 -.size __rsaz_512_mul,.-__rsaz_512_mul -.globl rsaz_512_scatter4 -.hidden rsaz_512_scatter4 -.type rsaz_512_scatter4,@function -.align 16 -rsaz_512_scatter4: - leaq (%rdi,%rdx,8),%rdi - movl $8,%r9d - jmp .Loop_scatter -.align 16 -.Loop_scatter: - movq (%rsi),%rax - leaq 8(%rsi),%rsi - movq %rax,(%rdi) - leaq 128(%rdi),%rdi - decl %r9d - jnz .Loop_scatter - .byte 0xf3,0xc3 -.size rsaz_512_scatter4,.-rsaz_512_scatter4 - -.globl rsaz_512_gather4 -.hidden rsaz_512_gather4 -.type rsaz_512_gather4,@function -.align 16 -rsaz_512_gather4: - movd %edx,%xmm8 - movdqa .Linc+16(%rip),%xmm1 - movdqa .Linc(%rip),%xmm0 - - pshufd $0,%xmm8,%xmm8 - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 - paddd %xmm0,%xmm1 - pcmpeqd %xmm8,%xmm0 - movdqa %xmm7,%xmm3 - paddd %xmm1,%xmm2 - pcmpeqd %xmm8,%xmm1 - movdqa %xmm7,%xmm4 - paddd %xmm2,%xmm3 - pcmpeqd %xmm8,%xmm2 - movdqa %xmm7,%xmm5 - paddd %xmm3,%xmm4 - pcmpeqd %xmm8,%xmm3 - movdqa %xmm7,%xmm6 - paddd %xmm4,%xmm5 - pcmpeqd %xmm8,%xmm4 - paddd %xmm5,%xmm6 - pcmpeqd %xmm8,%xmm5 - paddd %xmm6,%xmm7 - pcmpeqd %xmm8,%xmm6 - pcmpeqd %xmm8,%xmm7 - movl $8,%r9d - jmp .Loop_gather -.align 16 -.Loop_gather: - movdqa 0(%rsi),%xmm8 - movdqa 16(%rsi),%xmm9 - movdqa 32(%rsi),%xmm10 - movdqa 48(%rsi),%xmm11 - pand %xmm0,%xmm8 - movdqa 64(%rsi),%xmm12 - pand %xmm1,%xmm9 - movdqa 80(%rsi),%xmm13 - pand %xmm2,%xmm10 - movdqa 96(%rsi),%xmm14 - pand %xmm3,%xmm11 - movdqa 112(%rsi),%xmm15 - leaq 128(%rsi),%rsi - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd $0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,(%rdi) - leaq 8(%rdi),%rdi - decl %r9d - jnz .Loop_gather - .byte 0xf3,0xc3 -.LSEH_end_rsaz_512_gather4: -.size rsaz_512_gather4,.-rsaz_512_gather4 - -.align 64 -.Linc: -.long 0,0, 1,1 -.long 2,2, 2,2 -#endif diff --git a/mac-x86_64/crypto/bn/rsaz-x86_64.S b/mac-x86_64/crypto/bn/rsaz-x86_64.S deleted file mode 100644 index 337276f9..00000000 --- a/mac-x86_64/crypto/bn/rsaz-x86_64.S +++ /dev/null @@ -1,1228 +0,0 @@ -#if defined(__x86_64__) -.text - - - -.globl _rsaz_512_sqr -.private_extern _rsaz_512_sqr - -.p2align 5 -_rsaz_512_sqr: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $128+24,%rsp -L$sqr_body: - movq %rdx,%rbp - movq (%rsi),%rdx - movq 8(%rsi),%rax - movq %rcx,128(%rsp) - jmp L$oop_sqr - -.p2align 5 -L$oop_sqr: - movl %r8d,128+8(%rsp) - - movq %rdx,%rbx - mulq %rdx - movq %rax,%r8 - movq 16(%rsi),%rax - movq %rdx,%r9 - - mulq %rbx - addq %rax,%r9 - movq 24(%rsi),%rax - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r10 - movq 32(%rsi),%rax - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r11 - movq 40(%rsi),%rax - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r12 - movq 48(%rsi),%rax - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r13 - movq 56(%rsi),%rax - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r14 - movq %rbx,%rax - movq %rdx,%r15 - adcq $0,%r15 - - addq %r8,%r8 - movq %r9,%rcx - adcq %r9,%r9 - - mulq %rax - movq %rax,(%rsp) - addq %rdx,%r8 - adcq $0,%r9 - - movq %r8,8(%rsp) - shrq $63,%rcx - - - movq 8(%rsi),%r8 - movq 16(%rsi),%rax - mulq %r8 - addq %rax,%r10 - movq 24(%rsi),%rax - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r11 - movq 32(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r11 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r12 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r12 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r13 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r13 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r14 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r14 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r8 - addq %rax,%r15 - movq %r8,%rax - adcq $0,%rdx - addq %rbx,%r15 - movq %rdx,%r8 - movq %r10,%rdx - adcq $0,%r8 - - addq %rdx,%rdx - leaq (%rcx,%r10,2),%r10 - movq %r11,%rbx - adcq %r11,%r11 - - mulq %rax - addq %rax,%r9 - adcq %rdx,%r10 - adcq $0,%r11 - - movq %r9,16(%rsp) - movq %r10,24(%rsp) - shrq $63,%rbx - - - movq 16(%rsi),%r9 - movq 24(%rsi),%rax - mulq %r9 - addq %rax,%r12 - movq 32(%rsi),%rax - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - addq %rax,%r13 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %rcx,%r13 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - addq %rax,%r14 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %rcx,%r14 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - movq %r12,%r10 - leaq (%rbx,%r12,2),%r12 - addq %rax,%r15 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %rcx,%r15 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r9 - shrq $63,%r10 - addq %rax,%r8 - movq %r9,%rax - adcq $0,%rdx - addq %rcx,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - movq %r13,%rcx - leaq (%r10,%r13,2),%r13 - - mulq %rax - addq %rax,%r11 - adcq %rdx,%r12 - adcq $0,%r13 - - movq %r11,32(%rsp) - movq %r12,40(%rsp) - shrq $63,%rcx - - - movq 24(%rsi),%r10 - movq 32(%rsi),%rax - mulq %r10 - addq %rax,%r14 - movq 40(%rsi),%rax - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r10 - addq %rax,%r15 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r15 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r10 - movq %r14,%r12 - leaq (%rcx,%r14,2),%r14 - addq %rax,%r8 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %rbx,%r8 - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r10 - shrq $63,%r12 - addq %rax,%r9 - movq %r10,%rax - adcq $0,%rdx - addq %rbx,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - movq %r15,%rbx - leaq (%r12,%r15,2),%r15 - - mulq %rax - addq %rax,%r13 - adcq %rdx,%r14 - adcq $0,%r15 - - movq %r13,48(%rsp) - movq %r14,56(%rsp) - shrq $63,%rbx - - - movq 32(%rsi),%r11 - movq 40(%rsi),%rax - mulq %r11 - addq %rax,%r8 - movq 48(%rsi),%rax - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r11 - addq %rax,%r9 - movq 56(%rsi),%rax - adcq $0,%rdx - movq %r8,%r12 - leaq (%rbx,%r8,2),%r8 - addq %rcx,%r9 - movq %rdx,%rcx - adcq $0,%rcx - - mulq %r11 - shrq $63,%r12 - addq %rax,%r10 - movq %r11,%rax - adcq $0,%rdx - addq %rcx,%r10 - movq %rdx,%r11 - adcq $0,%r11 - - movq %r9,%rcx - leaq (%r12,%r9,2),%r9 - - mulq %rax - addq %rax,%r15 - adcq %rdx,%r8 - adcq $0,%r9 - - movq %r15,64(%rsp) - movq %r8,72(%rsp) - shrq $63,%rcx - - - movq 40(%rsi),%r12 - movq 48(%rsi),%rax - mulq %r12 - addq %rax,%r10 - movq 56(%rsi),%rax - movq %rdx,%rbx - adcq $0,%rbx - - mulq %r12 - addq %rax,%r11 - movq %r12,%rax - movq %r10,%r15 - leaq (%rcx,%r10,2),%r10 - adcq $0,%rdx - shrq $63,%r15 - addq %rbx,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - movq %r11,%rbx - leaq (%r15,%r11,2),%r11 - - mulq %rax - addq %rax,%r9 - adcq %rdx,%r10 - adcq $0,%r11 - - movq %r9,80(%rsp) - movq %r10,88(%rsp) - - - movq 48(%rsi),%r13 - movq 56(%rsi),%rax - mulq %r13 - addq %rax,%r12 - movq %r13,%rax - movq %rdx,%r13 - adcq $0,%r13 - - xorq %r14,%r14 - shlq $1,%rbx - adcq %r12,%r12 - adcq %r13,%r13 - adcq %r14,%r14 - - mulq %rax - addq %rax,%r11 - adcq %rdx,%r12 - adcq $0,%r13 - - movq %r11,96(%rsp) - movq %r12,104(%rsp) - - - movq 56(%rsi),%rax - mulq %rax - addq %rax,%r13 - adcq $0,%rdx - - addq %rdx,%r14 - - movq %r13,112(%rsp) - movq %r14,120(%rsp) - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - movq %r8,%rdx - movq %r9,%rax - movl 128+8(%rsp),%r8d - movq %rdi,%rsi - - decl %r8d - jnz L$oop_sqr - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -L$sqr_epilogue: - .byte 0xf3,0xc3 - -.globl _rsaz_512_mul -.private_extern _rsaz_512_mul - -.p2align 5 -_rsaz_512_mul: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $128+24,%rsp -L$mul_body: -.byte 102,72,15,110,199 -.byte 102,72,15,110,201 - movq %r8,128(%rsp) - movq (%rdx),%rbx - movq %rdx,%rbp - call __rsaz_512_mul - -.byte 102,72,15,126,199 -.byte 102,72,15,126,205 - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -L$mul_epilogue: - .byte 0xf3,0xc3 - -.globl _rsaz_512_mul_gather4 -.private_extern _rsaz_512_mul_gather4 - -.p2align 5 -_rsaz_512_mul_gather4: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $152,%rsp -L$mul_gather4_body: - movd %r9d,%xmm8 - movdqa L$inc+16(%rip),%xmm1 - movdqa L$inc(%rip),%xmm0 - - pshufd $0,%xmm8,%xmm8 - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 - paddd %xmm0,%xmm1 - pcmpeqd %xmm8,%xmm0 - movdqa %xmm7,%xmm3 - paddd %xmm1,%xmm2 - pcmpeqd %xmm8,%xmm1 - movdqa %xmm7,%xmm4 - paddd %xmm2,%xmm3 - pcmpeqd %xmm8,%xmm2 - movdqa %xmm7,%xmm5 - paddd %xmm3,%xmm4 - pcmpeqd %xmm8,%xmm3 - movdqa %xmm7,%xmm6 - paddd %xmm4,%xmm5 - pcmpeqd %xmm8,%xmm4 - paddd %xmm5,%xmm6 - pcmpeqd %xmm8,%xmm5 - paddd %xmm6,%xmm7 - pcmpeqd %xmm8,%xmm6 - pcmpeqd %xmm8,%xmm7 - - movdqa 0(%rdx),%xmm8 - movdqa 16(%rdx),%xmm9 - movdqa 32(%rdx),%xmm10 - movdqa 48(%rdx),%xmm11 - pand %xmm0,%xmm8 - movdqa 64(%rdx),%xmm12 - pand %xmm1,%xmm9 - movdqa 80(%rdx),%xmm13 - pand %xmm2,%xmm10 - movdqa 96(%rdx),%xmm14 - pand %xmm3,%xmm11 - movdqa 112(%rdx),%xmm15 - leaq 128(%rdx),%rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd $0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 -.byte 102,76,15,126,195 - - movq %r8,128(%rsp) - movq %rdi,128+8(%rsp) - movq %rcx,128+16(%rsp) - - movq (%rsi),%rax - movq 8(%rsi),%rcx - mulq %rbx - movq %rax,(%rsp) - movq %rcx,%rax - movq %rdx,%r8 - - mulq %rbx - addq %rax,%r8 - movq 16(%rsi),%rax - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r9 - movq 24(%rsi),%rax - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r10 - movq 32(%rsi),%rax - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r11 - movq 40(%rsi),%rax - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r12 - movq 48(%rsi),%rax - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r13 - movq 56(%rsi),%rax - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r14 - movq (%rsi),%rax - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rsp),%rdi - movl $7,%ecx - jmp L$oop_mul_gather - -.p2align 5 -L$oop_mul_gather: - movdqa 0(%rbp),%xmm8 - movdqa 16(%rbp),%xmm9 - movdqa 32(%rbp),%xmm10 - movdqa 48(%rbp),%xmm11 - pand %xmm0,%xmm8 - movdqa 64(%rbp),%xmm12 - pand %xmm1,%xmm9 - movdqa 80(%rbp),%xmm13 - pand %xmm2,%xmm10 - movdqa 96(%rbp),%xmm14 - pand %xmm3,%xmm11 - movdqa 112(%rbp),%xmm15 - leaq 128(%rbp),%rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd $0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 -.byte 102,76,15,126,195 - - mulq %rbx - addq %rax,%r8 - movq 8(%rsi),%rax - movq %r8,(%rdi) - movq %rdx,%r8 - adcq $0,%r8 - - mulq %rbx - addq %rax,%r9 - movq 16(%rsi),%rax - adcq $0,%rdx - addq %r9,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r10 - movq 24(%rsi),%rax - adcq $0,%rdx - addq %r10,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r11 - movq 32(%rsi),%rax - adcq $0,%rdx - addq %r11,%r10 - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r12 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %r12,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r13 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %r13,%r12 - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r14 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %r14,%r13 - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r15 - movq (%rsi),%rax - adcq $0,%rdx - addq %r15,%r14 - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rdi),%rdi - - decl %ecx - jnz L$oop_mul_gather - - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - movq 128+8(%rsp),%rdi - movq 128+16(%rsp),%rbp - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -L$mul_gather4_epilogue: - .byte 0xf3,0xc3 - -.globl _rsaz_512_mul_scatter4 -.private_extern _rsaz_512_mul_scatter4 - -.p2align 5 -_rsaz_512_mul_scatter4: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - movl %r9d,%r9d - subq $128+24,%rsp -L$mul_scatter4_body: - leaq (%r8,%r9,8),%r8 -.byte 102,72,15,110,199 -.byte 102,72,15,110,202 -.byte 102,73,15,110,208 - movq %rcx,128(%rsp) - - movq %rdi,%rbp - movq (%rdi),%rbx - call __rsaz_512_mul - -.byte 102,72,15,126,199 -.byte 102,72,15,126,205 - - movq (%rsp),%r8 - movq 8(%rsp),%r9 - movq 16(%rsp),%r10 - movq 24(%rsp),%r11 - movq 32(%rsp),%r12 - movq 40(%rsp),%r13 - movq 48(%rsp),%r14 - movq 56(%rsp),%r15 - - call __rsaz_512_reduce - addq 64(%rsp),%r8 - adcq 72(%rsp),%r9 - adcq 80(%rsp),%r10 - adcq 88(%rsp),%r11 - adcq 96(%rsp),%r12 - adcq 104(%rsp),%r13 - adcq 112(%rsp),%r14 - adcq 120(%rsp),%r15 -.byte 102,72,15,126,214 - sbbq %rcx,%rcx - - call __rsaz_512_subtract - - movq %r8,0(%rsi) - movq %r9,128(%rsi) - movq %r10,256(%rsi) - movq %r11,384(%rsi) - movq %r12,512(%rsi) - movq %r13,640(%rsi) - movq %r14,768(%rsi) - movq %r15,896(%rsi) - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -L$mul_scatter4_epilogue: - .byte 0xf3,0xc3 - -.globl _rsaz_512_mul_by_one -.private_extern _rsaz_512_mul_by_one - -.p2align 5 -_rsaz_512_mul_by_one: - pushq %rbx - pushq %rbp - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - - subq $128+24,%rsp -L$mul_by_one_body: - movq %rdx,%rbp - movq %rcx,128(%rsp) - - movq (%rsi),%r8 - pxor %xmm0,%xmm0 - movq 8(%rsi),%r9 - movq 16(%rsi),%r10 - movq 24(%rsi),%r11 - movq 32(%rsi),%r12 - movq 40(%rsi),%r13 - movq 48(%rsi),%r14 - movq 56(%rsi),%r15 - - movdqa %xmm0,(%rsp) - movdqa %xmm0,16(%rsp) - movdqa %xmm0,32(%rsp) - movdqa %xmm0,48(%rsp) - movdqa %xmm0,64(%rsp) - movdqa %xmm0,80(%rsp) - movdqa %xmm0,96(%rsp) - call __rsaz_512_reduce - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - leaq 128+24+48(%rsp),%rax - movq -48(%rax),%r15 - movq -40(%rax),%r14 - movq -32(%rax),%r13 - movq -24(%rax),%r12 - movq -16(%rax),%rbp - movq -8(%rax),%rbx - leaq (%rax),%rsp -L$mul_by_one_epilogue: - .byte 0xf3,0xc3 - - -.p2align 5 -__rsaz_512_reduce: - movq %r8,%rbx - imulq 128+8(%rsp),%rbx - movq 0(%rbp),%rax - movl $8,%ecx - jmp L$reduction_loop - -.p2align 5 -L$reduction_loop: - mulq %rbx - movq 8(%rbp),%rax - negq %r8 - movq %rdx,%r8 - adcq $0,%r8 - - mulq %rbx - addq %rax,%r9 - movq 16(%rbp),%rax - adcq $0,%rdx - addq %r9,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r10 - movq 24(%rbp),%rax - adcq $0,%rdx - addq %r10,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r11 - movq 32(%rbp),%rax - adcq $0,%rdx - addq %r11,%r10 - movq 128+8(%rsp),%rsi - - - adcq $0,%rdx - movq %rdx,%r11 - - mulq %rbx - addq %rax,%r12 - movq 40(%rbp),%rax - adcq $0,%rdx - imulq %r8,%rsi - addq %r12,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r13 - movq 48(%rbp),%rax - adcq $0,%rdx - addq %r13,%r12 - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r14 - movq 56(%rbp),%rax - adcq $0,%rdx - addq %r14,%r13 - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - movq %rsi,%rbx - addq %rax,%r15 - movq 0(%rbp),%rax - adcq $0,%rdx - addq %r15,%r14 - movq %rdx,%r15 - adcq $0,%r15 - - decl %ecx - jne L$reduction_loop - - .byte 0xf3,0xc3 - - -.p2align 5 -__rsaz_512_subtract: - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - movq 0(%rbp),%r8 - movq 8(%rbp),%r9 - negq %r8 - notq %r9 - andq %rcx,%r8 - movq 16(%rbp),%r10 - andq %rcx,%r9 - notq %r10 - movq 24(%rbp),%r11 - andq %rcx,%r10 - notq %r11 - movq 32(%rbp),%r12 - andq %rcx,%r11 - notq %r12 - movq 40(%rbp),%r13 - andq %rcx,%r12 - notq %r13 - movq 48(%rbp),%r14 - andq %rcx,%r13 - notq %r14 - movq 56(%rbp),%r15 - andq %rcx,%r14 - notq %r15 - andq %rcx,%r15 - - addq (%rdi),%r8 - adcq 8(%rdi),%r9 - adcq 16(%rdi),%r10 - adcq 24(%rdi),%r11 - adcq 32(%rdi),%r12 - adcq 40(%rdi),%r13 - adcq 48(%rdi),%r14 - adcq 56(%rdi),%r15 - - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - .byte 0xf3,0xc3 - - -.p2align 5 -__rsaz_512_mul: - leaq 8(%rsp),%rdi - - movq (%rsi),%rax - mulq %rbx - movq %rax,(%rdi) - movq 8(%rsi),%rax - movq %rdx,%r8 - - mulq %rbx - addq %rax,%r8 - movq 16(%rsi),%rax - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r9 - movq 24(%rsi),%rax - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r10 - movq 32(%rsi),%rax - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r11 - movq 40(%rsi),%rax - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r12 - movq 48(%rsi),%rax - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r13 - movq 56(%rsi),%rax - movq %rdx,%r14 - adcq $0,%r14 - - mulq %rbx - addq %rax,%r14 - movq (%rsi),%rax - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rbp),%rbp - leaq 8(%rdi),%rdi - - movl $7,%ecx - jmp L$oop_mul - -.p2align 5 -L$oop_mul: - movq (%rbp),%rbx - mulq %rbx - addq %rax,%r8 - movq 8(%rsi),%rax - movq %r8,(%rdi) - movq %rdx,%r8 - adcq $0,%r8 - - mulq %rbx - addq %rax,%r9 - movq 16(%rsi),%rax - adcq $0,%rdx - addq %r9,%r8 - movq %rdx,%r9 - adcq $0,%r9 - - mulq %rbx - addq %rax,%r10 - movq 24(%rsi),%rax - adcq $0,%rdx - addq %r10,%r9 - movq %rdx,%r10 - adcq $0,%r10 - - mulq %rbx - addq %rax,%r11 - movq 32(%rsi),%rax - adcq $0,%rdx - addq %r11,%r10 - movq %rdx,%r11 - adcq $0,%r11 - - mulq %rbx - addq %rax,%r12 - movq 40(%rsi),%rax - adcq $0,%rdx - addq %r12,%r11 - movq %rdx,%r12 - adcq $0,%r12 - - mulq %rbx - addq %rax,%r13 - movq 48(%rsi),%rax - adcq $0,%rdx - addq %r13,%r12 - movq %rdx,%r13 - adcq $0,%r13 - - mulq %rbx - addq %rax,%r14 - movq 56(%rsi),%rax - adcq $0,%rdx - addq %r14,%r13 - movq %rdx,%r14 - leaq 8(%rbp),%rbp - adcq $0,%r14 - - mulq %rbx - addq %rax,%r15 - movq (%rsi),%rax - adcq $0,%rdx - addq %r15,%r14 - movq %rdx,%r15 - adcq $0,%r15 - - leaq 8(%rdi),%rdi - - decl %ecx - jnz L$oop_mul - - movq %r8,(%rdi) - movq %r9,8(%rdi) - movq %r10,16(%rdi) - movq %r11,24(%rdi) - movq %r12,32(%rdi) - movq %r13,40(%rdi) - movq %r14,48(%rdi) - movq %r15,56(%rdi) - - .byte 0xf3,0xc3 - -.globl _rsaz_512_scatter4 -.private_extern _rsaz_512_scatter4 - -.p2align 4 -_rsaz_512_scatter4: - leaq (%rdi,%rdx,8),%rdi - movl $8,%r9d - jmp L$oop_scatter -.p2align 4 -L$oop_scatter: - movq (%rsi),%rax - leaq 8(%rsi),%rsi - movq %rax,(%rdi) - leaq 128(%rdi),%rdi - decl %r9d - jnz L$oop_scatter - .byte 0xf3,0xc3 - - -.globl _rsaz_512_gather4 -.private_extern _rsaz_512_gather4 - -.p2align 4 -_rsaz_512_gather4: - movd %edx,%xmm8 - movdqa L$inc+16(%rip),%xmm1 - movdqa L$inc(%rip),%xmm0 - - pshufd $0,%xmm8,%xmm8 - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 - paddd %xmm0,%xmm1 - pcmpeqd %xmm8,%xmm0 - movdqa %xmm7,%xmm3 - paddd %xmm1,%xmm2 - pcmpeqd %xmm8,%xmm1 - movdqa %xmm7,%xmm4 - paddd %xmm2,%xmm3 - pcmpeqd %xmm8,%xmm2 - movdqa %xmm7,%xmm5 - paddd %xmm3,%xmm4 - pcmpeqd %xmm8,%xmm3 - movdqa %xmm7,%xmm6 - paddd %xmm4,%xmm5 - pcmpeqd %xmm8,%xmm4 - paddd %xmm5,%xmm6 - pcmpeqd %xmm8,%xmm5 - paddd %xmm6,%xmm7 - pcmpeqd %xmm8,%xmm6 - pcmpeqd %xmm8,%xmm7 - movl $8,%r9d - jmp L$oop_gather -.p2align 4 -L$oop_gather: - movdqa 0(%rsi),%xmm8 - movdqa 16(%rsi),%xmm9 - movdqa 32(%rsi),%xmm10 - movdqa 48(%rsi),%xmm11 - pand %xmm0,%xmm8 - movdqa 64(%rsi),%xmm12 - pand %xmm1,%xmm9 - movdqa 80(%rsi),%xmm13 - pand %xmm2,%xmm10 - movdqa 96(%rsi),%xmm14 - pand %xmm3,%xmm11 - movdqa 112(%rsi),%xmm15 - leaq 128(%rsi),%rsi - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd $0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,(%rdi) - leaq 8(%rdi),%rdi - decl %r9d - jnz L$oop_gather - .byte 0xf3,0xc3 -L$SEH_end_rsaz_512_gather4: - - -.p2align 6 -L$inc: -.long 0,0, 1,1 -.long 2,2, 2,2 -#endif @@ -355,7 +355,6 @@ cc_defaults { "linux-x86_64/crypto/aes/bsaes-x86_64.S", "linux-x86_64/crypto/aes/vpaes-x86_64.S", "linux-x86_64/crypto/bn/rsaz-avx2.S", - "linux-x86_64/crypto/bn/rsaz-x86_64.S", "linux-x86_64/crypto/bn/x86_64-mont.S", "linux-x86_64/crypto/bn/x86_64-mont5.S", "linux-x86_64/crypto/chacha/chacha-x86_64.S", @@ -377,7 +376,6 @@ cc_defaults { "linux-x86_64/crypto/aes/bsaes-x86_64.S", "linux-x86_64/crypto/aes/vpaes-x86_64.S", "linux-x86_64/crypto/bn/rsaz-avx2.S", - "linux-x86_64/crypto/bn/rsaz-x86_64.S", "linux-x86_64/crypto/bn/x86_64-mont.S", "linux-x86_64/crypto/bn/x86_64-mont5.S", "linux-x86_64/crypto/chacha/chacha-x86_64.S", @@ -474,13 +472,13 @@ cc_defaults { "src/crypto/cipher/aead_test.cc", "src/crypto/cipher/cipher_test.cc", "src/crypto/cmac/cmac_test.cc", - "src/crypto/constant_time_test.c", + "src/crypto/constant_time_test.cc", "src/crypto/curve25519/ed25519_test.cc", "src/crypto/curve25519/spake25519_test.cc", "src/crypto/curve25519/x25519_test.cc", "src/crypto/dh/dh_test.cc", "src/crypto/digest/digest_test.cc", - "src/crypto/dsa/dsa_test.c", + "src/crypto/dsa/dsa_test.cc", "src/crypto/ec/ec_test.cc", "src/crypto/ec/example_mul.c", "src/crypto/ec/p256-x86_64_test.cc", @@ -492,16 +490,16 @@ cc_defaults { "src/crypto/evp/evp_extra_test.cc", "src/crypto/evp/evp_test.cc", "src/crypto/evp/pbkdf_test.cc", - "src/crypto/hkdf/hkdf_test.c", + "src/crypto/hkdf/hkdf_test.cc", "src/crypto/hmac/hmac_test.cc", - "src/crypto/lhash/lhash_test.c", + "src/crypto/lhash/lhash_test.cc", "src/crypto/modes/gcm_test.cc", "src/crypto/obj/obj_test.cc", "src/crypto/pkcs8/pkcs12_test.cc", "src/crypto/pkcs8/pkcs8_test.cc", "src/crypto/poly1305/poly1305_test.cc", "src/crypto/pool/pool_test.cc", - "src/crypto/refcount_test.c", + "src/crypto/refcount_test.cc", "src/crypto/rsa/rsa_test.cc", "src/crypto/thread_test.c", "src/crypto/x509/pkcs7_test.c", @@ -333,7 +333,6 @@ linux_x86_64_sources := \ linux-x86_64/crypto/aes/bsaes-x86_64.S\ linux-x86_64/crypto/aes/vpaes-x86_64.S\ linux-x86_64/crypto/bn/rsaz-avx2.S\ - linux-x86_64/crypto/bn/rsaz-x86_64.S\ linux-x86_64/crypto/bn/x86_64-mont.S\ linux-x86_64/crypto/bn/x86_64-mont5.S\ linux-x86_64/crypto/chacha/chacha-x86_64.S\ diff --git a/src/API-CONVENTIONS.md b/src/API-CONVENTIONS.md index 0dbb2e73..7b337976 100644 --- a/src/API-CONVENTIONS.md +++ b/src/API-CONVENTIONS.md @@ -14,10 +14,10 @@ All supported public APIs are documented in the public header files, found in Some headers lack documention comments. These are functions and structures from OpenSSL's legacy ASN.1, X.509, and PEM implementation. If possible, avoid using them. These are left largely unmodified from upstream and are retained only for -compatibilty with existing OpenSSL consumers. +compatibility with existing OpenSSL consumers. -# Forward declarations +## Forward declarations Do not write `typedef struct foo_st FOO` or try otherwise to define BoringSSL's types. Including `openssl/base.h` (or `openssl/ossl_typ.h` for consumers who diff --git a/src/BUILDING.md b/src/BUILDING.md index 522bee17..8e226c00 100644 --- a/src/BUILDING.md +++ b/src/BUILDING.md @@ -2,7 +2,7 @@ ## Build Prerequisites - * [CMake](https://cmake.org/download/) 2.8.8 or later is required. + * [CMake](https://cmake.org/download/) 2.8.10 or later is required. * Perl 5.6.1 or later is required. On Windows, [Active State Perl](http://www.activestate.com/activeperl/) has been diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index cb8bb539..b1941601 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -194,6 +194,35 @@ if (${ARCH} STREQUAL "x86" AND APPLE) set(ARCH "x86_64") endif() +if (MSAN) + if(NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang") + message(FATAL_ERROR "Cannot enable MSAN unless using Clang") + endif() + + if (ASAN) + message(FATAL_ERROR "ASAN and MSAN are mutually exclusive") + endif() + + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") + set(OPENSSL_NO_ASM "1") +endif() + +if (ASAN) + if(NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang") + message(FATAL_ERROR "Cannot enable ASAN unless using Clang") + endif() + + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fno-omit-frame-pointer") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer") + set(OPENSSL_NO_ASM "1") +endif() + +if (GCOV) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage") +endif() + if (OPENSSL_NO_ASM) add_definitions(-DOPENSSL_NO_ASM) set(ARCH "generic") diff --git a/src/STYLE.md b/src/STYLE.md index 4c88945e..4b377e71 100644 --- a/src/STYLE.md +++ b/src/STYLE.md @@ -45,6 +45,16 @@ not Rather than `malloc()` and `free()`, use the wrappers `OPENSSL_malloc()` and `OPENSSL_free()`. Use the standard C `assert()` function freely. +Use the following wrappers, found in `crypto/internal.h` instead of the +corresponding C standard library functions. They behave the same but avoid +confusing undefined behavior. + +* `OPENSSL_memchr` +* `OPENSSL_memcmp` +* `OPENSSL_memcpy` +* `OPENSSL_memmove` +* `OPENSSL_memset` + For new constants, prefer enums when the values are sequential and typed constants for flags. If adding values to an existing set of `#define`s, continue with `#define`. diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt index fceef1a4..97fea5f6 100644 --- a/src/crypto/CMakeLists.txt +++ b/src/crypto/CMakeLists.txt @@ -180,7 +180,7 @@ endif() add_executable( constant_time_test - constant_time_test.c + constant_time_test.cc $<TARGET_OBJECTS:test_support> ) @@ -202,7 +202,7 @@ add_dependencies(all_tests thread_test) add_executable( refcount_test - refcount_test.c + refcount_test.cc ) target_link_libraries(refcount_test crypto) diff --git a/src/crypto/aes/aes_test.cc b/src/crypto/aes/aes_test.cc index 4fb3a31f..cdf03d31 100644 --- a/src/crypto/aes/aes_test.cc +++ b/src/crypto/aes/aes_test.cc @@ -21,6 +21,7 @@ #include <openssl/aes.h> #include <openssl/crypto.h> +#include "../internal.h" #include "../test/file_test.h" @@ -54,7 +55,7 @@ static bool TestRaw(FileTest *t) { } // Test in-place encryption. - memcpy(block, plaintext.data(), AES_BLOCK_SIZE); + OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE); AES_encrypt(block, block, &aes_key); if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, ciphertext.data(), ciphertext.size())) { @@ -76,7 +77,7 @@ static bool TestRaw(FileTest *t) { } // Test in-place decryption. - memcpy(block, ciphertext.data(), AES_BLOCK_SIZE); + OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE); AES_decrypt(block, block, &aes_key); if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, plaintext.data(), plaintext.size())) { @@ -123,7 +124,7 @@ static bool TestKeyWrap(FileTest *t) { return false; } - memset(buf.get(), 0, ciphertext.size()); + OPENSSL_memset(buf.get(), 0, ciphertext.size()); if (AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(), plaintext.size()) != static_cast<int>(ciphertext.size()) || !t->ExpectBytesEqual(buf.get(), ciphertext.size(), ciphertext.data(), @@ -146,7 +147,7 @@ static bool TestKeyWrap(FileTest *t) { return false; } - memset(buf.get(), 0, plaintext.size()); + OPENSSL_memset(buf.get(), 0, plaintext.size()); if (AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(), ciphertext.size()) != static_cast<int>(plaintext.size()) || !t->ExpectBytesEqual(buf.get(), plaintext.size(), plaintext.data(), @@ -155,6 +156,13 @@ static bool TestKeyWrap(FileTest *t) { return false; } + ciphertext[0] ^= 1; + if (AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), ciphertext.data(), + ciphertext.size()) != -1) { + t->PrintLine("AES_unwrap_key with bad input unexpectedly succeeded."); + return false; + } + return true; } diff --git a/src/crypto/aes/key_wrap.c b/src/crypto/aes/key_wrap.c index c8b6a034..23553b7a 100644 --- a/src/crypto/aes/key_wrap.c +++ b/src/crypto/aes/key_wrap.c @@ -53,6 +53,8 @@ #include <openssl/mem.h> +#include "../internal.h" + /* kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1. */ static const uint8_t kDefaultIV[] = { @@ -73,15 +75,15 @@ int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out, iv = kDefaultIV; } - memmove(out + 8, in, in_len); + OPENSSL_memmove(out + 8, in, in_len); uint8_t A[AES_BLOCK_SIZE]; - memcpy(A, iv, 8); + OPENSSL_memcpy(A, iv, 8); size_t n = in_len / 8; for (unsigned j = 0; j < kBound; j++) { for (size_t i = 1; i <= n; i++) { - memcpy(A + 8, out + 8 * i, 8); + OPENSSL_memcpy(A + 8, out + 8 * i, 8); AES_encrypt(A, A, key); uint32_t t = (uint32_t)(n * j + i); @@ -89,11 +91,11 @@ int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out, A[6] ^= (t >> 8) & 0xff; A[5] ^= (t >> 16) & 0xff; A[4] ^= (t >> 24) & 0xff; - memcpy(out + 8 * i, A + 8, 8); + OPENSSL_memcpy(out + 8 * i, A + 8, 8); } } - memcpy(out, A, 8); + OPENSSL_memcpy(out, A, 8); return (int)in_len + 8; } @@ -110,8 +112,8 @@ int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out, } uint8_t A[AES_BLOCK_SIZE]; - memcpy(A, in, 8); - memmove(out, in + 8, in_len - 8); + OPENSSL_memcpy(A, in, 8); + OPENSSL_memmove(out, in + 8, in_len - 8); size_t n = (in_len / 8) - 1; @@ -122,9 +124,9 @@ int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out, A[6] ^= (t >> 8) & 0xff; A[5] ^= (t >> 16) & 0xff; A[4] ^= (t >> 24) & 0xff; - memcpy(A + 8, out + 8 * (i - 1), 8); + OPENSSL_memcpy(A + 8, out + 8 * (i - 1), 8); AES_decrypt(A, A, key); - memcpy(out + 8 * (i - 1), A + 8, 8); + OPENSSL_memcpy(out + 8 * (i - 1), A + 8, 8); } } diff --git a/src/crypto/asn1/a_bitstr.c b/src/crypto/asn1/a_bitstr.c index 2705ea56..ea9da247 100644 --- a/src/crypto/asn1/a_bitstr.c +++ b/src/crypto/asn1/a_bitstr.c @@ -61,6 +61,9 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + + int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) { return M_ASN1_BIT_STRING_set(x, d, len); @@ -115,7 +118,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) *(p++) = (unsigned char)bits; d = a->data; - memcpy(p, d, len); + OPENSSL_memcpy(p, d, len); p += len; if (len > 0) p[-1] &= (0xff << bits); @@ -162,7 +165,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } - memcpy(s, p, (int)len); + OPENSSL_memcpy(s, p, (int)len); s[len - 1] &= (0xff << padding); p += len; } else @@ -215,7 +218,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) return 0; } if (w + 1 - a->length > 0) - memset(c + a->length, 0, w + 1 - a->length); + OPENSSL_memset(c + a->length, 0, w + 1 - a->length); a->data = c; a->length = w + 1; } diff --git a/src/crypto/asn1/a_enum.c b/src/crypto/asn1/a_enum.c index 0b95fc95..cc469055 100644 --- a/src/crypto/asn1/a_enum.c +++ b/src/crypto/asn1/a_enum.c @@ -61,6 +61,9 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + + /* * Code for ENUMERATED type: identical to INTEGER apart from a different tag. * for comments on encoding see a_int.c @@ -79,7 +82,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) OPENSSL_free(a->data); if ((a->data = (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) - memset((char *)a->data, 0, sizeof(long) + 1); + OPENSSL_memset((char *)a->data, 0, sizeof(long) + 1); } if (a->data == NULL) { OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); diff --git a/src/crypto/asn1/a_int.c b/src/crypto/asn1/a_int.c index 38a01bcb..617ba962 100644 --- a/src/crypto/asn1/a_int.c +++ b/src/crypto/asn1/a_int.c @@ -61,6 +61,9 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + + ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) { return M_ASN1_INTEGER_dup(x); @@ -157,7 +160,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) if (a->length == 0) *(p++) = 0; else if (!neg) - memcpy(p, a->data, (unsigned int)a->length); + OPENSSL_memcpy(p, a->data, (unsigned int)a->length); else { /* Begin at the end of the encoding */ n = a->data + a->length - 1; @@ -254,7 +257,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, p++; len--; } - memcpy(s, p, (int)len); + OPENSSL_memcpy(s, p, (int)len); } if (ret->data != NULL) @@ -322,7 +325,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, p++; len--; } - memcpy(s, p, (int)len); + OPENSSL_memcpy(s, p, (int)len); p += len; } @@ -354,7 +357,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) OPENSSL_free(a->data); if ((a->data = (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) - memset((char *)a->data, 0, sizeof(long) + 1); + OPENSSL_memset((char *)a->data, 0, sizeof(long) + 1); } if (a->data == NULL) { OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); diff --git a/src/crypto/asn1/a_object.c b/src/crypto/asn1/a_object.c index fef9b799..a710addd 100644 --- a/src/crypto/asn1/a_object.c +++ b/src/crypto/asn1/a_object.c @@ -63,6 +63,9 @@ #include <openssl/mem.h> #include <openssl/obj.h> +#include "../internal.h" + + int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) { unsigned char *p; @@ -77,7 +80,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) p = *pp; ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); - memcpy(p, a->data, a->length); + OPENSSL_memcpy(p, a->data, a->length); p += a->length; *pp = p; @@ -321,7 +324,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, } ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(data, p, length); + OPENSSL_memcpy(data, p, length); /* reattach data to object, after which it remains const */ ret->data = data; ret->length = length; diff --git a/src/crypto/asn1/a_utctm.c b/src/crypto/asn1/a_utctm.c index db5cd291..3b9d2570 100644 --- a/src/crypto/asn1/a_utctm.c +++ b/src/crypto/asn1/a_utctm.c @@ -270,7 +270,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) struct tm tm; int offset; - memset(&tm, '\0', sizeof tm); + OPENSSL_memset(&tm, '\0', sizeof tm); # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') tm.tm_year = g2(s->data); diff --git a/src/crypto/asn1/asn1_lib.c b/src/crypto/asn1/asn1_lib.c index 94553b1a..774f151c 100644 --- a/src/crypto/asn1/asn1_lib.c +++ b/src/crypto/asn1/asn1_lib.c @@ -63,6 +63,9 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + + /* Cross-module errors from crypto/x509/i2d_pr.c. */ OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE) @@ -401,7 +404,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) } str->length = len; if (data != NULL) { - memcpy(str->data, data, len); + OPENSSL_memcpy(str->data, data, len); /* an allowance for strings :-) */ str->data[len] = '\0'; } @@ -452,7 +455,7 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) i = (a->length - b->length); if (i == 0) { - i = memcmp(a->data, b->data, a->length); + i = OPENSSL_memcmp(a->data, b->data, a->length); if (i == 0) return (a->type - b->type); else diff --git a/src/crypto/asn1/tasn_dec.c b/src/crypto/asn1/tasn_dec.c index dfbd222a..40778a84 100644 --- a/src/crypto/asn1/tasn_dec.c +++ b/src/crypto/asn1/tasn_dec.c @@ -1108,7 +1108,7 @@ static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } - memcpy(buf->data + len, *p, plen); + OPENSSL_memcpy(buf->data + len, *p, plen); } *p += plen; return 1; diff --git a/src/crypto/asn1/tasn_enc.c b/src/crypto/asn1/tasn_enc.c index 7c2b3651..9286ef64 100644 --- a/src/crypto/asn1/tasn_enc.c +++ b/src/crypto/asn1/tasn_enc.c @@ -62,6 +62,9 @@ #include <openssl/asn1t.h> #include <openssl/mem.h> +#include "../internal.h" + + static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, @@ -415,7 +418,7 @@ static int der_cmp(const void *a, const void *b) const DER_ENC *d1 = a, *d2 = b; int cmplen, i; cmplen = (d1->length < d2->length) ? d1->length : d2->length; - i = memcmp(d1->data, d2->data, cmplen); + i = OPENSSL_memcmp(d1->data, d2->data, cmplen); if (i) return i; return d1->length - d2->length; @@ -470,7 +473,7 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, /* Output sorted DER encoding */ p = *out; for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { - memcpy(p, tder->data, tder->length); + OPENSSL_memcpy(p, tder->data, tder->length); p += tder->length; } *out = p; @@ -660,6 +663,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, } if (cout && len) - memcpy(cout, cont, len); + OPENSSL_memcpy(cout, cont, len); return len; } diff --git a/src/crypto/asn1/tasn_new.c b/src/crypto/asn1/tasn_new.c index 232fe46a..053b732b 100644 --- a/src/crypto/asn1/tasn_new.c +++ b/src/crypto/asn1/tasn_new.c @@ -63,6 +63,9 @@ #include <openssl/mem.h> #include <openssl/obj.h> +#include "../internal.h" + + static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -153,7 +156,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, *pval = OPENSSL_malloc(it->size); if (!*pval) goto memerr; - memset(*pval, 0, it->size); + OPENSSL_memset(*pval, 0, it->size); } asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) @@ -178,7 +181,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, *pval = OPENSSL_malloc(it->size); if (!*pval) goto memerr; - memset(*pval, 0, it->size); + OPENSSL_memset(*pval, 0, it->size); asn1_refcount_set_one(pval, it); asn1_enc_init(pval, it); } diff --git a/src/crypto/asn1/tasn_utl.c b/src/crypto/asn1/tasn_utl.c index 3f530729..a7516f6e 100644 --- a/src/crypto/asn1/tasn_utl.c +++ b/src/crypto/asn1/tasn_utl.c @@ -178,7 +178,7 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, if (!enc->enc) { return 0; } - memcpy(enc->enc, in, inlen); + OPENSSL_memcpy(enc->enc, in, inlen); } enc->len = inlen; @@ -195,7 +195,7 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, return 0; } if (out) { - memcpy(*out, enc->enc, enc->len); + OPENSSL_memcpy(*out, enc->enc, enc->len); *out += enc->len; } if (len) { diff --git a/src/crypto/asn1/x_long.c b/src/crypto/asn1/x_long.c index bc4d2751..b53127a3 100644 --- a/src/crypto/asn1/x_long.c +++ b/src/crypto/asn1/x_long.c @@ -63,6 +63,9 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + + /* * Custom primitive type for long handling. This converts between an * ASN1_INTEGER and a long directly. @@ -117,7 +120,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, char *cp = (char *)pval; /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); + OPENSSL_memcpy(<mp, cp, sizeof(long)); if (ltmp == it->size) return -1; @@ -186,7 +189,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - memcpy(cp, <mp, sizeof(long)); + OPENSSL_memcpy(cp, <mp, sizeof(long)); return 1; } diff --git a/src/crypto/base64/base64.c b/src/crypto/base64/base64.c index a74c3f55..7afadf74 100644 --- a/src/crypto/base64/base64.c +++ b/src/crypto/base64/base64.c @@ -62,6 +62,8 @@ #include <openssl/type_check.h> +#include "../internal.h" + /* Encoding. */ @@ -95,7 +97,7 @@ int EVP_EncodedLength(size_t *out_len, size_t len) { } void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { - memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); + OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); } void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, @@ -110,14 +112,14 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, assert(ctx->data_used < sizeof(ctx->data)); if (sizeof(ctx->data) - ctx->data_used > in_len) { - memcpy(&ctx->data[ctx->data_used], in, in_len); + OPENSSL_memcpy(&ctx->data[ctx->data_used], in, in_len); ctx->data_used += (unsigned)in_len; return; } if (ctx->data_used != 0) { const size_t todo = sizeof(ctx->data) - ctx->data_used; - memcpy(&ctx->data[ctx->data_used], in, todo); + OPENSSL_memcpy(&ctx->data[ctx->data_used], in, todo); in += todo; in_len -= todo; @@ -149,7 +151,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, } if (in_len != 0) { - memcpy(ctx->data, in, in_len); + OPENSSL_memcpy(ctx->data, in, in_len); } ctx->data_used = (unsigned)in_len; @@ -224,7 +226,7 @@ int EVP_DecodedLength(size_t *out_len, size_t len) { } void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { - memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); + OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); } /* kBase64ASCIIToBinData maps characters (c < 128) to their base64 value, or diff --git a/src/crypto/base64/base64_test.cc b/src/crypto/base64/base64_test.cc index f8af66cf..bdf3d9a4 100644 --- a/src/crypto/base64/base64_test.cc +++ b/src/crypto/base64/base64_test.cc @@ -136,7 +136,7 @@ static bool TestEncodeBlock() { std::string encoded(RemoveNewlines(t->encoded)); if (len != encoded.size() || - memcmp(out, encoded.data(), len) != 0) { + OPENSSL_memcmp(out, encoded.data(), len) != 0) { fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n", t->decoded, (int)len, (const char*)out, encoded.c_str()); return false; @@ -178,7 +178,7 @@ static bool TestDecodeBase64() { } if (len != strlen(t->decoded) || - memcmp(out, t->decoded, len) != 0) { + OPENSSL_memcmp(out, t->decoded, len) != 0) { fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", encoded.c_str(), (int)len, (const char*)out, t->decoded); return false; @@ -217,7 +217,7 @@ static bool TestDecodeBlock() { ret -= 3 - (expected_len % 3); } if (static_cast<size_t>(ret) != strlen(t->decoded) || - memcmp(out, t->decoded, ret) != 0) { + OPENSSL_memcmp(out, t->decoded, ret) != 0) { fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", t->encoded, ret, (const char*)out, t->decoded); return false; @@ -258,7 +258,8 @@ static bool TestEncodeDecode() { EVP_EncodeFinal(&ctx, out + total, &out_len); total += out_len; - if (total != strlen(t->encoded) || memcmp(out, t->encoded, total) != 0) { + if (total != strlen(t->encoded) || + OPENSSL_memcmp(out, t->encoded, total) != 0) { fprintf(stderr, "#%u: EVP_EncodeUpdate produced different output: '%s' (%u)\n", test_num, out, static_cast<unsigned>(total)); return false; @@ -287,7 +288,8 @@ static bool TestEncodeDecode() { fprintf(stderr, "#%u: EVP_DecodeUpdate failed\n", test_num); return false; } - if (total != decoded_len || memcmp(out, t->decoded, decoded_len)) { + if (total != decoded_len || + OPENSSL_memcmp(out, t->decoded, decoded_len)) { fprintf(stderr, "#%u: EVP_DecodeUpdate produced incorrect output\n", test_num); return false; @@ -368,7 +370,7 @@ static bool TestDecodeUpdateStreaming() { out_len += bytes_written; if (out_len != strlen(t->decoded) || - memcmp(out.data(), t->decoded, out_len) != 0) { + OPENSSL_memcmp(out.data(), t->decoded, out_len) != 0) { fprintf(stderr, "#%u: incorrect output\n", test_num); return 0; } diff --git a/src/crypto/bio/bio.c b/src/crypto/bio/bio.c index 9619c223..8aad9fb9 100644 --- a/src/crypto/bio/bio.c +++ b/src/crypto/bio/bio.c @@ -75,7 +75,7 @@ BIO *BIO_new(const BIO_METHOD *method) { return NULL; } - memset(ret, 0, sizeof(BIO)); + OPENSSL_memset(ret, 0, sizeof(BIO)); ret->method = method; ret->shutdown = 1; ret->references = 1; @@ -488,7 +488,7 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len, if (*out == NULL) { return 0; } - memcpy(*out, prefix, prefix_len); + OPENSSL_memcpy(*out, prefix, prefix_len); size_t done = prefix_len; for (;;) { @@ -595,7 +595,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) { if (*out == NULL) { return 0; } - memcpy(*out, header, header_len); + OPENSSL_memcpy(*out, header, header_len); if (BIO_read(bio, (*out) + header_len, len - header_len) != (int) (len - header_len)) { OPENSSL_free(*out); diff --git a/src/crypto/bio/bio_mem.c b/src/crypto/bio/bio_mem.c index 844fba7e..24ed5be3 100644 --- a/src/crypto/bio/bio_mem.c +++ b/src/crypto/bio/bio_mem.c @@ -63,6 +63,8 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + BIO *BIO_new_mem_buf(const void *buf, int len) { BIO *ret; @@ -144,12 +146,12 @@ static int mem_read(BIO *bio, char *out, int outl) { } if (ret > 0) { - memcpy(out, b->data, ret); + OPENSSL_memcpy(out, b->data, ret); b->length -= ret; if (bio->flags & BIO_FLAGS_MEM_RDONLY) { b->data += ret; } else { - memmove(b->data, &b->data[ret], b->length); + OPENSSL_memmove(b->data, &b->data[ret], b->length); } } else if (b->length == 0) { ret = bio->num; @@ -180,7 +182,7 @@ static int mem_write(BIO *bio, const char *in, int inl) { if (BUF_MEM_grow_clean(b, blen + inl) != ((size_t) blen) + inl) { goto err; } - memcpy(&b->data[blen], in, inl); + OPENSSL_memcpy(&b->data[blen], in, inl); ret = inl; err: @@ -240,7 +242,7 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { b->data -= b->max - b->length; b->length = b->max; } else { - memset(b->data, 0, b->max); + OPENSSL_memset(b->data, 0, b->max); b->length = 0; } } diff --git a/src/crypto/bio/bio_test.cc b/src/crypto/bio/bio_test.cc index 4ae6c6e1..fbfacf89 100644 --- a/src/crypto/bio/bio_test.cc +++ b/src/crypto/bio/bio_test.cc @@ -79,7 +79,7 @@ static bool TestSocketConnect() { ScopedSocket listening_sock_closer(listening_sock); struct sockaddr_in sin; - memset(&sin, 0, sizeof(sin)); + OPENSSL_memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { PrintSocketError("inet_pton"); @@ -128,7 +128,7 @@ static bool TestSocketConnect() { PrintSocketError("read"); return false; } - if (memcmp(buf, kTestMessage, sizeof(kTestMessage))) { + if (OPENSSL_memcmp(buf, kTestMessage, sizeof(kTestMessage))) { return false; } @@ -152,7 +152,7 @@ static bool TestPrintf() { fprintf(stderr, "Bad test string length\n"); return false; } - memset(string, 'a', sizeof(string)); + OPENSSL_memset(string, 'a', sizeof(string)); string[kLengths[i]] = '\0'; int ret = BIO_printf(bio.get(), "test %s", string); @@ -198,8 +198,8 @@ static bool ReadASN1(bool should_succeed, const uint8_t *data, size_t data_len, return false; } - if (should_succeed && - (out_len != expected_len || memcmp(data, out, expected_len) != 0)) { + if (should_succeed && (out_len != expected_len || + OPENSSL_memcmp(data, out, expected_len) != 0)) { return false; } @@ -227,8 +227,8 @@ static bool TestASN1() { if (!large) { return false; } - memset(large.get() + sizeof(kLargePrefix), 0, kLargePayloadLen); - memcpy(large.get(), kLargePrefix, sizeof(kLargePrefix)); + OPENSSL_memset(large.get() + sizeof(kLargePrefix), 0, kLargePayloadLen); + OPENSSL_memcpy(large.get(), kLargePrefix, sizeof(kLargePrefix)); if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen, sizeof(kLargePrefix) + kLargePayloadLen, @@ -245,7 +245,7 @@ static bool TestASN1() { } static const uint8_t kIndefPrefix[] = {0x30, 0x80}; - memcpy(large.get(), kIndefPrefix, sizeof(kIndefPrefix)); + OPENSSL_memcpy(large.get(), kIndefPrefix, sizeof(kIndefPrefix)); if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen, sizeof(kLargePrefix) + kLargePayloadLen, kLargePayloadLen*2)) { @@ -287,7 +287,7 @@ static bool TestPair() { if (BIO_write(bio1, "12345", 5) != 5 || BIO_ctrl_get_write_guarantee(bio1) != 5 || BIO_read(bio2, buf, sizeof(buf)) != 5 || - memcmp(buf, "12345", 5) != 0 || + OPENSSL_memcmp(buf, "12345", 5) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 10) { return false; } @@ -298,7 +298,7 @@ static bool TestPair() { BIO_write(bio1, "z", 1) != -1 || !BIO_should_write(bio1) || BIO_read(bio2, buf, sizeof(buf)) != 10 || - memcmp(buf, "1234567890", 10) != 0 || + OPENSSL_memcmp(buf, "1234567890", 10) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 10) { return false; } @@ -323,10 +323,10 @@ static bool TestPair() { BIO_write(bio1, "67890___", 8) != 5 || BIO_ctrl_get_write_guarantee(bio1) != 0 || BIO_read(bio2, buf, 3) != 3 || - memcmp(buf, "123", 3) != 0 || + OPENSSL_memcmp(buf, "123", 3) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 3 || BIO_read(bio2, buf, sizeof(buf)) != 7 || - memcmp(buf, "4567890", 7) != 0 || + OPENSSL_memcmp(buf, "4567890", 7) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 10) { return false; } @@ -341,12 +341,12 @@ static bool TestPair() { if (BIO_write(bio1, "abcdefgh", 8) != 8 || BIO_ctrl_get_write_guarantee(bio1) != 2 || BIO_read(bio2, buf, 3) != 3 || - memcmp(buf, "abc", 3) != 0 || + OPENSSL_memcmp(buf, "abc", 3) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 5 || BIO_write(bio1, "ijklm___", 8) != 5 || BIO_ctrl_get_write_guarantee(bio1) != 0 || BIO_read(bio2, buf, sizeof(buf)) != 10 || - memcmp(buf, "defghijklm", 10) != 0 || + OPENSSL_memcmp(buf, "defghijklm", 10) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 10) { return false; } @@ -355,9 +355,9 @@ static bool TestPair() { if (BIO_write(bio1, "12345", 5) != 5 || BIO_write(bio2, "67890", 5) != 5 || BIO_read(bio2, buf, sizeof(buf)) != 5 || - memcmp(buf, "12345", 5) != 0 || + OPENSSL_memcmp(buf, "12345", 5) != 0 || BIO_read(bio1, buf, sizeof(buf)) != 5 || - memcmp(buf, "67890", 5) != 0) { + OPENSSL_memcmp(buf, "67890", 5) != 0) { return false; } @@ -365,7 +365,7 @@ static bool TestPair() { if (BIO_write(bio1, "12345", 5) != 5 || !BIO_shutdown_wr(bio1) || BIO_read(bio2, buf, sizeof(buf)) != 5 || - memcmp(buf, "12345", 5) != 0 || + OPENSSL_memcmp(buf, "12345", 5) != 0 || BIO_read(bio2, buf, sizeof(buf)) != 0) { return false; } @@ -385,7 +385,7 @@ static bool TestPair() { // The other end is still functional. if (BIO_write(bio2, "12345", 5) != 5 || BIO_read(bio1, buf, sizeof(buf)) != 5 || - memcmp(buf, "12345", 5) != 0) { + OPENSSL_memcmp(buf, "12345", 5) != 0) { return false; } } diff --git a/src/crypto/bio/buffer.c b/src/crypto/bio/buffer.c index 15574510..6190f29d 100644 --- a/src/crypto/bio/buffer.c +++ b/src/crypto/bio/buffer.c @@ -62,6 +62,8 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + #define DEFAULT_BUFFER_SIZE 4096 @@ -94,7 +96,7 @@ static int buffer_new(BIO *bio) { if (ctx == NULL) { return 0; } - memset(ctx, 0, sizeof(BIO_F_BUFFER_CTX)); + OPENSSL_memset(ctx, 0, sizeof(BIO_F_BUFFER_CTX)); ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); if (ctx->ibuf == NULL) { @@ -158,7 +160,7 @@ static int buffer_read(BIO *bio, char *out, int outl) { if (i > outl) { i = outl; } - memcpy(out, &ctx->ibuf[ctx->ibuf_off], i); + OPENSSL_memcpy(out, &ctx->ibuf[ctx->ibuf_off], i); ctx->ibuf_off += i; ctx->ibuf_len -= i; num += i; @@ -222,7 +224,7 @@ static int buffer_write(BIO *b, const char *in, int inl) { i = ctx->obuf_size - (ctx->obuf_off + ctx->obuf_len); /* add to buffer and return */ if (i >= inl) { - memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, inl); + OPENSSL_memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, inl); ctx->obuf_len += inl; return num + inl; } @@ -230,7 +232,7 @@ static int buffer_write(BIO *b, const char *in, int inl) { /* stuff already in buffer, so add to it first, then flush */ if (ctx->obuf_len != 0) { if (i > 0) { - memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, i); + OPENSSL_memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, i); in += i; inl -= i; num += i; @@ -310,22 +312,10 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) { case BIO_CTRL_WPENDING: ret = (long)ctx->obuf_len; - if (ret == 0) { - if (b->next_bio == NULL) { - return 0; - } - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - } break; case BIO_CTRL_PENDING: ret = (long)ctx->ibuf_len; - if (ret == 0) { - if (b->next_bio == NULL) { - return 0; - } - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - } break; case BIO_C_SET_BUFF_SIZE: diff --git a/src/crypto/bio/connect.c b/src/crypto/bio/connect.c index 7e544474..f6cc837e 100644 --- a/src/crypto/bio/connect.c +++ b/src/crypto/bio/connect.c @@ -77,6 +77,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #include <openssl/mem.h> #include "internal.h" +#include "../internal.h" enum { @@ -298,7 +299,7 @@ static BIO_CONNECT *BIO_CONNECT_new(void) { if (ret == NULL) { return NULL; } - memset(ret, 0, sizeof(BIO_CONNECT)); + OPENSSL_memset(ret, 0, sizeof(BIO_CONNECT)); ret->state = BIO_CONN_S_BEFORE; return ret; diff --git a/src/crypto/bio/hexdump.c b/src/crypto/bio/hexdump.c index 8c351148..d55df620 100644 --- a/src/crypto/bio/hexdump.c +++ b/src/crypto/bio/hexdump.c @@ -59,6 +59,8 @@ #include <limits.h> #include <string.h> +#include "../internal.h" + /* hexdump_ctx contains the state of a hexdump. */ struct hexdump_ctx { @@ -154,7 +156,7 @@ static int finish(struct hexdump_ctx *ctx) { return 1; } - memset(buf, ' ', 4); + OPENSSL_memset(buf, ' ', 4); buf[4] = '|'; for (; ctx->used < 16; ctx->used++) { @@ -179,7 +181,7 @@ static int finish(struct hexdump_ctx *ctx) { int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len, unsigned indent) { struct hexdump_ctx ctx; - memset(&ctx, 0, sizeof(ctx)); + OPENSSL_memset(&ctx, 0, sizeof(ctx)); ctx.bio = bio; ctx.indent = indent; diff --git a/src/crypto/bio/pair.c b/src/crypto/bio/pair.c index df36343a..e933a1d4 100644 --- a/src/crypto/bio/pair.c +++ b/src/crypto/bio/pair.c @@ -59,6 +59,8 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + struct bio_bio_st { BIO *peer; /* NULL if buf == NULL. @@ -86,7 +88,7 @@ static int bio_new(BIO *bio) { if (b == NULL) { return 0; } - memset(b, 0, sizeof(struct bio_bio_st)); + OPENSSL_memset(b, 0, sizeof(struct bio_bio_st)); b->size = 17 * 1024; /* enough for one TLS record (just a default) */ bio->ptr = b; @@ -207,7 +209,7 @@ static int bio_read(BIO *bio, char *buf, int size_) { } assert(peer_b->offset + chunk <= peer_b->size); - memcpy(buf, peer_b->buf + peer_b->offset, chunk); + OPENSSL_memcpy(buf, peer_b->buf + peer_b->offset, chunk); peer_b->len -= chunk; if (peer_b->len) { @@ -287,7 +289,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) { chunk = b->size - write_offset; } - memcpy(b->buf + write_offset, buf, chunk); + OPENSSL_memcpy(b->buf + write_offset, buf, chunk); b->len += chunk; diff --git a/src/crypto/bio/socket_helper.c b/src/crypto/bio/socket_helper.c index 95007884..268405a6 100644 --- a/src/crypto/bio/socket_helper.c +++ b/src/crypto/bio/socket_helper.c @@ -33,6 +33,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #endif #include "internal.h" +#include "../internal.h" int bio_ip_and_port_to_socket_and_addr(int *out_sock, @@ -45,7 +46,7 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock, *out_sock = -1; - memset(&hint, 0, sizeof(hint)); + OPENSSL_memset(&hint, 0, sizeof(hint)); hint.ai_family = AF_UNSPEC; hint.ai_socktype = SOCK_STREAM; @@ -62,8 +63,8 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock, if ((size_t) cur->ai_addrlen > sizeof(struct sockaddr_storage)) { continue; } - memset(out_addr, 0, sizeof(struct sockaddr_storage)); - memcpy(out_addr, cur->ai_addr, cur->ai_addrlen); + OPENSSL_memset(out_addr, 0, sizeof(struct sockaddr_storage)); + OPENSSL_memcpy(out_addr, cur->ai_addr, cur->ai_addrlen); *out_addr_length = cur->ai_addrlen; *out_sock = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol); diff --git a/src/crypto/bn/CMakeLists.txt b/src/crypto/bn/CMakeLists.txt index 49cfe2f8..9dd24b4e 100644 --- a/src/crypto/bn/CMakeLists.txt +++ b/src/crypto/bn/CMakeLists.txt @@ -6,7 +6,6 @@ if (${ARCH} STREQUAL "x86_64") x86_64-mont.${ASM_EXT} x86_64-mont5.${ASM_EXT} - rsaz-x86_64.${ASM_EXT} rsaz-avx2.${ASM_EXT} rsaz_exp.c @@ -69,7 +68,6 @@ add_library( perlasm(x86_64-mont.${ASM_EXT} asm/x86_64-mont.pl) perlasm(x86_64-mont5.${ASM_EXT} asm/x86_64-mont5.pl) -perlasm(rsaz-x86_64.${ASM_EXT} asm/rsaz-x86_64.pl) perlasm(rsaz-avx2.${ASM_EXT} asm/rsaz-avx2.pl) perlasm(bn-586.${ASM_EXT} asm/bn-586.pl) perlasm(co-586.${ASM_EXT} asm/co-586.pl) diff --git a/src/crypto/bn/add.c b/src/crypto/bn/add.c index 23f9f802..cfa3bbe3 100644 --- a/src/crypto/bn/add.c +++ b/src/crypto/bn/add.c @@ -314,7 +314,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { } if (dif > 0 && rp != ap) { - memcpy(rp, ap, sizeof(*rp) * dif); + OPENSSL_memcpy(rp, ap, sizeof(*rp) * dif); } r->top = max; diff --git a/src/crypto/bn/asm/rsaz-x86_64.pl b/src/crypto/bn/asm/rsaz-x86_64.pl deleted file mode 100755 index ac6b5db8..00000000 --- a/src/crypto/bn/asm/rsaz-x86_64.pl +++ /dev/null @@ -1,2338 +0,0 @@ -#!/usr/bin/env perl - -############################################################################## -# # -# Copyright (c) 2012, Intel Corporation # -# # -# All rights reserved. # -# # -# Redistribution and use in source and binary forms, with or without # -# modification, are permitted provided that the following conditions are # -# met: # -# # -# * Redistributions of source code must retain the above copyright # -# notice, this list of conditions and the following disclaimer. # -# # -# * Redistributions in binary form must reproduce the above copyright # -# notice, this list of conditions and the following disclaimer in the # -# documentation and/or other materials provided with the # -# distribution. # -# # -# * Neither the name of the Intel Corporation nor the names of its # -# contributors may be used to endorse or promote products derived from # -# this software without specific prior written permission. # -# # -# # -# THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY # -# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR # -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, # -# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # -# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -# # -############################################################################## -# Developers and authors: # -# Shay Gueron (1, 2), and Vlad Krasnov (1) # -# (1) Intel Architecture Group, Microprocessor and Chipset Development, # -# Israel Development Center, Haifa, Israel # -# (2) University of Haifa # -############################################################################## -# Reference: # -# [1] S. Gueron, "Efficient Software Implementations of Modular # -# Exponentiation", http://eprint.iacr.org/2011/239 # -# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring". # -# IEEE Proceedings of 9th International Conference on Information # -# Technology: New Generations (ITNG 2012), 821-823 (2012). # -# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation# -# Journal of Cryptographic Engineering 2:31-43 (2012). # -# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis # -# resistant 512-bit and 1024-bit modular exponentiation for optimizing # -# RSA1024 and RSA2048 on x86_64 platforms", # -# http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest# -############################################################################## - -# While original submission covers 512- and 1024-bit exponentiation, -# this module is limited to 512-bit version only (and as such -# accelerates RSA1024 sign). This is because improvement for longer -# keys is not high enough to justify the effort, highest measured -# was ~5% on Westmere. [This is relative to OpenSSL 1.0.2, upcoming -# for the moment of this writing!] Nor does this module implement -# "monolithic" complete exponentiation jumbo-subroutine, but adheres -# to more modular mixture of C and assembly. And it's optimized even -# for processors other than Intel Core family (see table below for -# improvement coefficients). -# <appro@openssl.org> -# -# RSA1024 sign/sec this/original |this/rsax(*) this/fips(*) -# ----------------+--------------------------- -# Opteron +13% |+5% +20% -# Bulldozer -0% |-1% +10% -# P4 +11% |+7% +8% -# Westmere +5% |+14% +17% -# Sandy Bridge +2% |+12% +29% -# Ivy Bridge +1% |+11% +35% -# Haswell(**) -0% |+12% +39% -# Atom +13% |+11% +4% -# VIA Nano +70% |+9% +25% -# -# (*) rsax engine and fips numbers are presented for reference -# purposes; -# (**) MULX was attempted, but found to give only marginal improvement; - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; -*STDOUT=*OUT; - -# In upstream, this is controlled by shelling out to the compiler to check -# versions, but BoringSSL is intended to be used with pre-generated perlasm -# output, so this isn't useful anyway. -# -# TODO(davidben): Enable this after testing. $addx goes up to 1. -$addx = 0; - -($out, $inp, $mod) = ("%rdi", "%rsi", "%rbp"); # common internal API -{ -my ($out,$inp,$mod,$n0,$times) = ("%rdi","%rsi","%rdx","%rcx","%r8d"); - -$code.=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.globl rsaz_512_sqr -.type rsaz_512_sqr,\@function,5 -.align 32 -rsaz_512_sqr: # 25-29% faster than rsaz_512_mul - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - - subq \$128+24, %rsp -.Lsqr_body: - movq $mod, %rbp # common argument - movq ($inp), %rdx - movq 8($inp), %rax - movq $n0, 128(%rsp) -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Loop_sqrx -___ -$code.=<<___; - jmp .Loop_sqr - -.align 32 -.Loop_sqr: - movl $times,128+8(%rsp) -#first iteration - movq %rdx, %rbx - mulq %rdx - movq %rax, %r8 - movq 16($inp), %rax - movq %rdx, %r9 - - mulq %rbx - addq %rax, %r9 - movq 24($inp), %rax - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r10 - movq 32($inp), %rax - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r11 - movq 40($inp), %rax - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r12 - movq 48($inp), %rax - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r13 - movq 56($inp), %rax - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r14 - movq %rbx, %rax - movq %rdx, %r15 - adcq \$0, %r15 - - addq %r8, %r8 #shlq \$1, %r8 - movq %r9, %rcx - adcq %r9, %r9 #shld \$1, %r8, %r9 - - mulq %rax - movq %rax, (%rsp) - addq %rdx, %r8 - adcq \$0, %r9 - - movq %r8, 8(%rsp) - shrq \$63, %rcx - -#second iteration - movq 8($inp), %r8 - movq 16($inp), %rax - mulq %r8 - addq %rax, %r10 - movq 24($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r8 - addq %rax, %r11 - movq 32($inp), %rax - adcq \$0, %rdx - addq %rbx, %r11 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r8 - addq %rax, %r12 - movq 40($inp), %rax - adcq \$0, %rdx - addq %rbx, %r12 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r8 - addq %rax, %r13 - movq 48($inp), %rax - adcq \$0, %rdx - addq %rbx, %r13 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r8 - addq %rax, %r14 - movq 56($inp), %rax - adcq \$0, %rdx - addq %rbx, %r14 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r8 - addq %rax, %r15 - movq %r8, %rax - adcq \$0, %rdx - addq %rbx, %r15 - movq %rdx, %r8 - movq %r10, %rdx - adcq \$0, %r8 - - add %rdx, %rdx - lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - movq %r11, %rbx - adcq %r11, %r11 #shld \$1, %r10, %r11 - - mulq %rax - addq %rax, %r9 - adcq %rdx, %r10 - adcq \$0, %r11 - - movq %r9, 16(%rsp) - movq %r10, 24(%rsp) - shrq \$63, %rbx - -#third iteration - movq 16($inp), %r9 - movq 24($inp), %rax - mulq %r9 - addq %rax, %r12 - movq 32($inp), %rax - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %r9 - addq %rax, %r13 - movq 40($inp), %rax - adcq \$0, %rdx - addq %rcx, %r13 - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %r9 - addq %rax, %r14 - movq 48($inp), %rax - adcq \$0, %rdx - addq %rcx, %r14 - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %r9 - movq %r12, %r10 - lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 - addq %rax, %r15 - movq 56($inp), %rax - adcq \$0, %rdx - addq %rcx, %r15 - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %r9 - shrq \$63, %r10 - addq %rax, %r8 - movq %r9, %rax - adcq \$0, %rdx - addq %rcx, %r8 - movq %rdx, %r9 - adcq \$0, %r9 - - movq %r13, %rcx - leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 - - mulq %rax - addq %rax, %r11 - adcq %rdx, %r12 - adcq \$0, %r13 - - movq %r11, 32(%rsp) - movq %r12, 40(%rsp) - shrq \$63, %rcx - -#fourth iteration - movq 24($inp), %r10 - movq 32($inp), %rax - mulq %r10 - addq %rax, %r14 - movq 40($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r10 - addq %rax, %r15 - movq 48($inp), %rax - adcq \$0, %rdx - addq %rbx, %r15 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r10 - movq %r14, %r12 - leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 - addq %rax, %r8 - movq 56($inp), %rax - adcq \$0, %rdx - addq %rbx, %r8 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r10 - shrq \$63, %r12 - addq %rax, %r9 - movq %r10, %rax - adcq \$0, %rdx - addq %rbx, %r9 - movq %rdx, %r10 - adcq \$0, %r10 - - movq %r15, %rbx - leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 - - mulq %rax - addq %rax, %r13 - adcq %rdx, %r14 - adcq \$0, %r15 - - movq %r13, 48(%rsp) - movq %r14, 56(%rsp) - shrq \$63, %rbx - -#fifth iteration - movq 32($inp), %r11 - movq 40($inp), %rax - mulq %r11 - addq %rax, %r8 - movq 48($inp), %rax - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %r11 - addq %rax, %r9 - movq 56($inp), %rax - adcq \$0, %rdx - movq %r8, %r12 - leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 - addq %rcx, %r9 - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %r11 - shrq \$63, %r12 - addq %rax, %r10 - movq %r11, %rax - adcq \$0, %rdx - addq %rcx, %r10 - movq %rdx, %r11 - adcq \$0, %r11 - - movq %r9, %rcx - leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 - - mulq %rax - addq %rax, %r15 - adcq %rdx, %r8 - adcq \$0, %r9 - - movq %r15, 64(%rsp) - movq %r8, 72(%rsp) - shrq \$63, %rcx - -#sixth iteration - movq 40($inp), %r12 - movq 48($inp), %rax - mulq %r12 - addq %rax, %r10 - movq 56($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r12 - addq %rax, %r11 - movq %r12, %rax - movq %r10, %r15 - leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - adcq \$0, %rdx - shrq \$63, %r15 - addq %rbx, %r11 - movq %rdx, %r12 - adcq \$0, %r12 - - movq %r11, %rbx - leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 - - mulq %rax - addq %rax, %r9 - adcq %rdx, %r10 - adcq \$0, %r11 - - movq %r9, 80(%rsp) - movq %r10, 88(%rsp) - -#seventh iteration - movq 48($inp), %r13 - movq 56($inp), %rax - mulq %r13 - addq %rax, %r12 - movq %r13, %rax - movq %rdx, %r13 - adcq \$0, %r13 - - xorq %r14, %r14 - shlq \$1, %rbx - adcq %r12, %r12 #shld \$1, %rbx, %r12 - adcq %r13, %r13 #shld \$1, %r12, %r13 - adcq %r14, %r14 #shld \$1, %r13, %r14 - - mulq %rax - addq %rax, %r11 - adcq %rdx, %r12 - adcq \$0, %r13 - - movq %r11, 96(%rsp) - movq %r12, 104(%rsp) - -#eighth iteration - movq 56($inp), %rax - mulq %rax - addq %rax, %r13 - adcq \$0, %rdx - - addq %rdx, %r14 - - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reduce - - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - movq %r8, %rdx - movq %r9, %rax - movl 128+8(%rsp), $times - movq $out, $inp - - decl $times - jnz .Loop_sqr -___ -if ($addx) { -$code.=<<___; - jmp .Lsqr_tail - -.align 32 -.Loop_sqrx: - movl $times,128+8(%rsp) - movq $out, %xmm0 # off-load - movq %rbp, %xmm1 # off-load -#first iteration - mulx %rax, %r8, %r9 - - mulx 16($inp), %rcx, %r10 - xor %rbp, %rbp # cf=0, of=0 - - mulx 24($inp), %rax, %r11 - adcx %rcx, %r9 - - mulx 32($inp), %rcx, %r12 - adcx %rax, %r10 - - mulx 40($inp), %rax, %r13 - adcx %rcx, %r11 - - .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 - adcx %rax, %r12 - adcx %rcx, %r13 - - .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 - adcx %rax, %r14 - adcx %rbp, %r15 # %rbp is 0 - - mov %r9, %rcx - shld \$1, %r8, %r9 - shl \$1, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rdx, %r8 - mov 8($inp), %rdx - adcx %rbp, %r9 - - mov %rax, (%rsp) - mov %r8, 8(%rsp) - -#second iteration - mulx 16($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 - adox $out, %r11 - adcx %r8, %r12 - - mulx 32($inp), %rax, %rbx - adox %rax, %r12 - adcx %rbx, %r13 - - mulx 40($inp), $out, %r8 - adox $out, %r13 - adcx %r8, %r14 - - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00 # mulx 48($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 - adox $out, %r15 - adcx %rbp, %r8 - adox %rbp, %r8 - - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp,%ebp - mulx %rdx, %rax, %rcx - mov 16($inp), %rdx - adcx %rax, %r9 - adcx %rcx, %r10 - adcx %rbp, %r11 - - mov %r9, 16(%rsp) - .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) - -#third iteration - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 - adox $out, %r12 - adcx %r9, %r13 - - mulx 32($inp), %rax, %rcx - adox %rax, %r13 - adcx %rcx, %r14 - - mulx 40($inp), $out, %r9 - adox $out, %r14 - adcx %r9, %r15 - - .byte 0xc4,0xe2,0xfb,0xf6,0x8e,0x30,0x00,0x00,0x00 # mulx 48($inp), %rax, %rcx - adox %rax, %r15 - adcx %rcx, %r8 - - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 - adox $out, %r8 - adcx %rbp, %r9 - adox %rbp, %r9 - - mov %r13, %rcx - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r11 - adcx %rdx, %r12 - mov 24($inp), %rdx - adcx %rbp, %r13 - - mov %r11, 32(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) - -#fourth iteration - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - - mulx 40($inp), $out, %r10 - adox $out, %r15 - adcx %r10, %r8 - - mulx 48($inp), %rax, %rbx - adox %rax, %r8 - adcx %rbx, %r9 - - mulx 56($inp), $out, %r10 - adox $out, %r9 - adcx %rbp, %r10 - adox %rbp, %r10 - - .byte 0x66 - mov %r15, %rbx - shld \$1, %r14, %r15 - shld \$1, %rcx, %r14 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r13 - adcx %rdx, %r14 - mov 32($inp), %rdx - adcx %rbp, %r15 - - mov %r13, 48(%rsp) - mov %r14, 56(%rsp) - -#fifth iteration - .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 - adox $out, %r8 - adcx %r11, %r9 - - mulx 48($inp), %rax, %rcx - adox %rax, %r9 - adcx %rcx, %r10 - - mulx 56($inp), $out, %r11 - adox $out, %r10 - adcx %rbp, %r11 - adox %rbp, %r11 - - mov %r9, %rcx - shld \$1, %r8, %r9 - shld \$1, %rbx, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r15 - adcx %rdx, %r8 - mov 40($inp), %rdx - adcx %rbp, %r9 - - mov %r15, 64(%rsp) - mov %r8, 72(%rsp) - -#sixth iteration - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00 # mulx 48($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - - .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 - adox $out, %r11 - adcx %rbp, %r12 - adox %rbp, %r12 - - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r9 - adcx %rdx, %r10 - mov 48($inp), %rdx - adcx %rbp, %r11 - - mov %r9, 80(%rsp) - mov %r10, 88(%rsp) - -#seventh iteration - .byte 0xc4,0x62,0xfb,0xf6,0xae,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r13 - adox %rax, %r12 - adox %rbp, %r13 - - xor %r14, %r14 - shld \$1, %r13, %r14 - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r11 - adcx %rdx, %r12 - mov 56($inp), %rdx - adcx %rbp, %r13 - - .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) - -#eighth iteration - mulx %rdx, %rax, %rdx - adox %rax, %r13 - adox %rbp, %rdx - - .byte 0x66 - add %rdx, %r14 - - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) - movq %xmm0, $out - movq %xmm1, %rbp - - movq 128(%rsp), %rdx # pull $n0 - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reducex - - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - movq %r8, %rdx - movq %r9, %rax - movl 128+8(%rsp), $times - movq $out, $inp - - decl $times - jnz .Loop_sqrx - -.Lsqr_tail: -___ -} -$code.=<<___; - - leaq 128+24+48(%rsp), %rax - movq -48(%rax), %r15 - movq -40(%rax), %r14 - movq -32(%rax), %r13 - movq -24(%rax), %r12 - movq -16(%rax), %rbp - movq -8(%rax), %rbx - leaq (%rax), %rsp -.Lsqr_epilogue: - ret -.size rsaz_512_sqr,.-rsaz_512_sqr -___ -} -{ -my ($out,$ap,$bp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx","%r8"); -$code.=<<___; -.globl rsaz_512_mul -.type rsaz_512_mul,\@function,5 -.align 32 -rsaz_512_mul: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - - subq \$128+24, %rsp -.Lmul_body: - movq $out, %xmm0 # off-load arguments - movq $mod, %xmm1 - movq $n0, 128(%rsp) -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Lmulx -___ -$code.=<<___; - movq ($bp), %rbx # pass b[0] - movq $bp, %rbp # pass argument - call __rsaz_512_mul - - movq %xmm0, $out - movq %xmm1, %rbp - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lmul_tail - -.align 32 -.Lmulx: - movq $bp, %rbp # pass argument - movq ($bp), %rdx # pass b[0] - call __rsaz_512_mulx - - movq %xmm0, $out - movq %xmm1, %rbp - - movq 128(%rsp), %rdx # pull $n0 - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reducex -.Lmul_tail: -___ -$code.=<<___; - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp), %rax - movq -48(%rax), %r15 - movq -40(%rax), %r14 - movq -32(%rax), %r13 - movq -24(%rax), %r12 - movq -16(%rax), %rbp - movq -8(%rax), %rbx - leaq (%rax), %rsp -.Lmul_epilogue: - ret -.size rsaz_512_mul,.-rsaz_512_mul -___ -} -{ -my ($out,$ap,$bp,$mod,$n0,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); -$code.=<<___; -.globl rsaz_512_mul_gather4 -.type rsaz_512_mul_gather4,\@function,6 -.align 32 -rsaz_512_mul_gather4: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - - subq \$`128+24+($win64?0xb0:0)`, %rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,0xa0(%rsp) - movaps %xmm7,0xb0(%rsp) - movaps %xmm8,0xc0(%rsp) - movaps %xmm9,0xd0(%rsp) - movaps %xmm10,0xe0(%rsp) - movaps %xmm11,0xf0(%rsp) - movaps %xmm12,0x100(%rsp) - movaps %xmm13,0x110(%rsp) - movaps %xmm14,0x120(%rsp) - movaps %xmm15,0x130(%rsp) -___ -$code.=<<___; -.Lmul_gather4_body: - movd $pwr,%xmm8 - movdqa .Linc+16(%rip),%xmm1 # 00000002000000020000000200000002 - movdqa .Linc(%rip),%xmm0 # 00000001000000010000000000000000 - - pshufd \$0,%xmm8,%xmm8 # broadcast $power - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..15 to $power -# -for($i=0;$i<4;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` - movdqa %xmm7,%xmm`$i+3` -___ -} -for(;$i<7;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` -___ -} -$code.=<<___; - pcmpeqd %xmm8,%xmm7 - - movdqa 16*0($bp),%xmm8 - movdqa 16*1($bp),%xmm9 - movdqa 16*2($bp),%xmm10 - movdqa 16*3($bp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4($bp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5($bp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6($bp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7($bp),%xmm15 - leaq 128($bp), %rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Lmulx_gather -___ -$code.=<<___; - movq %xmm8,%rbx - - movq $n0, 128(%rsp) # off-load arguments - movq $out, 128+8(%rsp) - movq $mod, 128+16(%rsp) - - movq ($ap), %rax - movq 8($ap), %rcx - mulq %rbx # 0 iteration - movq %rax, (%rsp) - movq %rcx, %rax - movq %rdx, %r8 - - mulq %rbx - addq %rax, %r8 - movq 16($ap), %rax - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r9 - movq 24($ap), %rax - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r10 - movq 32($ap), %rax - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r11 - movq 40($ap), %rax - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r12 - movq 48($ap), %rax - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r13 - movq 56($ap), %rax - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r14 - movq ($ap), %rax - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8(%rsp), %rdi - movl \$7, %ecx - jmp .Loop_mul_gather - -.align 32 -.Loop_mul_gather: - movdqa 16*0(%rbp),%xmm8 - movdqa 16*1(%rbp),%xmm9 - movdqa 16*2(%rbp),%xmm10 - movdqa 16*3(%rbp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4(%rbp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5(%rbp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6(%rbp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7(%rbp),%xmm15 - leaq 128(%rbp), %rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,%rbx - - mulq %rbx - addq %rax, %r8 - movq 8($ap), %rax - movq %r8, (%rdi) - movq %rdx, %r8 - adcq \$0, %r8 - - mulq %rbx - addq %rax, %r9 - movq 16($ap), %rax - adcq \$0, %rdx - addq %r9, %r8 - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r10 - movq 24($ap), %rax - adcq \$0, %rdx - addq %r10, %r9 - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r11 - movq 32($ap), %rax - adcq \$0, %rdx - addq %r11, %r10 - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r12 - movq 40($ap), %rax - adcq \$0, %rdx - addq %r12, %r11 - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r13 - movq 48($ap), %rax - adcq \$0, %rdx - addq %r13, %r12 - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r14 - movq 56($ap), %rax - adcq \$0, %rdx - addq %r14, %r13 - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r15 - movq ($ap), %rax - adcq \$0, %rdx - addq %r15, %r14 - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8(%rdi), %rdi - - decl %ecx - jnz .Loop_mul_gather - - movq %r8, (%rdi) - movq %r9, 8(%rdi) - movq %r10, 16(%rdi) - movq %r11, 24(%rdi) - movq %r12, 32(%rdi) - movq %r13, 40(%rdi) - movq %r14, 48(%rdi) - movq %r15, 56(%rdi) - - movq 128+8(%rsp), $out - movq 128+16(%rsp), %rbp - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lmul_gather_tail - -.align 32 -.Lmulx_gather: - movq %xmm8,%rdx - - mov $n0, 128(%rsp) # off-load arguments - mov $out, 128+8(%rsp) - mov $mod, 128+16(%rsp) - - mulx ($ap), %rbx, %r8 # 0 iteration - mov %rbx, (%rsp) - xor %edi, %edi # cf=0, of=0 - - mulx 8($ap), %rax, %r9 - - mulx 16($ap), %rbx, %r10 - adcx %rax, %r8 - - mulx 24($ap), %rax, %r11 - adcx %rbx, %r9 - - mulx 32($ap), %rbx, %r12 - adcx %rax, %r10 - - mulx 40($ap), %rax, %r13 - adcx %rbx, %r11 - - mulx 48($ap), %rbx, %r14 - adcx %rax, %r12 - - mulx 56($ap), %rax, %r15 - adcx %rbx, %r13 - adcx %rax, %r14 - .byte 0x67 - mov %r8, %rbx - adcx %rdi, %r15 # %rdi is 0 - - mov \$-7, %rcx - jmp .Loop_mulx_gather - -.align 32 -.Loop_mulx_gather: - movdqa 16*0(%rbp),%xmm8 - movdqa 16*1(%rbp),%xmm9 - movdqa 16*2(%rbp),%xmm10 - movdqa 16*3(%rbp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4(%rbp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5(%rbp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6(%rbp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7(%rbp),%xmm15 - leaq 128(%rbp), %rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,%rdx - - .byte 0xc4,0x62,0xfb,0xf6,0x86,0x00,0x00,0x00,0x00 # mulx ($ap), %rax, %r8 - adcx %rax, %rbx - adox %r9, %r8 - - mulx 8($ap), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - mulx 16($ap), %rax, %r10 - adcx %rax, %r9 - adox %r11, %r10 - - .byte 0xc4,0x62,0xfb,0xf6,0x9e,0x18,0x00,0x00,0x00 # mulx 24($ap), %rax, %r11 - adcx %rax, %r10 - adox %r12, %r11 - - mulx 32($ap), %rax, %r12 - adcx %rax, %r11 - adox %r13, %r12 - - mulx 40($ap), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - .byte 0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($ap), %rax, %r14 - adcx %rax, %r13 - .byte 0x67 - adox %r15, %r14 - - mulx 56($ap), %rax, %r15 - mov %rbx, 64(%rsp,%rcx,8) - adcx %rax, %r14 - adox %rdi, %r15 - mov %r8, %rbx - adcx %rdi, %r15 # cf=0 - - inc %rcx # of=0 - jnz .Loop_mulx_gather - - mov %r8, 64(%rsp) - mov %r9, 64+8(%rsp) - mov %r10, 64+16(%rsp) - mov %r11, 64+24(%rsp) - mov %r12, 64+32(%rsp) - mov %r13, 64+40(%rsp) - mov %r14, 64+48(%rsp) - mov %r15, 64+56(%rsp) - - mov 128(%rsp), %rdx # pull arguments - mov 128+8(%rsp), $out - mov 128+16(%rsp), %rbp - - mov (%rsp), %r8 - mov 8(%rsp), %r9 - mov 16(%rsp), %r10 - mov 24(%rsp), %r11 - mov 32(%rsp), %r12 - mov 40(%rsp), %r13 - mov 48(%rsp), %r14 - mov 56(%rsp), %r15 - - call __rsaz_512_reducex - -.Lmul_gather_tail: -___ -$code.=<<___; - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp), %rax -___ -$code.=<<___ if ($win64); - movaps 0xa0-0xc8(%rax),%xmm6 - movaps 0xb0-0xc8(%rax),%xmm7 - movaps 0xc0-0xc8(%rax),%xmm8 - movaps 0xd0-0xc8(%rax),%xmm9 - movaps 0xe0-0xc8(%rax),%xmm10 - movaps 0xf0-0xc8(%rax),%xmm11 - movaps 0x100-0xc8(%rax),%xmm12 - movaps 0x110-0xc8(%rax),%xmm13 - movaps 0x120-0xc8(%rax),%xmm14 - movaps 0x130-0xc8(%rax),%xmm15 - lea 0xb0(%rax),%rax -___ -$code.=<<___; - movq -48(%rax), %r15 - movq -40(%rax), %r14 - movq -32(%rax), %r13 - movq -24(%rax), %r12 - movq -16(%rax), %rbp - movq -8(%rax), %rbx - leaq (%rax), %rsp -.Lmul_gather4_epilogue: - ret -.size rsaz_512_mul_gather4,.-rsaz_512_mul_gather4 -___ -} -{ -my ($out,$ap,$mod,$n0,$tbl,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); -$code.=<<___; -.globl rsaz_512_mul_scatter4 -.type rsaz_512_mul_scatter4,\@function,6 -.align 32 -rsaz_512_mul_scatter4: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - - mov $pwr, $pwr - subq \$128+24, %rsp -.Lmul_scatter4_body: - leaq ($tbl,$pwr,8), $tbl - movq $out, %xmm0 # off-load arguments - movq $mod, %xmm1 - movq $tbl, %xmm2 - movq $n0, 128(%rsp) - - movq $out, %rbp -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Lmulx_scatter -___ -$code.=<<___; - movq ($out),%rbx # pass b[0] - call __rsaz_512_mul - - movq %xmm0, $out - movq %xmm1, %rbp - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lmul_scatter_tail - -.align 32 -.Lmulx_scatter: - movq ($out), %rdx # pass b[0] - call __rsaz_512_mulx - - movq %xmm0, $out - movq %xmm1, %rbp - - movq 128(%rsp), %rdx # pull $n0 - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reducex - -.Lmul_scatter_tail: -___ -$code.=<<___; - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - movq %xmm2, $inp - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - movq %r8, 128*0($inp) # scatter - movq %r9, 128*1($inp) - movq %r10, 128*2($inp) - movq %r11, 128*3($inp) - movq %r12, 128*4($inp) - movq %r13, 128*5($inp) - movq %r14, 128*6($inp) - movq %r15, 128*7($inp) - - leaq 128+24+48(%rsp), %rax - movq -48(%rax), %r15 - movq -40(%rax), %r14 - movq -32(%rax), %r13 - movq -24(%rax), %r12 - movq -16(%rax), %rbp - movq -8(%rax), %rbx - leaq (%rax), %rsp -.Lmul_scatter4_epilogue: - ret -.size rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4 -___ -} -{ -my ($out,$inp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx"); -$code.=<<___; -.globl rsaz_512_mul_by_one -.type rsaz_512_mul_by_one,\@function,4 -.align 32 -rsaz_512_mul_by_one: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - - subq \$128+24, %rsp -.Lmul_by_one_body: -___ -$code.=<<___ if ($addx); - movl OPENSSL_ia32cap_P+8(%rip),%eax -___ -$code.=<<___; - movq $mod, %rbp # reassign argument - movq $n0, 128(%rsp) - - movq ($inp), %r8 - pxor %xmm0, %xmm0 - movq 8($inp), %r9 - movq 16($inp), %r10 - movq 24($inp), %r11 - movq 32($inp), %r12 - movq 40($inp), %r13 - movq 48($inp), %r14 - movq 56($inp), %r15 - - movdqa %xmm0, (%rsp) - movdqa %xmm0, 16(%rsp) - movdqa %xmm0, 32(%rsp) - movdqa %xmm0, 48(%rsp) - movdqa %xmm0, 64(%rsp) - movdqa %xmm0, 80(%rsp) - movdqa %xmm0, 96(%rsp) -___ -$code.=<<___ if ($addx); - andl \$0x80100,%eax - cmpl \$0x80100,%eax # check for MULX and ADO/CX - je .Lby_one_callx -___ -$code.=<<___; - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lby_one_tail -.align 32 -.Lby_one_callx: - movq 128(%rsp), %rdx # pull $n0 - call __rsaz_512_reducex -.Lby_one_tail: -___ -$code.=<<___; - movq %r8, ($out) - movq %r9, 8($out) - movq %r10, 16($out) - movq %r11, 24($out) - movq %r12, 32($out) - movq %r13, 40($out) - movq %r14, 48($out) - movq %r15, 56($out) - - leaq 128+24+48(%rsp), %rax - movq -48(%rax), %r15 - movq -40(%rax), %r14 - movq -32(%rax), %r13 - movq -24(%rax), %r12 - movq -16(%rax), %rbp - movq -8(%rax), %rbx - leaq (%rax), %rsp -.Lmul_by_one_epilogue: - ret -.size rsaz_512_mul_by_one,.-rsaz_512_mul_by_one -___ -} -{ # __rsaz_512_reduce - # - # input: %r8-%r15, %rbp - mod, 128(%rsp) - n0 - # output: %r8-%r15 - # clobbers: everything except %rbp and %rdi -$code.=<<___; -.type __rsaz_512_reduce,\@abi-omnipotent -.align 32 -__rsaz_512_reduce: - movq %r8, %rbx - imulq 128+8(%rsp), %rbx - movq 0(%rbp), %rax - movl \$8, %ecx - jmp .Lreduction_loop - -.align 32 -.Lreduction_loop: - mulq %rbx - movq 8(%rbp), %rax - negq %r8 - movq %rdx, %r8 - adcq \$0, %r8 - - mulq %rbx - addq %rax, %r9 - movq 16(%rbp), %rax - adcq \$0, %rdx - addq %r9, %r8 - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r10 - movq 24(%rbp), %rax - adcq \$0, %rdx - addq %r10, %r9 - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r11 - movq 32(%rbp), %rax - adcq \$0, %rdx - addq %r11, %r10 - movq 128+8(%rsp), %rsi - #movq %rdx, %r11 - #adcq \$0, %r11 - adcq \$0, %rdx - movq %rdx, %r11 - - mulq %rbx - addq %rax, %r12 - movq 40(%rbp), %rax - adcq \$0, %rdx - imulq %r8, %rsi - addq %r12, %r11 - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r13 - movq 48(%rbp), %rax - adcq \$0, %rdx - addq %r13, %r12 - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r14 - movq 56(%rbp), %rax - adcq \$0, %rdx - addq %r14, %r13 - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - movq %rsi, %rbx - addq %rax, %r15 - movq 0(%rbp), %rax - adcq \$0, %rdx - addq %r15, %r14 - movq %rdx, %r15 - adcq \$0, %r15 - - decl %ecx - jne .Lreduction_loop - - ret -.size __rsaz_512_reduce,.-__rsaz_512_reduce -___ -} -if ($addx) { - # __rsaz_512_reducex - # - # input: %r8-%r15, %rbp - mod, 128(%rsp) - n0 - # output: %r8-%r15 - # clobbers: everything except %rbp and %rdi -$code.=<<___; -.type __rsaz_512_reducex,\@abi-omnipotent -.align 32 -__rsaz_512_reducex: - #movq 128+8(%rsp), %rdx # pull $n0 - imulq %r8, %rdx - xorq %rsi, %rsi # cf=0,of=0 - movl \$8, %ecx - jmp .Lreduction_loopx - -.align 32 -.Lreduction_loopx: - mov %r8, %rbx - mulx 0(%rbp), %rax, %r8 - adcx %rbx, %rax - adox %r9, %r8 - - mulx 8(%rbp), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - mulx 16(%rbp), %rbx, %r10 - adcx %rbx, %r9 - adox %r11, %r10 - - mulx 24(%rbp), %rbx, %r11 - adcx %rbx, %r10 - adox %r12, %r11 - - .byte 0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00 # mulx 32(%rbp), %rbx, %r12 - mov %rdx, %rax - mov %r8, %rdx - adcx %rbx, %r11 - adox %r13, %r12 - - mulx 128+8(%rsp), %rbx, %rdx - mov %rax, %rdx - - mulx 40(%rbp), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - .byte 0xc4,0x62,0xfb,0xf6,0xb5,0x30,0x00,0x00,0x00 # mulx 48(%rbp), %rax, %r14 - adcx %rax, %r13 - adox %r15, %r14 - - mulx 56(%rbp), %rax, %r15 - mov %rbx, %rdx - adcx %rax, %r14 - adox %rsi, %r15 # %rsi is 0 - adcx %rsi, %r15 # cf=0 - - decl %ecx # of=0 - jne .Lreduction_loopx - - ret -.size __rsaz_512_reducex,.-__rsaz_512_reducex -___ -} -{ # __rsaz_512_subtract - # input: %r8-%r15, %rdi - $out, %rbp - $mod, %rcx - mask - # output: - # clobbers: everything but %rdi, %rsi and %rbp -$code.=<<___; -.type __rsaz_512_subtract,\@abi-omnipotent -.align 32 -__rsaz_512_subtract: - movq %r8, ($out) - movq %r9, 8($out) - movq %r10, 16($out) - movq %r11, 24($out) - movq %r12, 32($out) - movq %r13, 40($out) - movq %r14, 48($out) - movq %r15, 56($out) - - movq 0($mod), %r8 - movq 8($mod), %r9 - negq %r8 - notq %r9 - andq %rcx, %r8 - movq 16($mod), %r10 - andq %rcx, %r9 - notq %r10 - movq 24($mod), %r11 - andq %rcx, %r10 - notq %r11 - movq 32($mod), %r12 - andq %rcx, %r11 - notq %r12 - movq 40($mod), %r13 - andq %rcx, %r12 - notq %r13 - movq 48($mod), %r14 - andq %rcx, %r13 - notq %r14 - movq 56($mod), %r15 - andq %rcx, %r14 - notq %r15 - andq %rcx, %r15 - - addq ($out), %r8 - adcq 8($out), %r9 - adcq 16($out), %r10 - adcq 24($out), %r11 - adcq 32($out), %r12 - adcq 40($out), %r13 - adcq 48($out), %r14 - adcq 56($out), %r15 - - movq %r8, ($out) - movq %r9, 8($out) - movq %r10, 16($out) - movq %r11, 24($out) - movq %r12, 32($out) - movq %r13, 40($out) - movq %r14, 48($out) - movq %r15, 56($out) - - ret -.size __rsaz_512_subtract,.-__rsaz_512_subtract -___ -} -{ # __rsaz_512_mul - # - # input: %rsi - ap, %rbp - bp - # ouput: - # clobbers: everything -my ($ap,$bp) = ("%rsi","%rbp"); -$code.=<<___; -.type __rsaz_512_mul,\@abi-omnipotent -.align 32 -__rsaz_512_mul: - leaq 8(%rsp), %rdi - - movq ($ap), %rax - mulq %rbx - movq %rax, (%rdi) - movq 8($ap), %rax - movq %rdx, %r8 - - mulq %rbx - addq %rax, %r8 - movq 16($ap), %rax - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r9 - movq 24($ap), %rax - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r10 - movq 32($ap), %rax - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r11 - movq 40($ap), %rax - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r12 - movq 48($ap), %rax - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r13 - movq 56($ap), %rax - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r14 - movq ($ap), %rax - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8($bp), $bp - leaq 8(%rdi), %rdi - - movl \$7, %ecx - jmp .Loop_mul - -.align 32 -.Loop_mul: - movq ($bp), %rbx - mulq %rbx - addq %rax, %r8 - movq 8($ap), %rax - movq %r8, (%rdi) - movq %rdx, %r8 - adcq \$0, %r8 - - mulq %rbx - addq %rax, %r9 - movq 16($ap), %rax - adcq \$0, %rdx - addq %r9, %r8 - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r10 - movq 24($ap), %rax - adcq \$0, %rdx - addq %r10, %r9 - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r11 - movq 32($ap), %rax - adcq \$0, %rdx - addq %r11, %r10 - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r12 - movq 40($ap), %rax - adcq \$0, %rdx - addq %r12, %r11 - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r13 - movq 48($ap), %rax - adcq \$0, %rdx - addq %r13, %r12 - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r14 - movq 56($ap), %rax - adcq \$0, %rdx - addq %r14, %r13 - movq %rdx, %r14 - leaq 8($bp), $bp - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r15 - movq ($ap), %rax - adcq \$0, %rdx - addq %r15, %r14 - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8(%rdi), %rdi - - decl %ecx - jnz .Loop_mul - - movq %r8, (%rdi) - movq %r9, 8(%rdi) - movq %r10, 16(%rdi) - movq %r11, 24(%rdi) - movq %r12, 32(%rdi) - movq %r13, 40(%rdi) - movq %r14, 48(%rdi) - movq %r15, 56(%rdi) - - ret -.size __rsaz_512_mul,.-__rsaz_512_mul -___ -} -if ($addx) { - # __rsaz_512_mulx - # - # input: %rsi - ap, %rbp - bp - # ouput: - # clobbers: everything -my ($ap,$bp,$zero) = ("%rsi","%rbp","%rdi"); -$code.=<<___; -.type __rsaz_512_mulx,\@abi-omnipotent -.align 32 -__rsaz_512_mulx: - mulx ($ap), %rbx, %r8 # initial %rdx preloaded by caller - mov \$-6, %rcx - - mulx 8($ap), %rax, %r9 - movq %rbx, 8(%rsp) - - mulx 16($ap), %rbx, %r10 - adc %rax, %r8 - - mulx 24($ap), %rax, %r11 - adc %rbx, %r9 - - mulx 32($ap), %rbx, %r12 - adc %rax, %r10 - - mulx 40($ap), %rax, %r13 - adc %rbx, %r11 - - mulx 48($ap), %rbx, %r14 - adc %rax, %r12 - - mulx 56($ap), %rax, %r15 - mov 8($bp), %rdx - adc %rbx, %r13 - adc %rax, %r14 - adc \$0, %r15 - - xor $zero, $zero # cf=0,of=0 - jmp .Loop_mulx - -.align 32 -.Loop_mulx: - movq %r8, %rbx - mulx ($ap), %rax, %r8 - adcx %rax, %rbx - adox %r9, %r8 - - mulx 8($ap), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - mulx 16($ap), %rax, %r10 - adcx %rax, %r9 - adox %r11, %r10 - - mulx 24($ap), %rax, %r11 - adcx %rax, %r10 - adox %r12, %r11 - - .byte 0x3e,0xc4,0x62,0xfb,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($ap), %rax, %r12 - adcx %rax, %r11 - adox %r13, %r12 - - mulx 40($ap), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - mulx 48($ap), %rax, %r14 - adcx %rax, %r13 - adox %r15, %r14 - - mulx 56($ap), %rax, %r15 - movq 64($bp,%rcx,8), %rdx - movq %rbx, 8+64-8(%rsp,%rcx,8) - adcx %rax, %r14 - adox $zero, %r15 - adcx $zero, %r15 # cf=0 - - inc %rcx # of=0 - jnz .Loop_mulx - - movq %r8, %rbx - mulx ($ap), %rax, %r8 - adcx %rax, %rbx - adox %r9, %r8 - - .byte 0xc4,0x62,0xfb,0xf6,0x8e,0x08,0x00,0x00,0x00 # mulx 8($ap), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - .byte 0xc4,0x62,0xfb,0xf6,0x96,0x10,0x00,0x00,0x00 # mulx 16($ap), %rax, %r10 - adcx %rax, %r9 - adox %r11, %r10 - - mulx 24($ap), %rax, %r11 - adcx %rax, %r10 - adox %r12, %r11 - - mulx 32($ap), %rax, %r12 - adcx %rax, %r11 - adox %r13, %r12 - - mulx 40($ap), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - .byte 0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($ap), %rax, %r14 - adcx %rax, %r13 - adox %r15, %r14 - - .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($ap), %rax, %r15 - adcx %rax, %r14 - adox $zero, %r15 - adcx $zero, %r15 - - mov %rbx, 8+64-8(%rsp) - mov %r8, 8+64(%rsp) - mov %r9, 8+64+8(%rsp) - mov %r10, 8+64+16(%rsp) - mov %r11, 8+64+24(%rsp) - mov %r12, 8+64+32(%rsp) - mov %r13, 8+64+40(%rsp) - mov %r14, 8+64+48(%rsp) - mov %r15, 8+64+56(%rsp) - - ret -.size __rsaz_512_mulx,.-__rsaz_512_mulx -___ -} -{ -my ($out,$inp,$power)= $win64 ? ("%rcx","%rdx","%r8d") : ("%rdi","%rsi","%edx"); -$code.=<<___; -.globl rsaz_512_scatter4 -.type rsaz_512_scatter4,\@abi-omnipotent -.align 16 -rsaz_512_scatter4: - leaq ($out,$power,8), $out - movl \$8, %r9d - jmp .Loop_scatter -.align 16 -.Loop_scatter: - movq ($inp), %rax - leaq 8($inp), $inp - movq %rax, ($out) - leaq 128($out), $out - decl %r9d - jnz .Loop_scatter - ret -.size rsaz_512_scatter4,.-rsaz_512_scatter4 - -.globl rsaz_512_gather4 -.type rsaz_512_gather4,\@abi-omnipotent -.align 16 -rsaz_512_gather4: -___ -$code.=<<___ if ($win64); -.LSEH_begin_rsaz_512_gather4: - .byte 0x48,0x81,0xec,0xa8,0x00,0x00,0x00 # sub $0xa8,%rsp - .byte 0x0f,0x29,0x34,0x24 # movaps %xmm6,(%rsp) - .byte 0x0f,0x29,0x7c,0x24,0x10 # movaps %xmm7,0x10(%rsp) - .byte 0x44,0x0f,0x29,0x44,0x24,0x20 # movaps %xmm8,0x20(%rsp) - .byte 0x44,0x0f,0x29,0x4c,0x24,0x30 # movaps %xmm9,0x30(%rsp) - .byte 0x44,0x0f,0x29,0x54,0x24,0x40 # movaps %xmm10,0x40(%rsp) - .byte 0x44,0x0f,0x29,0x5c,0x24,0x50 # movaps %xmm11,0x50(%rsp) - .byte 0x44,0x0f,0x29,0x64,0x24,0x60 # movaps %xmm12,0x60(%rsp) - .byte 0x44,0x0f,0x29,0x6c,0x24,0x70 # movaps %xmm13,0x70(%rsp) - .byte 0x44,0x0f,0x29,0xb4,0x24,0x80,0,0,0 # movaps %xmm14,0x80(%rsp) - .byte 0x44,0x0f,0x29,0xbc,0x24,0x90,0,0,0 # movaps %xmm15,0x90(%rsp) -___ -$code.=<<___; - movd $power,%xmm8 - movdqa .Linc+16(%rip),%xmm1 # 00000002000000020000000200000002 - movdqa .Linc(%rip),%xmm0 # 00000001000000010000000000000000 - - pshufd \$0,%xmm8,%xmm8 # broadcast $power - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..15 to $power -# -for($i=0;$i<4;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` - movdqa %xmm7,%xmm`$i+3` -___ -} -for(;$i<7;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` -___ -} -$code.=<<___; - pcmpeqd %xmm8,%xmm7 - movl \$8, %r9d - jmp .Loop_gather -.align 16 -.Loop_gather: - movdqa 16*0($inp),%xmm8 - movdqa 16*1($inp),%xmm9 - movdqa 16*2($inp),%xmm10 - movdqa 16*3($inp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4($inp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5($inp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6($inp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7($inp),%xmm15 - leaq 128($inp), $inp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,($out) - leaq 8($out), $out - decl %r9d - jnz .Loop_gather -___ -$code.=<<___ if ($win64); - movaps 0x00(%rsp),%xmm6 - movaps 0x10(%rsp),%xmm7 - movaps 0x20(%rsp),%xmm8 - movaps 0x30(%rsp),%xmm9 - movaps 0x40(%rsp),%xmm10 - movaps 0x50(%rsp),%xmm11 - movaps 0x60(%rsp),%xmm12 - movaps 0x70(%rsp),%xmm13 - movaps 0x80(%rsp),%xmm14 - movaps 0x90(%rsp),%xmm15 - add \$0xa8,%rsp -___ -$code.=<<___; - ret -.LSEH_end_rsaz_512_gather4: -.size rsaz_512_gather4,.-rsaz_512_gather4 - -.align 64 -.Linc: - .long 0,0, 1,1 - .long 2,2, 2,2 -___ -} - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->Rip<end of prologue label - jb .Lcommon_seh_tail - - mov 152($context),%rax # pull context->Rsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea 128+24+48(%rax),%rax - - lea .Lmul_gather4_epilogue(%rip),%rbx - cmp %r10,%rbx - jne .Lse_not_in_mul_gather4 - - lea 0xb0(%rax),%rax - - lea -48-0xa8(%rax),%rsi - lea 512($context),%rdi - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lse_not_in_mul_gather4: - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_rsaz_512_sqr - .rva .LSEH_end_rsaz_512_sqr - .rva .LSEH_info_rsaz_512_sqr - - .rva .LSEH_begin_rsaz_512_mul - .rva .LSEH_end_rsaz_512_mul - .rva .LSEH_info_rsaz_512_mul - - .rva .LSEH_begin_rsaz_512_mul_gather4 - .rva .LSEH_end_rsaz_512_mul_gather4 - .rva .LSEH_info_rsaz_512_mul_gather4 - - .rva .LSEH_begin_rsaz_512_mul_scatter4 - .rva .LSEH_end_rsaz_512_mul_scatter4 - .rva .LSEH_info_rsaz_512_mul_scatter4 - - .rva .LSEH_begin_rsaz_512_mul_by_one - .rva .LSEH_end_rsaz_512_mul_by_one - .rva .LSEH_info_rsaz_512_mul_by_one - - .rva .LSEH_begin_rsaz_512_gather4 - .rva .LSEH_end_rsaz_512_gather4 - .rva .LSEH_info_rsaz_512_gather4 - -.section .xdata -.align 8 -.LSEH_info_rsaz_512_sqr: - .byte 9,0,0,0 - .rva se_handler - .rva .Lsqr_body,.Lsqr_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_body,.Lmul_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul_gather4: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_gather4_body,.Lmul_gather4_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul_scatter4: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_scatter4_body,.Lmul_scatter4_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul_by_one: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_by_one_body,.Lmul_by_one_epilogue # HandlerData[] -.LSEH_info_rsaz_512_gather4: - .byte 0x01,0x46,0x16,0x00 - .byte 0x46,0xf8,0x09,0x00 # vmovaps 0x90(rsp),xmm15 - .byte 0x3d,0xe8,0x08,0x00 # vmovaps 0x80(rsp),xmm14 - .byte 0x34,0xd8,0x07,0x00 # vmovaps 0x70(rsp),xmm13 - .byte 0x2e,0xc8,0x06,0x00 # vmovaps 0x60(rsp),xmm12 - .byte 0x28,0xb8,0x05,0x00 # vmovaps 0x50(rsp),xmm11 - .byte 0x22,0xa8,0x04,0x00 # vmovaps 0x40(rsp),xmm10 - .byte 0x1c,0x98,0x03,0x00 # vmovaps 0x30(rsp),xmm9 - .byte 0x16,0x88,0x02,0x00 # vmovaps 0x20(rsp),xmm8 - .byte 0x10,0x78,0x01,0x00 # vmovaps 0x10(rsp),xmm7 - .byte 0x0b,0x68,0x00,0x00 # vmovaps 0x00(rsp),xmm6 - .byte 0x07,0x01,0x15,0x00 # sub rsp,0xa8 -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT; diff --git a/src/crypto/bn/bn.c b/src/crypto/bn/bn.c index 87d81d26..31bb937f 100644 --- a/src/crypto/bn/bn.c +++ b/src/crypto/bn/bn.c @@ -73,14 +73,14 @@ BIGNUM *BN_new(void) { return NULL; } - memset(bn, 0, sizeof(BIGNUM)); + OPENSSL_memset(bn, 0, sizeof(BIGNUM)); bn->flags = BN_FLG_MALLOCED; return bn; } void BN_init(BIGNUM *bn) { - memset(bn, 0, sizeof(BIGNUM)); + OPENSSL_memset(bn, 0, sizeof(BIGNUM)); } void BN_free(BIGNUM *bn) { @@ -149,7 +149,7 @@ BIGNUM *BN_copy(BIGNUM *dest, const BIGNUM *src) { return NULL; } - memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top); + OPENSSL_memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top); dest->top = src->top; dest->neg = src->neg; @@ -158,7 +158,7 @@ BIGNUM *BN_copy(BIGNUM *dest, const BIGNUM *src) { void BN_clear(BIGNUM *bn) { if (bn->d != NULL) { - memset(bn->d, 0, bn->dmax * sizeof(bn->d[0])); + OPENSSL_memset(bn->d, 0, bn->dmax * sizeof(bn->d[0])); } bn->top = 0; @@ -173,7 +173,7 @@ const BIGNUM *BN_value_one(void) { } void BN_with_flags(BIGNUM *out, const BIGNUM *in, int flags) { - memcpy(out, in, sizeof(BIGNUM)); + OPENSSL_memcpy(out, in, sizeof(BIGNUM)); out->flags &= ~BN_FLG_MALLOCED; out->flags |= BN_FLG_STATIC_DATA | flags; } @@ -292,7 +292,7 @@ int bn_set_words(BIGNUM *bn, const BN_ULONG *words, size_t num) { if (bn_wexpand(bn, num) == NULL) { return 0; } - memmove(bn->d, words, num * sizeof(BN_ULONG)); + OPENSSL_memmove(bn->d, words, num * sizeof(BN_ULONG)); /* |bn_wexpand| verified that |num| isn't too large. */ bn->top = (int)num; bn_correct_top(bn); @@ -335,7 +335,7 @@ BIGNUM *bn_wexpand(BIGNUM *bn, size_t words) { return NULL; } - memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top); + OPENSSL_memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top); OPENSSL_free(bn->d); bn->d = a; diff --git a/src/crypto/bn/bn_test.cc b/src/crypto/bn/bn_test.cc index 044af5fe..4f544a7f 100644 --- a/src/crypto/bn/bn_test.cc +++ b/src/crypto/bn/bn_test.cc @@ -680,7 +680,7 @@ static bool RunTest(FileTest *t, void *arg) { static bool TestBN2BinPadded(BN_CTX *ctx) { uint8_t zeros[256], out[256], reference[128]; - memset(zeros, 0, sizeof(zeros)); + OPENSSL_memset(zeros, 0, sizeof(zeros)); // Test edge case at 0. bssl::UniquePtr<BIGNUM> n(BN_new()); @@ -689,13 +689,13 @@ static bool TestBN2BinPadded(BN_CTX *ctx) { "BN_bn2bin_padded failed to encode 0 in an empty buffer.\n"); return false; } - memset(out, -1, sizeof(out)); + OPENSSL_memset(out, -1, sizeof(out)); if (!BN_bn2bin_padded(out, sizeof(out), n.get())) { fprintf(stderr, "BN_bn2bin_padded failed to encode 0 in a non-empty buffer.\n"); return false; } - if (memcmp(zeros, out, sizeof(out))) { + if (OPENSSL_memcmp(zeros, out, sizeof(out))) { fprintf(stderr, "BN_bn2bin_padded did not zero buffer.\n"); return false; } @@ -724,20 +724,21 @@ static bool TestBN2BinPadded(BN_CTX *ctx) { } // Exactly right size should encode. if (!BN_bn2bin_padded(out, bytes, n.get()) || - memcmp(out, reference, bytes) != 0) { + OPENSSL_memcmp(out, reference, bytes) != 0) { fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); return false; } // Pad up one byte extra. if (!BN_bn2bin_padded(out, bytes + 1, n.get()) || - memcmp(out + 1, reference, bytes) || memcmp(out, zeros, 1)) { + OPENSSL_memcmp(out + 1, reference, bytes) || + OPENSSL_memcmp(out, zeros, 1)) { fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); return false; } // Pad up to 256. if (!BN_bn2bin_padded(out, sizeof(out), n.get()) || - memcmp(out + sizeof(out) - bytes, reference, bytes) || - memcmp(out, zeros, sizeof(out) - bytes)) { + OPENSSL_memcmp(out + sizeof(out) - bytes, reference, bytes) || + OPENSSL_memcmp(out, zeros, sizeof(out) - bytes)) { fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); return false; } @@ -746,6 +747,82 @@ static bool TestBN2BinPadded(BN_CTX *ctx) { return true; } +static bool TestLittleEndian() { + bssl::UniquePtr<BIGNUM> x(BN_new()); + bssl::UniquePtr<BIGNUM> y(BN_new()); + if (!x || !y) { + fprintf(stderr, "BN_new failed to malloc.\n"); + return false; + } + + // Test edge case at 0. Fill |out| with garbage to ensure |BN_bn2le_padded| + // wrote the result. + uint8_t out[256], zeros[256]; + OPENSSL_memset(out, -1, sizeof(out)); + OPENSSL_memset(zeros, 0, sizeof(zeros)); + if (!BN_bn2le_padded(out, sizeof(out), x.get()) || + OPENSSL_memcmp(zeros, out, sizeof(out))) { + fprintf(stderr, "BN_bn2le_padded failed to encode 0.\n"); + return false; + } + + if (!BN_le2bn(out, sizeof(out), y.get()) || + BN_cmp(x.get(), y.get()) != 0) { + fprintf(stderr, "BN_le2bn failed to decode 0 correctly.\n"); + return false; + } + + // Test random numbers at various byte lengths. + for (size_t bytes = 128 - 7; bytes <= 128; bytes++) { + if (!BN_rand(x.get(), bytes * 8, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) { + ERR_print_errors_fp(stderr); + return false; + } + + // Fill |out| with garbage to ensure |BN_bn2le_padded| wrote the result. + OPENSSL_memset(out, -1, sizeof(out)); + if (!BN_bn2le_padded(out, sizeof(out), x.get())) { + fprintf(stderr, "BN_bn2le_padded failed to encode random value.\n"); + return false; + } + + // Compute the expected value by reversing the big-endian output. + uint8_t expected[sizeof(out)]; + if (!BN_bn2bin_padded(expected, sizeof(expected), x.get())) { + return false; + } + for (size_t i = 0; i < sizeof(expected) / 2; i++) { + uint8_t tmp = expected[i]; + expected[i] = expected[sizeof(expected) - 1 - i]; + expected[sizeof(expected) - 1 - i] = tmp; + } + + if (OPENSSL_memcmp(expected, out, sizeof(out))) { + fprintf(stderr, "BN_bn2le_padded failed to encode value correctly.\n"); + hexdump(stderr, "Expected: ", expected, sizeof(expected)); + hexdump(stderr, "Got: ", out, sizeof(out)); + return false; + } + + // Make sure the decoding produces the same BIGNUM. + if (!BN_le2bn(out, bytes, y.get()) || + BN_cmp(x.get(), y.get()) != 0) { + bssl::UniquePtr<char> x_hex(BN_bn2hex(x.get())), + y_hex(BN_bn2hex(y.get())); + if (!x_hex || !y_hex) { + return false; + } + fprintf(stderr, "BN_le2bn failed to decode value correctly.\n"); + fprintf(stderr, "Expected: %s\n", x_hex.get()); + hexdump(stderr, "Encoding: ", out, bytes); + fprintf(stderr, "Got: %s\n", y_hex.get()); + return false; + } + } + + return true; +} + static int DecimalToBIGNUM(bssl::UniquePtr<BIGNUM> *out, const char *in) { BIGNUM *raw = NULL; int ret = BN_dec2bn(&raw, in); @@ -922,7 +999,7 @@ static bool TestMPI() { } if (mpi_len != test.mpi_len || - memcmp(test.mpi, scratch, mpi_len) != 0) { + OPENSSL_memcmp(test.mpi, scratch, mpi_len) != 0) { fprintf(stderr, "MPI test #%u failed:\n", (unsigned)i); hexdump(stderr, "Expected: ", test.mpi, test.mpi_len); hexdump(stderr, "Got: ", scratch, mpi_len); @@ -1062,7 +1139,8 @@ static bool TestASN1() { } bssl::UniquePtr<uint8_t> delete_der(der); if (der_len != test.der_len || - memcmp(der, reinterpret_cast<const uint8_t*>(test.der), der_len) != 0) { + OPENSSL_memcmp(der, reinterpret_cast<const uint8_t *>(test.der), + der_len) != 0) { fprintf(stderr, "Bad serialization.\n"); return false; } @@ -1173,42 +1251,35 @@ static bool TestNegativeZero(BN_CTX *ctx) { return false; } - for (int consttime = 0; consttime < 2; consttime++) { - bssl::UniquePtr<BIGNUM> numerator(BN_new()), denominator(BN_new()); - if (!numerator || !denominator) { - return false; - } - - if (consttime) { - BN_set_flags(numerator.get(), BN_FLG_CONSTTIME); - BN_set_flags(denominator.get(), BN_FLG_CONSTTIME); - } + bssl::UniquePtr<BIGNUM> numerator(BN_new()), denominator(BN_new()); + if (!numerator || !denominator) { + return false; + } - // Test that BN_div never gives negative zero in the quotient. - if (!BN_set_word(numerator.get(), 1) || - !BN_set_word(denominator.get(), 2)) { - return false; - } - BN_set_negative(numerator.get(), 1); - if (!BN_div(a.get(), b.get(), numerator.get(), denominator.get(), ctx)) { - return false; - } - if (!BN_is_zero(a.get()) || BN_is_negative(a.get())) { - fprintf(stderr, "Incorrect quotient (consttime = %d).\n", consttime); - return false; - } + // Test that BN_div never gives negative zero in the quotient. + if (!BN_set_word(numerator.get(), 1) || + !BN_set_word(denominator.get(), 2)) { + return false; + } + BN_set_negative(numerator.get(), 1); + if (!BN_div(a.get(), b.get(), numerator.get(), denominator.get(), ctx)) { + return false; + } + if (!BN_is_zero(a.get()) || BN_is_negative(a.get())) { + fprintf(stderr, "Incorrect quotient.\n"); + return false; + } - // Test that BN_div never gives negative zero in the remainder. - if (!BN_set_word(denominator.get(), 1)) { - return false; - } - if (!BN_div(a.get(), b.get(), numerator.get(), denominator.get(), ctx)) { - return false; - } - if (!BN_is_zero(b.get()) || BN_is_negative(b.get())) { - fprintf(stderr, "Incorrect remainder (consttime = %d).\n", consttime); - return false; - } + // Test that BN_div never gives negative zero in the remainder. + if (!BN_set_word(denominator.get(), 1)) { + return false; + } + if (!BN_div(a.get(), b.get(), numerator.get(), denominator.get(), ctx)) { + return false; + } + if (!BN_is_zero(b.get()) || BN_is_negative(b.get())) { + fprintf(stderr, "Incorrect remainder.\n"); + return false; } // Test that BN_set_negative will not produce a negative zero. @@ -1500,7 +1571,7 @@ static bool TestBN2Dec() { return true; } -static bool TestBNSetU64() { +static bool TestBNSetGetU64() { static const struct { const char *hex; uint64_t value; @@ -1522,6 +1593,36 @@ static bool TestBNSetU64() { ERR_print_errors_fp(stderr); return false; } + + uint64_t tmp; + if (!BN_get_u64(bn.get(), &tmp) || tmp != test.value) { + fprintf(stderr, "BN_get_u64 test failed for 0x%s.\n", test.hex); + return false; + } + + BN_set_negative(bn.get(), 1); + if (!BN_get_u64(bn.get(), &tmp) || tmp != test.value) { + fprintf(stderr, "BN_get_u64 test failed for -0x%s.\n", test.hex); + return false; + } + } + + // Test that BN_get_u64 fails on large numbers. + bssl::UniquePtr<BIGNUM> bn(BN_new()); + if (!BN_lshift(bn.get(), BN_value_one(), 64)) { + return false; + } + + uint64_t tmp; + if (BN_get_u64(bn.get(), &tmp)) { + fprintf(stderr, "BN_get_u64 of 2^64 unexpectedly succeeded.\n"); + return false; + } + + BN_set_negative(bn.get(), 1); + if (BN_get_u64(bn.get(), &tmp)) { + fprintf(stderr, "BN_get_u64 of -2^64 unexpectedly succeeded.\n"); + return false; } return true; @@ -1544,6 +1645,7 @@ int main(int argc, char *argv[]) { !TestDec2BN(ctx.get()) || !TestHex2BN(ctx.get()) || !TestASC2BN(ctx.get()) || + !TestLittleEndian() || !TestMPI() || !TestRand() || !TestASN1() || @@ -1553,7 +1655,7 @@ int main(int argc, char *argv[]) { !TestSmallPrime(ctx.get()) || !TestCmpWord() || !TestBN2Dec() || - !TestBNSetU64()) { + !TestBNSetGetU64()) { return 1; } diff --git a/src/crypto/bn/bn_tests.txt b/src/crypto/bn/bn_tests.txt index ec89b8e4..46c788f0 100644 --- a/src/crypto/bn/bn_tests.txt +++ b/src/crypto/bn/bn_tests.txt @@ -10387,6 +10387,89 @@ E = d7e6df5d755284929b986cd9b61c9c2c8843f24c711fbdbae1a468edcae15940094372557072 M = e4e784aa1fa88625a43ba0185a153a929663920be7fe674a4d33c943d3b898cff051482e7050a070cede53be5e89f31515772c7aea637576f99f82708f89d9e244f6ad3a24a02cbe5c0ff7bcf2dad5491f53db7c3f2698a7c41b44f086652f17bb05fe4c5c0a92433c34086b49d7e1825b28bab6c5a9bd0bc95b53d659afa0d7 +# RSAZ 512-bit. +# +# These are regression tests for code which historically reached the RSAZ-512 +# code. That has since been removed, but the test vectors remain. Note that the +# lengths of the inputs, especially the *bit* length of |M|, matter a lot. + +# Control: No relationship between A and M except that A < M and they're the same number of limbs. +ModExp = 7f34c1cd63377bc3abf2bb5b2d1bf5f06454e1e8040fe19a72245ce9731cbee1bf9e84532300776c8021ed4f3a8de508d85b4cf320bd82065a013754857b50c4 +A = 8e4e67da6ff890643d0599387955996ef6f0c2045eb9944576ddb965ca64cdb6247727ce128ef178d4a84e5a56d2e67eb0fe389ecbf691f9244ae80f4c11b364 +E = be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1 +M = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491 + +# Same as above except A is negative. +ModExp = 71fa6a4c8ae75368eda8cc6282c26afa69e2af12a97fb9444f16b7dd6c99e0a5d6034cab4248cae4357346b211039f4a2bc4c5a20a297372094162417af703cd +A = -8e4e67da6ff890643d0599387955996ef6f0c2045eb9944576ddb965ca64cdb6247727ce128ef178d4a84e5a56d2e67eb0fe389ecbf691f9244ae80f4c11b364 +E = be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1 +M = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491 + +# A == M - 1 == -1 (mod M) and the exponent is odd so A ^ E (mod M) == A. +ModExp = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725490 +A = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725490 +E = be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1 +M = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491 + +# Same inputs as above except A is negative. Note that A mod M with a "correct top" isn't the right length for RSAZ. +ModExp = 1 +A = -f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725490 +E = be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1 +M = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491 + +# A == M, so A == 0 (mod M) so A ^ E (mod M) == 0. Note that A mod M with a "correct top" isn't the right length for RSAZ. +ModExp = 0 +A = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491 +E = be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1 +M = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491 + +# A is negative, and A (mod M) is the right length for RSAZ. +ModExp = 8d76eb0f8c7bc3160cc8bb0e0c3590fbed26c5932f5f525b48045c0bd46dda287ba5483f97c851fb7c12c2e858ee7a4a4d1af745cbfb3eb311fa54bea12cde25 +A = -80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +E = be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1 +M = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491 + + +# RSAZ 1024-bit. +# Note that the lengths of the inputs, especially the *bit* length of |M|, matter a lot. + +# Control: No relationship between A and M except that A < M and they're the same number of limbs. +ModExp = 8984f8c16044f9c0ad7bd72347af90f58e6e003acda92b76e3c7c4a56ea8e918409d8e9b34884d4c89d0b17cb40fe898f2627c084a0f1698e46beccbf6f48eecc281e11ea9e5135adba460ddae157f2c655b5f589ce29b254d43a960a71cede8a08dbb86be4dac22458da232fb1ec2470856827302ed772c9ddafa408c931aa7 +A = 21158da5fe20356825e72b3f5384ec57720d22f727b27ce2f945c8ee311db781add73bf8fae96b775c909bd22fca75c44c2b0584284a5bb1c07f8eefcd6b0a44047a02b185df34f897f11d4fb9a86c9eb841b4cb8d0383441fdc5af3ef385b5e8380f605d73ed41bb42eb2c2a5704d6034b3ad058dafffce83dbbfb6295daaf8 +E = ecdebd112b3b5788669449dcddbd479a203ee9ab72a9bb9c406b97623513bf0ab9a22f1f23634d269e16bfd6d3b64202b71fc355057411967b6ac70f8d9cef0a4e06819a9a18cc06bbe438243fa9759303d98be8a65dc1cb13595ee9b99f138554425d50f6fbc025d8ffa3eaea828d6f3b82a3584146bafde34da257995f0575 +M = ff3a3e023db3bba929ca4ededbace13d0d1264387b5ef62734e177eaf47a78af56b58aacc8ac5d46f5b066bafb95d93d4442bb948653613eec76837b4ffb7991cb080b6c8b403fb09bc817d026e283ee47ab2fc9af274b12f626eda2fe02004a8e27b9ed7d3b614e8955c7e7c2c0700edd079455237c4475fbd41857e206e4b7 + +# Same as above except A is negative. +ModExp = 75b54540dd6ec1e87c4e77bb93fd50477ea463fdadb5cab05119b34585d18f971617fc1194240ffa6bdfb53e4785f0a451e03f8c3c444aa6080a96af5906eaa508862a4de15b2c55c023b6f278cd04c1e24fd0711244afeda8e3444256e51261ed99fe66beedb52c43c825b4c7a1adc7d4b111e2208ecd495df91e175573ca10 +A = -21158da5fe20356825e72b3f5384ec57720d22f727b27ce2f945c8ee311db781add73bf8fae96b775c909bd22fca75c44c2b0584284a5bb1c07f8eefcd6b0a44047a02b185df34f897f11d4fb9a86c9eb841b4cb8d0383441fdc5af3ef385b5e8380f605d73ed41bb42eb2c2a5704d6034b3ad058dafffce83dbbfb6295daaf8 +E = ecdebd112b3b5788669449dcddbd479a203ee9ab72a9bb9c406b97623513bf0ab9a22f1f23634d269e16bfd6d3b64202b71fc355057411967b6ac70f8d9cef0a4e06819a9a18cc06bbe438243fa9759303d98be8a65dc1cb13595ee9b99f138554425d50f6fbc025d8ffa3eaea828d6f3b82a3584146bafde34da257995f0575 +M = ff3a3e023db3bba929ca4ededbace13d0d1264387b5ef62734e177eaf47a78af56b58aacc8ac5d46f5b066bafb95d93d4442bb948653613eec76837b4ffb7991cb080b6c8b403fb09bc817d026e283ee47ab2fc9af274b12f626eda2fe02004a8e27b9ed7d3b614e8955c7e7c2c0700edd079455237c4475fbd41857e206e4b7 + +# A == M - 1 == -1 (mod M) and the exponent is odd so A ^ E (mod M) == A. +ModExp = b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d964 +A = b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d964 +E = 61803d4973ae68cfb2ba6770dbed70d36760fa42c01a16d1482eacf0d01adf7a917bc86ece58a73b920295c1291b90f49167ef856ecad149330e1fd49ec71392fb62d47270b53e6d4f3c8f044b80a5736753364896932abc6d872c4c5e135d1edb200597a93ceb262ff6c99079177cd10808b9ed20c8cd7352d80ac7f6963103 +M = b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d965 + +# Same inputs as above except A is negative. Note that A mod M with a "correct top" isn't the right length for RSAZ. +ModExp = 1 +A = -b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d964 +E = 61803d4973ae68cfb2ba6770dbed70d36760fa42c01a16d1482eacf0d01adf7a917bc86ece58a73b920295c1291b90f49167ef856ecad149330e1fd49ec71392fb62d47270b53e6d4f3c8f044b80a5736753364896932abc6d872c4c5e135d1edb200597a93ceb262ff6c99079177cd10808b9ed20c8cd7352d80ac7f6963103 +M = b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d965 + +# A == M, so A == 0 (mod M) so A ^ E (mod M) == 0. Note that A mod M with a "correct top" isn't the right length for RSAZ. +ModExp = 0 +A = b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d965 +E = 61803d4973ae68cfb2ba6770dbed70d36760fa42c01a16d1482eacf0d01adf7a917bc86ece58a73b920295c1291b90f49167ef856ecad149330e1fd49ec71392fb62d47270b53e6d4f3c8f044b80a5736753364896932abc6d872c4c5e135d1edb200597a93ceb262ff6c99079177cd10808b9ed20c8cd7352d80ac7f6963103 +M = b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d965 + +# A is negative, and A (mod M) is the right length for RSAZ. +ModExp = 9cf810b9e89d5cbc4b79ae64e123ea06d92965e2bab077df97a1b906dc2e1ddcf96a9c4ed14e2cd96309b829ea9cc2a74a7d4b43c5f34d792a7c583201427754b8f78b783608070a84b61f18913e3ced7f7f530972de7764667c54e29d756eea38a93cd1703c676a4587231b0ebfeadddf908e2877a7a84b5bfc370ecf0d158d +A = -8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +E = 61803d4973ae68cfb2ba6770dbed70d36760fa42c01a16d1482eacf0d01adf7a917bc86ece58a73b920295c1291b90f49167ef856ecad149330e1fd49ec71392fb62d47270b53e6d4f3c8f044b80a5736753364896932abc6d872c4c5e135d1edb200597a93ceb262ff6c99079177cd10808b9ed20c8cd7352d80ac7f6963103 +M = b5d257b2c50b050d42f0852eff5cfa2571157c500cd0bd9aa0b2ccdd89c531c9609d520eb81d928fb52b06da25dc713561aa0bd365ee56db9e62ac6787a85936990f44438363560f7af9e0c16f378e5b83f658252390d849401817624da97ec613a1b855fd901847352f434a777e4e32af0cb4033c7547fb6437d067fcd3d965 + + # Exp tests. # # These test vectors satisfy A ^ E = Exp. diff --git a/src/crypto/bn/convert.c b/src/crypto/bn/convert.c index 8f4b9640..1fa0dd4f 100644 --- a/src/crypto/bn/convert.c +++ b/src/crypto/bn/convert.c @@ -118,6 +118,42 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) { return ret; } +BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) { + BIGNUM *bn = NULL; + if (ret == NULL) { + bn = BN_new(); + ret = bn; + } + + if (ret == NULL) { + return NULL; + } + + if (len == 0) { + ret->top = 0; + ret->neg = 0; + return ret; + } + + /* Reserve enough space in |ret|. */ + size_t num_words = ((len - 1) / BN_BYTES) + 1; + if (!bn_wexpand(ret, num_words)) { + BN_free(bn); + return NULL; + } + ret->top = num_words; + + /* Make sure the top bytes will be zeroed. */ + ret->d[num_words - 1] = 0; + + /* We only support little-endian platforms, so we can simply memcpy the + * internal representation. */ + OPENSSL_memcpy(ret->d, in, len); + + bn_correct_top(ret); + return ret; +} + size_t BN_bn2bin(const BIGNUM *in, uint8_t *out) { size_t n, i; BN_ULONG l; @@ -130,6 +166,23 @@ size_t BN_bn2bin(const BIGNUM *in, uint8_t *out) { return n; } +int BN_bn2le_padded(uint8_t *out, size_t len, const BIGNUM *in) { + /* If we don't have enough space, fail out. */ + size_t num_bytes = BN_num_bytes(in); + if (len < num_bytes) { + return 0; + } + + /* We only support little-endian platforms, so we can simply memcpy into the + * internal representation. */ + OPENSSL_memcpy(out, in->d, num_bytes); + + /* Pad out the rest of the buffer with zeroes. */ + OPENSSL_memset(out + num_bytes, 0, len - num_bytes); + + return 1; +} + /* constant_time_select_ulong returns |x| if |v| is 1 and |y| if |v| is 0. Its * behavior is undefined if |v| takes any other value. */ static BN_ULONG constant_time_select_ulong(int v, BN_ULONG x, BN_ULONG y) { @@ -162,7 +215,7 @@ static BN_ULONG read_word_padded(const BIGNUM *in, size_t i) { int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { /* Special case for |in| = 0. Just branch as the probability is negligible. */ if (BN_is_zero(in)) { - memset(out, 0, len); + OPENSSL_memset(out, 0, len); return 1; } @@ -515,6 +568,24 @@ BN_ULONG BN_get_word(const BIGNUM *bn) { } } +int BN_get_u64(const BIGNUM *bn, uint64_t *out) { + switch (bn->top) { + case 0: + *out = 0; + return 1; + case 1: + *out = bn->d[0]; + return 1; +#if defined(OPENSSL_32_BIT) + case 2: + *out = (uint64_t) bn->d[0] | (((uint64_t) bn->d[1]) << 32); + return 1; +#endif + default: + return 0; + } +} + size_t BN_bn2mpi(const BIGNUM *in, uint8_t *out) { const size_t bits = BN_num_bits(in); const size_t bytes = (bits + 7) / 8; @@ -532,7 +603,7 @@ size_t BN_bn2mpi(const BIGNUM *in, uint8_t *out) { /* If we cannot represent the number then we emit zero as the interface * doesn't allow an error to be signalled. */ if (out) { - memset(out, 0, 4); + OPENSSL_memset(out, 0, 4); } return 4; } diff --git a/src/crypto/bn/ctx.c b/src/crypto/bn/ctx.c index 48d9adf6..bca6619a 100644 --- a/src/crypto/bn/ctx.c +++ b/src/crypto/bn/ctx.c @@ -59,6 +59,8 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + /* How many bignums are in each "pool item"; */ #define BN_CTX_POOL_SIZE 16 @@ -218,7 +220,7 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx) { return 0; } if (st->depth) { - memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); + OPENSSL_memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); } OPENSSL_free(st->indexes); st->indexes = newitems; diff --git a/src/crypto/bn/div.c b/src/crypto/bn/div.c index ab492812..6e3df7d3 100644 --- a/src/crypto/bn/div.c +++ b/src/crypto/bn/div.c @@ -182,7 +182,12 @@ static inline void bn_div_rem_words(BN_ULONG *quotient_out, BN_ULONG *rem_out, * Thus: * dv->neg == num->neg ^ divisor->neg (unless the result is zero) * rm->neg == num->neg (unless the remainder is zero) - * If 'dv' or 'rm' is NULL, the respective value is not returned. */ + * If 'dv' or 'rm' is NULL, the respective value is not returned. + * + * This was specifically designed to contain fewer branches that may leak + * sensitive information; see "New Branch Prediction Vulnerabilities in OpenSSL + * and Necessary Software Countermeasures" by Onur Acıçmez, Shay Gueron, and + * Jean-Pierre Seifert. */ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { int norm_shift, i, loop; @@ -190,7 +195,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG *resp, *wnump; BN_ULONG d0, d1; int num_n, div_n; - int no_branch = 0; /* Invalid zero-padding would have particularly bad consequences * so don't just rely on bn_check_top() here */ @@ -200,28 +204,11 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, return 0; } - if ((num->flags & BN_FLG_CONSTTIME) != 0 || - (divisor->flags & BN_FLG_CONSTTIME) != 0) { - no_branch = 1; - } - if (BN_is_zero(divisor)) { OPENSSL_PUT_ERROR(BN, BN_R_DIV_BY_ZERO); return 0; } - if (!no_branch && BN_ucmp(num, divisor) < 0) { - if (rm != NULL) { - if (BN_copy(rm, num) == NULL) { - return 0; - } - } - if (dv != NULL) { - BN_zero(dv); - } - return 1; - } - BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); snum = BN_CTX_get(ctx); @@ -247,26 +234,23 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, } snum->neg = 0; - if (no_branch) { - /* Since we don't know whether snum is larger than sdiv, - * we pad snum with enough zeroes without changing its - * value. - */ - if (snum->top <= sdiv->top + 1) { - if (bn_wexpand(snum, sdiv->top + 2) == NULL) { - goto err; - } - for (i = snum->top; i < sdiv->top + 2; i++) { - snum->d[i] = 0; - } - snum->top = sdiv->top + 2; - } else { - if (bn_wexpand(snum, snum->top + 1) == NULL) { - goto err; - } - snum->d[snum->top] = 0; - snum->top++; + /* Since we don't want to have special-case logic for the case where snum is + * larger than sdiv, we pad snum with enough zeroes without changing its + * value. */ + if (snum->top <= sdiv->top + 1) { + if (bn_wexpand(snum, sdiv->top + 2) == NULL) { + goto err; + } + for (i = snum->top; i < sdiv->top + 2; i++) { + snum->d[i] = 0; + } + snum->top = sdiv->top + 2; + } else { + if (bn_wexpand(snum, snum->top + 1) == NULL) { + goto err; } + snum->d[snum->top] = 0; + snum->top++; } div_n = sdiv->top; @@ -294,7 +278,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (!bn_wexpand(res, (loop + 1))) { goto err; } - res->top = loop - no_branch; + res->top = loop - 1; resp = &(res->d[loop - 1]); /* space for temp */ @@ -302,15 +286,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, goto err; } - if (!no_branch) { - if (BN_ucmp(&wnum, sdiv) >= 0) { - bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); - *resp = 1; - } else { - res->top--; - } - } - /* if res->top == 0 then clear the neg value otherwise decrease * the resp pointer */ if (res->top == 0) { @@ -401,9 +376,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, rm->neg = neg; } } - if (no_branch) { - bn_correct_top(res); - } + bn_correct_top(res); BN_CTX_end(ctx); return 1; diff --git a/src/crypto/bn/exponentiation.c b/src/crypto/bn/exponentiation.c index 2d68808b..3161a2a8 100644 --- a/src/crypto/bn/exponentiation.c +++ b/src/crypto/bn/exponentiation.c @@ -876,6 +876,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, int powerbufLen = 0; unsigned char *powerbuf = NULL; BIGNUM tmp, am; + BIGNUM *new_a = NULL; if (!BN_is_odd(m)) { OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS); @@ -903,6 +904,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, mont = new_mont; } + if (a->neg || BN_ucmp(a, m) >= 0) { + new_a = BN_new(); + if (new_a == NULL || + !BN_nnmod(new_a, a, m, ctx)) { + goto err; + } + a = new_a; + } + #ifdef RSAZ_ENABLED /* If the size of the operands allow it, perform the optimized * RSAZ exponentiation. For further information see @@ -918,16 +928,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_correct_top(rr); ret = 1; goto err; - } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { - if (NULL == bn_wexpand(rr, 8)) { - goto err; - } - RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); - rr->top = 8; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; - goto err; } #endif @@ -961,7 +961,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); - memset(powerbuf, 0, powerbufLen); + OPENSSL_memset(powerbuf, 0, powerbufLen); #ifdef alloca if (powerbufLen < 3072) { @@ -991,12 +991,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } /* prepare a^1 in Montgomery domain */ - if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_nnmod(&am, a, m, ctx) || - !BN_to_montgomery(&am, &am, mont, ctx)) { - goto err; - } - } else if (!BN_to_montgomery(&am, a, mont, ctx)) { + assert(!a->neg); + assert(BN_ucmp(a, m) < 0); + if (!BN_to_montgomery(&am, a, mont, ctx)) { goto err; } @@ -1190,6 +1187,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, err: BN_MONT_CTX_free(new_mont); + BN_clear_free(new_a); if (powerbuf != NULL) { OPENSSL_cleanse(powerbuf, powerbufLen); OPENSSL_free(powerbufFree); diff --git a/src/crypto/bn/gcd.c b/src/crypto/bn/gcd.c index a1ed5d91..9e62da00 100644 --- a/src/crypto/bn/gcd.c +++ b/src/crypto/bn/gcd.c @@ -423,9 +423,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a, const BIGNUM *n, if (a_reduced == NULL) { goto err; } - if (no_branch) { - BN_set_flags(a_reduced, BN_FLG_CONSTTIME); - } if (!BN_nnmod(a_reduced, a_reduced, n, ctx)) { goto err; } @@ -481,15 +478,13 @@ err: /* bn_mod_inverse_general is the general inversion algorithm that works for * both even and odd |n|. It was specifically designed to contain fewer - * branches that may leak sensitive information. See "New Branch Prediction + * branches that may leak sensitive information; see "New Branch Prediction * Vulnerabilities in OpenSSL and Necessary Software Countermeasures" by * Onur Acıçmez, Shay Gueron, and Jean-Pierre Seifert. */ static int bn_mod_inverse_general(BIGNUM *out, int *out_no_inverse, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { BIGNUM *A, *B, *X, *Y, *M, *D, *T; - BIGNUM local_A; - BIGNUM *pA; int ret = 0; int sign; @@ -532,14 +527,8 @@ static int bn_mod_inverse_general(BIGNUM *out, int *out_no_inverse, * sign*Y*a == A (mod |n|) */ - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - pA = &local_A; - BN_with_flags(pA, A, BN_FLG_CONSTTIME); - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, pA, B, ctx)) { + if (!BN_div(D, M, A, B, ctx)) { goto err; } @@ -626,3 +615,27 @@ err: BN_CTX_end(ctx); return ret; } + +int bn_mod_inverse_prime(BIGNUM *out, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx, const BN_MONT_CTX *mont_p) { + BN_CTX_start(ctx); + BIGNUM *p_minus_2 = BN_CTX_get(ctx); + int ok = p_minus_2 != NULL && + BN_copy(p_minus_2, p) && + BN_sub_word(p_minus_2, 2) && + BN_mod_exp_mont(out, a, p_minus_2, p, ctx, mont_p); + BN_CTX_end(ctx); + return ok; +} + +int bn_mod_inverse_secret_prime(BIGNUM *out, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx, const BN_MONT_CTX *mont_p) { + BN_CTX_start(ctx); + BIGNUM *p_minus_2 = BN_CTX_get(ctx); + int ok = p_minus_2 != NULL && + BN_copy(p_minus_2, p) && + BN_sub_word(p_minus_2, 2) && + BN_mod_exp_mont_consttime(out, a, p_minus_2, p, ctx, mont_p); + BN_CTX_end(ctx); + return ok; +} diff --git a/src/crypto/bn/internal.h b/src/crypto/bn/internal.h index aeed88f7..1ee29fd4 100644 --- a/src/crypto/bn/internal.h +++ b/src/crypto/bn/internal.h @@ -228,6 +228,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); uint64_t bn_mont_n0(const BIGNUM *n); +int bn_mod_exp_base_2_vartime(BIGNUM *r, unsigned p, const BIGNUM *n); #if defined(OPENSSL_X86_64) && defined(_MSC_VER) #define BN_UMULT_LOHI(low, high, a, b) ((low) = _umul128((a), (b), &(high))) @@ -237,6 +238,18 @@ uint64_t bn_mont_n0(const BIGNUM *n); #error "Either BN_ULLONG or BN_UMULT_LOHI must be defined on every platform." #endif +/* bn_mod_inverse_prime sets |out| to the modular inverse of |a| modulo |p|, + * computed with Fermat's Little Theorem. It returns one on success and zero on + * error. If |mont_p| is NULL, one will be computed temporarily. */ +int bn_mod_inverse_prime(BIGNUM *out, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx, const BN_MONT_CTX *mont_p); + +/* bn_mod_inverse_secret_prime behaves like |bn_mod_inverse_prime| but uses + * |BN_mod_exp_mont_consttime| instead of |BN_mod_exp_mont| in hopes of + * protecting the exponent. */ +int bn_mod_inverse_secret_prime(BIGNUM *out, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx, const BN_MONT_CTX *mont_p); + #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c index 91251e53..70f0585c 100644 --- a/src/crypto/bn/montgomery.c +++ b/src/crypto/bn/montgomery.c @@ -108,6 +108,7 @@ #include <openssl/bn.h> +#include <assert.h> #include <string.h> #include <openssl/err.h> @@ -131,7 +132,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) { return NULL; } - memset(ret, 0, sizeof(BN_MONT_CTX)); + OPENSSL_memset(ret, 0, sizeof(BN_MONT_CTX)); BN_init(&ret->RR); BN_init(&ret->N); @@ -207,12 +208,13 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { /* Save RR = R**2 (mod N). R is the smallest power of 2**BN_BITS such that R * > mod. Even though the assembly on some 32-bit platforms works with 64-bit * values, using |BN_BITS2| here, rather than |BN_MONT_CTX_N0_LIMBS * - * BN_BITS2|, is correct because because R^2 will still be a multiple of the - * latter as |BN_MONT_CTX_N0_LIMBS| is either one or two. */ + * BN_BITS2|, is correct because R**2 will still be a multiple of the latter + * as |BN_MONT_CTX_N0_LIMBS| is either one or two. + * + * XXX: This is not constant time with respect to |mont->N|, but it should + * be. */ unsigned lgBigR = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; - BN_zero(&mont->RR); - if (!BN_set_bit(&mont->RR, lgBigR * 2) || - !BN_mod(&mont->RR, &mont->RR, &mont->N, ctx)) { + if (!bn_mod_exp_base_2_vartime(&mont->RR, lgBigR * 2, &mont->N)) { return 0; } @@ -279,7 +281,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, /* clear the top words of T */ if (max > r->top) { - memset(&rp[r->top], 0, (max - r->top) * sizeof(BN_ULONG)); + OPENSSL_memset(&rp[r->top], 0, (max - r->top) * sizeof(BN_ULONG)); } r->top = max; diff --git a/src/crypto/bn/montgomery_inv.c b/src/crypto/bn/montgomery_inv.c index 28db62bb..9264adb2 100644 --- a/src/crypto/bn/montgomery_inv.c +++ b/src/crypto/bn/montgomery_inv.c @@ -158,3 +158,50 @@ static uint64_t bn_neg_inv_mod_r_u64(uint64_t n) { return v; } + +/* bn_mod_exp_base_2_vartime calculates r = 2**p (mod n). |p| must be larger + * than log_2(n); i.e. 2**p must be larger than |n|. |n| must be positive and + * odd. */ +int bn_mod_exp_base_2_vartime(BIGNUM *r, unsigned p, const BIGNUM *n) { + assert(!BN_is_zero(n)); + assert(!BN_is_negative(n)); + assert(BN_is_odd(n)); + + BN_zero(r); + + unsigned n_bits = BN_num_bits(n); + assert(n_bits != 0); + if (n_bits == 1) { + return 1; + } + + /* Set |r| to the smallest power of two larger than |n|. */ + assert(p > n_bits); + if (!BN_set_bit(r, n_bits)) { + return 0; + } + + /* Unconditionally reduce |r|. */ + assert(BN_cmp(r, n) > 0); + if (!BN_usub(r, r, n)) { + return 0; + } + assert(BN_cmp(r, n) < 0); + + for (unsigned i = n_bits; i < p; ++i) { + /* This is like |BN_mod_lshift1_quick| except using |BN_usub|. + * + * TODO: Replace this with the use of a constant-time variant of + * |BN_mod_lshift1_quick|. */ + if (!BN_lshift1(r, r)) { + return 0; + } + if (BN_cmp(r, n) >= 0) { + if (!BN_usub(r, r, n)) { + return 0; + } + } + } + + return 1; +} diff --git a/src/crypto/bn/mul.c b/src/crypto/bn/mul.c index 06e53ee0..fdf2c692 100644 --- a/src/crypto/bn/mul.c +++ b/src/crypto/bn/mul.c @@ -312,7 +312,8 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); if ((dna + dnb) < 0) { - memset(&r[2 * n2 + dna + dnb], 0, sizeof(BN_ULONG) * -(dna + dnb)); + OPENSSL_memset(&r[2 * n2 + dna + dnb], 0, + sizeof(BN_ULONG) * -(dna + dnb)); } return; } @@ -358,7 +359,7 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) { bn_mul_comba4(&(t[n2]), t, &(t[n])); } else { - memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); + OPENSSL_memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); } bn_mul_comba4(r, a, b); @@ -368,7 +369,7 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) { bn_mul_comba8(&(t[n2]), t, &(t[n])); } else { - memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); + OPENSSL_memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); } bn_mul_comba8(r, a, b); @@ -378,7 +379,7 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) { bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); } else { - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + OPENSSL_memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); } bn_mul_recursive(r, a, b, n, 0, 0, p); bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); @@ -473,7 +474,7 @@ static void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_mul_comba8(&(t[n2]), t, &(t[n])); bn_mul_comba8(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); + OPENSSL_memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); } else { p = &(t[n2 * 2]); bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); @@ -489,14 +490,15 @@ static void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, if (j == 0) { bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); - memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); + OPENSSL_memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); - memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); + OPENSSL_memset(&(r[n2 + tna + tnb]), 0, + sizeof(BN_ULONG) * (n2 - tna - tnb)); } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); + OPENSSL_memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); @@ -735,7 +737,7 @@ static void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t if (!zero) { bn_sqr_recursive(&(t[n2]), t, n, p); } else { - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + OPENSSL_memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); } bn_sqr_recursive(r, a, n, p); bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); diff --git a/src/crypto/bn/random.c b/src/crypto/bn/random.c index ecf43c16..6f922c09 100644 --- a/src/crypto/bn/random.c +++ b/src/crypto/bn/random.c @@ -115,6 +115,9 @@ #include <openssl/rand.h> #include <openssl/sha.h> +#include "../internal.h" + + int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { uint8_t *buf = NULL; int ret = 0, bit, bytes, mask; @@ -298,8 +301,8 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, OPENSSL_PUT_ERROR(BN, BN_R_PRIVATE_KEY_TOO_LARGE); goto err; } - memcpy(private_bytes, priv->d, todo); - memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); + OPENSSL_memcpy(private_bytes, priv->d, todo); + OPENSSL_memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); for (attempt = 0;; attempt++) { for (done = 0; done < num_k_bytes;) { @@ -318,7 +321,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, if (todo > SHA512_DIGEST_LENGTH) { todo = SHA512_DIGEST_LENGTH; } - memcpy(k_bytes + done, digest, todo); + OPENSSL_memcpy(k_bytes + done, digest, todo); done += todo; } diff --git a/src/crypto/bn/rsaz_exp.c b/src/crypto/bn/rsaz_exp.c index 30f08e5f..c7eed38e 100644 --- a/src/crypto/bn/rsaz_exp.c +++ b/src/crypto/bn/rsaz_exp.c @@ -251,69 +251,4 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], OPENSSL_cleanse(storage,sizeof(storage)); } -/* - * See crypto/bn/rsaz-x86_64.pl for further details. - */ -void rsaz_512_mul(void *ret,const void *a,const void *b,const void *n,BN_ULONG k); -void rsaz_512_mul_scatter4(void *ret,const void *a,const void *n,BN_ULONG k,const void *tbl,unsigned int power); -void rsaz_512_mul_gather4(void *ret,const void *a,const void *tbl,const void *n,BN_ULONG k,unsigned int power); -void rsaz_512_mul_by_one(void *ret,const void *a,const void *n,BN_ULONG k); -void rsaz_512_sqr(void *ret,const void *a,const void *n,BN_ULONG k,int cnt); -void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power); -void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power); - -void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base[8], const BN_ULONG exponent[8], - const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) -{ - alignas(64) uint8_t storage[(16*8*8) + (64 * 2)]; /* 1.2KB */ - unsigned char *table = storage; - BN_ULONG *a_inv = (BN_ULONG *)(table+16*8*8), - *temp = (BN_ULONG *)(table+16*8*8+8*8); - int index; - unsigned int wvalue; - - /* table[0] = 1_inv */ - temp[0] = 0-m[0]; temp[1] = ~m[1]; - temp[2] = ~m[2]; temp[3] = ~m[3]; - temp[4] = ~m[4]; temp[5] = ~m[5]; - temp[6] = ~m[6]; temp[7] = ~m[7]; - rsaz_512_scatter4(table, temp, 0); - - /* table [1] = a_inv^1 */ - rsaz_512_mul(a_inv, base, RR, m, k0); - rsaz_512_scatter4(table, a_inv, 1); - - /* table [2] = a_inv^2 */ - rsaz_512_sqr(temp, a_inv, m, k0, 1); - rsaz_512_scatter4(table, temp, 2); - - for (index=3; index<16; index++) - rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index); - - const uint8_t *p_str = (const uint8_t *)exponent; - - /* load first window */ - wvalue = p_str[63]; - - rsaz_512_gather4(temp, table, wvalue>>4); - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue&0xf); - - for (index=62; index>=0; index--) { - wvalue = p_str[index]; - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue>>4); - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue&0x0f); - } - - /* from Montgomery */ - rsaz_512_mul_by_one(result, temp, m, k0); - - OPENSSL_cleanse(storage,sizeof(storage)); -} - #endif /* OPENSSL_X86_64 */ diff --git a/src/crypto/bn/rsaz_exp.h b/src/crypto/bn/rsaz_exp.h index c752b45f..4a8967c3 100644 --- a/src/crypto/bn/rsaz_exp.h +++ b/src/crypto/bn/rsaz_exp.h @@ -50,7 +50,4 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0); int rsaz_avx2_eligible(void); -void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base_norm[8], const BN_ULONG exponent[8], - const BN_ULONG m_norm[8], BN_ULONG k0, const BN_ULONG RR[8]); #endif diff --git a/src/crypto/bn/shift.c b/src/crypto/bn/shift.c index 22006d1a..dc9b795d 100644 --- a/src/crypto/bn/shift.c +++ b/src/crypto/bn/shift.c @@ -94,7 +94,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { t[nw + i] = (l << lb) & BN_MASK2; } } - memset(t, 0, nw * sizeof(t[0])); + OPENSSL_memset(t, 0, nw * sizeof(t[0])); r->top = a->top + nw + 1; bn_correct_top(r); diff --git a/src/crypto/buf/buf.c b/src/crypto/buf/buf.c index efe9952a..ca1d70b0 100644 --- a/src/crypto/buf/buf.c +++ b/src/crypto/buf/buf.c @@ -61,6 +61,8 @@ #include <openssl/mem.h> #include <openssl/err.h> +#include "../internal.h" + BUF_MEM *BUF_MEM_new(void) { BUF_MEM *ret; @@ -71,7 +73,7 @@ BUF_MEM *BUF_MEM_new(void) { return NULL; } - memset(ret, 0, sizeof(BUF_MEM)); + OPENSSL_memset(ret, 0, sizeof(BUF_MEM)); return ret; } @@ -137,7 +139,7 @@ static size_t buf_mem_grow(BUF_MEM *buf, size_t len, int clean) { return 0; } if (buf->length < len) { - memset(&buf->data[buf->length], 0, len - buf->length); + OPENSSL_memset(&buf->data[buf->length], 0, len - buf->length); } buf->length = len; return len; @@ -193,7 +195,7 @@ char *BUF_strndup(const char *buf, size_t size) { return NULL; } - memcpy(ret, buf, size); + OPENSSL_memcpy(ret, buf, size); ret[size] = '\0'; return ret; } @@ -234,6 +236,6 @@ void *BUF_memdup(const void *data, size_t dst_size) { return NULL; } - memcpy(ret, data, dst_size); + OPENSSL_memcpy(ret, data, dst_size); return ret; } diff --git a/src/crypto/bytestring/asn1_compat.c b/src/crypto/bytestring/asn1_compat.c index b17d2d12..50df9cce 100644 --- a/src/crypto/bytestring/asn1_compat.c +++ b/src/crypto/bytestring/asn1_compat.c @@ -22,6 +22,7 @@ #include <openssl/mem.h> #include "internal.h" +#include "../internal.h" int CBB_finish_i2d(CBB *cbb, uint8_t **outp) { @@ -42,7 +43,7 @@ int CBB_finish_i2d(CBB *cbb, uint8_t **outp) { *outp = der; der = NULL; } else { - memcpy(*outp, der, der_len); + OPENSSL_memcpy(*outp, der, der_len); *outp += der_len; } } diff --git a/src/crypto/bytestring/ber.c b/src/crypto/bytestring/ber.c index 04fcac6a..ee3cd0a0 100644 --- a/src/crypto/bytestring/ber.c +++ b/src/crypto/bytestring/ber.c @@ -18,6 +18,7 @@ #include <string.h> #include "internal.h" +#include "../internal.h" /* kMaxDepth is a just a sanity limit. The code should be such that the length @@ -100,7 +101,7 @@ static int cbs_find_ber(const CBS *orig_in, char *ber_found, unsigned depth) { * |CBS_get_any_ber_asn1_element|, indicate an "end of contents" (EOC) value. */ static char is_eoc(size_t header_len, CBS *contents) { return header_len == 2 && CBS_len(contents) == 2 && - memcmp(CBS_data(contents), "\x00\x00", 2) == 0; + OPENSSL_memcmp(CBS_data(contents), "\x00\x00", 2) == 0; } /* cbs_convert_ber reads BER data from |in| and writes DER data to |out|. If diff --git a/src/crypto/bytestring/bytestring_test.cc b/src/crypto/bytestring/bytestring_test.cc index b2b20d7d..6ec6fcf9 100644 --- a/src/crypto/bytestring/bytestring_test.cc +++ b/src/crypto/bytestring/bytestring_test.cc @@ -132,7 +132,7 @@ static bool TestGetASN1() { } if (!CBS_get_asn1(&data, &contents, 0x30) || CBS_len(&contents) != 2 || - memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { + OPENSSL_memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { return false; } @@ -193,7 +193,7 @@ static bool TestGetASN1() { !CBS_get_optional_asn1(&data, &contents, &present, 0xa1) || !present || CBS_len(&contents) != 3 || - memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) { + OPENSSL_memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) { return false; } @@ -235,7 +235,7 @@ static bool TestGetASN1() { if (!CBS_get_any_asn1(&data, &contents, &tag) || tag != CBS_ASN1_SEQUENCE || CBS_len(&contents) != 2 || - memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { + OPENSSL_memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { return false; } @@ -245,7 +245,7 @@ static bool TestGetASN1() { tag != CBS_ASN1_SEQUENCE || header_len != 2 || CBS_len(&contents) != 4 || - memcmp(CBS_data(&contents), "\x30\x02\x01\x02", 2) != 0) { + OPENSSL_memcmp(CBS_data(&contents), "\x30\x02\x01\x02", 2) != 0) { return false; } @@ -312,7 +312,8 @@ static bool TestCBBBasic() { } bssl::UniquePtr<uint8_t> scoper(buf); - return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; + return buf_len == sizeof(kExpected) && + OPENSSL_memcmp(buf, kExpected, buf_len) == 0; } static bool TestCBBFixed() { @@ -396,7 +397,8 @@ static bool TestCBBPrefixed() { } bssl::UniquePtr<uint8_t> scoper(buf); - return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; + return buf_len == sizeof(kExpected) && + OPENSSL_memcmp(buf, kExpected, buf_len) == 0; } static bool TestCBBDiscardChild() { @@ -445,7 +447,8 @@ static bool TestCBBDiscardChild() { 0, 0, 3, 0xdd, 0xdd, 0xdd, 1, 0xff, }; - return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; + return buf_len == sizeof(kExpected) && + OPENSSL_memcmp(buf, kExpected, buf_len) == 0; } static bool TestCBBMisuse() { @@ -484,7 +487,7 @@ static bool TestCBBMisuse() { bssl::UniquePtr<uint8_t> scoper(buf); if (buf_len != 3 || - memcmp(buf, "\x01\x01\x02", 3) != 0) { + OPENSSL_memcmp(buf, "\x01\x01\x02", 3) != 0) { return false; } return true; @@ -507,7 +510,8 @@ static bool TestCBBASN1() { } bssl::UniquePtr<uint8_t> scoper(buf); - if (buf_len != sizeof(kExpected) || memcmp(buf, kExpected, buf_len) != 0) { + if (buf_len != sizeof(kExpected) || + OPENSSL_memcmp(buf, kExpected, buf_len) != 0) { return false; } @@ -525,8 +529,8 @@ static bool TestCBBASN1() { scoper.reset(buf); if (buf_len != 3 + 130 || - memcmp(buf, "\x30\x81\x82", 3) != 0 || - memcmp(buf + 3, test_data.data(), 130) != 0) { + OPENSSL_memcmp(buf, "\x30\x81\x82", 3) != 0 || + OPENSSL_memcmp(buf + 3, test_data.data(), 130) != 0) { return false; } @@ -542,8 +546,8 @@ static bool TestCBBASN1() { scoper.reset(buf); if (buf_len != 4 + 1000 || - memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 || - memcmp(buf + 4, test_data.data(), 1000)) { + OPENSSL_memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 || + OPENSSL_memcmp(buf + 4, test_data.data(), 1000)) { return false; } @@ -560,8 +564,9 @@ static bool TestCBBASN1() { scoper.reset(buf); if (buf_len != 5 + 5 + 100000 || - memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 || - memcmp(buf + 10, test_data.data(), 100000)) { + OPENSSL_memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != + 0 || + OPENSSL_memcmp(buf + 10, test_data.data(), 100000)) { return false; } @@ -584,7 +589,7 @@ static bool DoBerConvert(const char *name, if (out == NULL) { if (ber_len != der_len || - memcmp(der_expected, ber, ber_len) != 0) { + OPENSSL_memcmp(der_expected, ber, ber_len) != 0) { fprintf(stderr, "%s: incorrect unconverted result.\n", name); return false; } @@ -593,7 +598,7 @@ static bool DoBerConvert(const char *name, } if (out_len != der_len || - memcmp(out, der_expected, der_len) != 0) { + OPENSSL_memcmp(out, der_expected, der_len) != 0) { fprintf(stderr, "%s: incorrect converted result.\n", name); return false; } @@ -702,7 +707,7 @@ static bool TestImplicitString() { } if (ok && (CBS_len(&out) != test.out_len || - memcmp(CBS_data(&out), test.out, test.out_len) != 0)) { + OPENSSL_memcmp(CBS_data(&out), test.out, test.out_len) != 0)) { fprintf(stderr, "CBS_get_asn1_implicit_string gave the wrong output\n"); return false; } @@ -772,7 +777,8 @@ static bool TestASN1Uint64() { return false; } bssl::UniquePtr<uint8_t> scoper(out); - if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) { + if (len != test->encoding_len || + OPENSSL_memcmp(out, test->encoding, len) != 0) { return false; } } @@ -907,7 +913,7 @@ static bool TestBitString() { static const std::vector<uint8_t> kInvalidBitStrings[] = { // BIT STRINGs always have a leading byte. - {}, + std::vector<uint8_t>{}, // It's not possible to take an unused bit off the empty string. {0x01}, // There can be at most 7 unused bits. diff --git a/src/crypto/bytestring/cbb.c b/src/crypto/bytestring/cbb.c index 2d65be87..14116be5 100644 --- a/src/crypto/bytestring/cbb.c +++ b/src/crypto/bytestring/cbb.c @@ -19,9 +19,11 @@ #include <openssl/mem.h> +#include "../internal.h" + void CBB_zero(CBB *cbb) { - memset(cbb, 0, sizeof(CBB)); + OPENSSL_memset(cbb, 0, sizeof(CBB)); } static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) { @@ -252,8 +254,8 @@ int CBB_flush(CBB *cbb) { if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) { goto err; } - memmove(cbb->base->buf + child_start + extra_bytes, - cbb->base->buf + child_start, len); + OPENSSL_memmove(cbb->base->buf + child_start + extra_bytes, + cbb->base->buf + child_start, len); } cbb->base->buf[cbb->child->offset++] = initial_length_byte; cbb->child->pending_len_len = len_len - 1; @@ -303,8 +305,8 @@ static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, return 0; } - memset(prefix_bytes, 0, len_len); - memset(out_contents, 0, sizeof(CBB)); + OPENSSL_memset(prefix_bytes, 0, len_len); + OPENSSL_memset(out_contents, 0, sizeof(CBB)); out_contents->base = cbb->base; cbb->child = out_contents; cbb->child->offset = offset; @@ -346,7 +348,7 @@ int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) { return 0; } - memset(out_contents, 0, sizeof(CBB)); + OPENSSL_memset(out_contents, 0, sizeof(CBB)); out_contents->base = cbb->base; cbb->child = out_contents; cbb->child->offset = offset; @@ -363,7 +365,7 @@ int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) { !cbb_buffer_add(cbb->base, &dest, len)) { return 0; } - memcpy(dest, data, len); + OPENSSL_memcpy(dest, data, len); return 1; } diff --git a/src/crypto/bytestring/cbs.c b/src/crypto/bytestring/cbs.c index 132fe031..14c55a4d 100644 --- a/src/crypto/bytestring/cbs.c +++ b/src/crypto/bytestring/cbs.c @@ -20,6 +20,7 @@ #include <string.h> #include "internal.h" +#include "../internal.h" void CBS_init(CBS *cbs, const uint8_t *data, size_t len) { @@ -76,7 +77,7 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) { } int CBS_contains_zero_byte(const CBS *cbs) { - return memchr(cbs->data, 0, cbs->len) != NULL; + return OPENSSL_memchr(cbs->data, 0, cbs->len) != NULL; } int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) { @@ -150,7 +151,7 @@ int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) { if (!cbs_get(cbs, &v, len)) { return 0; } - memcpy(out, v, len); + OPENSSL_memcpy(out, v, len); return 1; } diff --git a/src/crypto/chacha/chacha.c b/src/crypto/chacha/chacha.c index feaa98ab..fe32596a 100644 --- a/src/crypto/chacha/chacha.c +++ b/src/crypto/chacha/chacha.c @@ -96,7 +96,7 @@ static void chacha_core(uint8_t output[64], const uint32_t input[16]) { uint32_t x[16]; int i; - memcpy(x, input, sizeof(uint32_t) * 16); + OPENSSL_memcpy(x, input, sizeof(uint32_t) * 16); for (i = 20; i > 0; i -= 2) { QUARTERROUND(0, 4, 8, 12) QUARTERROUND(1, 5, 9, 13) diff --git a/src/crypto/chacha/chacha_test.cc b/src/crypto/chacha/chacha_test.cc index 0a5972f7..6bfb03eb 100644 --- a/src/crypto/chacha/chacha_test.cc +++ b/src/crypto/chacha/chacha_test.cc @@ -21,6 +21,8 @@ #include <openssl/crypto.h> #include <openssl/chacha.h> +#include "../internal.h" + static const uint8_t kKey[32] = { 0x98, 0xbe, 0xf1, 0x46, 0x9b, 0xe7, 0x26, 0x98, 0x37, 0xa4, 0x5b, @@ -217,15 +219,15 @@ static_assert(sizeof(kInput) == sizeof(kOutput), static bool TestChaCha20(size_t len) { std::unique_ptr<uint8_t[]> buf(new uint8_t[len]); CRYPTO_chacha_20(buf.get(), kInput, len, kKey, kNonce, kCounter); - if (memcmp(buf.get(), kOutput, len) != 0) { + if (OPENSSL_memcmp(buf.get(), kOutput, len) != 0) { fprintf(stderr, "Mismatch at length %zu.\n", len); return false; } // Test in-place. - memcpy(buf.get(), kInput, len); + OPENSSL_memcpy(buf.get(), kInput, len); CRYPTO_chacha_20(buf.get(), buf.get(), len, kKey, kNonce, kCounter); - if (memcmp(buf.get(), kOutput, len) != 0) { + if (OPENSSL_memcmp(buf.get(), kOutput, len) != 0) { fprintf(stderr, "Mismatch at length %zu, in-place.\n", len); return false; } diff --git a/src/crypto/cipher/aead.c b/src/crypto/cipher/aead.c index 2d567158..b5ff48a0 100644 --- a/src/crypto/cipher/aead.c +++ b/src/crypto/cipher/aead.c @@ -32,7 +32,7 @@ size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead) { return aead->overhead; } size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; } void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) { - memset(ctx, 0, sizeof(EVP_AEAD_CTX)); + OPENSSL_memset(ctx, 0, sizeof(EVP_AEAD_CTX)); } int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, @@ -116,7 +116,7 @@ int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, error: /* In the event of an error, clear the output buffer so that a caller * that doesn't check the return value doesn't send raw data. */ - memset(out, 0, max_out_len); + OPENSSL_memset(out, 0, max_out_len); *out_len = 0; return 0; } @@ -139,7 +139,7 @@ error: /* In the event of an error, clear the output buffer so that a caller * that doesn't check the return value doesn't try and process bad * data. */ - memset(out, 0, max_out_len); + OPENSSL_memset(out, 0, max_out_len); *out_len = 0; return 0; } diff --git a/src/crypto/cipher/aead_test.cc b/src/crypto/cipher/aead_test.cc index 313f0411..0c95fb42 100644 --- a/src/crypto/cipher/aead_test.cc +++ b/src/crypto/cipher/aead_test.cc @@ -21,6 +21,7 @@ #include <openssl/crypto.h> #include <openssl/err.h> +#include "../internal.h" #include "../test/file_test.h" @@ -86,8 +87,8 @@ static bool TestAEAD(FileTest *t, void *arg) { } } else { out.resize(ct.size() + tag.size()); - memcpy(out.data(), ct.data(), ct.size()); - memcpy(out.data() + ct.size(), tag.data(), tag.size()); + OPENSSL_memcpy(out.data(), ct.data(), ct.size()); + OPENSSL_memcpy(out.data() + ct.size(), tag.data(), tag.size()); } // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be @@ -170,7 +171,7 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) { EVP_AEAD_CTX ctx; uint8_t key[128]; - memset(key, 0, sizeof(key)); + OPENSSL_memset(key, 0, sizeof(key)); const size_t key_len = EVP_AEAD_key_length(aead); if (key_len > sizeof(key)) { fprintf(stderr, "Key length of AEAD too long.\n"); @@ -239,7 +240,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) { uint8_t *out1 = buffer.data(); uint8_t *out2 = buffer.data() + 2; - memcpy(in, kPlaintext, sizeof(kPlaintext)); + OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext)); size_t out_len; if (EVP_AEAD_CTX_seal(ctx.get(), out1, &out_len, sizeof(kPlaintext) + max_overhead, nonce.data(), @@ -252,7 +253,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) { } ERR_clear_error(); - memcpy(in, valid_encryption.data(), valid_encryption_len); + OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len); if (EVP_AEAD_CTX_open(ctx.get(), out1, &out_len, valid_encryption_len, nonce.data(), nonce_len, in, valid_encryption_len, nullptr, 0) || @@ -265,7 +266,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) { ERR_clear_error(); // Test with out == in, which we expect to work. - memcpy(in, kPlaintext, sizeof(kPlaintext)); + OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext)); if (!EVP_AEAD_CTX_seal(ctx.get(), in, &out_len, sizeof(kPlaintext) + max_overhead, nonce.data(), @@ -275,12 +276,12 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) { } if (out_len != valid_encryption_len || - memcmp(in, valid_encryption.data(), out_len) != 0) { + OPENSSL_memcmp(in, valid_encryption.data(), out_len) != 0) { fprintf(stderr, "EVP_AEAD_CTX_seal produced bad output in-place.\n"); return false; } - memcpy(in, valid_encryption.data(), valid_encryption_len); + OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len); if (!EVP_AEAD_CTX_open(ctx.get(), in, &out_len, valid_encryption_len, nonce.data(), nonce_len, in, valid_encryption_len, nullptr, 0)) { @@ -289,7 +290,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) { } if (out_len != sizeof(kPlaintext) || - memcmp(in, kPlaintext, out_len) != 0) { + OPENSSL_memcmp(in, kPlaintext, out_len) != 0) { fprintf(stderr, "EVP_AEAD_CTX_open produced bad output in-place.\n"); return false; } diff --git a/src/crypto/cipher/cipher.c b/src/crypto/cipher/cipher.c index f61c59f4..ae045aef 100644 --- a/src/crypto/cipher/cipher.c +++ b/src/crypto/cipher/cipher.c @@ -64,6 +64,7 @@ #include <openssl/nid.h> #include "internal.h" +#include "../internal.h" const EVP_CIPHER *EVP_get_cipherbynid(int nid) { @@ -88,7 +89,7 @@ const EVP_CIPHER *EVP_get_cipherbynid(int nid) { } void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); + OPENSSL_memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); } EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -108,7 +109,7 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { } OPENSSL_free(c->cipher_data); - memset(c, 0, sizeof(EVP_CIPHER_CTX)); + OPENSSL_memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } @@ -126,7 +127,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { } EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof(EVP_CIPHER_CTX)); + OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX)); if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); @@ -134,7 +135,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } - memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); + OPENSSL_memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); } if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { @@ -210,9 +211,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case EVP_CIPH_CBC_MODE: assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); if (iv) { - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + OPENSSL_memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); } - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + OPENSSL_memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; case EVP_CIPH_CTR_MODE: @@ -220,7 +221,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->num = 0; /* Don't reuse IV for CTR mode */ if (iv) { - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + OPENSSL_memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); } break; @@ -285,13 +286,13 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len, assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (bl - i > in_len) { - memcpy(&ctx->buf[i], in, in_len); + OPENSSL_memcpy(&ctx->buf[i], in, in_len); ctx->buf_len += in_len; *out_len = 0; return 1; } else { j = bl - i; - memcpy(&ctx->buf[i], in, j); + OPENSSL_memcpy(&ctx->buf[i], in, j); if (!ctx->cipher->cipher(ctx, out, ctx->buf, bl)) { return 0; } @@ -314,7 +315,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len, } if (i != 0) { - memcpy(ctx->buf, &in[in_len], i); + OPENSSL_memcpy(ctx->buf, &in[in_len], i); } ctx->buf_len = i; return 1; @@ -393,7 +394,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len, assert(b <= sizeof(ctx->final)); if (ctx->final_used) { - memcpy(out, ctx->final, b); + OPENSSL_memcpy(out, ctx->final, b); out += b; fix_len = 1; } else { @@ -409,7 +410,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len, if (b > 1 && !ctx->buf_len) { *out_len -= b; ctx->final_used = 1; - memcpy(ctx->final, &out[*out_len], b); + OPENSSL_memcpy(ctx->final, &out[*out_len], b); } else { ctx->final_used = 0; } diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index f99022ff..0e9a7cd7 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -479,7 +479,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, if (gctx->key_set) { CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); } else { - memcpy(gctx->iv, iv, gctx->ivlen); + OPENSSL_memcpy(gctx->iv, iv, gctx->ivlen); } gctx->iv_set = 1; gctx->iv_gen = 0; @@ -545,7 +545,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (arg <= 0 || arg > 16 || c->encrypt) { return 0; } - memcpy(c->buf, ptr, arg); + OPENSSL_memcpy(c->buf, ptr, arg); gctx->taglen = arg; return 1; @@ -553,13 +553,13 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) { return 0; } - memcpy(ptr, c->buf, arg); + OPENSSL_memcpy(ptr, c->buf, arg); return 1; case EVP_CTRL_GCM_SET_IV_FIXED: /* Special case: -1 length restores whole IV */ if (arg == -1) { - memcpy(gctx->iv, ptr, gctx->ivlen); + OPENSSL_memcpy(gctx->iv, ptr, gctx->ivlen); gctx->iv_gen = 1; return 1; } @@ -569,7 +569,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { return 0; } if (arg) { - memcpy(gctx->iv, ptr, arg); + OPENSSL_memcpy(gctx->iv, ptr, arg); } if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) { return 0; @@ -585,7 +585,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (arg <= 0 || arg > gctx->ivlen) { arg = gctx->ivlen; } - memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); + OPENSSL_memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); /* Invocation field will be at least 8 bytes in size and * so no need to check wrap around or increment more than * last 8 bytes. */ @@ -597,7 +597,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) { return 0; } - memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); + OPENSSL_memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen); gctx->iv_set = 1; return 1; @@ -612,7 +612,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (!gctx_out->iv) { return 0; } - memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); + OPENSSL_memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); } return 1; } @@ -860,7 +860,7 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, if (gctx->key_set) { CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); } else { - memcpy(gctx->iv, iv, gctx->ivlen); + OPENSSL_memcpy(gctx->iv, iv, gctx->ivlen); } gctx->iv_set = 1; gctx->iv_gen = 0; @@ -1073,7 +1073,7 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, const AES_KEY *key = &gcm_ctx->ks.ks; - memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); + OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { @@ -1120,7 +1120,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const AES_KEY *key = &gcm_ctx->ks.ks; - memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); + OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { @@ -1198,8 +1198,8 @@ static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer, const uint8_t hmac_key[32]) { static const size_t hmac_key_len = 32; uint8_t block[SHA256_CBLOCK]; - memcpy(block, hmac_key, hmac_key_len); - memset(block + hmac_key_len, 0x36, sizeof(block) - hmac_key_len); + OPENSSL_memcpy(block, hmac_key, hmac_key_len); + OPENSSL_memset(block + hmac_key_len, 0x36, sizeof(block) - hmac_key_len); unsigned i; for (i = 0; i < hmac_key_len; i++) { @@ -1209,7 +1209,7 @@ static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer, SHA256_Init(out_inner); SHA256_Update(out_inner, block, sizeof(block)); - memset(block + hmac_key_len, 0x5c, sizeof(block) - hmac_key_len); + OPENSSL_memset(block + hmac_key_len, 0x5c, sizeof(block) - hmac_key_len); for (i = 0; i < hmac_key_len; i++) { block[i] ^= (0x36 ^ 0x5c); } @@ -1284,7 +1284,7 @@ static void hmac_calculate(uint8_t out[SHA256_DIGEST_LENGTH], const uint8_t *nonce, const uint8_t *ciphertext, size_t ciphertext_len) { SHA256_CTX sha256; - memcpy(&sha256, inner_init_state, sizeof(sha256)); + OPENSSL_memcpy(&sha256, inner_init_state, sizeof(sha256)); hmac_update_uint64(&sha256, ad_len); hmac_update_uint64(&sha256, ciphertext_len); SHA256_Update(&sha256, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); @@ -1297,7 +1297,7 @@ static void hmac_calculate(uint8_t out[SHA256_DIGEST_LENGTH], SHA256_CBLOCK)) % SHA256_CBLOCK; uint8_t padding[SHA256_CBLOCK]; - memset(padding, 0, num_padding); + OPENSSL_memset(padding, 0, num_padding); SHA256_Update(&sha256, padding, num_padding); SHA256_Update(&sha256, ciphertext, ciphertext_len); @@ -1305,7 +1305,7 @@ static void hmac_calculate(uint8_t out[SHA256_DIGEST_LENGTH], uint8_t inner_digest[SHA256_DIGEST_LENGTH]; SHA256_Final(inner_digest, &sha256); - memcpy(&sha256, outer_init_state, sizeof(sha256)); + OPENSSL_memcpy(&sha256, outer_init_state, sizeof(sha256)); SHA256_Update(&sha256, inner_digest, sizeof(inner_digest)); SHA256_Final(out, &sha256); } @@ -1317,11 +1317,11 @@ static void aead_aes_ctr_hmac_sha256_crypt( * bytes is pointless. However, |CRYPTO_ctr128_encrypt| requires it. */ uint8_t partial_block_buffer[AES_BLOCK_SIZE]; unsigned partial_block_offset = 0; - memset(partial_block_buffer, 0, sizeof(partial_block_buffer)); + OPENSSL_memset(partial_block_buffer, 0, sizeof(partial_block_buffer)); uint8_t counter[AES_BLOCK_SIZE]; - memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); - memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4); + OPENSSL_memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); + OPENSSL_memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4); if (aes_ctx->ctr) { CRYPTO_ctr128_encrypt_ctr32(in, out, len, &aes_ctx->ks.ks, counter, @@ -1364,7 +1364,7 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t hmac_result[SHA256_DIGEST_LENGTH]; hmac_calculate(hmac_result, &aes_ctx->inner_init_state, &aes_ctx->outer_init_state, ad, ad_len, nonce, out, in_len); - memcpy(out + in_len, hmac_result, aes_ctx->tag_len); + OPENSSL_memcpy(out + in_len, hmac_result, aes_ctx->tag_len); *out_len = in_len + aes_ctx->tag_len; return 1; @@ -1482,7 +1482,7 @@ static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key, if (gcm_siv_ctx == NULL) { return 0; } - memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx)); + OPENSSL_memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx)); if (aesni_capable()) { aesni_set_encrypt_key(key, key_len * 8, &gcm_siv_ctx->ks.ks); @@ -1525,7 +1525,7 @@ static void gcm_siv_crypt(uint8_t *out, const uint8_t *in, size_t in_len, uint8_t c[16]; } counter; - memcpy(counter.c, initial_counter, AES_BLOCK_SIZE); + OPENSSL_memcpy(counter.c, initial_counter, AES_BLOCK_SIZE); counter.c[15] |= 0x80; for (size_t done = 0; done < in_len;) { @@ -1558,15 +1558,15 @@ static void gcm_siv_polyval(uint8_t out_tag[16], const uint8_t *in, uint8_t scratch[16]; if (ad_len & 15) { - memset(scratch, 0, sizeof(scratch)); - memcpy(scratch, &ad[ad_len & ~15], ad_len & 15); + OPENSSL_memset(scratch, 0, sizeof(scratch)); + OPENSSL_memcpy(scratch, &ad[ad_len & ~15], ad_len & 15); CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch)); } CRYPTO_POLYVAL_update_blocks(&polyval_ctx, in, in_len & ~15); if (in_len & 15) { - memset(scratch, 0, sizeof(scratch)); - memcpy(scratch, &in[in_len & ~15], in_len & 15); + OPENSSL_memset(scratch, 0, sizeof(scratch)); + OPENSSL_memcpy(scratch, &in[in_len & ~15], in_len & 15); CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch)); } @@ -1655,7 +1655,7 @@ static int aead_aes_gcm_siv_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, gcm_siv_crypt(out, in, in_len, tag, keys.enc_block, &keys.enc_key.ks); - memcpy(&out[in_len], tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN); + OPENSSL_memcpy(&out[in_len], tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN); *out_len = in_len + EVP_AEAD_AES_GCM_SIV_TAG_LEN; return 1; diff --git a/src/crypto/cipher/e_chacha20poly1305.c b/src/crypto/cipher/e_chacha20poly1305.c index 9c80ba1a..ed0d74c5 100644 --- a/src/crypto/cipher/e_chacha20poly1305.c +++ b/src/crypto/cipher/e_chacha20poly1305.c @@ -55,7 +55,7 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key, return 0; } - memcpy(c20_ctx->key, key, key_len); + OPENSSL_memcpy(c20_ctx->key, key, key_len); c20_ctx->tag_len = tag_len; ctx->aead_state = c20_ctx; @@ -94,7 +94,7 @@ static void aead_poly1305(aead_poly1305_update update, size_t ad_len, const uint8_t *ciphertext, size_t ciphertext_len) { alignas(16) uint8_t poly1305_key[32]; - memset(poly1305_key, 0, sizeof(poly1305_key)); + OPENSSL_memset(poly1305_key, 0, sizeof(poly1305_key)); CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), c20_ctx->key, nonce, 0); poly1305_state ctx; @@ -137,7 +137,7 @@ static int seal_impl(aead_poly1305_update poly1305_update, alignas(16) uint8_t tag[POLY1305_TAG_LEN]; aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, out, in_len); - memcpy(out + in_len, tag, c20_ctx->tag_len); + OPENSSL_memcpy(out + in_len, tag, c20_ctx->tag_len); *out_len = in_len + c20_ctx->tag_len; return 1; } @@ -261,8 +261,8 @@ static int aead_chacha20_poly1305_old_seal( return 0; } uint8_t nonce_96[12]; - memset(nonce_96, 0, 4); - memcpy(nonce_96 + 4, nonce, 8); + OPENSSL_memset(nonce_96, 0, 4); + OPENSSL_memcpy(nonce_96 + 4, nonce, 8); return seal_impl(poly1305_update_old, ctx, out, out_len, max_out_len, nonce_96, in, in_len, ad, ad_len); } @@ -276,8 +276,8 @@ static int aead_chacha20_poly1305_old_open( return 0; } uint8_t nonce_96[12]; - memset(nonce_96, 0, 4); - memcpy(nonce_96 + 4, nonce, 8); + OPENSSL_memset(nonce_96, 0, 4); + OPENSSL_memcpy(nonce_96 + 4, nonce, 8); return open_impl(poly1305_update_old, ctx, out, out_len, max_out_len, nonce_96, in, in_len, ad, ad_len); } diff --git a/src/crypto/cipher/e_null.c b/src/crypto/cipher/e_null.c index 3d6a24c3..9f893085 100644 --- a/src/crypto/cipher/e_null.c +++ b/src/crypto/cipher/e_null.c @@ -60,6 +60,7 @@ #include <openssl/nid.h> +#include "../internal.h" #include "internal.h" @@ -71,7 +72,7 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t in_len) { if (in != out) { - memcpy(out, in, in_len); + OPENSSL_memcpy(out, in, in_len); } return 1; } diff --git a/src/crypto/cipher/e_ssl3.c b/src/crypto/cipher/e_ssl3.c index ef87594b..f1dad2ba 100644 --- a/src/crypto/cipher/e_ssl3.c +++ b/src/crypto/cipher/e_ssl3.c @@ -25,6 +25,7 @@ #include <openssl/sha.h> #include "internal.h" +#include "../internal.h" typedef struct { @@ -49,7 +50,7 @@ static int ssl3_mac(AEAD_SSL3_CTX *ssl3_ctx, uint8_t *out, unsigned *out_len, uint8_t pad[48]; uint8_t tmp[EVP_MAX_MD_SIZE]; - memset(pad, 0x36, pad_len); + OPENSSL_memset(pad, 0x36, pad_len); if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) || !EVP_DigestUpdate(&md_ctx, pad, pad_len) || !EVP_DigestUpdate(&md_ctx, ad, ad_len) || @@ -60,7 +61,7 @@ static int ssl3_mac(AEAD_SSL3_CTX *ssl3_ctx, uint8_t *out, unsigned *out_len, return 0; } - memset(pad, 0x5c, pad_len); + OPENSSL_memset(pad, 0x5c, pad_len); if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) || !EVP_DigestUpdate(&md_ctx, pad, pad_len) || !EVP_DigestUpdate(&md_ctx, tmp, md_size) || @@ -188,7 +189,7 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, /* Compute padding and feed that into the cipher. */ uint8_t padding[256]; unsigned padding_len = block_size - ((in_len + mac_len) % block_size); - memset(padding, 0, padding_len - 1); + OPENSSL_memset(padding, 0, padding_len - 1); padding[padding_len - 1] = padding_len - 1; if (!EVP_EncryptUpdate(&ssl3_ctx->cipher_ctx, out + total, &len, padding, (int)padding_len)) { diff --git a/src/crypto/cipher/e_tls.c b/src/crypto/cipher/e_tls.c index c0d18fdb..7d9bbeea 100644 --- a/src/crypto/cipher/e_tls.c +++ b/src/crypto/cipher/e_tls.c @@ -80,7 +80,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx); HMAC_CTX_init(&tls_ctx->hmac_ctx); assert(mac_key_len <= EVP_MAX_MD_SIZE); - memcpy(tls_ctx->mac_key, key, mac_key_len); + OPENSSL_memcpy(tls_ctx->mac_key, key, mac_key_len); tls_ctx->mac_key_len = (uint8_t)mac_key_len; tls_ctx->implicit_iv = implicit_iv; @@ -182,7 +182,7 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, /* Compute padding and feed that into the cipher. */ uint8_t padding[256]; unsigned padding_len = block_size - ((in_len + mac_len) % block_size); - memset(padding, padding_len - 1, padding_len); + OPENSSL_memset(padding, padding_len - 1, padding_len); if (!EVP_EncryptUpdate(&tls_ctx->cipher_ctx, out + total, &len, padding, (int)padding_len)) { return 0; @@ -288,7 +288,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, /* To allow for CBC mode which changes cipher length, |ad| doesn't include the * length for legacy ciphers. */ uint8_t ad_fixed[13]; - memcpy(ad_fixed, ad, 11); + OPENSSL_memcpy(ad_fixed, ad, 11); ad_fixed[11] = (uint8_t)(data_len >> 8); ad_fixed[12] = (uint8_t)(data_len & 0xff); ad_len += 2; diff --git a/src/crypto/cipher/test/aes_128_gcm_siv_tests.txt b/src/crypto/cipher/test/aes_128_gcm_siv_tests.txt index a929b593..faf97c18 100644 --- a/src/crypto/cipher/test/aes_128_gcm_siv_tests.txt +++ b/src/crypto/cipher/test/aes_128_gcm_siv_tests.txt @@ -234,3 +234,12 @@ IN: 030000000000000000000000000000000400 AD: 0100000000000000000000000000000002000000 CT: b26d43ae158316ac37f41579ccf1d461274e TAG: 13b7c01d08dd6969d51d1bf0fbbdc4d2 + +# Sample large random test vector. + +KEY: ee0f62a965fa640d1c95d79b215dca71 +NONCE: 7df5a22c91e6b6f37594dfef54847bd9 +IN: 5d90037e677666fbc0215305096301d852609e1380992d8c2e3594344a7f9a0521fdeda53de07d3184d590667fc7151a93ba097f20c67da0b1da8c23bd05887a4b66ab50333874819035eafd775fcfa86b380968f15d8cd46483d418b2c074f0dc18407108f63abe89c5448e83d064b6544a275dd75a21dd0241dafa086beb8446f398f6c1b2b117ad6f2cdb04031640852b5e15560d39b8d9088824f728ae66b2214e4cd70f60174313a5f0286741caeb4b66d0513b63c4a1325306f79f1f79bb28ccf6448fa3160876eefd85ca03c196a3e5568b0f3c818e7cf9d661423ed6a50a6911d52217a1b81e94ba040f336e74ac71b33964c3a7d960a32c255e22fcb7dcc41b9b136815b784ce4015b61b55e305e2ab1f96d17b561eb0281476cbaec54e942a186fbf3df92358960182c3c034066364e80fa492b36d36ee68f2738220f249a69f24405fe9995dab0b0b338ee68d85f0e59870903ca9d02f32ee6a24efc85434610586470b938daa9d14206c360339f7ec50857f4e5075a29bb51720d9a6f399f7b8bd45b402b0eed8f6e427d5dd358a0c3f10a58582be8934ebd7903497cc6622a977d6045f97a58f5ed7a3470583ebf88f71150499047e4b624f8018cffaca0d5a9db7f73da2db6770c98cd628d2d6682a4c41d584f37ea0ff7e8763616a548027e29cb3ec3e02a82eab205f7af46b6c9b02a15de54fc301a9845d50396cf3826b23296c360fafbaf65e5f48c4998085d7dac07736b106a8bb1e8e69dca15464d1bf156a5f84b62170f680826dcca7bf1c126cdb70dc872a005806d423cee46ab0d84d2d8d490c8eaec8b17b12913d4856c59f5348c6956c96a32595eef8c89ee5ae99706c92e748714dae4ae45685710261cd66d3ef93ed01bb862bfeb3b4fb5074ffec5517c8845173fde2774cd3b5a25cc1dc11d833c29614b7272bf213aeb19f83603aee97a9bc43e8b88c8789c520f634028cce2b0be343e74c8c341a153a36f797f38a4ebb53589e45f1e64299fedd2e9bbdeb9ad9ab4e2eccb4bd2b57000a5d7b064e6b6fb5cb9c743d6afe697bac549ade238c7a3a094e799e9c7e6cef6e6d4b8c8f1d862bc8ab9b96238c7d5393b2f684c5b4826df6c5f48cadb43fd6d6cb189ca56125bfee9dd44d22a2e28d7a9e63565321c9ecad96b3ae7376c984c44cab978002ff78d947230fe15918b3a73232ff5c05586c4b0e2e0d737be6abef80414b008ad2deea1944a4248f02063500a9276217ceabeca39ec4d6af647395a9c91401dcbe8f9645ef97eca5624029f942cc9979fd31636d65ed181a65763c5c16e65f8673a3cc6143ede8144d894559dedfac3000e8d86590b0ced25dd8666d71f237fd3511d7f8a20dbb4e95e3aca9807a2351bf705a7eec5a80f2b390ef9df496c5cd7ca9f5d8846df291025beb9781c793613efe7798 +AD: 4b7531e0a946b20c80f70dea4d437833f3dd26ae6f6dc37b7b99e82122acf2b7975f6d8efcb7ec4c6ff3c0ce4a5864adba0e658aeb8d9b839f3509f033827bc69a1ab080a0a1cc63559b00a3a259c53c145b0282f5e56930fc35b11c83b6564f2e80f186c2ef2e8886641fe6c4966dc9f86c567e73902d1a8fc33be1551e8359aa585bd2b8da83c0cd78a086cdebf8904d1b66a2fee176fa19714f062b752653d75a0e441ff7fba0c5a0cb6ded48f68b38af82faa985f9d97ba3c0978e1d23d8eb8899072fbec9379ca5f2b91293cb57eac81a6d711f9cccb36ff16b0de86d27d62e136ddbc1a2be38d5a1284e4620f4f9ab1f16729630e16dd2901f24f5ad6e +CT: 1b5a273ee4e1f87516bb711bd97c559fd5139286d90d3f64813f88c697ff448c7ce57ff3a2b70479c0f904f0c6de92234ef72b4ad62038a32108804042e07ad94e49a327bd28f1c49786c2b1537392c582031f52e3bd27336dab9d237ce47ffd0c8002b60b1055226cf28c6d99be0e4f75afb72c6953ffa0b033f74304efe19601d34dfda29874efdc9ebfa74c9d55c7273561c46b7cd4d631ab05ca7172111c13f0703ff9cec063988b7bf1bd9557b8d8a914162d2f31113f1682e951acaba4a314aabf901bdc5117184109fca1cecfe552f2e7d003eab51ceb992c2bb11245e1cd7e230398a3d18bab59c9acf033bde779166bfd3f98792902f84e4ef32cf5f410af2cec9cbe67ebb28f3fceb497abf4b1c240cab4852d840de9dec20f0e21853be6227784beee276ea3a4c6092654f7d62af614e5ea976791195415befa1f4a9d77c35a84b0d54b5eb1e00f55bbafac209468532b18d020e16798256aab9ea3989d876822cc68135ee103169962965a9383b2cff70213f9c52bcf2441e7b8ec07bee0c225be5353bcfe6d9ff546d30889813a13e1e966028dd80ec096202a26e478278af8b15bcf29137d536658d51293c6cfecde110e5b17ec39ce5317db5a03a1919f52f89ceeec0b5f48875e9692501b34303110e52ef4ea96d98cc28ab6e9ca24a8bb124629ac480b06fa8321b5712f2ae22e750848404ac20232716e195b343adebb52234cbc002c602574a7fbad638c1a7201eb38d4404b3d672119617e1190402b57568ee1e776ba18087164ddfbbf77f26ae5ee229ef101f10306f6449920b08d4e46bb2039d4777319547d7b4ef32e61c3cc897bc36cc2d5983c63e38814276a28125468112b646b877bbe2d206e578a8fd402be6d963b1d79c8b14dbca801bb92d7217cb7375d5e126702270158c89db653f1ee34e1c1ca066fe854532a36b74d36d9bc077506349a4cb8143dca1be3241f64cdc410c4d362982500aeea2a12172ccac996a333a2bff5393e0be9bcb93ca0fd62a22f0f72618325e233b42214ce8683c57dcf3113edbc5102e84b265aa031e26ec5fa18b1a7fa72358072d47b85e045cd52541e49b94d74fb21bb19725675c0d014ca8f8219c26cb8158f5d84b2cafb0474b2b39cb7f21c3320b5cbd57cff7133243a462e492de6340ee7d60ef888d639ca50380529f09b9eb279c49ad04662b7ec4f579fcec011790f18b2c0ad081eaf2be13d6f6a5969db46d56df9daea2cb332e719135109fd1d7caa84af315c0054f37177312c01a9f3f05a6e9bca719f906d1e8af7fdc24a3677c922f435e6e4c069073ea779c2b74c98f9374f5a38961a4354e74803f0f4042b91fb82a0c593c13f9ff720a70136d0b108acdb762a08f98a222f48c2858c0cc9a27edc9e79fe0f71ebe2940c60a279476975926eab478685ebf8a74705 +TAG: 6f5223329c07cbf6b038d307cbb8a719 diff --git a/src/crypto/cipher/test/aes_256_gcm_siv_tests.txt b/src/crypto/cipher/test/aes_256_gcm_siv_tests.txt index cd38e238..b7a9efe8 100644 --- a/src/crypto/cipher/test/aes_256_gcm_siv_tests.txt +++ b/src/crypto/cipher/test/aes_256_gcm_siv_tests.txt @@ -224,3 +224,12 @@ IN: 030000000000000000000000000000000400 AD: 0100000000000000000000000000000002000000 CT: c6d3d28704bf20067d62e1a3872d40dda44b TAG: 6ac0135a4379dbc67967ff55fd4d1f2f + +# Sample large random test vector. + +KEY: 83475d5042f8baedf4ca779088abfab17d35416a767d8c42c2a650cc597e5004 +NONCE: 7df5a22c91e6b6f37594dfef54847bd9 +IN: 5d90037e677666fbc0215305096301d852609e1380992d8c2e3594344a7f9a0521fdeda53de07d3184d590667fc7151a93ba097f20c67da0b1da8c23bd05887a4b66ab50333874819035eafd775fcfa86b380968f15d8cd46483d418b2c074f0dc18407108f63abe89c5448e83d064b6544a275dd75a21dd0241dafa086beb8446f398f6c1b2b117ad6f2cdb04031640852b5e15560d39b8d9088824f728ae66b2214e4cd70f60174313a5f0286741caeb4b66d0513b63c4a1325306f79f1f79bb28ccf6448fa3160876eefd85ca03c196a3e5568b0f3c818e7cf9d661423ed6a50a6911d52217a1b81e94ba040f336e74ac71b33964c3a7d960a32c255e22fcb7dcc41b9b136815b784ce4015b61b55e305e2ab1f96d17b561eb0281476cbaec54e942a186fbf3df92358960182c3c034066364e80fa492b36d36ee68f2738220f249a69f24405fe9995dab0b0b338ee68d85f0e59870903ca9d02f32ee6a24efc85434610586470b938daa9d14206c360339f7ec50857f4e5075a29bb51720d9a6f399f7b8bd45b402b0eed8f6e427d5dd358a0c3f10a58582be8934ebd7903497cc6622a977d6045f97a58f5ed7a3470583ebf88f71150499047e4b624f8018cffaca0d5a9db7f73da2db6770c98cd628d2d6682a4c41d584f37ea0ff7e8763616a548027e29cb3ec3e02a82eab205f7af46b6c9b02a15de54fc301a9845d50396cf3826b23296c360fafbaf65e5f48c4998085d7dac07736b106a8bb1e8e69dca15464d1bf156a5f84b62170f680826dcca7bf1c126cdb70dc872a005806d423cee46ab0d84d2d8d490c8eaec8b17b12913d4856c59f5348c6956c96a32595eef8c89ee5ae99706c92e748714dae4ae45685710261cd66d3ef93ed01bb862bfeb3b4fb5074ffec5517c8845173fde2774cd3b5a25cc1dc11d833c29614b7272bf213aeb19f83603aee97a9bc43e8b88c8789c520f634028cce2b0be343e74c8c341a153a36f797f38a4ebb53589e45f1e64299fedd2e9bbdeb9ad9ab4e2eccb4bd2b57000a5d7b064e6b6fb5cb9c743d6afe697bac549ade238c7a3a094e799e9c7e6cef6e6d4b8c8f1d862bc8ab9b96238c7d5393b2f684c5b4826df6c5f48cadb43fd6d6cb189ca56125bfee9dd44d22a2e28d7a9e63565321c9ecad96b3ae7376c984c44cab978002ff78d947230fe15918b3a73232ff5c05586c4b0e2e0d737be6abef80414b008ad2deea1944a4248f02063500a9276217ceabeca39ec4d6af647395a9c91401dcbe8f9645ef97eca5624029f942cc9979fd31636d65ed181a65763c5c16e65f8673a3cc6143ede8144d894559dedfac3000e8d86590b0ced25dd8666d71f237fd3511d7f8a20dbb4e95e3aca9807a2351bf705a7eec5a80f2b390ef9df496c5cd7ca9f5d8846df291025beb9781c793613efe7798 +AD: 4b7531e0a946b20c80f70dea4d437833f3dd26ae6f6dc37b7b99e82122acf2b7975f6d8efcb7ec4c6ff3c0ce4a5864adba0e658aeb8d9b839f3509f033827bc69a1ab080a0a1cc63559b00a3a259c53c145b0282f5e56930fc35b11c83b6564f2e80f186c2ef2e8886641fe6c4966dc9f86c567e73902d1a8fc33be1551e8359aa585bd2b8da83c0cd78a086cdebf8904d1b66a2fee176fa19714f062b752653d75a0e441ff7fba0c5a0cb6ded48f68b38af82faa985f9d97ba3c0978e1d23d8eb8899072fbec9379ca5f2b91293cb57eac81a6d711f9cccb36ff16b0de86d27d62e136ddbc1a2be38d5a1284e4620f4f9ab1f16729630e16dd2901f24f5ad6e +CT: 30b73374cc093ffaad4be2088142b08ed1b0d2914f96d90e0279aeb3a6547807b9b3bbfe2cd880e8f3a9f3b6e42da1ef53d78a6c63da686498b61523ac4c82caa01d31afe1ec00e80349df969684b060299aa86e4b7a38c643987889eab5a0a0996d18b2350439c7162d566dbb0d55f0f50a81d982df5e2047a23800a418b5adf42d8ff26cfd961527347439e76fbb2c2da08c1dd1a5fddf149d47eaf571498e23c3104c6b2dffb8e5d5e5f90e50eae9146f48b19a6e2d49cd170654a0041096f4f57aff5054dbf784e7748b3ddfdb9c447ed86681bcfb8055407fcec320990609089c3b51845f8e9bcb21382421a2f8634e1ad8739795202ade68aa47ab10026031cb3bfd94adc70702c31760753af4a2bb852581519e91cce5b1e0e49d028a1a03b915917d1011a4a7c04b46e1d8434663aa9473d1ad135966ab18145caf825f4a04d47b953989e188d21ec9f3858623fe16c413d2caa73761ec9dab8bf4e6dcdb997a503168487b67d1b3a9768a1887c292b9f39d40a404b8ffd011150490ed2e751ccbe4f7661785d8c5b778a21aa7e6efc132afe81765cc4ef32b5959e19ca97a4c37601257b8484fab234760242db6fd140ed1cfaff1d11cfad836171b42a164671c178164bbdb14815376f4eed1fbbb95f8e4614ff23de5cc9a0642a228d6bce19fbeea0e661b14696c6eb4aca97ac2cbe838578e7033703e2b551f7ef5dae4a68cdc58daac41eddc07b38ea7c4de1262ce04fb16f75870bbf41c95acbce6eb86dc3452a0d177aef3bc1e39878788d4a2680feb5d888debe62ec64fd72290c0cf8b9105c365c7305d994b28a2b32b88fdd11c3879dc1e005d6a2aa99daa926b18338f0980cdf0d8275e190bb9b8da9a63ff332bb5f5b654414a110b9d6128d0984d015c2a0a100985733fd400be0829f57e72655bfcd10c20341cd24cad0705647363ec0a3d678f30f7a1e85bc1a2dd133fcef5f25852eb6d81d7b4b531aff4e655285375f1b1ceee0d58a63f85f21f6525e3ad43f76a8fef16c785047778e1eccfe8e3c7cb34f2e037a61e3f01af88874b30911df60664e5ca65d6836166ff796e6b710af474add57957c2139b24257bcee287090f1ca1f91c95cc2c9348689aa7b95dfcedb02e68e38c1cd75ef966f0d33c4e09c40e2e58d30f6d0771d11debf01e57f342f3fffa34a1ed2bf10035c1607f3fd79423c0164dd6c171d8046edaed9b7b2a75bc11e1e8417c4550795aab6f106a95b5dda022e512269e8b2937b1d5601cfec1dba8b763707b97bc786ac94e38cd368cadeb1b48a3e068b614fc7b06430db80d46889027ca3d228d87c6eb00531e8d913734e3af987b104d052bbd63564184cd9dc803e6948d70575c9606a704245ef6136f707ddba8a00f288199867774c6e7487311c29aada3f607fc904f88be90cae49789a5163a4c +TAG: 37db916a9c13afd36e39ce5d01665067 diff --git a/src/crypto/cipher/tls_cbc.c b/src/crypto/cipher/tls_cbc.c index eb56604d..52880b0c 100644 --- a/src/crypto/cipher/tls_cbc.c +++ b/src/crypto/cipher/tls_cbc.c @@ -148,7 +148,7 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, unsigned md_size, unsigned rotate_offset = 0; uint8_t mac_started = 0; - memset(rotated_mac, 0, md_size); + OPENSSL_memset(rotated_mac, 0, md_size); for (unsigned i = scan_start, j = 0; i < orig_len; i++, j++) { if (j >= md_size) { j -= md_size; @@ -184,7 +184,7 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, unsigned md_size, rotated_mac_tmp = tmp; } - memcpy(out, rotated_mac, md_size); + OPENSSL_memcpy(out, rotated_mac, md_size); } /* u32toBE serialises an unsigned, 32-bit number (n) as four bytes at (p) in @@ -382,16 +382,16 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out, /* Compute the initial HMAC block. */ bits += 8 * md_block_size; - memset(hmac_pad, 0, md_block_size); + OPENSSL_memset(hmac_pad, 0, md_block_size); assert(mac_secret_length <= sizeof(hmac_pad)); - memcpy(hmac_pad, mac_secret, mac_secret_length); + OPENSSL_memcpy(hmac_pad, mac_secret, mac_secret_length); for (i = 0; i < md_block_size; i++) { hmac_pad[i] ^= 0x36; } md_transform(md_state.c, hmac_pad); - memset(length_bytes, 0, md_length_size - 4); + OPENSSL_memset(length_bytes, 0, md_length_size - 4); length_bytes[md_length_size - 4] = (uint8_t)(bits >> 24); length_bytes[md_length_size - 3] = (uint8_t)(bits >> 16); length_bytes[md_length_size - 2] = (uint8_t)(bits >> 8); @@ -399,15 +399,15 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out, if (k > 0) { /* k is a multiple of md_block_size. */ - memcpy(first_block, header, 13); - memcpy(first_block + 13, data, md_block_size - 13); + OPENSSL_memcpy(first_block, header, 13); + OPENSSL_memcpy(first_block + 13, data, md_block_size - 13); md_transform(md_state.c, first_block); for (i = 1; i < k / md_block_size; i++) { md_transform(md_state.c, data + md_block_size * i - 13); } } - memset(mac_out, 0, sizeof(mac_out)); + OPENSSL_memset(mac_out, 0, sizeof(mac_out)); /* We now process the final hash blocks. For each block, we construct * it in constant time. If the |i==index_a| then we'll include the 0x80 diff --git a/src/crypto/cmac/cmac.c b/src/crypto/cmac/cmac.c index fa4c3c49..a9a527d5 100644 --- a/src/crypto/cmac/cmac.c +++ b/src/crypto/cmac/cmac.c @@ -55,6 +55,8 @@ #include <openssl/cipher.h> #include <openssl/mem.h> +#include "../internal.h" + struct cmac_ctx_st { EVP_CIPHER_CTX cipher_ctx; @@ -176,7 +178,7 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) { todo = in_len; } - memcpy(ctx->block + ctx->block_used, in, todo); + OPENSSL_memcpy(ctx->block + ctx->block_used, in, todo); in += todo; in_len -= todo; ctx->block_used += todo; @@ -206,7 +208,7 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) { in_len -= AES_BLOCK_SIZE; } - memcpy(ctx->block, in, in_len); + OPENSSL_memcpy(ctx->block, in, in_len); ctx->block_used = in_len; return 1; @@ -224,8 +226,8 @@ int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len) { /* If the last block is incomplete, terminate it with a single 'one' bit * followed by zeros. */ ctx->block[ctx->block_used] = 0x80; - memset(ctx->block + ctx->block_used + 1, 0, - AES_BLOCK_SIZE - (ctx->block_used + 1)); + OPENSSL_memset(ctx->block + ctx->block_used + 1, 0, + AES_BLOCK_SIZE - (ctx->block_used + 1)); mask = ctx->k2; } diff --git a/src/crypto/conf/conf.c b/src/crypto/conf/conf.c index 96a534ab..5b51d225 100644 --- a/src/crypto/conf/conf.c +++ b/src/crypto/conf/conf.c @@ -66,6 +66,7 @@ #include "conf_def.h" #include "internal.h" +#include "../internal.h" static uint32_t conf_value_hash(const CONF_VALUE *v) { @@ -118,7 +119,7 @@ CONF_VALUE *CONF_VALUE_new(void) { OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE); return NULL; } - memset(v, 0, sizeof(CONF_VALUE)); + OPENSSL_memset(v, 0, sizeof(CONF_VALUE)); return v; } @@ -353,7 +354,7 @@ err: static CONF_VALUE *get_section(const CONF *conf, const char *section) { CONF_VALUE template; - memset(&template, 0, sizeof(template)); + OPENSSL_memset(&template, 0, sizeof(template)); template.section = (char *) section; return lh_CONF_VALUE_retrieve(conf->data, &template); } @@ -370,7 +371,7 @@ const char *NCONF_get_string(const CONF *conf, const char *section, const char *name) { CONF_VALUE template, *value; - memset(&template, 0, sizeof(template)); + OPENSSL_memset(&template, 0, sizeof(template)); template.section = (char *) section; template.name = (char *) name; value = lh_CONF_VALUE_retrieve(conf->data, &template); diff --git a/src/crypto/constant_time_test.c b/src/crypto/constant_time_test.cc index bc127c1c..bc127c1c 100644 --- a/src/crypto/constant_time_test.c +++ b/src/crypto/constant_time_test.cc diff --git a/src/crypto/cpu-arm-linux.c b/src/crypto/cpu-arm-linux.c index 73c38ecc..95bb5ee3 100644 --- a/src/crypto/cpu-arm-linux.c +++ b/src/crypto/cpu-arm-linux.c @@ -161,7 +161,7 @@ typedef struct { static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) { size_t b_len = strlen(b); - return a->len == b_len && memcmp(a->data, b, b_len) == 0; + return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0; } /* STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found, @@ -169,7 +169,7 @@ static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) { * returns one if |sep| was found and zero otherwise. */ static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right, const STRING_PIECE *in, char sep) { - const char *p = memchr(in->data, sep, in->len); + const char *p = OPENSSL_memchr(in->data, sep, in->len); if (p == NULL) { return 0; } diff --git a/src/crypto/curve25519/curve25519.c b/src/crypto/curve25519/curve25519.c index d660b6c6..c91e78ea 100644 --- a/src/crypto/curve25519/curve25519.c +++ b/src/crypto/curve25519/curve25519.c @@ -29,6 +29,7 @@ #include <openssl/sha.h> #include "internal.h" +#include "../internal.h" static const int64_t kBottom25Bits = INT64_C(0x1ffffff); @@ -204,15 +205,15 @@ static void fe_tobytes(uint8_t *s, const fe h) { /* h = f */ static void fe_copy(fe h, const fe f) { - memmove(h, f, sizeof(int32_t) * 10); + OPENSSL_memmove(h, f, sizeof(int32_t) * 10); } /* h = 0 */ -static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); } +static void fe_0(fe h) { OPENSSL_memset(h, 0, sizeof(int32_t) * 10); } /* h = 1 */ static void fe_1(fe h) { - memset(h, 0, sizeof(int32_t) * 10); + OPENSSL_memset(h, 0, sizeof(int32_t) * 10); h[0] = 1; } @@ -4662,11 +4663,11 @@ int ED25519_verify(const uint8_t *message, size_t message_len, fe_neg(A.T, A.T); uint8_t pkcopy[32]; - memcpy(pkcopy, public_key, 32); + OPENSSL_memcpy(pkcopy, public_key, 32); uint8_t rcopy[32]; - memcpy(rcopy, signature, 32); + OPENSSL_memcpy(rcopy, signature, 32); uint8_t scopy[32]; - memcpy(scopy, signature + 32, 32); + OPENSSL_memcpy(scopy, signature + 32, 32); SHA512_CTX hash_ctx; SHA512_Init(&hash_ctx); @@ -4701,8 +4702,8 @@ void ED25519_keypair_from_seed(uint8_t out_public_key[32], x25519_ge_scalarmult_base(&A, az); ge_p3_tobytes(out_public_key, &A); - memcpy(out_private_key, seed, 32); - memcpy(out_private_key + 32, out_public_key, 32); + OPENSSL_memcpy(out_private_key, seed, 32); + OPENSSL_memcpy(out_private_key + 32, out_public_key, 32); } @@ -4800,7 +4801,7 @@ static void x25519_scalar_mult_generic(uint8_t out[32], fe x1, x2, z2, x3, z3, tmp0, tmp1; uint8_t e[32]; - memcpy(e, scalar, 32); + OPENSSL_memcpy(e, scalar, 32); e[0] &= 248; e[31] &= 127; e[31] |= 64; @@ -4916,7 +4917,7 @@ void X25519_public_from_private(uint8_t out_public_value[32], #endif uint8_t e[32]; - memcpy(e, private_key, 32); + OPENSSL_memcpy(e, private_key, 32); e[0] &= 248; e[31] &= 127; e[31] |= 64; diff --git a/src/crypto/curve25519/ed25519_test.cc b/src/crypto/curve25519/ed25519_test.cc index 5af8ba77..75817303 100644 --- a/src/crypto/curve25519/ed25519_test.cc +++ b/src/crypto/curve25519/ed25519_test.cc @@ -17,6 +17,7 @@ #include <openssl/curve25519.h> +#include "../internal.h" #include "../test/file_test.h" @@ -58,13 +59,13 @@ static bool TestKeypairFromSeed() { ED25519_keypair(public_key1, private_key1); uint8_t seed[32]; - memcpy(seed, private_key1, sizeof(seed)); + OPENSSL_memcpy(seed, private_key1, sizeof(seed)); uint8_t public_key2[32], private_key2[64]; ED25519_keypair_from_seed(public_key2, private_key2, seed); - if (memcmp(public_key1, public_key2, sizeof(public_key1)) != 0 || - memcmp(private_key1, private_key2, sizeof(private_key1)) != 0) { + if (OPENSSL_memcmp(public_key1, public_key2, sizeof(public_key1)) != 0 || + OPENSSL_memcmp(private_key1, private_key2, sizeof(private_key1)) != 0) { fprintf(stderr, "TestKeypairFromSeed: resulting keypairs did not match.\n"); return false; } diff --git a/src/crypto/curve25519/spake25519.c b/src/crypto/curve25519/spake25519.c index 617418cf..5b794b37 100644 --- a/src/crypto/curve25519/spake25519.c +++ b/src/crypto/curve25519/spake25519.c @@ -22,6 +22,7 @@ #include <openssl/sha.h> #include "internal.h" +#include "../internal.h" /* The following precomputation tables are for the following @@ -291,7 +292,7 @@ SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, return NULL; } - memset(ctx, 0, sizeof(SPAKE2_CTX)); + OPENSSL_memset(ctx, 0, sizeof(SPAKE2_CTX)); ctx->my_role = my_role; CBS my_name_cbs, their_name_cbs; @@ -346,7 +347,7 @@ int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len, /* Multiply by the cofactor (eight) so that we'll clear it when operating on * the peer's point later in the protocol. */ left_shift_3(private_tmp); - memcpy(ctx->private_key, private_tmp, sizeof(ctx->private_key)); + OPENSSL_memcpy(ctx->private_key, private_tmp, sizeof(ctx->private_key)); ge_p3 P; x25519_ge_scalarmult_base(&P, ctx->private_key); @@ -354,9 +355,9 @@ int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len, /* mask = h(password) * <N or M>. */ uint8_t password_tmp[SHA512_DIGEST_LENGTH]; SHA512(password, password_len, password_tmp); - memcpy(ctx->password_hash, password_tmp, sizeof(ctx->password_hash)); + OPENSSL_memcpy(ctx->password_hash, password_tmp, sizeof(ctx->password_hash)); x25519_sc_reduce(password_tmp); - memcpy(ctx->password_scalar, password_tmp, sizeof(ctx->password_scalar)); + OPENSSL_memcpy(ctx->password_scalar, password_tmp, sizeof(ctx->password_scalar)); ge_p3 mask; x25519_ge_scalarmult_small_precomp(&mask, ctx->password_scalar, @@ -375,7 +376,7 @@ int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len, x25519_ge_p1p1_to_p2(&Pstar_proj, &Pstar); x25519_ge_tobytes(ctx->my_msg, &Pstar_proj); - memcpy(out, ctx->my_msg, sizeof(ctx->my_msg)); + OPENSSL_memcpy(out, ctx->my_msg, sizeof(ctx->my_msg)); *out_len = sizeof(ctx->my_msg); ctx->state = spake2_state_msg_generated; @@ -456,7 +457,7 @@ int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, size_t *out_key_len, if (to_copy > sizeof(key)) { to_copy = sizeof(key); } - memcpy(out_key, key, to_copy); + OPENSSL_memcpy(out_key, key, to_copy); *out_key_len = to_copy; ctx->state = spake2_state_key_generated; diff --git a/src/crypto/curve25519/spake25519_test.cc b/src/crypto/curve25519/spake25519_test.cc index 363b60ca..3af073da 100644 --- a/src/crypto/curve25519/spake25519_test.cc +++ b/src/crypto/curve25519/spake25519_test.cc @@ -20,6 +20,8 @@ #include <openssl/curve25519.h> +#include "../internal.h" + struct SPAKE2Run { bool Run() { @@ -71,7 +73,7 @@ struct SPAKE2Run { } key_matches_ = (alice_key_len == bob_key_len && - memcmp(alice_key, bob_key, alice_key_len) == 0); + OPENSSL_memcmp(alice_key, bob_key, alice_key_len) == 0); return true; } diff --git a/src/crypto/curve25519/x25519-x86_64.c b/src/crypto/curve25519/x25519-x86_64.c index 1bd86a09..9c3d4144 100644 --- a/src/crypto/curve25519/x25519-x86_64.c +++ b/src/crypto/curve25519/x25519-x86_64.c @@ -23,6 +23,7 @@ #include <string.h> +#include "../internal.h" #include "internal.h" @@ -228,7 +229,7 @@ static void mladder(fe25519 *xr, fe25519 *zr, const uint8_t s[32]) { void x25519_x86_64(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { uint8_t e[32]; - memcpy(e, scalar, sizeof(e)); + OPENSSL_memcpy(e, scalar, sizeof(e)); e[0] &= 248; e[31] &= 127; diff --git a/src/crypto/curve25519/x25519_test.cc b/src/crypto/curve25519/x25519_test.cc index 24dfa650..b1a37d49 100644 --- a/src/crypto/curve25519/x25519_test.cc +++ b/src/crypto/curve25519/x25519_test.cc @@ -18,6 +18,8 @@ #include <openssl/curve25519.h> +#include "../internal.h" + static bool TestX25519() { /* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */ @@ -40,7 +42,7 @@ static bool TestX25519() { 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52, }; - if (memcmp(kExpected1, out, sizeof(out)) != 0) { + if (OPENSSL_memcmp(kExpected1, out, sizeof(out)) != 0) { fprintf(stderr, "X25519 test one failed.\n"); return false; } @@ -63,7 +65,7 @@ static bool TestX25519() { 0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57, }; - if (memcmp(kExpected2, out, sizeof(out)) != 0) { + if (OPENSSL_memcmp(kExpected2, out, sizeof(out)) != 0) { fprintf(stderr, "X25519 test two failed.\n"); return false; } @@ -79,7 +81,7 @@ static bool TestX25519SmallOrder() { }; uint8_t out[32], private_key[32]; - memset(private_key, 0x11, sizeof(private_key)); + OPENSSL_memset(private_key, 0x11, sizeof(private_key)); if (X25519(out, private_key, kSmallOrderPoint)) { fprintf(stderr, "X25519 returned success with a small-order input.\n"); @@ -96,8 +98,8 @@ static bool TestX25519Iterated() { unsigned i; for (i = 0; i < 1000; i++) { X25519(out, scalar, point); - memcpy(point, scalar, sizeof(point)); - memcpy(scalar, out, sizeof(scalar)); + OPENSSL_memcpy(point, scalar, sizeof(point)); + OPENSSL_memcpy(scalar, out, sizeof(scalar)); } static const uint8_t kExpected[32] = { @@ -106,7 +108,7 @@ static bool TestX25519Iterated() { 0xe3, 0x87, 0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51, }; - if (memcmp(kExpected, scalar, sizeof(kExpected)) != 0) { + if (OPENSSL_memcmp(kExpected, scalar, sizeof(kExpected)) != 0) { fprintf(stderr, "Iterated X25519 test failed\n"); return false; } diff --git a/src/crypto/dh/dh.c b/src/crypto/dh/dh.c index 75450713..69a7ec81 100644 --- a/src/crypto/dh/dh.c +++ b/src/crypto/dh/dh.c @@ -79,7 +79,7 @@ DH *DH_new(void) { return NULL; } - memset(dh, 0, sizeof(DH)); + OPENSSL_memset(dh, 0, sizeof(DH)); CRYPTO_MUTEX_init(&dh->method_mont_p_lock); diff --git a/src/crypto/dh/dh_test.cc b/src/crypto/dh/dh_test.cc index 99bb945c..8165c1ac 100644 --- a/src/crypto/dh/dh_test.cc +++ b/src/crypto/dh/dh_test.cc @@ -68,6 +68,8 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + static bool RunBasicTests(); static bool RunRFC5114Tests(); @@ -470,9 +472,9 @@ static bool RunRFC5114Tests() { } if (static_cast<size_t>(ret1) != td->Z_len || - memcmp(Z1.data(), td->Z, td->Z_len) != 0 || + OPENSSL_memcmp(Z1.data(), td->Z, td->Z_len) != 0 || static_cast<size_t>(ret2) != td->Z_len || - memcmp(Z2.data(), td->Z, td->Z_len) != 0) { + OPENSSL_memcmp(Z2.data(), td->Z, td->Z_len) != 0) { fprintf(stderr, "Test failed RFC5114 set %u\n", i + 1); return false; } @@ -576,7 +578,8 @@ static bool TestASN1() { return false; } bssl::UniquePtr<uint8_t> free_der(der); - if (der_len != sizeof(kParams) || memcmp(der, kParams, der_len) != 0) { + if (der_len != sizeof(kParams) || + OPENSSL_memcmp(der, kParams, der_len) != 0) { return false; } @@ -618,7 +621,8 @@ static bool TestASN1() { return false; } bssl::UniquePtr<uint8_t> free_der2(der); - if (der_len != sizeof(kParamsDSA) || memcmp(der, kParamsDSA, der_len) != 0) { + if (der_len != sizeof(kParamsDSA) || + OPENSSL_memcmp(der, kParamsDSA, der_len) != 0) { return false; } @@ -653,7 +657,7 @@ static bool TestRFC3526() { uint8_t buffer[sizeof(kPrime1536)]; if (BN_num_bytes(bn.get()) != sizeof(kPrime1536) || BN_bn2bin(bn.get(), buffer) != sizeof(kPrime1536) || - memcmp(buffer, kPrime1536, sizeof(kPrime1536)) != 0) { + OPENSSL_memcmp(buffer, kPrime1536, sizeof(kPrime1536)) != 0) { fprintf(stderr, "1536-bit MODP prime did not match.\n"); return false; } diff --git a/src/crypto/digest/digest.c b/src/crypto/digest/digest.c index fdd9fe55..9c9962b5 100644 --- a/src/crypto/digest/digest.c +++ b/src/crypto/digest/digest.c @@ -63,6 +63,7 @@ #include <openssl/mem.h> #include "internal.h" +#include "../internal.h" int EVP_MD_type(const EVP_MD *md) { return md->type; } @@ -74,7 +75,9 @@ size_t EVP_MD_size(const EVP_MD *md) { return md->md_size; } size_t EVP_MD_block_size(const EVP_MD *md) { return md->block_size; } -void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { memset(ctx, 0, sizeof(EVP_MD_CTX)); } +void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { + OPENSSL_memset(ctx, 0, sizeof(EVP_MD_CTX)); +} EVP_MD_CTX *EVP_MD_CTX_create(void) { EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)); @@ -140,7 +143,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { return 0; } } - memcpy(out->md_data, in->md_data, in->digest->ctx_size); + OPENSSL_memcpy(out->md_data, in->md_data, in->digest->ctx_size); } assert(in->pctx == NULL || in->pctx_ops != NULL); diff --git a/src/crypto/digest/digest_test.cc b/src/crypto/digest/digest_test.cc index 0d3f16e5..8b29236e 100644 --- a/src/crypto/digest/digest_test.cc +++ b/src/crypto/digest/digest_test.cc @@ -23,6 +23,7 @@ #include <openssl/err.h> #include <openssl/md4.h> #include <openssl/md5.h> +#include <openssl/nid.h> #include <openssl/sha.h> #include "../internal.h" @@ -235,9 +236,17 @@ static int TestDigest(const TestVector *test) { } static int TestGetters() { - if (EVP_get_digestbyname("RSA-SHA512") == NULL || - EVP_get_digestbyname("sha512WithRSAEncryption") == NULL || - EVP_get_digestbyname("nonsense") != NULL) { + if (EVP_get_digestbyname("RSA-SHA512") != EVP_sha512() || + EVP_get_digestbyname("sha512WithRSAEncryption") != EVP_sha512() || + EVP_get_digestbyname("nonsense") != NULL || + EVP_get_digestbyname("SHA512") != EVP_sha512() || + EVP_get_digestbyname("sha512") != EVP_sha512()) { + return false; + } + + if (EVP_get_digestbynid(NID_sha512) != EVP_sha512() || + EVP_get_digestbynid(NID_sha512WithRSAEncryption) != NULL || + EVP_get_digestbynid(NID_undef) != NULL) { return false; } diff --git a/src/crypto/digest/digests.c b/src/crypto/digest/digests.c index 3307f265..351e031f 100644 --- a/src/crypto/digest/digests.c +++ b/src/crypto/digest/digests.c @@ -65,6 +65,7 @@ #include <openssl/sha.h> #include "internal.h" +#include "../internal.h" #if defined(NDEBUG) #define CHECK(x) (void) (x) @@ -262,36 +263,41 @@ struct nid_to_digest { }; static const struct nid_to_digest nid_to_digest_mapping[] = { - { NID_md4, EVP_md4, SN_md4, LN_md4 }, - { NID_md5, EVP_md5, SN_md5, LN_md5 }, - { NID_sha1, EVP_sha1, SN_sha1, LN_sha1 }, - { NID_sha224, EVP_sha224, SN_sha224, LN_sha224 }, - { NID_sha256, EVP_sha256, SN_sha256, LN_sha256 }, - { NID_sha384, EVP_sha384, SN_sha384, LN_sha384 }, - { NID_sha512, EVP_sha512, SN_sha512, LN_sha512 }, - { NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1 }, - { NID_dsaWithSHA, EVP_sha1, SN_dsaWithSHA, LN_dsaWithSHA }, - { NID_dsaWithSHA1, EVP_sha1, SN_dsaWithSHA1, LN_dsaWithSHA1 }, - { NID_ecdsa_with_SHA1, EVP_sha1, SN_ecdsa_with_SHA1, NULL }, - { NID_md5WithRSAEncryption, EVP_md5, SN_md5WithRSAEncryption, - LN_md5WithRSAEncryption }, - { NID_sha1WithRSAEncryption, EVP_sha1, SN_sha1WithRSAEncryption, - LN_sha1WithRSAEncryption }, - { NID_sha224WithRSAEncryption, EVP_sha224, SN_sha224WithRSAEncryption, - LN_sha224WithRSAEncryption }, - { NID_sha256WithRSAEncryption, EVP_sha256, SN_sha256WithRSAEncryption, - LN_sha256WithRSAEncryption }, - { NID_sha384WithRSAEncryption, EVP_sha384, SN_sha384WithRSAEncryption, - LN_sha384WithRSAEncryption }, - { NID_sha512WithRSAEncryption, EVP_sha512, SN_sha512WithRSAEncryption, - LN_sha512WithRSAEncryption }, + {NID_md4, EVP_md4, SN_md4, LN_md4}, + {NID_md5, EVP_md5, SN_md5, LN_md5}, + {NID_sha1, EVP_sha1, SN_sha1, LN_sha1}, + {NID_sha224, EVP_sha224, SN_sha224, LN_sha224}, + {NID_sha256, EVP_sha256, SN_sha256, LN_sha256}, + {NID_sha384, EVP_sha384, SN_sha384, LN_sha384}, + {NID_sha512, EVP_sha512, SN_sha512, LN_sha512}, + {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1}, + /* As a remnant of signing |EVP_MD|s, OpenSSL returned the corresponding + * hash function when given a signature OID. To avoid unintended lax parsing + * of hash OIDs, this is no longer supported for lookup by OID or NID. + * Node.js, however, exposes |EVP_get_digestbyname|'s full behavior to + * consumers so we retain it there. */ + {NID_undef, EVP_sha1, SN_dsaWithSHA, LN_dsaWithSHA}, + {NID_undef, EVP_sha1, SN_dsaWithSHA1, LN_dsaWithSHA1}, + {NID_undef, EVP_sha1, SN_ecdsa_with_SHA1, NULL}, + {NID_undef, EVP_md5, SN_md5WithRSAEncryption, LN_md5WithRSAEncryption}, + {NID_undef, EVP_sha1, SN_sha1WithRSAEncryption, LN_sha1WithRSAEncryption}, + {NID_undef, EVP_sha224, SN_sha224WithRSAEncryption, + LN_sha224WithRSAEncryption}, + {NID_undef, EVP_sha256, SN_sha256WithRSAEncryption, + LN_sha256WithRSAEncryption}, + {NID_undef, EVP_sha384, SN_sha384WithRSAEncryption, + LN_sha384WithRSAEncryption}, + {NID_undef, EVP_sha512, SN_sha512WithRSAEncryption, + LN_sha512WithRSAEncryption}, }; const EVP_MD* EVP_get_digestbynid(int nid) { - unsigned i; + if (nid == NID_undef) { + /* Skip the |NID_undef| entries in |nid_to_digest_mapping|. */ + return NULL; + } - for (i = 0; i < sizeof(nid_to_digest_mapping) / sizeof(struct nid_to_digest); - i++) { + for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) { if (nid_to_digest_mapping[i].nid == nid) { return nid_to_digest_mapping[i].md_func(); } @@ -305,10 +311,7 @@ const EVP_MD* EVP_get_digestbyobj(const ASN1_OBJECT *obj) { } const EVP_MD *EVP_get_digestbyname(const char *name) { - unsigned i; - - for (i = 0; i < sizeof(nid_to_digest_mapping) / sizeof(struct nid_to_digest); - i++) { + for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) { const char *short_name = nid_to_digest_mapping[i].short_name; const char *long_name = nid_to_digest_mapping[i].long_name; if ((short_name && strcmp(short_name, name) == 0) || diff --git a/src/crypto/digest/md32_common.h b/src/crypto/digest/md32_common.h index 818eb63d..45fe9395 100644 --- a/src/crypto/digest/md32_common.h +++ b/src/crypto/digest/md32_common.h @@ -53,6 +53,8 @@ #include <assert.h> +#include "../internal.h" + #if defined(__cplusplus) extern "C" { #endif @@ -194,16 +196,16 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) { size_t n = c->num; if (n != 0) { if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { - memcpy(c->data + n, data, HASH_CBLOCK - n); + OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n); HASH_BLOCK_DATA_ORDER(c->h, c->data, 1); n = HASH_CBLOCK - n; data += n; len -= n; c->num = 0; /* Keep |c->data| zeroed when unused. */ - memset(c->data, 0, HASH_CBLOCK); + OPENSSL_memset(c->data, 0, HASH_CBLOCK); } else { - memcpy(c->data + n, data, len); + OPENSSL_memcpy(c->data + n, data, len); c->num += (unsigned)len; return 1; } @@ -219,7 +221,7 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) { if (len != 0) { c->num = (unsigned)len; - memcpy(c->data, data, len); + OPENSSL_memcpy(c->data, data, len); } return 1; } @@ -240,11 +242,11 @@ int HASH_FINAL(uint8_t *md, HASH_CTX *c) { /* Fill the block with zeros if there isn't room for a 64-bit length. */ if (n > (HASH_CBLOCK - 8)) { - memset(c->data + n, 0, HASH_CBLOCK - n); + OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n); n = 0; HASH_BLOCK_DATA_ORDER(c->h, c->data, 1); } - memset(c->data + n, 0, HASH_CBLOCK - 8 - n); + OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n); /* Append a 64-bit length to the block and process it. */ uint8_t *p = c->data + HASH_CBLOCK - 8; @@ -258,7 +260,7 @@ int HASH_FINAL(uint8_t *md, HASH_CTX *c) { assert(p == c->data + HASH_CBLOCK); HASH_BLOCK_DATA_ORDER(c->h, c->data, 1); c->num = 0; - memset(c->data, 0, HASH_CBLOCK); + OPENSSL_memset(c->data, 0, HASH_CBLOCK); HASH_MAKE_STRING(c, md); return 1; diff --git a/src/crypto/dsa/CMakeLists.txt b/src/crypto/dsa/CMakeLists.txt index de365656..4d661363 100644 --- a/src/crypto/dsa/CMakeLists.txt +++ b/src/crypto/dsa/CMakeLists.txt @@ -12,7 +12,7 @@ add_library( add_executable( dsa_test - dsa_test.c + dsa_test.cc $<TARGET_OBJECTS:test_support> ) diff --git a/src/crypto/dsa/dsa.c b/src/crypto/dsa/dsa.c index 3e5894a3..15583be0 100644 --- a/src/crypto/dsa/dsa.c +++ b/src/crypto/dsa/dsa.c @@ -72,6 +72,7 @@ #include <openssl/sha.h> #include <openssl/thread.h> +#include "../bn/internal.h" #include "../internal.h" @@ -90,7 +91,7 @@ DSA *DSA_new(void) { return NULL; } - memset(dsa, 0, sizeof(DSA)); + OPENSSL_memset(dsa, 0, sizeof(DSA)); dsa->references = 1; @@ -188,7 +189,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in, /* Only consume as much seed as is expected. */ seed_len = qsize; } - memcpy(seed, seed_in, seed_len); + OPENSSL_memcpy(seed, seed_in, seed_len); } ctx = BN_CTX_new(); @@ -232,8 +233,8 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in, /* If we come back through, use random seed next time. */ seed_in = NULL; } - memcpy(buf, seed, qsize); - memcpy(buf2, seed, qsize); + OPENSSL_memcpy(buf, seed, qsize); + OPENSSL_memcpy(buf2, seed, qsize); /* precompute "SEED + 1" for step 7: */ for (i = qsize - 1; i < qsize; i--) { buf[i]++; @@ -763,7 +764,8 @@ int DSA_check_signature(int *out_valid, const uint8_t *digest, /* Ensure that the signature uses DER and doesn't have trailing garbage. */ int der_len = i2d_DSA_SIG(s, &der); - if (der_len < 0 || (size_t)der_len != sig_len || memcmp(sig, der, sig_len)) { + if (der_len < 0 || (size_t)der_len != sig_len || + OPENSSL_memcmp(sig, der, sig_len)) { goto err; } @@ -813,7 +815,7 @@ int DSA_size(const DSA *dsa) { int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv, BIGNUM **out_r) { BN_CTX *ctx; - BIGNUM k, kq, qm2, *kinv = NULL, *r = NULL; + BIGNUM k, kq, *kinv = NULL, *r = NULL; int ret = 0; if (!dsa->p || !dsa->q || !dsa->g) { @@ -823,7 +825,6 @@ int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv, BN_init(&k); BN_init(&kq); - BN_init(&qm2); ctx = ctx_in; if (ctx == NULL) { @@ -885,9 +886,7 @@ int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv, * Theorem. */ kinv = BN_new(); if (kinv == NULL || - !BN_set_word(&qm2, 2) || - !BN_sub(&qm2, dsa->q, &qm2) || - !BN_mod_exp_mont(kinv, &k, &qm2, dsa->q, ctx, dsa->method_mont_q)) { + !bn_mod_inverse_prime(kinv, &k, dsa->q, ctx, dsa->method_mont_q)) { goto err; } @@ -911,7 +910,7 @@ err: } BN_clear_free(&k); BN_clear_free(&kq); - BN_free(&qm2); + BN_clear_free(kinv); return ret; } diff --git a/src/crypto/dsa/dsa_test.c b/src/crypto/dsa/dsa_test.cc index 6296c8f0..5fee6aa3 100644 --- a/src/crypto/dsa/dsa_test.c +++ b/src/crypto/dsa/dsa_test.cc @@ -59,14 +59,15 @@ #include <openssl/dsa.h> +#include <stdio.h> #include <string.h> #include <openssl/bn.h> #include <openssl/crypto.h> #include <openssl/err.h> +#include "../internal.h" -static int dsa_cb(int p, int n, BN_GENCB *arg); /* The following values are taken from the updated Appendix 5 to FIPS PUB 186 * and also appear in Appendix 5 to FIPS PUB 186-1. */ @@ -163,28 +164,59 @@ static const uint8_t fips_sig_bad_r[] = { 0xdc, 0xd8, 0xc8, }; -static DSA *get_fips_dsa(void) { - DSA *dsa = DSA_new(); +static bssl::UniquePtr<DSA> GetFIPSDSA(void) { + bssl::UniquePtr<DSA> dsa(DSA_new()); if (!dsa) { - return NULL; + return nullptr; } - dsa->p = BN_bin2bn(fips_p, sizeof(fips_p), NULL); - dsa->q = BN_bin2bn(fips_q, sizeof(fips_q), NULL); - dsa->g = BN_bin2bn(fips_g, sizeof(fips_g), NULL); - dsa->pub_key = BN_bin2bn(fips_y, sizeof(fips_y), NULL); - dsa->priv_key = BN_bin2bn(fips_x, sizeof(fips_x), NULL); - if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL || - dsa->pub_key == NULL || dsa->priv_key == NULL) { - DSA_free(dsa); - return NULL; + dsa->p = BN_bin2bn(fips_p, sizeof(fips_p), nullptr); + dsa->q = BN_bin2bn(fips_q, sizeof(fips_q), nullptr); + dsa->g = BN_bin2bn(fips_g, sizeof(fips_g), nullptr); + dsa->pub_key = BN_bin2bn(fips_y, sizeof(fips_y), nullptr); + dsa->priv_key = BN_bin2bn(fips_x, sizeof(fips_x), nullptr); + if (dsa->p == nullptr || dsa->q == nullptr || dsa->g == nullptr || + dsa->pub_key == nullptr || dsa->priv_key == nullptr) { + return nullptr; } return dsa; } -static int test_generate(FILE *out) { +struct GenerateContext { + FILE *out = nullptr; + int ok = 0; + int num = 0; +}; + +static int GenerateCallback(int p, int n, BN_GENCB *arg) { + GenerateContext *ctx = reinterpret_cast<GenerateContext *>(arg->arg); + char c = '*'; + switch (p) { + case 0: + c = '.'; + ctx->num++; + break; + case 1: + c = '+'; + break; + case 2: + c = '*'; + ctx->ok++; + break; + case 3: + c = '\n'; + } + fputc(c, ctx->out); + fflush(ctx->out); + if (!ctx->ok && p == 0 && ctx->num > 1) { + fprintf(stderr, "error in dsatest\n"); + return 0; + } + return 1; +} + +static int TestGenerate(FILE *out) { BN_GENCB cb; - DSA *dsa = NULL; - int counter, ok = 0, i, j; + int counter, i, j; uint8_t buf[256]; unsigned long h; uint8_t sig[256]; @@ -192,11 +224,14 @@ static int test_generate(FILE *out) { fprintf(out, "test generation of DSA parameters\n"); - BN_GENCB_set(&cb, dsa_cb, out); - dsa = DSA_new(); - if (dsa == NULL || - !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, &cb)) { - goto end; + GenerateContext ctx; + ctx.out = out; + BN_GENCB_set(&cb, GenerateCallback, &ctx); + bssl::UniquePtr<DSA> dsa(DSA_new()); + if (!dsa || + !DSA_generate_parameters_ex(dsa.get(), 512, seed, 20, &counter, &h, + &cb)) { + return false; } fprintf(out, "seed\n"); @@ -208,81 +243,74 @@ static int test_generate(FILE *out) { if (counter != 105) { fprintf(stderr, "counter should be 105\n"); - goto end; + return false; } if (h != 2) { fprintf(stderr, "h should be 2\n"); - goto end; + return false; } i = BN_bn2bin(dsa->q, buf); j = sizeof(fips_q); - if (i != j || memcmp(buf, fips_q, i) != 0) { + if (i != j || OPENSSL_memcmp(buf, fips_q, i) != 0) { fprintf(stderr, "q value is wrong\n"); - goto end; + return false; } i = BN_bn2bin(dsa->p, buf); j = sizeof(fips_p); - if (i != j || memcmp(buf, fips_p, i) != 0) { + if (i != j || OPENSSL_memcmp(buf, fips_p, i) != 0) { fprintf(stderr, "p value is wrong\n"); - goto end; + return false; } i = BN_bn2bin(dsa->g, buf); j = sizeof(fips_g); - if (i != j || memcmp(buf, fips_g, i) != 0) { + if (i != j || OPENSSL_memcmp(buf, fips_g, i) != 0) { fprintf(stderr, "g value is wrong\n"); - goto end; + return false; } - if (!DSA_generate_key(dsa) || - !DSA_sign(0, fips_digest, sizeof(fips_digest), sig, &siglen, dsa)) { - goto end; + if (!DSA_generate_key(dsa.get()) || + !DSA_sign(0, fips_digest, sizeof(fips_digest), sig, &siglen, dsa.get())) { + return false; } - if (DSA_verify(0, fips_digest, sizeof(fips_digest), sig, siglen, dsa) == 1) { - ok = 1; - } else { + if (DSA_verify(0, fips_digest, sizeof(fips_digest), sig, siglen, dsa.get()) != + 1) { fprintf(stderr, "verification failure\n"); + return false; } -end: - DSA_free(dsa); - - return ok; + return true; } -static int test_verify(const uint8_t *sig, size_t sig_len, int expect) { - int ok = 0; - DSA *dsa = get_fips_dsa(); - if (dsa == NULL) { - goto end; +static bool TestVerify(const uint8_t *sig, size_t sig_len, int expect) { + bssl::UniquePtr<DSA> dsa = GetFIPSDSA(); + if (!dsa) { + return false; } - int ret = DSA_verify(0, fips_digest, sizeof(fips_digest), sig, sig_len, dsa); + int ret = + DSA_verify(0, fips_digest, sizeof(fips_digest), sig, sig_len, dsa.get()); if (ret != expect) { fprintf(stderr, "DSA_verify returned %d, want %d\n", ret, expect); - goto end; + return false; } - ok = 1; - /* Clear any errorrs from a test with expected failure. */ - ERR_clear_error(); -end: - DSA_free(dsa); - - return ok; + /* Clear any errors from a test with expected failure. */ + ERR_clear_error(); + return true; } int main(int argc, char **argv) { CRYPTO_library_init(); - if (!test_generate(stdout) || - !test_verify(fips_sig, sizeof(fips_sig), 1) || - !test_verify(fips_sig_negative, sizeof(fips_sig_negative), -1) || - !test_verify(fips_sig_extra, sizeof(fips_sig_extra), -1) || - !test_verify(fips_sig_bad_length, sizeof(fips_sig_bad_length), -1) || - !test_verify(fips_sig_bad_r, sizeof(fips_sig_bad_r), 0)) { + if (!TestGenerate(stdout) || + !TestVerify(fips_sig, sizeof(fips_sig), 1) || + !TestVerify(fips_sig_negative, sizeof(fips_sig_negative), -1) || + !TestVerify(fips_sig_extra, sizeof(fips_sig_extra), -1) || + !TestVerify(fips_sig_bad_length, sizeof(fips_sig_bad_length), -1) || + !TestVerify(fips_sig_bad_r, sizeof(fips_sig_bad_r), 0)) { ERR_print_errors_fp(stderr); return 1; } @@ -290,34 +318,3 @@ int main(int argc, char **argv) { printf("PASS\n"); return 0; } - -static int dsa_cb(int p, int n, BN_GENCB *arg) { - char c = '*'; - static int ok = 0, num = 0; - - switch (p) { - case 0: - c = '.'; - num++; - break; - case 1: - c = '+'; - break; - case 2: - c = '*'; - ok++; - break; - case 3: - c = '\n'; - } - - fputc(c, arg->arg); - fflush(arg->arg); - - if (!ok && p == 0 && num > 1) { - fprintf(stderr, "error in dsatest\n"); - return 0; - } - - return 1; -} diff --git a/src/crypto/ec/ec.c b/src/crypto/ec/ec.c index 7e76dfe2..96bb7037 100644 --- a/src/crypto/ec/ec.c +++ b/src/crypto/ec/ec.c @@ -350,7 +350,7 @@ EC_GROUP *ec_group_new(const EC_METHOD *meth) { OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(EC_GROUP)); + OPENSSL_memset(ret, 0, sizeof(EC_GROUP)); ret->meth = meth; BN_init(&ret->order); diff --git a/src/crypto/ec/ec_asn1.c b/src/crypto/ec/ec_asn1.c index f31e1587..35c8f277 100644 --- a/src/crypto/ec/ec_asn1.c +++ b/src/crypto/ec/ec_asn1.c @@ -64,6 +64,7 @@ #include "internal.h" #include "../bytestring/internal.h" +#include "../internal.h" static const uint8_t kParametersTag = @@ -271,7 +272,7 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a, !CBS_get_asn1(¶ms, &field_id, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&field_id, &field_type, CBS_ASN1_OBJECT) || CBS_len(&field_type) != sizeof(kPrimeField) || - memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 || + OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 || !CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) || !is_unsigned_integer(out_prime) || CBS_len(&field_id) != 0 || @@ -335,7 +336,7 @@ EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs) { for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) { const struct built_in_curve *curve = &OPENSSL_built_in_curves[i]; if (CBS_len(&named_curve) == curve->oid_len && - memcmp(CBS_data(&named_curve), curve->oid, curve->oid_len) == 0) { + OPENSSL_memcmp(CBS_data(&named_curve), curve->oid, curve->oid_len) == 0) { return EC_GROUP_new_by_curve_name(curve->nid); } } diff --git a/src/crypto/ec/ec_key.c b/src/crypto/ec/ec_key.c index 3e4456c4..1a933462 100644 --- a/src/crypto/ec/ec_key.c +++ b/src/crypto/ec/ec_key.c @@ -91,7 +91,7 @@ EC_KEY *EC_KEY_new_method(const ENGINE *engine) { return NULL; } - memset(ret, 0, sizeof(EC_KEY)); + OPENSSL_memset(ret, 0, sizeof(EC_KEY)); if (engine) { ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine); diff --git a/src/crypto/ec/ec_montgomery.c b/src/crypto/ec/ec_montgomery.c index 1253a73d..4643fd2c 100644 --- a/src/crypto/ec/ec_montgomery.c +++ b/src/crypto/ec/ec_montgomery.c @@ -71,6 +71,7 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../bn/internal.h" #include "internal.h" @@ -230,11 +231,9 @@ static int ec_GFp_mont_point_get_affine_coordinates(const EC_GROUP *group, BIGNUM *Z_1 = BN_CTX_get(ctx); BIGNUM *Z_2 = BN_CTX_get(ctx); BIGNUM *Z_3 = BN_CTX_get(ctx); - BIGNUM *field_minus_2 = BN_CTX_get(ctx); if (Z_1 == NULL || Z_2 == NULL || - Z_3 == NULL || - field_minus_2 == NULL) { + Z_3 == NULL) { goto err; } @@ -247,16 +246,12 @@ static int ec_GFp_mont_point_get_affine_coordinates(const EC_GROUP *group, * is more efficient (at least in theory) than |BN_to_montgomery|, since it * doesn't have to do the multiplication before the reduction. * - * Use Fermat's Little Theorem with |BN_mod_exp_mont_consttime| instead of - * |BN_mod_inverse_odd| since this inversion may be done as the final step - * of private key operations. Unfortunately, this is suboptimal for ECDSA - * verification. */ + * Use Fermat's Little Theorem instead of |BN_mod_inverse_odd| since this + * inversion may be done as the final step of private key operations. + * Unfortunately, this is suboptimal for ECDSA verification. */ if (!BN_from_montgomery(Z_1, &point->Z, group->mont, ctx) || !BN_from_montgomery(Z_1, Z_1, group->mont, ctx) || - !BN_copy(field_minus_2, &group->field) || - !BN_sub_word(field_minus_2, 2) || - !BN_mod_exp_mont_consttime(Z_1, Z_1, field_minus_2, &group->field, - ctx, group->mont)) { + !bn_mod_inverse_prime(Z_1, Z_1, &group->field, ctx, group->mont)) { goto err; } diff --git a/src/crypto/ec/p224-64.c b/src/crypto/ec/p224-64.c index 825bbc37..7b2ae68c 100644 --- a/src/crypto/ec/p224-64.c +++ b/src/crypto/ec/p224-64.c @@ -211,7 +211,7 @@ static void flip_endian(u8 *out, const u8 *in, size_t len) { static int BN_to_felem(felem out, const BIGNUM *bn) { /* BN_bn2bin eats leading zeroes */ felem_bytearray b_out; - memset(b_out, 0, sizeof(b_out)); + OPENSSL_memset(b_out, 0, sizeof(b_out)); size_t num_bytes = BN_num_bytes(bn); if (num_bytes > sizeof(b_out) || BN_is_negative(bn)) { @@ -860,7 +860,7 @@ static void point_add(felem x3, felem y3, felem z3, const felem x1, static void select_point(const u64 idx, size_t size, const felem pre_comp[/*size*/][3], felem out[3]) { limb *outlimbs = &out[0][0]; - memset(outlimbs, 0, 3 * sizeof(felem)); + OPENSSL_memset(outlimbs, 0, 3 * sizeof(felem)); for (size_t i = 0; i < size; i++) { const limb *inlimbs = &pre_comp[i][0][0]; @@ -885,26 +885,24 @@ static char get_bit(const felem_bytearray in, size_t i) { } /* Interleaved point multiplication using precomputed point multiples: - * The small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], - * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple + * The small point multiples 0*P, 1*P, ..., 16*P are in p_pre_comp, the scalars + * in p_scalar, if non-NULL. If g_scalar is non-NULL, we also add this multiple * of the generator, using certain (large) precomputed multiples in g_pre_comp. * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ -static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const size_t num_points, const u8 *g_scalar, - const felem pre_comp[][17][3]) { +static void batch_mul(felem x_out, felem y_out, felem z_out, const u8 *p_scalar, + const u8 *g_scalar, const felem p_pre_comp[17][3]) { felem nq[3], tmp[4]; u64 bits; u8 sign, digit; /* set nq to the point at infinity */ - memset(nq, 0, 3 * sizeof(felem)); + OPENSSL_memset(nq, 0, 3 * sizeof(felem)); - /* Loop over all scalars msb-to-lsb, interleaving additions - * of multiples of the generator (two in each of the last 28 rounds) - * and additions of other points multiples (every 5th round). */ + /* Loop over both scalars msb-to-lsb, interleaving additions of multiples of + * the generator (two in each of the last 28 rounds) and additions of p (every + * 5th round). */ int skip = 1; /* save two point operations in the first round */ - size_t i = num_points != 0 ? 220 : 27; + size_t i = p_scalar != NULL ? 220 : 27; for (;;) { /* double */ if (!skip) { @@ -925,7 +923,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */, tmp[0], tmp[1], tmp[2]); } else { - memcpy(nq, tmp, 3 * sizeof(felem)); + OPENSSL_memcpy(nq, tmp, 3 * sizeof(felem)); skip = 0; } @@ -941,30 +939,26 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, } /* do other additions every 5 doublings */ - if (num_points != 0 && i % 5 == 0) { - /* loop over all scalars */ - size_t num; - for (num = 0; num < num_points; ++num) { - bits = get_bit(scalars[num], i + 4) << 5; - bits |= get_bit(scalars[num], i + 3) << 4; - bits |= get_bit(scalars[num], i + 2) << 3; - bits |= get_bit(scalars[num], i + 1) << 2; - bits |= get_bit(scalars[num], i) << 1; - bits |= get_bit(scalars[num], i - 1); - ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); - - /* select the point to add or subtract */ - select_point(digit, 17, pre_comp[num], tmp); - felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative point */ - copy_conditional(tmp[1], tmp[3], sign); - - if (!skip) { - point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */, - tmp[0], tmp[1], tmp[2]); - } else { - memcpy(nq, tmp, 3 * sizeof(felem)); - skip = 0; - } + if (p_scalar != NULL && i % 5 == 0) { + bits = get_bit(p_scalar, i + 4) << 5; + bits |= get_bit(p_scalar, i + 3) << 4; + bits |= get_bit(p_scalar, i + 2) << 3; + bits |= get_bit(p_scalar, i + 1) << 2; + bits |= get_bit(p_scalar, i) << 1; + bits |= get_bit(p_scalar, i - 1); + ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); + + /* select the point to add or subtract */ + select_point(digit, 17, p_pre_comp, tmp); + felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative point */ + copy_conditional(tmp[1], tmp[3], sign); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */, + tmp[0], tmp[1], tmp[2]); + } else { + OPENSSL_memcpy(nq, tmp, 3 * sizeof(felem)); + skip = 0; } } @@ -1022,30 +1016,16 @@ static int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, return 1; } -static int ec_GFp_nistp224_points_mul(const EC_GROUP *group, - EC_POINT *r, - const BIGNUM *g_scalar, - const EC_POINT *p_, - const BIGNUM *p_scalar_, - BN_CTX *ctx) { - /* TODO: This function used to take |points| and |scalars| as arrays of - * |num| elements. The code below should be simplified to work in terms of - * |p_| and |p_scalar_|. */ - size_t num = p_ != NULL ? 1 : 0; - const EC_POINT **points = p_ != NULL ? &p_ : NULL; - BIGNUM const *const *scalars = p_ != NULL ? &p_scalar_ : NULL; - +static int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *g_scalar, const EC_POINT *p, + const BIGNUM *p_scalar, BN_CTX *ctx) { int ret = 0; BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; - felem_bytearray g_secret; - felem_bytearray *secrets = NULL; - felem(*pre_comp)[17][3] = NULL; + felem_bytearray g_secret, p_secret; + felem p_pre_comp[17][3]; felem_bytearray tmp; - size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; - const EC_POINT *p = NULL; - const BIGNUM *p_scalar = NULL; if (ctx == NULL) { ctx = BN_CTX_new(); @@ -1063,75 +1043,53 @@ static int ec_GFp_nistp224_points_mul(const EC_GROUP *group, goto err; } - if (num_points > 0) { - secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray)); - pre_comp = OPENSSL_malloc(num_points * sizeof(felem[17][3])); - if (secrets == NULL || - pre_comp == NULL) { - OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); + if (p != NULL && p_scalar != NULL) { + /* We treat NULL scalars as 0, and NULL points as points at infinity, i.e., + * they contribute nothing to the linear combination. */ + OPENSSL_memset(&p_secret, 0, sizeof(p_secret)); + OPENSSL_memset(&p_pre_comp, 0, sizeof(p_pre_comp)); + size_t num_bytes; + /* reduce g_scalar to 0 <= g_scalar < 2^224 */ + if (BN_num_bits(p_scalar) > 224 || BN_is_negative(p_scalar)) { + /* this is an unusual input, and we don't guarantee + * constant-timeness */ + if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else { + num_bytes = BN_bn2bin(p_scalar, tmp); + } + + flip_endian(p_secret, tmp, num_bytes); + /* precompute multiples */ + if (!BN_to_felem(x_out, &p->X) || + !BN_to_felem(y_out, &p->Y) || + !BN_to_felem(z_out, &p->Z)) { goto err; } - /* we treat NULL scalars as 0, and NULL points as points at infinity, - * i.e., they contribute nothing to the linear combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); - for (size_t i = 0; i < num_points; ++i) { - if (i == num) { - /* the generator */ - p = EC_GROUP_get0_generator(group); - p_scalar = g_scalar; - } else { - /* the i^th point */ - p = points[i]; - p_scalar = scalars[i]; - } + felem_assign(p_pre_comp[1][0], x_out); + felem_assign(p_pre_comp[1][1], y_out); + felem_assign(p_pre_comp[1][2], z_out); - if (p_scalar != NULL && p != NULL) { - size_t num_bytes; - /* reduce g_scalar to 0 <= g_scalar < 2^224 */ - if (BN_num_bits(p_scalar) > 224 || BN_is_negative(p_scalar)) { - /* this is an unusual input, and we don't guarantee - * constant-timeness */ - if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { - OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else { - num_bytes = BN_bn2bin(p_scalar, tmp); - } - - flip_endian(secrets[i], tmp, num_bytes); - /* precompute multiples */ - if (!BN_to_felem(x_out, &p->X) || - !BN_to_felem(y_out, &p->Y) || - !BN_to_felem(z_out, &p->Z)) { - goto err; - } - - felem_assign(pre_comp[i][1][0], x_out); - felem_assign(pre_comp[i][1][1], y_out); - felem_assign(pre_comp[i][1][2], z_out); - - for (size_t j = 2; j <= 16; ++j) { - if (j & 1) { - point_add(pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2], - pre_comp[i][1][0], pre_comp[i][1][1], pre_comp[i][1][2], - 0, pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); - } else { - point_double(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]); - } - } + for (size_t j = 2; j <= 16; ++j) { + if (j & 1) { + point_add(p_pre_comp[j][0], p_pre_comp[j][1], p_pre_comp[j][2], + p_pre_comp[1][0], p_pre_comp[1][1], p_pre_comp[1][2], + 0, p_pre_comp[j - 1][0], p_pre_comp[j - 1][1], + p_pre_comp[j - 1][2]); + } else { + point_double(p_pre_comp[j][0], p_pre_comp[j][1], + p_pre_comp[j][2], p_pre_comp[j / 2][0], + p_pre_comp[j / 2][1], p_pre_comp[j / 2][2]); } } } if (g_scalar != NULL) { - memset(g_secret, 0, sizeof(g_secret)); + OPENSSL_memset(g_secret, 0, sizeof(g_secret)); size_t num_bytes; /* reduce g_scalar to 0 <= g_scalar < 2^224 */ if (BN_num_bits(g_scalar) > 224 || BN_is_negative(g_scalar)) { @@ -1147,9 +1105,9 @@ static int ec_GFp_nistp224_points_mul(const EC_GROUP *group, flip_endian(g_secret, tmp, num_bytes); } - batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, - num_points, g_scalar != NULL ? g_secret : NULL, - (const felem(*)[17][3])pre_comp); + batch_mul(x_out, y_out, z_out, + (p != NULL && p_scalar != NULL) ? p_secret : NULL, + g_scalar != NULL ? g_secret : NULL, (const felem(*)[3])p_pre_comp); /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); @@ -1166,8 +1124,6 @@ static int ec_GFp_nistp224_points_mul(const EC_GROUP *group, err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); - OPENSSL_free(secrets); - OPENSSL_free(pre_comp); return ret; } diff --git a/src/crypto/ec/p256-64.c b/src/crypto/ec/p256-64.c index 6a54200d..0f32c2ee 100644 --- a/src/crypto/ec/p256-64.c +++ b/src/crypto/ec/p256-64.c @@ -108,7 +108,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) { felem_bytearray b_out; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); + OPENSSL_memset(b_out, 0, sizeof(b_out)); size_t num_bytes = BN_num_bytes(bn); if (num_bytes > sizeof(b_out)) { OPENSSL_PUT_ERROR(EC, EC_R_BIGNUM_OUT_OF_RANGE); @@ -1402,7 +1402,7 @@ static void select_point(const u64 idx, size_t size, const smallfelem pre_comp[/*size*/][3], smallfelem out[3]) { u64 *outlimbs = &out[0][0]; - memset(outlimbs, 0, 3 * sizeof(smallfelem)); + OPENSSL_memset(outlimbs, 0, 3 * sizeof(smallfelem)); for (size_t i = 0; i < size; i++) { const u64 *inlimbs = (const u64 *)&pre_comp[i][0][0]; @@ -1427,28 +1427,26 @@ static char get_bit(const felem_bytearray in, int i) { } /* Interleaved point multiplication using precomputed point multiples: The - * small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[], the scalars - * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the - * generator, using certain (large) precomputed multiples in g_pre_comp. + * small point multiples 0*P, 1*P, ..., 17*P are in p_pre_comp, the scalar + * in p_scalar, if non-NULL. If g_scalar is non-NULL, we also add this multiple + * of the generator, using certain (large) precomputed multiples in g_pre_comp. * Output point (X, Y, Z) is stored in x_out, y_out, z_out. */ -static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const size_t num_points, const u8 *g_scalar, - const smallfelem pre_comp[][17][3]) { +static void batch_mul(felem x_out, felem y_out, felem z_out, const u8 *p_scalar, + const u8 *g_scalar, const smallfelem p_pre_comp[17][3]) { felem nq[3], ftmp; smallfelem tmp[3]; u64 bits; u8 sign, digit; /* set nq to the point at infinity */ - memset(nq, 0, 3 * sizeof(felem)); + OPENSSL_memset(nq, 0, 3 * sizeof(felem)); - /* Loop over all scalars msb-to-lsb, interleaving additions of multiples - * of the generator (two in each of the last 32 rounds) and additions of - * other points multiples (every 5th round). */ + /* Loop over both scalars msb-to-lsb, interleaving additions of multiples + * of the generator (two in each of the last 32 rounds) and additions of p + * (every 5th round). */ int skip = 1; /* save two point operations in the first round */ - size_t i = num_points != 0 ? 255 : 31; + size_t i = p_scalar != NULL ? 255 : 31; for (;;) { /* double */ if (!skip) { @@ -1487,34 +1485,30 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, } /* do other additions every 5 doublings */ - if (num_points != 0 && i % 5 == 0) { - /* loop over all scalars */ - size_t num; - for (num = 0; num < num_points; ++num) { - bits = get_bit(scalars[num], i + 4) << 5; - bits |= get_bit(scalars[num], i + 3) << 4; - bits |= get_bit(scalars[num], i + 2) << 3; - bits |= get_bit(scalars[num], i + 1) << 2; - bits |= get_bit(scalars[num], i) << 1; - bits |= get_bit(scalars[num], i - 1); - ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); - - /* select the point to add or subtract, in constant time. */ - select_point(digit, 17, pre_comp[num], tmp); - smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative - * point */ - copy_small_conditional(ftmp, tmp[1], (((limb)sign) - 1)); - felem_contract(tmp[1], ftmp); - - if (!skip) { - point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */, - tmp[0], tmp[1], tmp[2]); - } else { - smallfelem_expand(nq[0], tmp[0]); - smallfelem_expand(nq[1], tmp[1]); - smallfelem_expand(nq[2], tmp[2]); - skip = 0; - } + if (p_scalar != NULL && i % 5 == 0) { + bits = get_bit(p_scalar, i + 4) << 5; + bits |= get_bit(p_scalar, i + 3) << 4; + bits |= get_bit(p_scalar, i + 2) << 3; + bits |= get_bit(p_scalar, i + 1) << 2; + bits |= get_bit(p_scalar, i) << 1; + bits |= get_bit(p_scalar, i - 1); + ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); + + /* select the point to add or subtract, in constant time. */ + select_point(digit, 17, p_pre_comp, tmp); + smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative + * point */ + copy_small_conditional(ftmp, tmp[1], (((limb)sign) - 1)); + felem_contract(tmp[1], ftmp); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */, + tmp[0], tmp[1], tmp[2]); + } else { + smallfelem_expand(nq[0], tmp[0]); + smallfelem_expand(nq[1], tmp[1]); + smallfelem_expand(nq[2], tmp[2]); + skip = 0; } } @@ -1581,31 +1575,17 @@ static int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, return 1; } -static int ec_GFp_nistp256_points_mul(const EC_GROUP *group, - EC_POINT *r, - const BIGNUM *g_scalar, - const EC_POINT *p_, - const BIGNUM *p_scalar_, - BN_CTX *ctx) { - /* TODO: This function used to take |points| and |scalars| as arrays of - * |num| elements. The code below should be simplified to work in terms of |p| - * and |p_scalar|. */ - size_t num = p_ != NULL ? 1 : 0; - const EC_POINT **points = p_ != NULL ? &p_ : NULL; - BIGNUM const *const *scalars = p_ != NULL ? &p_scalar_ : NULL; - +static int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *g_scalar, const EC_POINT *p, + const BIGNUM *p_scalar, BN_CTX *ctx) { int ret = 0; BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; - felem_bytearray g_secret; - felem_bytearray *secrets = NULL; - smallfelem(*pre_comp)[17][3] = NULL; + felem_bytearray g_secret, p_secret; + smallfelem p_pre_comp[17][3]; felem_bytearray tmp; - size_t num_points = num; smallfelem x_in, y_in, z_in; felem x_out, y_out, z_out; - const EC_POINT *p = NULL; - const BIGNUM *p_scalar = NULL; if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); @@ -1622,65 +1602,44 @@ static int ec_GFp_nistp256_points_mul(const EC_GROUP *group, goto err; } - if (num_points > 0) { - secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray)); - pre_comp = OPENSSL_malloc(num_points * sizeof(smallfelem[17][3])); - if (secrets == NULL || pre_comp == NULL) { - OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); + if (p != NULL && p_scalar != NULL) { + /* We treat NULL scalars as 0, and NULL points as points at infinity, i.e., + * they contribute nothing to the linear combination. */ + OPENSSL_memset(&p_secret, 0, sizeof(p_secret)); + OPENSSL_memset(&p_pre_comp, 0, sizeof(p_pre_comp)); + size_t num_bytes; + /* Reduce g_scalar to 0 <= g_scalar < 2^256. */ + if (BN_num_bits(p_scalar) > 256 || BN_is_negative(p_scalar)) { + /* This is an unusual input, and we don't guarantee constant-timeness. */ + if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else { + num_bytes = BN_bn2bin(p_scalar, tmp); + } + flip_endian(p_secret, tmp, num_bytes); + /* Precompute multiples. */ + if (!BN_to_felem(x_out, &p->X) || + !BN_to_felem(y_out, &p->Y) || + !BN_to_felem(z_out, &p->Z)) { goto err; } - - /* we treat NULL scalars as 0, and NULL points as points at infinity, - * i.e., they contribute nothing to the linear combination. */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem)); - for (size_t i = 0; i < num_points; ++i) { - if (i == num) { - /* we didn't have a valid precomputation, so we pick the generator. */ - p = EC_GROUP_get0_generator(group); - p_scalar = g_scalar; + felem_shrink(p_pre_comp[1][0], x_out); + felem_shrink(p_pre_comp[1][1], y_out); + felem_shrink(p_pre_comp[1][2], z_out); + for (size_t j = 2; j <= 16; ++j) { + if (j & 1) { + point_add_small(p_pre_comp[j][0], p_pre_comp[j][1], + p_pre_comp[j][2], p_pre_comp[1][0], + p_pre_comp[1][1], p_pre_comp[1][2], + p_pre_comp[j - 1][0], p_pre_comp[j - 1][1], + p_pre_comp[j - 1][2]); } else { - /* the i^th point */ - p = points[i]; - p_scalar = scalars[i]; - } - if (p_scalar != NULL && p != NULL) { - size_t num_bytes; - /* reduce g_scalar to 0 <= g_scalar < 2^256 */ - if (BN_num_bits(p_scalar) > 256 || BN_is_negative(p_scalar)) { - /* this is an unusual input, and we don't guarantee - * constant-timeness. */ - if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { - OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else { - num_bytes = BN_bn2bin(p_scalar, tmp); - } - flip_endian(secrets[i], tmp, num_bytes); - /* precompute multiples */ - if (!BN_to_felem(x_out, &p->X) || - !BN_to_felem(y_out, &p->Y) || - !BN_to_felem(z_out, &p->Z)) { - goto err; - } - felem_shrink(pre_comp[i][1][0], x_out); - felem_shrink(pre_comp[i][1][1], y_out); - felem_shrink(pre_comp[i][1][2], z_out); - for (size_t j = 2; j <= 16; ++j) { - if (j & 1) { - point_add_small(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][1][0], - pre_comp[i][1][1], pre_comp[i][1][2], - pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); - } else { - point_double_small(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]); - } - } + point_double_small(p_pre_comp[j][0], p_pre_comp[j][1], + p_pre_comp[j][2], p_pre_comp[j / 2][0], + p_pre_comp[j / 2][1], p_pre_comp[j / 2][2]); } } } @@ -1688,7 +1647,7 @@ static int ec_GFp_nistp256_points_mul(const EC_GROUP *group, if (g_scalar != NULL) { size_t num_bytes; - memset(g_secret, 0, sizeof(g_secret)); + OPENSSL_memset(g_secret, 0, sizeof(g_secret)); /* reduce g_scalar to 0 <= g_scalar < 2^256 */ if (BN_num_bits(g_scalar) > 256 || BN_is_negative(g_scalar)) { /* this is an unusual input, and we don't guarantee @@ -1703,9 +1662,10 @@ static int ec_GFp_nistp256_points_mul(const EC_GROUP *group, } flip_endian(g_secret, tmp, num_bytes); } - batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, - num_points, g_scalar != NULL ? g_secret : NULL, - (const smallfelem(*)[17][3])pre_comp); + batch_mul(x_out, y_out, z_out, + (p != NULL && p_scalar != NULL) ? p_secret : NULL, + g_scalar != NULL ? g_secret : NULL, + (const smallfelem(*)[3]) &p_pre_comp); /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); @@ -1722,8 +1682,6 @@ static int ec_GFp_nistp256_points_mul(const EC_GROUP *group, err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); - OPENSSL_free(secrets); - OPENSSL_free(pre_comp); return ret; } diff --git a/src/crypto/ec/p256-x86_64.c b/src/crypto/ec/p256-x86_64.c index 0a3be92a..24007403 100644 --- a/src/crypto/ec/p256-x86_64.c +++ b/src/crypto/ec/p256-x86_64.c @@ -208,8 +208,8 @@ static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS], return 0; } - memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS); - memcpy(out, in->d, sizeof(BN_ULONG) * in->top); + OPENSSL_memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS); + OPENSSL_memcpy(out, in->d, sizeof(BN_ULONG) * in->top); return 1; } @@ -441,7 +441,7 @@ static int ecp_nistz256_points_mul( /* Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p| * is infinity and |ONE| otherwise. |p| was computed from the table, so it * is infinity iff |wvalue >> 1| is zero. */ - memset(p.p.Z, 0, sizeof(p.p.Z)); + OPENSSL_memset(p.p.Z, 0, sizeof(p.p.Z)); copy_conditional(p.p.Z, ONE, is_not_zero(wvalue >> 1)); for (i = 1; i < 37; i++) { diff --git a/src/crypto/ec/p256-x86_64_test.cc b/src/crypto/ec/p256-x86_64_test.cc index 531edcf3..afc3b549 100644 --- a/src/crypto/ec/p256-x86_64_test.cc +++ b/src/crypto/ec/p256-x86_64_test.cc @@ -38,9 +38,9 @@ static bool TestSelectW5() { // Fill a table with some garbage input. P256_POINT table[16]; for (size_t i = 0; i < 16; i++) { - memset(table[i].X, 3 * i, sizeof(table[i].X)); - memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y)); - memset(table[i].Z, 3 * i + 2, sizeof(table[i].Z)); + OPENSSL_memset(table[i].X, 3 * i, sizeof(table[i].X)); + OPENSSL_memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y)); + OPENSSL_memset(table[i].Z, 3 * i + 2, sizeof(table[i].Z)); } for (int i = 0; i <= 16; i++) { @@ -49,12 +49,12 @@ static bool TestSelectW5() { P256_POINT expected; if (i == 0) { - memset(&expected, 0, sizeof(expected)); + OPENSSL_memset(&expected, 0, sizeof(expected)); } else { expected = table[i-1]; } - if (memcmp(&val, &expected, sizeof(P256_POINT)) != 0) { + if (OPENSSL_memcmp(&val, &expected, sizeof(P256_POINT)) != 0) { fprintf(stderr, "ecp_nistz256_select_w5(%d) gave the wrong value.\n", i); return false; } @@ -67,8 +67,8 @@ static bool TestSelectW7() { // Fill a table with some garbage input. P256_POINT_AFFINE table[64]; for (size_t i = 0; i < 64; i++) { - memset(table[i].X, 2 * i, sizeof(table[i].X)); - memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y)); + OPENSSL_memset(table[i].X, 2 * i, sizeof(table[i].X)); + OPENSSL_memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y)); } for (int i = 0; i <= 64; i++) { @@ -77,12 +77,12 @@ static bool TestSelectW7() { P256_POINT_AFFINE expected; if (i == 0) { - memset(&expected, 0, sizeof(expected)); + OPENSSL_memset(&expected, 0, sizeof(expected)); } else { expected = table[i-1]; } - if (memcmp(&val, &expected, sizeof(P256_POINT_AFFINE)) != 0) { + if (OPENSSL_memcmp(&val, &expected, sizeof(P256_POINT_AFFINE)) != 0) { fprintf(stderr, "ecp_nistz256_select_w7(%d) gave the wrong value.\n", i); return false; } @@ -105,7 +105,7 @@ static bool GetFieldElement(FileTest *t, BN_ULONG out[P256_LIMBS], // |byte| contains bytes in big-endian while |out| should contain |BN_ULONG|s // in little-endian. - memset(out, 0, P256_LIMBS * sizeof(BN_ULONG)); + OPENSSL_memset(out, 0, P256_LIMBS * sizeof(BN_ULONG)); for (size_t i = 0; i < bytes.size(); i++) { out[P256_LIMBS - 1 - (i / BN_BYTES)] <<= 8; out[P256_LIMBS - 1 - (i / BN_BYTES)] |= bytes[i]; @@ -127,7 +127,7 @@ static std::string FieldElementToString(const BN_ULONG a[P256_LIMBS]) { static bool ExpectFieldElementsEqual(FileTest *t, const char *message, const BN_ULONG expected[P256_LIMBS], const BN_ULONG actual[P256_LIMBS]) { - if (memcmp(expected, actual, sizeof(BN_ULONG) * P256_LIMBS) == 0) { + if (OPENSSL_memcmp(expected, actual, sizeof(BN_ULONG) * P256_LIMBS) == 0) { return true; } @@ -160,7 +160,7 @@ static bool PointToAffine(P256_POINT_AFFINE *out, const P256_POINT *in) { return false; } - memset(out, 0, sizeof(P256_POINT_AFFINE)); + OPENSSL_memset(out, 0, sizeof(P256_POINT_AFFINE)); if (BN_is_zero(z.get())) { // The point at infinity is represented as (0, 0). @@ -189,8 +189,8 @@ static bool PointToAffine(P256_POINT_AFFINE *out, const P256_POINT *in) { return false; } - memcpy(out->X, x->d, sizeof(BN_ULONG) * x->top); - memcpy(out->Y, y->d, sizeof(BN_ULONG) * y->top); + OPENSSL_memcpy(out->X, x->d, sizeof(BN_ULONG) * x->top); + OPENSSL_memcpy(out->Y, y->d, sizeof(BN_ULONG) * y->top); return true; } @@ -209,7 +209,7 @@ static bool ExpectPointsEqual(FileTest *t, const char *message, return false; } - if (memcmp(expected, &affine, sizeof(P256_POINT_AFFINE)) != 0) { + if (OPENSSL_memcmp(expected, &affine, sizeof(P256_POINT_AFFINE)) != 0) { t->PrintLine("%s", message); t->PrintLine("Expected: (%s, %s)", FieldElementToString(expected->X).c_str(), @@ -237,7 +237,7 @@ static bool TestNegate(FileTest *t) { return false; } - memcpy(ret, a, sizeof(ret)); + OPENSSL_memcpy(ret, a, sizeof(ret)); ecp_nistz256_neg(ret, ret); if (!ExpectFieldElementsEqual( t, "In-place ecp_nistz256_neg(A) was incorrect.", b, ret)) { @@ -251,7 +251,7 @@ static bool TestNegate(FileTest *t) { return false; } - memcpy(ret, b, sizeof(ret)); + OPENSSL_memcpy(ret, b, sizeof(ret)); ecp_nistz256_neg(ret, ret); if (!ExpectFieldElementsEqual( t, "In-place ecp_nistz256_neg(B) was incorrect.", a, ret)) { @@ -282,42 +282,42 @@ static bool TestMulMont(FileTest *t) { return false; } - memcpy(ret, a, sizeof(ret)); + OPENSSL_memcpy(ret, a, sizeof(ret)); ecp_nistz256_mul_mont(ret, ret, b); if (!ExpectFieldElementsEqual( t, "ecp_nistz256_mul_mont(ret = A, B) was incorrect.", result, ret)) { return false; } - memcpy(ret, a, sizeof(ret)); + OPENSSL_memcpy(ret, a, sizeof(ret)); ecp_nistz256_mul_mont(ret, b, ret); if (!ExpectFieldElementsEqual( t, "ecp_nistz256_mul_mont(B, ret = A) was incorrect.", result, ret)) { return false; } - memcpy(ret, b, sizeof(ret)); + OPENSSL_memcpy(ret, b, sizeof(ret)); ecp_nistz256_mul_mont(ret, a, ret); if (!ExpectFieldElementsEqual( t, "ecp_nistz256_mul_mont(A, ret = B) was incorrect.", result, ret)) { return false; } - memcpy(ret, b, sizeof(ret)); + OPENSSL_memcpy(ret, b, sizeof(ret)); ecp_nistz256_mul_mont(ret, ret, a); if (!ExpectFieldElementsEqual( t, "ecp_nistz256_mul_mont(ret = B, A) was incorrect.", result, ret)) { return false; } - if (memcmp(a, b, sizeof(a)) == 0) { + if (OPENSSL_memcmp(a, b, sizeof(a)) == 0) { ecp_nistz256_sqr_mont(ret, a); if (!ExpectFieldElementsEqual(t, "ecp_nistz256_sqr_mont(A) was incorrect.", result, ret)) { return false; } - memcpy(ret, a, sizeof(ret)); + OPENSSL_memcpy(ret, a, sizeof(ret)); ecp_nistz256_sqr_mont(ret, ret); if (!ExpectFieldElementsEqual( t, "ecp_nistz256_sqr_mont(ret = A) was incorrect.", result, ret)) { @@ -342,7 +342,7 @@ static bool TestFromMont(FileTest *t) { return false; } - memcpy(ret, a, sizeof(ret)); + OPENSSL_memcpy(ret, a, sizeof(ret)); ecp_nistz256_from_mont(ret, ret); if (!ExpectFieldElementsEqual( t, "ecp_nistz256_from_mont(ret = A) was incorrect.", result, ret)) { @@ -379,28 +379,28 @@ static bool TestPointAdd(FileTest *t) { return false; } - memcpy(&ret, &a, sizeof(ret)); + OPENSSL_memcpy(&ret, &a, sizeof(ret)); ecp_nistz256_point_add(&ret, &ret, &b); if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.", &result, &ret)) { return false; } - memcpy(&ret, &a, sizeof(ret)); + OPENSSL_memcpy(&ret, &a, sizeof(ret)); ecp_nistz256_point_add(&ret, &b, &ret); if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(B, ret = A) was incorrect.", &result, &ret)) { return false; } - memcpy(&ret, &b, sizeof(ret)); + OPENSSL_memcpy(&ret, &b, sizeof(ret)); ecp_nistz256_point_add(&ret, &a, &ret); if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.", &result, &ret)) { return false; } - memcpy(&ret, &b, sizeof(ret)); + OPENSSL_memcpy(&ret, &b, sizeof(ret)); ecp_nistz256_point_add(&ret, &ret, &a); if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = B, A) was incorrect.", &result, &ret)) { @@ -408,7 +408,7 @@ static bool TestPointAdd(FileTest *t) { } P256_POINT_AFFINE a_affine, b_affine, infinity; - memset(&infinity, 0, sizeof(infinity)); + OPENSSL_memset(&infinity, 0, sizeof(infinity)); if (!PointToAffine(&a_affine, &a) || !PointToAffine(&b_affine, &b)) { return false; @@ -416,8 +416,8 @@ static bool TestPointAdd(FileTest *t) { // ecp_nistz256_point_add_affine does not work when a == b unless doubling the // point at infinity. - if (memcmp(&a_affine, &b_affine, sizeof(a_affine)) != 0 || - memcmp(&a_affine, &infinity, sizeof(a_affine)) == 0) { + if (OPENSSL_memcmp(&a_affine, &b_affine, sizeof(a_affine)) != 0 || + OPENSSL_memcmp(&a_affine, &infinity, sizeof(a_affine)) == 0) { ecp_nistz256_point_add_affine(&ret, &a, &b_affine); if (!ExpectPointsEqual(t, "ecp_nistz256_point_add_affine(A, B) was incorrect.", @@ -425,7 +425,7 @@ static bool TestPointAdd(FileTest *t) { return false; } - memcpy(&ret, &a, sizeof(ret)); + OPENSSL_memcpy(&ret, &a, sizeof(ret)); ecp_nistz256_point_add_affine(&ret, &ret, &b_affine); if (!ExpectPointsEqual( t, "ecp_nistz256_point_add_affine(ret = A, B) was incorrect.", @@ -440,7 +440,7 @@ static bool TestPointAdd(FileTest *t) { return false; } - memcpy(&ret, &b, sizeof(ret)); + OPENSSL_memcpy(&ret, &b, sizeof(ret)); ecp_nistz256_point_add_affine(&ret, &ret, &a_affine); if (!ExpectPointsEqual( t, "ecp_nistz256_point_add_affine(ret = B, A) was incorrect.", @@ -449,7 +449,7 @@ static bool TestPointAdd(FileTest *t) { } } - if (memcmp(&a, &b, sizeof(a)) == 0) { + if (OPENSSL_memcmp(&a, &b, sizeof(a)) == 0) { ecp_nistz256_point_double(&ret, &a); if (!ExpectPointsEqual(t, "ecp_nistz256_point_double(A) was incorrect.", &result, &ret)) { diff --git a/src/crypto/ec/simple.c b/src/crypto/ec/simple.c index a1e6229c..880b717c 100644 --- a/src/crypto/ec/simple.c +++ b/src/crypto/ec/simple.c @@ -74,6 +74,7 @@ #include <openssl/mem.h> #include "internal.h" +#include "../internal.h" /* Most method functions in this file are designed to work with non-trivial @@ -988,7 +989,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, if (prod_Z == NULL) { goto err; } - memset(prod_Z, 0, num * sizeof(prod_Z[0])); + OPENSSL_memset(prod_Z, 0, num * sizeof(prod_Z[0])); for (size_t i = 0; i < num; i++) { prod_Z[i] = BN_new(); if (prod_Z[i] == NULL) { diff --git a/src/crypto/ecdh/ecdh.c b/src/crypto/ecdh/ecdh.c index 50a844ee..22b216ef 100644 --- a/src/crypto/ecdh/ecdh.c +++ b/src/crypto/ecdh/ecdh.c @@ -74,6 +74,8 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" + int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, const EC_KEY *priv_key, @@ -140,7 +142,7 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, if (buflen < outlen) { outlen = buflen; } - memcpy(out, buf, outlen); + OPENSSL_memcpy(out, buf, outlen); } if (outlen > INT_MAX) { diff --git a/src/crypto/ecdsa/ecdsa.c b/src/crypto/ecdsa/ecdsa.c index 63209929..34320819 100644 --- a/src/crypto/ecdsa/ecdsa.c +++ b/src/crypto/ecdsa/ecdsa.c @@ -60,7 +60,9 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../bn/internal.h" #include "../ec/internal.h" +#include "../internal.h" int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, @@ -88,7 +90,7 @@ int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len, /* Defend against potential laxness in the DER parser. */ size_t der_len; if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || - der_len != sig_len || memcmp(sig, der, sig_len) != 0) { + der_len != sig_len || OPENSSL_memcmp(sig, der, sig_len) != 0) { /* This should never happen. crypto/bytestring is strictly DER. */ OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR); goto err; @@ -308,12 +310,9 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, } while (BN_is_zero(r)); /* Compute the inverse of k. The order is a prime, so use Fermat's Little - * Theorem. */ - if (!BN_set_word(tmp, 2) || - !BN_sub(tmp, order, tmp) || - /* Note |ec_group_get_mont_data| may return NULL but |BN_mod_exp_mont| - * allows it to be. */ - !BN_mod_exp_mont(k, k, tmp, order, ctx, ec_group_get_mont_data(group))) { + * Theorem. Note |ec_group_get_mont_data| may return NULL but + * |bn_mod_inverse_prime| allows this. */ + if (!bn_mod_inverse_prime(k, k, order, ctx, ec_group_get_mont_data(group))) { OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } diff --git a/src/crypto/engine/engine.c b/src/crypto/engine/engine.c index f1037d40..141ed230 100644 --- a/src/crypto/engine/engine.c +++ b/src/crypto/engine/engine.c @@ -23,6 +23,8 @@ #include <openssl/rsa.h> #include <openssl/thread.h> +#include "../internal.h" + struct engine_st { RSA_METHOD *rsa_method; @@ -35,7 +37,7 @@ ENGINE *ENGINE_new(void) { return NULL; } - memset(engine, 0, sizeof(ENGINE)); + OPENSSL_memset(engine, 0, sizeof(ENGINE)); return engine; } diff --git a/src/crypto/err/err.c b/src/crypto/err/err.c index 48d631f4..cbb1260e 100644 --- a/src/crypto/err/err.c +++ b/src/crypto/err/err.c @@ -141,7 +141,7 @@ static void err_clear_data(struct err_error_st *error) { /* err_clear clears the given queued error. */ static void err_clear(struct err_error_st *error) { err_clear_data(error); - memset(error, 0, sizeof(struct err_error_st)); + OPENSSL_memset(error, 0, sizeof(struct err_error_st)); } /* global_next_library contains the next custom library value to return. */ @@ -175,7 +175,7 @@ static ERR_STATE *err_get_state(void) { if (state == NULL) { return NULL; } - memset(state, 0, sizeof(ERR_STATE)); + OPENSSL_memset(state, 0, sizeof(ERR_STATE)); if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_ERR, state, err_state_free)) { return NULL; @@ -349,7 +349,7 @@ char *ERR_error_string(uint32_t packed_error, char *ret) { #if !defined(NDEBUG) /* This is aimed to help catch callers who don't provide * |ERR_ERROR_STRING_BUF_LEN| bytes of space. */ - memset(ret, 0, ERR_ERROR_STRING_BUF_LEN); + OPENSSL_memset(ret, 0, ERR_ERROR_STRING_BUF_LEN); #endif ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN); @@ -407,7 +407,7 @@ void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) { * terminating 0). If we're setting this colon, then all whole of the * rest of the string must be colons in order to have the correct * number. */ - memset(last_pos, ':', num_colons - i); + OPENSSL_memset(last_pos, ':', num_colons - i); break; } @@ -675,7 +675,7 @@ static void err_add_error_vdata(unsigned num, va_list args) { buf = new_buf; } - memcpy(buf + len, substr, substr_len); + OPENSSL_memcpy(buf + len, substr, substr_len); len = new_len; } diff --git a/src/crypto/evp/evp.c b/src/crypto/evp/evp.c index 09160929..f0838797 100644 --- a/src/crypto/evp/evp.c +++ b/src/crypto/evp/evp.c @@ -80,7 +80,7 @@ EVP_PKEY *EVP_PKEY_new(void) { return NULL; } - memset(ret, 0, sizeof(EVP_PKEY)); + OPENSSL_memset(ret, 0, sizeof(EVP_PKEY)); ret->type = EVP_PKEY_NONE; ret->references = 1; diff --git a/src/crypto/evp/evp_asn1.c b/src/crypto/evp/evp_asn1.c index 2b24858d..6c905719 100644 --- a/src/crypto/evp/evp_asn1.c +++ b/src/crypto/evp/evp_asn1.c @@ -84,7 +84,7 @@ static int parse_key_type(CBS *cbs, int *out_type) { for (i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Methods); i++) { const EVP_PKEY_ASN1_METHOD *method = kASN1Methods[i]; if (CBS_len(&oid) == method->oid_len && - memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) { + OPENSSL_memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) { *out_type = method->pkey_id; return 1; } diff --git a/src/crypto/evp/evp_ctx.c b/src/crypto/evp/evp_ctx.c index f7d4b41b..8cf23bb6 100644 --- a/src/crypto/evp/evp_ctx.c +++ b/src/crypto/evp/evp_ctx.c @@ -61,6 +61,7 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../internal.h" #include "internal.h" @@ -105,7 +106,7 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(EVP_PKEY_CTX)); + OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX)); ret->engine = e; ret->pmeth = pmeth; @@ -159,7 +160,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) { return NULL; } - memset(rctx, 0, sizeof(EVP_PKEY_CTX)); + OPENSSL_memset(rctx, 0, sizeof(EVP_PKEY_CTX)); rctx->pmeth = pctx->pmeth; rctx->engine = pctx->engine; diff --git a/src/crypto/evp/evp_extra_test.cc b/src/crypto/evp/evp_extra_test.cc index 4d417605..2758917d 100644 --- a/src/crypto/evp/evp_extra_test.cc +++ b/src/crypto/evp/evp_extra_test.cc @@ -27,6 +27,8 @@ #include <openssl/pkcs8.h> #include <openssl/rsa.h> +#include "../internal.h" + // kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you // should never use this key anywhere but in an example. @@ -469,7 +471,7 @@ static bool TestVerifyRecover() { return false; } - if (memcmp(recovered.data(), kDummyHash, sizeof(kDummyHash)) != 0) { + if (OPENSSL_memcmp(recovered.data(), kDummyHash, sizeof(kDummyHash)) != 0) { fprintf(stderr, "verify_recover got wrong value.\n"); ERR_print_errors_fp(stderr); return false; diff --git a/src/crypto/evp/evp_test.cc b/src/crypto/evp/evp_test.cc index bfaa38aa..d03c61f0 100644 --- a/src/crypto/evp/evp_test.cc +++ b/src/crypto/evp/evp_test.cc @@ -72,6 +72,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #include <openssl/crypto.h> #include <openssl/digest.h> #include <openssl/err.h> +#include <openssl/rsa.h> #include "../test/file_test.h" @@ -113,6 +114,23 @@ static int GetKeyType(FileTest *t, const std::string &name) { return EVP_PKEY_NONE; } +static int GetRSAPadding(FileTest *t, int *out, const std::string &name) { + if (name == "PKCS1") { + *out = RSA_PKCS1_PADDING; + return true; + } + if (name == "PSS") { + *out = RSA_PKCS1_PSS_PADDING; + return true; + } + if (name == "OAEP") { + *out = RSA_PKCS1_OAEP_PADDING; + return true; + } + t->PrintLine("Unknown RSA padding mode: '%s'", name.c_str()); + return false; +} + using KeyMap = std::map<std::string, bssl::UniquePtr<EVP_PKEY>>; static bool ImportKey(FileTest *t, KeyMap *key_map, @@ -224,6 +242,25 @@ static bool TestEVP(FileTest *t, void *arg) { return false; } } + if (t->HasAttribute("RSAPadding")) { + int padding; + if (!GetRSAPadding(t, &padding, t->GetAttributeOrDie("RSAPadding")) || + !EVP_PKEY_CTX_set_rsa_padding(ctx.get(), padding)) { + return false; + } + } + if (t->HasAttribute("PSSSaltLength") && + !EVP_PKEY_CTX_set_rsa_pss_saltlen( + ctx.get(), atoi(t->GetAttributeOrDie("PSSSaltLength").c_str()))) { + return false; + } + if (t->HasAttribute("MGF1Digest")) { + const EVP_MD *digest = GetDigest(t, t->GetAttributeOrDie("MGF1Digest")); + if (digest == nullptr || + !EVP_PKEY_CTX_set_rsa_mgf1_md(ctx.get(), digest)) { + return false; + } + } if (t->GetType() == "Verify") { if (!EVP_PKEY_verify(ctx.get(), output.data(), output.size(), input.data(), diff --git a/src/crypto/evp/evp_tests.txt b/src/crypto/evp/evp_tests.txt index 7c316d81..eaee888d 100644 --- a/src/crypto/evp/evp_tests.txt +++ b/src/crypto/evp/evp_tests.txt @@ -155,6 +155,111 @@ Input = "0123456789ABCDEF1234" Output = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9 Error = BAD_SIGNATURE + +# RSA-PSS tests. + +# Zero salt length makes the output deterministic +Sign = RSA-2048 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a + +# Verify of above signature +Verify = RSA-2048-SPKI +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a + +# Wrong digest +Verify = RSA-2048-SPKI +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "00000000000000000000000000000000" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a +Error = BAD_SIGNATURE + +# Digest too short +Verify = RSA-2048-SPKI +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDE" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a +Error = INVALID_DIGEST_LENGTH + +# Digest too long +Verify = RSA-2048-SPKI +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF0" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a +Error = INVALID_DIGEST_LENGTH + +# Wrong salt length +Verify = RSA-2048 +RSAPadding = PSS +PSSSaltLength = 2 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a +Error = SLEN_CHECK_FAILED + +# Wrong MGF1 digest, SHA-1 +Verify = RSA-2048 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +MGF1Digest = SHA1 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a +# If SHA-1, this input happens to succeed recovering a salt length, but it does +# not match. +Error = SLEN_CHECK_FAILED + +# Wrong MGF1 digest, SHA-384 +Verify = RSA-2048 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +MGF1Digest = SHA384 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a +# If SHA-384, this input happens fail to recover the salt length altogether. +Error = SLEN_RECOVERY_FAILED + + +# RSA decrypt + +Decrypt = RSA-2048 +Input = 550af55a2904e7b9762352f8fb7fa235a9cb053aacb2d5fcb8ca48453cb2ee3619746c701abf2d4cc67003471a187900b05aa812bd25ed05c675dfc8c97a24a7bf49bd6214992cad766d05a9a2b57b74f26a737e0237b8b76c45f1f226a836d7cfbc75ba999bdbe48dbc09227aa46c88f21dccba7840141ad5a5d71fd122e6bd6ac3e564780dfe623fc1ca9b995a6037bf0bbd43b205a84ac5444f34202c05ce9113087176432476576de6ffff9a52ea57c08be3ec2f49676cb8e12f762ac71fa3c321e00ac988910c85ff52f93825666ce0d40ffaa0592078919d4493f46d95ccf76364c6d57760dd0b64805f9afc76a2365a5575ca301d5103f0ea76cb9a78 +Output = "Hello World" + +# Corrupted ciphertext +Decrypt = RSA-2048 +Input = 550af55a2904e7b9762352f8fb7fa235a9cb053aacb2d5fcb8ca48453cb2ee3619746c701abf2d4cc67003471a187900b05aa812bd25ed05c675dfc8c97a24a7bf49bd6214992cad766d05a9a2b57b74f26a737e0237b8b76c45f1f226a836d7cfbc75ba999bdbe48dbc09227aa46c88f21dccba7840141ad5a5d71fd122e6bd6ac3e564780dfe623fc1ca9b995a6037bf0bbd43b205a84ac5444f34202c05ce9113087176432476576de6ffff9a52ea57c08be3ec2f49676cb8e12f762ac71fa3c321e00ac988910c85ff52f93825666ce0d40ffaa0592078919d4493f46d95ccf76364c6d57760dd0b64805f9afc76a2365a5575ca301d5103f0ea76cb9a79 +Output = "Hello World" +Error = PKCS_DECODING_ERROR + +# OAEP padding +Decrypt = RSA-2048 +RSAPadding = OAEP +Input = 458708dfbd42a1297ce7a9c86c7087ab80b1754810929b89c5107ca55368587686986fce94d86cc1595b3fb736223a656ec0f34d18ba1cc5665593610f56c58e26b272d584f3d983a5c91085700755aebd921fb280bba3eda7046ec07b43e7298e52d59edc92be4639a8ce08b2f85976ecf6d98cc469eeb9d5d8e2a32ea8a6626edafe1038b3df455668a9f3c77cad8b92fb872e00058c3d2a7ede1a1f03fc5622084ae04d9d24f6bf0995c58d35b93b699b9763595e123f2ab0863cc9229eb290e2ede7715c7a8f39e0b9a3e2e1b56ebb62f1cbfbb5986fb212ebd785b83d01d968b11d1756c7337f70c1f1a63bff03608e24f3a2fd44e67f832a8701c5d5af +Output = "Hello World" + +# OAEP padding, corrupted ciphertext +Decrypt = RSA-2048 +RSAPadding = OAEP +Input = 458708dfbd42a1297ce7a9c86c7087ab80b1754810929b89c5107ca55368587686986fce94d86cc1595b3fb736223a656ec0f34d18ba1cc5665593610f56c58e26b272d584f3d983a5c91085700755aebd921fb280bba3eda7046ec07b43e7298e52d59edc92be4639a8ce08b2f85976ecf6d98cc469eeb9d5d8e2a32ea8a6626edafe1038b3df455668a9f3c77cad8b92fb872e00058c3d2a7ede1a1f03fc5622084ae04d9d24f6bf0995c58d35b93b699b9763595e123f2ab0863cc9229eb290e2ede7715c7a8f39e0b9a3e2e1b56ebb62f1cbfbb5986fb212ebd785b83d01d968b11d1756c7337f70c1f1a63bff03608e24f3a2fd44e67f832a8701c5d5ac +Output = "Hello World" +Error = OAEP_DECODING_ERROR + + # EC tests Verify = P-256 diff --git a/src/crypto/evp/p_ec.c b/src/crypto/evp/p_ec.c index f92c87cf..dc1ea6f6 100644 --- a/src/crypto/evp/p_ec.c +++ b/src/crypto/evp/p_ec.c @@ -70,6 +70,7 @@ #include "internal.h" #include "../ec/internal.h" +#include "../internal.h" typedef struct { @@ -84,7 +85,7 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) { if (!dctx) { return 0; } - memset(dctx, 0, sizeof(EC_PKEY_CTX)); + OPENSSL_memset(dctx, 0, sizeof(EC_PKEY_CTX)); ctx->data = dctx; diff --git a/src/crypto/evp/p_rsa.c b/src/crypto/evp/p_rsa.c index a2106572..ea2ba998 100644 --- a/src/crypto/evp/p_rsa.c +++ b/src/crypto/evp/p_rsa.c @@ -67,6 +67,7 @@ #include <openssl/nid.h> #include <openssl/rsa.h> +#include "../internal.h" #include "../rsa/internal.h" #include "internal.h" @@ -97,7 +98,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { if (!rctx) { return 0; } - memset(rctx, 0, sizeof(RSA_PKEY_CTX)); + OPENSSL_memset(rctx, 0, sizeof(RSA_PKEY_CTX)); rctx->nbits = 2048; rctx->pad_mode = RSA_PKCS1_PADDING; @@ -231,6 +232,11 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); case RSA_PKCS1_PSS_PADDING: + if (tbslen != EVP_MD_size(rctx->md)) { + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_DIGEST_LENGTH); + return 0; + } + if (!setup_tbuf(rctx, ctx) || !RSA_verify_raw(rsa, &rslen, rctx->tbuf, key_len, sig, siglen, RSA_NO_PADDING) || @@ -284,7 +290,7 @@ static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, return 0; } *out_len = ret; - memcpy(out, rctx->tbuf, *out_len); + OPENSSL_memcpy(out, rctx->tbuf, *out_len); return 1; } @@ -324,7 +330,7 @@ static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, } if (out != NULL) { - memcpy(out, rctx->tbuf + asn1_prefix_len, result_len); + OPENSSL_memcpy(out, rctx->tbuf + asn1_prefix_len, result_len); } *out_len = result_len; diff --git a/src/crypto/evp/pbkdf.c b/src/crypto/evp/pbkdf.c index b06b922b..1792cdc8 100644 --- a/src/crypto/evp/pbkdf.c +++ b/src/crypto/evp/pbkdf.c @@ -59,6 +59,8 @@ #include <openssl/hmac.h> +#include "../internal.h" + int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len, const uint8_t *salt, size_t salt_len, unsigned iterations, @@ -101,7 +103,7 @@ int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len, return 0; } HMAC_CTX_cleanup(&hctx); - memcpy(p, digest_tmp, cplen); + OPENSSL_memcpy(p, digest_tmp, cplen); for (j = 1; j < iterations; j++) { if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { HMAC_CTX_cleanup(&hctx_tpl); diff --git a/src/crypto/evp/pbkdf_test.cc b/src/crypto/evp/pbkdf_test.cc index 438ab644..52847001 100644 --- a/src/crypto/evp/pbkdf_test.cc +++ b/src/crypto/evp/pbkdf_test.cc @@ -20,6 +20,8 @@ #include <openssl/err.h> #include <openssl/evp.h> +#include "../internal.h" + // Prints out the data buffer as a sequence of hex bytes. static void PrintDataHex(const void *data, size_t len) { @@ -49,7 +51,7 @@ static bool TestPBKDF2(const void *password, size_t password_len, return false; } - if (memcmp(key, expected_key, key_len) != 0) { + if (OPENSSL_memcmp(key, expected_key, key_len) != 0) { fprintf(stderr, "Resulting key material does not match expectation\n"); fprintf(stderr, "Expected:\n "); PrintDataHex(expected_key, key_len); diff --git a/src/crypto/hkdf/CMakeLists.txt b/src/crypto/hkdf/CMakeLists.txt index d9db933e..3056a548 100644 --- a/src/crypto/hkdf/CMakeLists.txt +++ b/src/crypto/hkdf/CMakeLists.txt @@ -11,7 +11,7 @@ add_library( add_executable( hkdf_test - hkdf_test.c + hkdf_test.cc $<TARGET_OBJECTS:test_support> ) diff --git a/src/crypto/hkdf/hkdf.c b/src/crypto/hkdf/hkdf.c index f21cb42d..ae43b69f 100644 --- a/src/crypto/hkdf/hkdf.c +++ b/src/crypto/hkdf/hkdf.c @@ -20,6 +20,8 @@ #include <openssl/err.h> #include <openssl/hmac.h> +#include "../internal.h" + int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, const uint8_t *secret, size_t secret_len, const uint8_t *salt, @@ -95,7 +97,7 @@ int HKDF_expand(uint8_t *out_key, size_t out_len, const EVP_MD *digest, if (done + todo > out_len) { todo = out_len - done; } - memcpy(out_key + done, previous, todo); + OPENSSL_memcpy(out_key + done, previous, todo); done += todo; } diff --git a/src/crypto/hkdf/hkdf_test.c b/src/crypto/hkdf/hkdf_test.cc index 4499cc05..164fa1f1 100644 --- a/src/crypto/hkdf/hkdf_test.c +++ b/src/crypto/hkdf/hkdf_test.cc @@ -24,7 +24,7 @@ #include "../test/test_util.h" -typedef struct { +struct HKDFTestVector { const EVP_MD *(*md_func)(void); const uint8_t ikm[80]; const size_t ikm_len; @@ -36,10 +36,10 @@ typedef struct { const size_t prk_len; const size_t out_len; const uint8_t out[82]; -} hkdf_test_vector_t; +}; /* These test vectors are from RFC 5869. */ -static const hkdf_test_vector_t kTests[] = { +static const HKDFTestVector kTests[] = { { EVP_sha256, { @@ -248,13 +248,12 @@ static const hkdf_test_vector_t kTests[] = { }; int main(void) { - uint8_t buf[82], prk[EVP_MAX_MD_SIZE]; - size_t i, prk_len; - CRYPTO_library_init(); - for (i = 0; i < OPENSSL_ARRAY_SIZE(kTests); i++) { - const hkdf_test_vector_t *test = &kTests[i]; + for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTests); i++) { + const HKDFTestVector *test = &kTests[i]; + uint8_t prk[EVP_MAX_MD_SIZE]; + size_t prk_len; if (!HKDF_extract(prk, &prk_len, test->md_func(), test->ikm, test->ikm_len, test->salt, test->salt_len)) { fprintf(stderr, "Call to HKDF_extract failed\n"); @@ -262,17 +261,18 @@ int main(void) { return 1; } if (prk_len != test->prk_len || - memcmp(prk, test->prk, test->prk_len) != 0) { + OPENSSL_memcmp(prk, test->prk, test->prk_len) != 0) { fprintf(stderr, "%zu: Resulting PRK does not match test vector\n", i); return 1; } + uint8_t buf[82]; if (!HKDF_expand(buf, test->out_len, test->md_func(), prk, prk_len, test->info, test->info_len)) { fprintf(stderr, "Call to HKDF_expand failed\n"); ERR_print_errors_fp(stderr); return 1; } - if (memcmp(buf, test->out, test->out_len) != 0) { + if (OPENSSL_memcmp(buf, test->out, test->out_len) != 0) { fprintf(stderr, "%zu: Resulting key material does not match test vector\n", i); return 1; @@ -284,7 +284,7 @@ int main(void) { ERR_print_errors_fp(stderr); return 1; } - if (memcmp(buf, test->out, test->out_len) != 0) { + if (OPENSSL_memcmp(buf, test->out, test->out_len) != 0) { fprintf(stderr, "%zu: Resulting key material does not match test vector\n", i); return 1; @@ -292,6 +292,5 @@ int main(void) { } printf("PASS\n"); - ERR_free_strings(); return 0; } diff --git a/src/crypto/hmac/hmac.c b/src/crypto/hmac/hmac.c index 2eae9e8b..a2526678 100644 --- a/src/crypto/hmac/hmac.c +++ b/src/crypto/hmac/hmac.c @@ -62,6 +62,8 @@ #include <openssl/digest.h> #include <openssl/mem.h> +#include "../internal.h" + uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, const uint8_t *data, size_t data_len, uint8_t *out, @@ -130,12 +132,12 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, } } else { assert(key_len <= sizeof(key_block)); - memcpy(key_block, key, key_len); + OPENSSL_memcpy(key_block, key, key_len); key_block_len = (unsigned)key_len; } /* Keys are then padded with zeros. */ if (key_block_len != EVP_MAX_MD_BLOCK_SIZE) { - memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len); + OPENSSL_memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len); } for (size_t i = 0; i < EVP_MAX_MD_BLOCK_SIZE; i++) { diff --git a/src/crypto/internal.h b/src/crypto/internal.h index 896cc3ba..27249567 100644 --- a/src/crypto/internal.h +++ b/src/crypto/internal.h @@ -112,6 +112,8 @@ #include <openssl/ex_data.h> #include <openssl/thread.h> +#include <string.h> + #if defined(_MSC_VER) #if !defined(__cplusplus) || _MSC_VER < 1900 #define alignas(x) __declspec(align(x)) @@ -520,6 +522,85 @@ OPENSSL_EXPORT void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj, CRYPTO_EX_DATA *ad); +/* Language bug workarounds. + * + * Most C standard library functions are undefined if passed NULL, even when the + * corresponding length is zero. This gives them (and, in turn, all functions + * which call them) surprising behavior on empty arrays. Some compilers will + * miscompile code due to this rule. See also + * https://www.imperialviolet.org/2016/06/26/nonnull.html + * + * These wrapper functions behave the same as the corresponding C standard + * functions, but behave as expected when passed NULL if the length is zero. + * + * Note |OPENSSL_memcmp| is a different function from |CRYPTO_memcmp|. */ + +/* C++ defines |memchr| as a const-correct overload. */ +#if defined(__cplusplus) +extern "C++" { + +static inline const void *OPENSSL_memchr(const void *s, int c, size_t n) { + if (n == 0) { + return NULL; + } + + return memchr(s, c, n); +} + +static inline void *OPENSSL_memchr(void *s, int c, size_t n) { + if (n == 0) { + return NULL; + } + + return memchr(s, c, n); +} + +} /* extern "C++" */ +#else /* __cplusplus */ + +static inline void *OPENSSL_memchr(const void *s, int c, size_t n) { + if (n == 0) { + return NULL; + } + + return memchr(s, c, n); +} + +#endif /* __cplusplus */ + +static inline int OPENSSL_memcmp(const void *s1, const void *s2, size_t n) { + if (n == 0) { + return 0; + } + + return memcmp(s1, s2, n); +} + +static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) { + if (n == 0) { + return dst; + } + + return memcpy(dst, src, n); +} + +static inline void *OPENSSL_memmove(void *dst, const void *src, size_t n) { + if (n == 0) { + return dst; + } + + return memmove(dst, src, n); +} + +static inline void *OPENSSL_memset(void *dst, int c, size_t n) { + if (n == 0) { + return dst; + } + + return memset(dst, c, n); +} + + #if defined(__cplusplus) } /* extern C */ #endif diff --git a/src/crypto/lhash/CMakeLists.txt b/src/crypto/lhash/CMakeLists.txt index 4f4dea7c..bd6005ba 100644 --- a/src/crypto/lhash/CMakeLists.txt +++ b/src/crypto/lhash/CMakeLists.txt @@ -11,7 +11,7 @@ add_library( add_executable( lhash_test - lhash_test.c + lhash_test.cc $<TARGET_OBJECTS:test_support> ) diff --git a/src/crypto/lhash/lhash.c b/src/crypto/lhash/lhash.c index 233f34fa..27960d98 100644 --- a/src/crypto/lhash/lhash.c +++ b/src/crypto/lhash/lhash.c @@ -62,6 +62,9 @@ #include <openssl/mem.h> +#include "../internal.h" + + /* kMinNumBuckets is the minimum size of the buckets array in an |_LHASH|. */ static const size_t kMinNumBuckets = 16; @@ -71,13 +74,11 @@ static const size_t kMaxAverageChainLength = 2; static const size_t kMinAverageChainLength = 1; _LHASH *lh_new(lhash_hash_func hash, lhash_cmp_func comp) { - _LHASH *ret; - - ret = OPENSSL_malloc(sizeof(_LHASH)); + _LHASH *ret = OPENSSL_malloc(sizeof(_LHASH)); if (ret == NULL) { return NULL; } - memset(ret, 0, sizeof(_LHASH)); + OPENSSL_memset(ret, 0, sizeof(_LHASH)); ret->num_buckets = kMinNumBuckets; ret->buckets = OPENSSL_malloc(sizeof(LHASH_ITEM *) * ret->num_buckets); @@ -85,17 +86,10 @@ _LHASH *lh_new(lhash_hash_func hash, lhash_cmp_func comp) { OPENSSL_free(ret); return NULL; } - memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets); + OPENSSL_memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets); ret->comp = comp; - if (ret->comp == NULL) { - ret->comp = (lhash_cmp_func) strcmp; - } ret->hash = hash; - if (ret->hash == NULL) { - ret->hash = (lhash_hash_func) lh_strhash; - } - return ret; } @@ -173,7 +167,7 @@ static void lh_rebucket(_LHASH *lh, const size_t new_num_buckets) { if (new_buckets == NULL) { return; } - memset(new_buckets, 0, alloc_size); + OPENSSL_memset(new_buckets, 0, alloc_size); for (i = 0; i < lh->num_buckets; i++) { for (cur = lh->buckets[i]; cur != NULL; cur = next) { diff --git a/src/crypto/lhash/lhash_test.c b/src/crypto/lhash/lhash_test.c deleted file mode 100644 index 309b765d..00000000 --- a/src/crypto/lhash/lhash_test.c +++ /dev/null @@ -1,203 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 201410L -#endif - -#include <openssl/crypto.h> -#include <openssl/lhash.h> - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -struct dummy_lhash_node { - char *s; - struct dummy_lhash_node *next; -}; - -struct dummy_lhash { - struct dummy_lhash_node *head; -}; - -static void dummy_lh_free(struct dummy_lhash *lh) { - struct dummy_lhash_node *cur, *next; - - for (cur = lh->head; cur != NULL; cur = next) { - next = cur->next; - free(cur->s); - free(cur); - } -} - -static size_t dummy_lh_num_items(const struct dummy_lhash *lh) { - size_t count = 0; - struct dummy_lhash_node *cur; - - for (cur = lh->head; cur != NULL; cur = cur->next) { - count++; - } - - return count; -} - -static char *dummy_lh_retrieve(struct dummy_lhash *lh, const char *s) { - struct dummy_lhash_node *cur; - - for (cur = lh->head; cur != NULL; cur = cur->next) { - if (strcmp(cur->s, s) == 0) { - return cur->s; - } - } - - return NULL; -} - -static int dummy_lh_insert(struct dummy_lhash *lh, char **old_data, char *s) { - struct dummy_lhash_node *node, *cur; - - for (cur = lh->head; cur != NULL; cur = cur->next) { - if (strcmp(cur->s, s) == 0) { - *old_data = cur->s; - cur->s = s; - return 1; - } - } - - node = malloc(sizeof(struct dummy_lhash_node)); - *old_data = NULL; - node->s = s; - node->next = lh->head; - lh->head = node; - return 1; -} - -static char *dummy_lh_delete(struct dummy_lhash *lh, const void *s) { - struct dummy_lhash_node *cur, **next_ptr; - char *ret; - - next_ptr = &lh->head; - for (cur = lh->head; cur != NULL; cur = cur->next) { - if (strcmp(cur->s, s) == 0) { - ret = cur->s; - *next_ptr = cur->next; - free(cur); - return ret; - } - next_ptr = &cur->next; - } - - return NULL; -} - -static char *rand_string(void) { - unsigned len = 1 + (rand() % 3); - char *ret = malloc(len + 1); - unsigned i; - - for (i = 0; i < len; i++) { - ret[i] = '0' + (rand() & 7); - } - ret[i] = 0; - - return ret; -} - -int main(int argc, char **argv) { - _LHASH *lh; - struct dummy_lhash dummy_lh = {NULL}; - unsigned i; - - CRYPTO_library_init(); - - lh = lh_new(NULL, NULL); - if (lh == NULL) { - return 1; - } - - for (i = 0; i < 100000; i++) { - unsigned action; - char *s, *s1, *s2; - - if (dummy_lh_num_items(&dummy_lh) != lh_num_items(lh)) { - fprintf(stderr, "Length mismatch\n"); - return 1; - } - - action = rand() % 3; - switch (action) { - case 0: - s = rand_string(); - s1 = (char *)lh_retrieve(lh, s); - s2 = dummy_lh_retrieve(&dummy_lh, s); - if (s1 != NULL && (s2 == NULL || strcmp(s1, s2) != 0)) { - fprintf(stderr, "lh_retrieve failure\n"); - abort(); - } - free(s); - break; - - case 1: - s = rand_string(); - lh_insert(lh, (void **)&s1, s); -#if defined(OPENSSL_WINDOWS) - dummy_lh_insert(&dummy_lh, &s2, _strdup(s)); -#else - dummy_lh_insert(&dummy_lh, &s2, strdup(s)); -#endif - - if (s1 != NULL && (s2 == NULL || strcmp(s1, s2) != 0)) { - fprintf(stderr, "lh_insert failure\n"); - abort(); - } - - if (s1) { - free(s1); - } - if (s2) { - free(s2); - } - break; - - case 2: - s = rand_string(); - s1 = lh_delete(lh, s); - s2 = dummy_lh_delete(&dummy_lh, s); - - if (s1 != NULL && (s2 == NULL || strcmp(s1, s2) != 0)) { - fprintf(stderr, "lh_insert failure\n"); - abort(); - } - - if (s1) { - free(s1); - } - if (s2) { - free(s2); - } - free(s); - break; - - default: - abort(); - } - } - - lh_doall(lh, free); - lh_free(lh); - dummy_lh_free(&dummy_lh); - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/lhash/lhash_test.cc b/src/crypto/lhash/lhash_test.cc new file mode 100644 index 00000000..cbeb15b1 --- /dev/null +++ b/src/crypto/lhash/lhash_test.cc @@ -0,0 +1,161 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#if !defined(_POSIX_C_SOURCE) +#define _POSIX_C_SOURCE 201410L +#endif + +#include <openssl/crypto.h> +#include <openssl/lhash.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <algorithm> +#include <memory> +#include <map> +#include <string> +#include <utility> +#include <vector> + + +static std::unique_ptr<char[]> RandString(void) { + unsigned len = 1 + (rand() % 3); + std::unique_ptr<char[]> ret(new char[len + 1]); + + for (unsigned i = 0; i < len; i++) { + ret[i] = '0' + (rand() & 7); + } + ret[len] = 0; + + return ret; +} + +struct FreeLHASH { + void operator()(_LHASH *lh) { lh_free(lh); } +}; + +static const char *Lookup( + std::map<std::string, std::unique_ptr<char[]>> *dummy_lh, const char *key) { + // Using operator[] implicitly inserts into the map. + auto iter = dummy_lh->find(key); + if (iter == dummy_lh->end()) { + return nullptr; + } + return iter->second.get(); +} + +int main(int argc, char **argv) { + CRYPTO_library_init(); + + std::unique_ptr<_LHASH, FreeLHASH> lh( + lh_new((lhash_hash_func)lh_strhash, (lhash_cmp_func)strcmp)); + if (!lh) { + return 1; + } + + // lh is expected to store a canonical instance of each string. dummy_lh + // mirrors what it stores for comparison. It also manages ownership of the + // pointers. + std::map<std::string, std::unique_ptr<char[]>> dummy_lh; + + for (unsigned i = 0; i < 100000; i++) { + if (dummy_lh.size() != lh_num_items(lh.get())) { + fprintf(stderr, "Length mismatch\n"); + return 1; + } + + // Check the entire contents and test |lh_doall_arg|. This takes O(N) time, + // so only do it every few iterations. + // + // TODO(davidben): |lh_doall_arg| also supports modifying the hash in the + // callback. Test this. + if (i % 1000 == 0) { + using ValueList = std::vector<const char *>; + ValueList expected, actual; + for (const auto &pair : dummy_lh) { + expected.push_back(pair.second.get()); + } + std::sort(expected.begin(), expected.end()); + + lh_doall_arg(lh.get(), + [](void *ptr, void *arg) { + ValueList *out = reinterpret_cast<ValueList *>(arg); + out->push_back(reinterpret_cast<char *>(ptr)); + }, + &actual); + std::sort(actual.begin(), actual.end()); + + if (expected != actual) { + fprintf(stderr, "Contents mismatch\n"); + return 1; + } + } + + enum Action { + kRetrieve = 0, + kInsert, + kDelete, + }; + + Action action = static_cast<Action>(rand() % 3); + switch (action) { + case kRetrieve: { + std::unique_ptr<char[]> key = RandString(); + void *value = lh_retrieve(lh.get(), key.get()); + if (value != Lookup(&dummy_lh, key.get())) { + fprintf(stderr, "lh_retrieve failure\n"); + return 1; + } + break; + } + + case kInsert: { + std::unique_ptr<char[]> key = RandString(); + void *previous; + if (!lh_insert(lh.get(), &previous, key.get())) { + return 1; + } + + if (previous != Lookup(&dummy_lh, key.get())) { + fprintf(stderr, "lh_insert failure\n"); + return 1; + } + + dummy_lh[key.get()] = std::move(key); + break; + } + + case kDelete: { + std::unique_ptr<char[]> key = RandString(); + void *value = lh_delete(lh.get(), key.get()); + + if (value != Lookup(&dummy_lh, key.get())) { + fprintf(stderr, "lh_delete failure\n"); + return 1; + } + + dummy_lh.erase(key.get()); + break; + } + + default: + abort(); + } + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/md4/md4.c b/src/crypto/md4/md4.c index 7da3ec86..0046c217 100644 --- a/src/crypto/md4/md4.c +++ b/src/crypto/md4/md4.c @@ -59,6 +59,8 @@ #include <stdlib.h> #include <string.h> +#include "../internal.h" + uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) { MD4_CTX ctx; @@ -72,7 +74,7 @@ uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) { /* Implemented from RFC1186 The MD4 Message-Digest Algorithm. */ int MD4_Init(MD4_CTX *md4) { - memset(md4, 0, sizeof(MD4_CTX)); + OPENSSL_memset(md4, 0, sizeof(MD4_CTX)); md4->h[0] = 0x67452301UL; md4->h[1] = 0xefcdab89UL; md4->h[2] = 0x98badcfeUL; diff --git a/src/crypto/md5/md5.c b/src/crypto/md5/md5.c index a66fa7fc..7712f475 100644 --- a/src/crypto/md5/md5.c +++ b/src/crypto/md5/md5.c @@ -60,6 +60,8 @@ #include <openssl/mem.h> +#include "../internal.h" + uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) { MD5_CTX ctx; @@ -78,7 +80,7 @@ uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) { } int MD5_Init(MD5_CTX *md5) { - memset(md5, 0, sizeof(MD5_CTX)); + OPENSSL_memset(md5, 0, sizeof(MD5_CTX)); md5->h[0] = 0x67452301UL; md5->h[1] = 0xefcdab89UL; md5->h[2] = 0x98badcfeUL; diff --git a/src/crypto/mem.c b/src/crypto/mem.c index ee34767a..390ca2e7 100644 --- a/src/crypto/mem.c +++ b/src/crypto/mem.c @@ -73,6 +73,8 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #include <strings.h> #endif +#include "internal.h" + void *OPENSSL_realloc_clean(void *ptr, size_t old_size, size_t new_size) { if (ptr == NULL) { @@ -94,7 +96,7 @@ void *OPENSSL_realloc_clean(void *ptr, size_t old_size, size_t new_size) { return NULL; } - memcpy(ret, ptr, old_size); + OPENSSL_memcpy(ret, ptr, old_size); OPENSSL_cleanse(ptr, old_size); OPENSSL_free(ptr); return ret; @@ -104,7 +106,7 @@ void OPENSSL_cleanse(void *ptr, size_t len) { #if defined(OPENSSL_WINDOWS) SecureZeroMemory(ptr, len); #else - memset(ptr, 0, len); + OPENSSL_memset(ptr, 0, len); #if !defined(OPENSSL_NO_ASM) /* As best as we can tell, this is sufficient to break any optimisations that diff --git a/src/crypto/modes/cbc.c b/src/crypto/modes/cbc.c index 6e9fe24c..12d551ce 100644 --- a/src/crypto/modes/cbc.c +++ b/src/crypto/modes/cbc.c @@ -103,7 +103,7 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len, out += 16; } - memcpy(ivec, iv, 16); + OPENSSL_memcpy(ivec, iv, 16); } void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, @@ -154,7 +154,7 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, out += 16; } } - memcpy(ivec, iv, 16); + OPENSSL_memcpy(ivec, iv, 16); } else { /* |out| is less than two blocks behind |in|. Decrypting an input block * directly to |out| would overwrite a ciphertext block before it is used as diff --git a/src/crypto/modes/cfb.c b/src/crypto/modes/cfb.c index 51b883e8..af15255b 100644 --- a/src/crypto/modes/cfb.c +++ b/src/crypto/modes/cfb.c @@ -167,7 +167,7 @@ static void cfbr_encrypt_block(const uint8_t *in, uint8_t *out, unsigned nbits, } /* fill in the first half of the new IV with the current IV */ - memcpy(ovec, ivec, 16); + OPENSSL_memcpy(ovec, ivec, 16); /* construct the new IV */ (*block)(ivec, ivec, key); num = (nbits + 7) / 8; @@ -186,7 +186,7 @@ static void cfbr_encrypt_block(const uint8_t *in, uint8_t *out, unsigned nbits, rem = nbits % 8; num = nbits / 8; if (rem == 0) { - memcpy(ivec, ovec + num, 16); + OPENSSL_memcpy(ivec, ovec + num, 16); } else { for (n = 0; n < 16; ++n) { ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); diff --git a/src/crypto/modes/ctr.c b/src/crypto/modes/ctr.c index b84e72c5..c026d154 100644 --- a/src/crypto/modes/ctr.c +++ b/src/crypto/modes/ctr.c @@ -202,7 +202,7 @@ void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, in += blocks; } if (len) { - memset(ecount_buf, 0, 16); + OPENSSL_memset(ecount_buf, 0, 16); (*func)(ecount_buf, ecount_buf, 1, key, ivec); ++ctr32; PUTU32(ivec + 12, ctr32); diff --git a/src/crypto/modes/gcm.c b/src/crypto/modes/gcm.c index 3b793e82..df68c405 100644 --- a/src/crypto/modes/gcm.c +++ b/src/crypto/modes/gcm.c @@ -363,7 +363,7 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, uint8_t c[16]; } H; - memcpy(H.c, gcm_key, 16); + OPENSSL_memcpy(H.c, gcm_key, 16); /* H is stored in host byte order */ H.u[0] = CRYPTO_bswap8(H.u[0]); @@ -426,11 +426,11 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *aes_key, block128_f block) { - memset(ctx, 0, sizeof(*ctx)); + OPENSSL_memset(ctx, 0, sizeof(*ctx)); ctx->block = block; uint8_t gcm_key[16]; - memset(gcm_key, 0, sizeof(gcm_key)); + OPENSSL_memset(gcm_key, 0, sizeof(gcm_key)); (*block)(gcm_key, gcm_key, aes_key); CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, ctx->Htable, gcm_key); @@ -453,7 +453,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const void *key, ctx->mres = 0; if (len == 12) { - memcpy(ctx->Yi.c, iv, 12); + OPENSSL_memcpy(ctx->Yi.c, iv, 12); ctx->Yi.c[15] = 1; ctr = 1; } else { @@ -1060,7 +1060,8 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) { void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) { CRYPTO_gcm128_finish(ctx, NULL, 0); - memcpy(tag, ctx->Xi.c, len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c)); + OPENSSL_memcpy(tag, ctx->Xi.c, + len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c)); } #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) diff --git a/src/crypto/modes/gcm_test.cc b/src/crypto/modes/gcm_test.cc index 8baf20e2..1a5e0343 100644 --- a/src/crypto/modes/gcm_test.cc +++ b/src/crypto/modes/gcm_test.cc @@ -350,7 +350,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) { CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len); - memset(out, 0, plaintext_len); + OPENSSL_memset(out, 0, plaintext_len); if (additional_data) { CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len); } @@ -358,7 +358,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) { CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext, out, plaintext_len); } if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) || - (ciphertext && memcmp(out, ciphertext, plaintext_len) != 0)) { + (ciphertext && OPENSSL_memcmp(out, ciphertext, plaintext_len) != 0)) { fprintf(stderr, "%u: encrypt failed.\n", test_num); hexdump(stderr, "got :", out, plaintext_len); hexdump(stderr, "want:", ciphertext, plaintext_len); @@ -366,7 +366,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) { } CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len); - memset(out, 0, plaintext_len); + OPENSSL_memset(out, 0, plaintext_len); if (additional_data) { CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len); } @@ -377,7 +377,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) { fprintf(stderr, "%u: decrypt failed.\n", test_num); goto out; } - if (plaintext && memcmp(out, plaintext, plaintext_len)) { + if (plaintext && OPENSSL_memcmp(out, plaintext, plaintext_len)) { fprintf(stderr, "%u: plaintext doesn't match.\n", test_num); goto out; } diff --git a/src/crypto/modes/internal.h b/src/crypto/modes/internal.h index a53da044..9b579fab 100644 --- a/src/crypto/modes/internal.h +++ b/src/crypto/modes/internal.h @@ -53,6 +53,8 @@ #include <string.h> +#include "../internal.h" + #if defined(__cplusplus) extern "C" { #endif @@ -100,13 +102,13 @@ static inline uint64_t CRYPTO_bswap8(uint64_t x) { static inline uint32_t GETU32(const void *in) { uint32_t v; - memcpy(&v, in, sizeof(v)); + OPENSSL_memcpy(&v, in, sizeof(v)); return CRYPTO_bswap4(v); } static inline void PUTU32(void *out, uint32_t v) { v = CRYPTO_bswap4(v); - memcpy(out, &v, sizeof(v)); + OPENSSL_memcpy(out, &v, sizeof(v)); } static inline uint32_t GETU32_aligned(const void *in) { diff --git a/src/crypto/modes/ofb.c b/src/crypto/modes/ofb.c index 0ee95ca4..95d15c3d 100644 --- a/src/crypto/modes/ofb.c +++ b/src/crypto/modes/ofb.c @@ -73,11 +73,11 @@ void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { size_t a, b; - memcpy(&a, in + n, sizeof(size_t)); - memcpy(&b, ivec + n, sizeof(size_t)); + OPENSSL_memcpy(&a, in + n, sizeof(size_t)); + OPENSSL_memcpy(&b, ivec + n, sizeof(size_t)); const size_t c = a ^ b; - memcpy(out + n, &c, sizeof(size_t)); + OPENSSL_memcpy(out + n, &c, sizeof(size_t)); } len -= 16; out += 16; diff --git a/src/crypto/modes/polyval.c b/src/crypto/modes/polyval.c index c5121a18..125b2569 100644 --- a/src/crypto/modes/polyval.c +++ b/src/crypto/modes/polyval.c @@ -54,11 +54,11 @@ static void reverse_and_mulX_ghash(polyval_block *b) { void CRYPTO_POLYVAL_init(struct polyval_ctx *ctx, const uint8_t key[16]) { polyval_block H; - memcpy(H.c, key, 16); + OPENSSL_memcpy(H.c, key, 16); reverse_and_mulX_ghash(&H); CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, ctx->Htable, H.c); - memset(&ctx->S, 0, sizeof(ctx->S)); + OPENSSL_memset(&ctx->S, 0, sizeof(ctx->S)); } void CRYPTO_POLYVAL_update_blocks(struct polyval_ctx *ctx, const uint8_t *in, @@ -71,7 +71,8 @@ void CRYPTO_POLYVAL_update_blocks(struct polyval_ctx *ctx, const uint8_t *in, if (todo > sizeof(reversed)) { todo = sizeof(reversed); } - memcpy(reversed, in, todo); + OPENSSL_memcpy(reversed, in, todo); + in += todo; in_len -= todo; size_t blocks = todo / sizeof(polyval_block); @@ -86,7 +87,7 @@ void CRYPTO_POLYVAL_update_blocks(struct polyval_ctx *ctx, const uint8_t *in, void CRYPTO_POLYVAL_finish(const struct polyval_ctx *ctx, uint8_t out[16]) { polyval_block S = ctx->S; byte_reverse(&S); - memcpy(out, &S.c, sizeof(polyval_block)); + OPENSSL_memcpy(out, &S.c, sizeof(polyval_block)); } diff --git a/src/crypto/obj/README b/src/crypto/obj/README index 6199fb4b..797bb68d 100644 --- a/src/crypto/obj/README +++ b/src/crypto/obj/README @@ -1,37 +1,15 @@ -OID information is generated via a series of perl scripts. In order, the full -list of commands to run are: +The files nid.h, obj_mac.num, and obj_dat.h are generated from objects.txt and +obj_mac.num. To regenerate them, run: - perl objects.pl objects.txt obj_mac.num ../../include/openssl/nid.h - perl obj_dat.pl ../../include/openssl/nid.h obj_dat.h - perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h + go run objects.go objects.txt contains the list of all built-in OIDs. It is processed by -objects.pl to output obj_mac.num and nid.h. obj_mac.num is the list of NID -values for each OID. This is an input/output parameter so NID values are stable -across regenerations. nid.h is the header which defines macros for all the -built-in OIDs in C. +objects.go to output obj_mac.num, obj_dat.h, and nid.h. -nid.h is read by obj_dat.pl to generate obj_dat.h. obj_dat.h contains the -ASN1_OBJECTs corresponding to built-in OIDs themselves along with lookup tables -for search by short name, OID, etc. +obj_mac.num is the list of NID values for each OID. This is an input/output +file so NID values are stable across regenerations. -obj_mac.num and obj_xref.txt are read by obj_xref.pl to generate -obj_xref.h. obj_xref.txt links signature OIDs to corresponding public key -algorithms and digests. obj_xref.h contains lookup tables for querying this -information in both directions. +nid.h is the header which defines macros for all the built-in OIDs in C. -Dependency graph: - - objects.txt - | - V - [objects.pl] <--+ - / \ | - V V | - nid.h obj_mac.num obj_xref.txt - | \ / - V V V - [obj_dat.pl] [obj_xref.pl] - | | - V V - obj_dat.h obj_xref.h +obj_dat.h contains the ASN1_OBJECTs corresponding to built-in OIDs themselves +along with lookup tables for search by short name, OID, etc. diff --git a/src/crypto/obj/obj.c b/src/crypto/obj/obj.c index c44ffc88..173257fa 100644 --- a/src/crypto/obj/obj.c +++ b/src/crypto/obj/obj.c @@ -123,7 +123,7 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { goto err; } if (o->data != NULL) { - memcpy(data, o->data, o->length); + OPENSSL_memcpy(data, o->data, o->length); } /* once data is attached to an object, it remains const */ @@ -169,7 +169,7 @@ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { if (ret) { return ret; } - return memcmp(a->data, b->data, a->length); + return OPENSSL_memcmp(a->data, b->data, a->length); } /* obj_cmp is called to search the kNIDsInOIDOrder array. The |key| argument is @@ -185,7 +185,7 @@ static int obj_cmp(const void *key, const void *element) { } else if (a->length > b->length) { return 1; } - return memcmp(a->data, b->data, a->length); + return OPENSSL_memcmp(a->data, b->data, a->length); } int OBJ_obj2nid(const ASN1_OBJECT *obj) { @@ -211,7 +211,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *obj) { } CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); - nid_ptr = bsearch(obj, kNIDsInOIDOrder, NUM_OBJ, sizeof(unsigned), obj_cmp); + nid_ptr = bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder), + sizeof(kNIDsInOIDOrder[0]), obj_cmp); if (nid_ptr == NULL) { return NID_undef; } @@ -225,7 +226,7 @@ int OBJ_cbs2nid(const CBS *cbs) { } ASN1_OBJECT obj; - memset(&obj, 0, sizeof(obj)); + OPENSSL_memset(&obj, 0, sizeof(obj)); obj.data = CBS_data(cbs); obj.length = (int)CBS_len(cbs); @@ -258,7 +259,9 @@ int OBJ_sn2nid(const char *short_name) { } CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); - nid_ptr = bsearch(short_name, kNIDsInShortNameOrder, NUM_SN, sizeof(unsigned), short_name_cmp); + nid_ptr = bsearch(short_name, kNIDsInShortNameOrder, + OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder), + sizeof(kNIDsInShortNameOrder[0]), short_name_cmp); if (nid_ptr == NULL) { return NID_undef; } @@ -292,7 +295,9 @@ int OBJ_ln2nid(const char *long_name) { } CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock); - nid_ptr = bsearch(long_name, kNIDsInLongNameOrder, NUM_LN, sizeof(unsigned), long_name_cmp); + nid_ptr = bsearch(long_name, kNIDsInLongNameOrder, + OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder), + sizeof(kNIDsInLongNameOrder[0]), long_name_cmp); if (nid_ptr == NULL) { return NID_undef; } @@ -543,7 +548,7 @@ static int cmp_data(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { if (i) { return i; } - return memcmp(a->data, b->data, a->length); + return OPENSSL_memcmp(a->data, b->data, a->length); } static uint32_t hash_short_name(const ASN1_OBJECT *obj) { diff --git a/src/crypto/obj/obj_dat.h b/src/crypto/obj/obj_dat.h index 1d779de6..4905f0d0 100644 --- a/src/crypto/obj/obj_dat.h +++ b/src/crypto/obj/obj_dat.h @@ -1,7 +1,3 @@ -/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the - * following command: - * perl obj_dat.pl ../../include/openssl/nid.h obj_dat.h */ - /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,5197 +54,6123 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* This file is generated by crypto/obj/objects.go. */ + #define NUM_NID 949 -#define NUM_SN 941 -#define NUM_LN 941 -#define NUM_OBJ 876 -static const unsigned char lvalues[6176]={ -0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */ -0x55, /* [ 82] OBJ_X500 */ -0x55,0x04, /* [ 83] OBJ_X509 */ -0x55,0x04,0x03, /* [ 85] OBJ_commonName */ -0x55,0x04,0x06, /* [ 88] OBJ_countryName */ -0x55,0x04,0x07, /* [ 91] OBJ_localityName */ -0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ -0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ -0x55,0x04,0x0B, /* [100] OBJ_organizationalUnitName */ -0x55,0x08,0x01,0x01, /* [103] OBJ_rsa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [107] OBJ_pkcs7 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [169] OBJ_pkcs3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */ -0x2B,0x0E,0x03,0x02,0x06, /* [186] OBJ_des_ecb */ -0x2B,0x0E,0x03,0x02,0x09, /* [191] OBJ_des_cfb64 */ -0x2B,0x0E,0x03,0x02,0x07, /* [196] OBJ_des_cbc */ -0x2B,0x0E,0x03,0x02,0x11, /* [201] OBJ_des_ede_ecb */ -0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [217] OBJ_rc2_cbc */ -0x2B,0x0E,0x03,0x02,0x12, /* [225] OBJ_sha */ -0x2B,0x0E,0x03,0x02,0x0F, /* [230] OBJ_shaWithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [235] OBJ_des_ede3_cbc */ -0x2B,0x0E,0x03,0x02,0x08, /* [243] OBJ_des_ofb64 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [248] OBJ_pkcs9 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [337] OBJ_netscape */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [344] OBJ_netscape_cert_extension */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [352] OBJ_netscape_data_type */ -0x2B,0x0E,0x03,0x02,0x1A, /* [360] OBJ_sha1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */ -0x2B,0x0E,0x03,0x02,0x0D, /* [374] OBJ_dsaWithSHA */ -0x2B,0x0E,0x03,0x02,0x0C, /* [379] OBJ_dsa_2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */ -0x2B,0x0E,0x03,0x02,0x1B, /* [402] OBJ_dsaWithSHA1_2 */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */ -0x55,0x1D, /* [488] OBJ_id_ce */ -0x55,0x1D,0x0E, /* [490] OBJ_subject_key_identifier */ -0x55,0x1D,0x0F, /* [493] OBJ_key_usage */ -0x55,0x1D,0x10, /* [496] OBJ_private_key_usage_period */ -0x55,0x1D,0x11, /* [499] OBJ_subject_alt_name */ -0x55,0x1D,0x12, /* [502] OBJ_issuer_alt_name */ -0x55,0x1D,0x13, /* [505] OBJ_basic_constraints */ -0x55,0x1D,0x14, /* [508] OBJ_crl_number */ -0x55,0x1D,0x20, /* [511] OBJ_certificate_policies */ -0x55,0x1D,0x23, /* [514] OBJ_authority_key_identifier */ -0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */ -0x55,0x08,0x03,0x65, /* [526] OBJ_mdc2 */ -0x55,0x08,0x03,0x64, /* [530] OBJ_mdc2WithRSA */ -0x55,0x04,0x2A, /* [534] OBJ_givenName */ -0x55,0x04,0x04, /* [537] OBJ_surname */ -0x55,0x04,0x2B, /* [540] OBJ_initials */ -0x55,0x1D,0x1F, /* [543] OBJ_crl_distribution_points */ -0x2B,0x0E,0x03,0x02,0x03, /* [546] OBJ_md5WithRSA */ -0x55,0x04,0x05, /* [551] OBJ_serialNumber */ -0x55,0x04,0x0C, /* [554] OBJ_title */ -0x55,0x04,0x0D, /* [557] OBJ_description */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */ -0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [578] OBJ_dsaWithSHA1 */ -0x2B,0x0E,0x03,0x02,0x1D, /* [585] OBJ_sha1WithRSA */ -0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [590] OBJ_dsa */ -0x2B,0x24,0x03,0x02,0x01, /* [597] OBJ_ripemd160 */ -0x2B,0x24,0x03,0x03,0x01,0x02, /* [602] OBJ_ripemd160WithRSA */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [608] OBJ_rc5_cbc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [616] OBJ_zlib_compression */ -0x55,0x1D,0x25, /* [627] OBJ_ext_key_usage */ -0x2B,0x06,0x01,0x05,0x05,0x07, /* [630] OBJ_id_pkix */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [636] OBJ_id_kp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [643] OBJ_server_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [651] OBJ_client_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [659] OBJ_code_sign */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [667] OBJ_email_protect */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [675] OBJ_time_stamp */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [683] OBJ_ms_code_ind */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [693] OBJ_ms_code_com */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [703] OBJ_ms_ctl_sign */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [713] OBJ_ms_sgc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [723] OBJ_ms_efs */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [733] OBJ_ns_sgc */ -0x55,0x1D,0x1B, /* [742] OBJ_delta_crl */ -0x55,0x1D,0x15, /* [745] OBJ_crl_reason */ -0x55,0x1D,0x18, /* [748] OBJ_invalidity_date */ -0x2B,0x65,0x01,0x04,0x01, /* [751] OBJ_sxnet */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [756] OBJ_pbe_WithSHA1And128BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [766] OBJ_pbe_WithSHA1And40BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [776] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [786] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [796] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [806] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [816] OBJ_keyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [827] OBJ_pkcs8ShroudedKeyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [838] OBJ_certBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [849] OBJ_crlBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [860] OBJ_secretBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [871] OBJ_safeContentsBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [882] OBJ_friendlyName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [891] OBJ_localKeyID */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [900] OBJ_x509Certificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [910] OBJ_sdsiCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [920] OBJ_x509Crl */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [930] OBJ_pbes2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [939] OBJ_pbmac1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [948] OBJ_hmacWithSHA1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [956] OBJ_id_qt_cps */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [964] OBJ_id_qt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [972] OBJ_SMIMECapabilities */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [981] OBJ_pbeWithMD2AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [990] OBJ_pbeWithMD5AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [999] OBJ_pbeWithSHA1AndDES_CBC */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1008] OBJ_ms_ext_req */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1018] OBJ_ext_req */ -0x55,0x04,0x29, /* [1027] OBJ_name */ -0x55,0x04,0x2E, /* [1030] OBJ_dnQualifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1033] OBJ_id_pe */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1040] OBJ_id_ad */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1047] OBJ_info_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1055] OBJ_ad_OCSP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1063] OBJ_ad_ca_issuers */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1071] OBJ_OCSP_sign */ -0x2A, /* [1079] OBJ_member_body */ -0x2A,0x86,0x48, /* [1080] OBJ_ISO_US */ -0x2A,0x86,0x48,0xCE,0x38, /* [1083] OBJ_X9_57 */ -0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1088] OBJ_X9cm */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1094] OBJ_pkcs1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1102] OBJ_pkcs5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1110] OBJ_SMIME */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1119] OBJ_id_smime_mod */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1129] OBJ_id_smime_ct */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1139] OBJ_id_smime_aa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1149] OBJ_id_smime_alg */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1159] OBJ_id_smime_cd */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1169] OBJ_id_smime_spq */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1179] OBJ_id_smime_cti */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1189] OBJ_id_smime_mod_cms */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1200] OBJ_id_smime_mod_ess */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1211] OBJ_id_smime_mod_oid */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1222] OBJ_id_smime_mod_msg_v3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1233] OBJ_id_smime_mod_ets_eSignature_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1244] OBJ_id_smime_mod_ets_eSignature_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1255] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1266] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1277] OBJ_id_smime_ct_receipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1288] OBJ_id_smime_ct_authData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1299] OBJ_id_smime_ct_publishCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1310] OBJ_id_smime_ct_TSTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1321] OBJ_id_smime_ct_TDTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1332] OBJ_id_smime_ct_contentInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1343] OBJ_id_smime_ct_DVCSRequestData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1354] OBJ_id_smime_ct_DVCSResponseData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1365] OBJ_id_smime_aa_receiptRequest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1376] OBJ_id_smime_aa_securityLabel */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1387] OBJ_id_smime_aa_mlExpandHistory */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1398] OBJ_id_smime_aa_contentHint */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1409] OBJ_id_smime_aa_msgSigDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1420] OBJ_id_smime_aa_encapContentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1431] OBJ_id_smime_aa_contentIdentifier */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1442] OBJ_id_smime_aa_macValue */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1453] OBJ_id_smime_aa_equivalentLabels */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1464] OBJ_id_smime_aa_contentReference */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1475] OBJ_id_smime_aa_encrypKeyPref */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1486] OBJ_id_smime_aa_signingCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1497] OBJ_id_smime_aa_smimeEncryptCerts */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1508] OBJ_id_smime_aa_timeStampToken */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1519] OBJ_id_smime_aa_ets_sigPolicyId */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1530] OBJ_id_smime_aa_ets_commitmentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1541] OBJ_id_smime_aa_ets_signerLocation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1552] OBJ_id_smime_aa_ets_signerAttr */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1563] OBJ_id_smime_aa_ets_otherSigCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1574] OBJ_id_smime_aa_ets_contentTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1585] OBJ_id_smime_aa_ets_CertificateRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1596] OBJ_id_smime_aa_ets_RevocationRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1607] OBJ_id_smime_aa_ets_certValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1618] OBJ_id_smime_aa_ets_revocationValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1629] OBJ_id_smime_aa_ets_escTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1640] OBJ_id_smime_aa_ets_certCRLTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1651] OBJ_id_smime_aa_ets_archiveTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1662] OBJ_id_smime_aa_signatureType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1673] OBJ_id_smime_aa_dvcs_dvc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1684] OBJ_id_smime_alg_ESDHwith3DES */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1695] OBJ_id_smime_alg_ESDHwithRC2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1706] OBJ_id_smime_alg_3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1717] OBJ_id_smime_alg_RC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1728] OBJ_id_smime_alg_ESDH */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1739] OBJ_id_smime_alg_CMS3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1750] OBJ_id_smime_alg_CMSRC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1761] OBJ_id_smime_cd_ldap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1772] OBJ_id_smime_spq_ets_sqt_uri */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1783] OBJ_id_smime_spq_ets_sqt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1794] OBJ_id_smime_cti_ets_proofOfOrigin */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1805] OBJ_id_smime_cti_ets_proofOfReceipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1816] OBJ_id_smime_cti_ets_proofOfDelivery */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1827] OBJ_id_smime_cti_ets_proofOfSender */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1838] OBJ_id_smime_cti_ets_proofOfApproval */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1849] OBJ_id_smime_cti_ets_proofOfCreation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1860] OBJ_md4 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1868] OBJ_id_pkix_mod */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1875] OBJ_id_qt */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1882] OBJ_id_it */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1889] OBJ_id_pkip */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1896] OBJ_id_alg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1903] OBJ_id_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1910] OBJ_id_on */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1917] OBJ_id_pda */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1924] OBJ_id_aca */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1931] OBJ_id_qcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1938] OBJ_id_cct */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1945] OBJ_id_pkix1_explicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1953] OBJ_id_pkix1_implicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1961] OBJ_id_pkix1_explicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1969] OBJ_id_pkix1_implicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1977] OBJ_id_mod_crmf */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1985] OBJ_id_mod_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1993] OBJ_id_mod_kea_profile_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2001] OBJ_id_mod_kea_profile_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2009] OBJ_id_mod_cmp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2017] OBJ_id_mod_qualified_cert_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2025] OBJ_id_mod_qualified_cert_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2033] OBJ_id_mod_attribute_cert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2041] OBJ_id_mod_timestamp_protocol */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2049] OBJ_id_mod_ocsp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2057] OBJ_id_mod_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2065] OBJ_id_mod_cmp2000 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2073] OBJ_biometricInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2081] OBJ_qcStatements */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2089] OBJ_ac_auditEntity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2097] OBJ_ac_targeting */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2105] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2113] OBJ_sbgp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2121] OBJ_sbgp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2129] OBJ_sbgp_routerIdentifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2137] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2145] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2153] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2161] OBJ_ipsecUser */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2169] OBJ_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2177] OBJ_id_it_caProtEncCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2185] OBJ_id_it_signKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2193] OBJ_id_it_encKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2201] OBJ_id_it_preferredSymmAlg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2209] OBJ_id_it_caKeyUpdateInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2217] OBJ_id_it_currentCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2225] OBJ_id_it_unsupportedOIDs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2233] OBJ_id_it_subscriptionRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2241] OBJ_id_it_subscriptionResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2249] OBJ_id_it_keyPairParamReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2257] OBJ_id_it_keyPairParamRep */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2265] OBJ_id_it_revPassphrase */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2273] OBJ_id_it_implicitConfirm */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2281] OBJ_id_it_confirmWaitTime */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2289] OBJ_id_it_origPKIMessage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2297] OBJ_id_regCtrl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2305] OBJ_id_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2313] OBJ_id_regCtrl_regToken */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2322] OBJ_id_regCtrl_authenticator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2331] OBJ_id_regCtrl_pkiPublicationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2340] OBJ_id_regCtrl_pkiArchiveOptions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2349] OBJ_id_regCtrl_oldCertID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2358] OBJ_id_regCtrl_protocolEncrKey */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2367] OBJ_id_regInfo_utf8Pairs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2376] OBJ_id_regInfo_certReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2385] OBJ_id_alg_des40 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2393] OBJ_id_alg_noSignature */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2401] OBJ_id_alg_dh_sig_hmac_sha1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2409] OBJ_id_alg_dh_pop */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2417] OBJ_id_cmc_statusInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2425] OBJ_id_cmc_identification */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2433] OBJ_id_cmc_identityProof */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2441] OBJ_id_cmc_dataReturn */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2449] OBJ_id_cmc_transactionId */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2457] OBJ_id_cmc_senderNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2465] OBJ_id_cmc_recipientNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2473] OBJ_id_cmc_addExtensions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2481] OBJ_id_cmc_encryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2489] OBJ_id_cmc_decryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2497] OBJ_id_cmc_lraPOPWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2505] OBJ_id_cmc_getCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2513] OBJ_id_cmc_getCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2521] OBJ_id_cmc_revokeRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2529] OBJ_id_cmc_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2537] OBJ_id_cmc_responseInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2545] OBJ_id_cmc_queryPending */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2553] OBJ_id_cmc_popLinkRandom */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2561] OBJ_id_cmc_popLinkWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2569] OBJ_id_cmc_confirmCertAcceptance */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2577] OBJ_id_on_personalData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2585] OBJ_id_pda_dateOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2593] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2601] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2609] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2617] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2625] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2633] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2641] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2649] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2657] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2665] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2673] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2681] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2689] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2697] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2705] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2713] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2722] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2731] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2740] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2749] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2758] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2767] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2776] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2785] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2794] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2803] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2812] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2816] OBJ_rsaSignature */ -0x55,0x08, /* [2821] OBJ_X500algorithms */ -0x2B, /* [2823] OBJ_org */ -0x2B,0x06, /* [2824] OBJ_dod */ -0x2B,0x06,0x01, /* [2826] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2829] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2833] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2837] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2841] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2845] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2849] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2853] OBJ_Mail */ -0x2B,0x06,0x01,0x04,0x01, /* [2857] OBJ_Enterprises */ -0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2862] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2871] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2881] OBJ_Domain */ -0x55,0x01,0x05, /* [2891] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2894] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2898] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2907] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2915] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2923] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2931] OBJ_role */ -0x55,0x1D,0x24, /* [2934] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2937] OBJ_target_information */ -0x55,0x1D,0x38, /* [2940] OBJ_no_rev_avail */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2943] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2948] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2955] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2962] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2969] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2977] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2985] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2993] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3001] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3009] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3017] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3025] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3032] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3041] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3050] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3059] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3068] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3077] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3086] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3095] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3104] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3113] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3122] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3131] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3140] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3149] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3152] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3159] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3166] OBJ_hold_instruction_reject */ -0x09, /* [3173] OBJ_data */ -0x09,0x92,0x26, /* [3174] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3177] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3184] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3192] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3201] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3210] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3219] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3228] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3238] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3248] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3258] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3268] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3278] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3288] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3298] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3308] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3318] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3328] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3338] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3348] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3358] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3368] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3378] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3388] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3398] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3408] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3418] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3428] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3438] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3448] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3458] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3468] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3478] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3488] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3498] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3508] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3518] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3528] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3538] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3548] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3558] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3568] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3578] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3588] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3598] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3608] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3618] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3628] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3638] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3648] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3658] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3668] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3678] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3688] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3698] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3708] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3718] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3728] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3738] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3748] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3758] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3768] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3778] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3788] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3798] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3808] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3818] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3828] OBJ_documentPublisher */ -0x55,0x04,0x2D, /* [3838] OBJ_x500UniqueIdentifier */ -0x2B,0x06,0x01,0x07,0x01, /* [3841] OBJ_mime_mhs */ -0x2B,0x06,0x01,0x07,0x01,0x01, /* [3846] OBJ_mime_mhs_headings */ -0x2B,0x06,0x01,0x07,0x01,0x02, /* [3852] OBJ_mime_mhs_bodies */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3858] OBJ_id_hex_partial_message */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3865] OBJ_id_hex_multipart_message */ -0x55,0x04,0x2C, /* [3872] OBJ_generationQualifier */ -0x55,0x04,0x41, /* [3875] OBJ_pseudonym */ -0x67,0x2A, /* [3878] OBJ_id_set */ -0x67,0x2A,0x00, /* [3880] OBJ_set_ctype */ -0x67,0x2A,0x01, /* [3883] OBJ_set_msgExt */ -0x67,0x2A,0x03, /* [3886] OBJ_set_attr */ -0x67,0x2A,0x05, /* [3889] OBJ_set_policy */ -0x67,0x2A,0x07, /* [3892] OBJ_set_certExt */ -0x67,0x2A,0x08, /* [3895] OBJ_set_brand */ -0x67,0x2A,0x00,0x00, /* [3898] OBJ_setct_PANData */ -0x67,0x2A,0x00,0x01, /* [3902] OBJ_setct_PANToken */ -0x67,0x2A,0x00,0x02, /* [3906] OBJ_setct_PANOnly */ -0x67,0x2A,0x00,0x03, /* [3910] OBJ_setct_OIData */ -0x67,0x2A,0x00,0x04, /* [3914] OBJ_setct_PI */ -0x67,0x2A,0x00,0x05, /* [3918] OBJ_setct_PIData */ -0x67,0x2A,0x00,0x06, /* [3922] OBJ_setct_PIDataUnsigned */ -0x67,0x2A,0x00,0x07, /* [3926] OBJ_setct_HODInput */ -0x67,0x2A,0x00,0x08, /* [3930] OBJ_setct_AuthResBaggage */ -0x67,0x2A,0x00,0x09, /* [3934] OBJ_setct_AuthRevReqBaggage */ -0x67,0x2A,0x00,0x0A, /* [3938] OBJ_setct_AuthRevResBaggage */ -0x67,0x2A,0x00,0x0B, /* [3942] OBJ_setct_CapTokenSeq */ -0x67,0x2A,0x00,0x0C, /* [3946] OBJ_setct_PInitResData */ -0x67,0x2A,0x00,0x0D, /* [3950] OBJ_setct_PI_TBS */ -0x67,0x2A,0x00,0x0E, /* [3954] OBJ_setct_PResData */ -0x67,0x2A,0x00,0x10, /* [3958] OBJ_setct_AuthReqTBS */ -0x67,0x2A,0x00,0x11, /* [3962] OBJ_setct_AuthResTBS */ -0x67,0x2A,0x00,0x12, /* [3966] OBJ_setct_AuthResTBSX */ -0x67,0x2A,0x00,0x13, /* [3970] OBJ_setct_AuthTokenTBS */ -0x67,0x2A,0x00,0x14, /* [3974] OBJ_setct_CapTokenData */ -0x67,0x2A,0x00,0x15, /* [3978] OBJ_setct_CapTokenTBS */ -0x67,0x2A,0x00,0x16, /* [3982] OBJ_setct_AcqCardCodeMsg */ -0x67,0x2A,0x00,0x17, /* [3986] OBJ_setct_AuthRevReqTBS */ -0x67,0x2A,0x00,0x18, /* [3990] OBJ_setct_AuthRevResData */ -0x67,0x2A,0x00,0x19, /* [3994] OBJ_setct_AuthRevResTBS */ -0x67,0x2A,0x00,0x1A, /* [3998] OBJ_setct_CapReqTBS */ -0x67,0x2A,0x00,0x1B, /* [4002] OBJ_setct_CapReqTBSX */ -0x67,0x2A,0x00,0x1C, /* [4006] OBJ_setct_CapResData */ -0x67,0x2A,0x00,0x1D, /* [4010] OBJ_setct_CapRevReqTBS */ -0x67,0x2A,0x00,0x1E, /* [4014] OBJ_setct_CapRevReqTBSX */ -0x67,0x2A,0x00,0x1F, /* [4018] OBJ_setct_CapRevResData */ -0x67,0x2A,0x00,0x20, /* [4022] OBJ_setct_CredReqTBS */ -0x67,0x2A,0x00,0x21, /* [4026] OBJ_setct_CredReqTBSX */ -0x67,0x2A,0x00,0x22, /* [4030] OBJ_setct_CredResData */ -0x67,0x2A,0x00,0x23, /* [4034] OBJ_setct_CredRevReqTBS */ -0x67,0x2A,0x00,0x24, /* [4038] OBJ_setct_CredRevReqTBSX */ -0x67,0x2A,0x00,0x25, /* [4042] OBJ_setct_CredRevResData */ -0x67,0x2A,0x00,0x26, /* [4046] OBJ_setct_PCertReqData */ -0x67,0x2A,0x00,0x27, /* [4050] OBJ_setct_PCertResTBS */ -0x67,0x2A,0x00,0x28, /* [4054] OBJ_setct_BatchAdminReqData */ -0x67,0x2A,0x00,0x29, /* [4058] OBJ_setct_BatchAdminResData */ -0x67,0x2A,0x00,0x2A, /* [4062] OBJ_setct_CardCInitResTBS */ -0x67,0x2A,0x00,0x2B, /* [4066] OBJ_setct_MeAqCInitResTBS */ -0x67,0x2A,0x00,0x2C, /* [4070] OBJ_setct_RegFormResTBS */ -0x67,0x2A,0x00,0x2D, /* [4074] OBJ_setct_CertReqData */ -0x67,0x2A,0x00,0x2E, /* [4078] OBJ_setct_CertReqTBS */ -0x67,0x2A,0x00,0x2F, /* [4082] OBJ_setct_CertResData */ -0x67,0x2A,0x00,0x30, /* [4086] OBJ_setct_CertInqReqTBS */ -0x67,0x2A,0x00,0x31, /* [4090] OBJ_setct_ErrorTBS */ -0x67,0x2A,0x00,0x32, /* [4094] OBJ_setct_PIDualSignedTBE */ -0x67,0x2A,0x00,0x33, /* [4098] OBJ_setct_PIUnsignedTBE */ -0x67,0x2A,0x00,0x34, /* [4102] OBJ_setct_AuthReqTBE */ -0x67,0x2A,0x00,0x35, /* [4106] OBJ_setct_AuthResTBE */ -0x67,0x2A,0x00,0x36, /* [4110] OBJ_setct_AuthResTBEX */ -0x67,0x2A,0x00,0x37, /* [4114] OBJ_setct_AuthTokenTBE */ -0x67,0x2A,0x00,0x38, /* [4118] OBJ_setct_CapTokenTBE */ -0x67,0x2A,0x00,0x39, /* [4122] OBJ_setct_CapTokenTBEX */ -0x67,0x2A,0x00,0x3A, /* [4126] OBJ_setct_AcqCardCodeMsgTBE */ -0x67,0x2A,0x00,0x3B, /* [4130] OBJ_setct_AuthRevReqTBE */ -0x67,0x2A,0x00,0x3C, /* [4134] OBJ_setct_AuthRevResTBE */ -0x67,0x2A,0x00,0x3D, /* [4138] OBJ_setct_AuthRevResTBEB */ -0x67,0x2A,0x00,0x3E, /* [4142] OBJ_setct_CapReqTBE */ -0x67,0x2A,0x00,0x3F, /* [4146] OBJ_setct_CapReqTBEX */ -0x67,0x2A,0x00,0x40, /* [4150] OBJ_setct_CapResTBE */ -0x67,0x2A,0x00,0x41, /* [4154] OBJ_setct_CapRevReqTBE */ -0x67,0x2A,0x00,0x42, /* [4158] OBJ_setct_CapRevReqTBEX */ -0x67,0x2A,0x00,0x43, /* [4162] OBJ_setct_CapRevResTBE */ -0x67,0x2A,0x00,0x44, /* [4166] OBJ_setct_CredReqTBE */ -0x67,0x2A,0x00,0x45, /* [4170] OBJ_setct_CredReqTBEX */ -0x67,0x2A,0x00,0x46, /* [4174] OBJ_setct_CredResTBE */ -0x67,0x2A,0x00,0x47, /* [4178] OBJ_setct_CredRevReqTBE */ -0x67,0x2A,0x00,0x48, /* [4182] OBJ_setct_CredRevReqTBEX */ -0x67,0x2A,0x00,0x49, /* [4186] OBJ_setct_CredRevResTBE */ -0x67,0x2A,0x00,0x4A, /* [4190] OBJ_setct_BatchAdminReqTBE */ -0x67,0x2A,0x00,0x4B, /* [4194] OBJ_setct_BatchAdminResTBE */ -0x67,0x2A,0x00,0x4C, /* [4198] OBJ_setct_RegFormReqTBE */ -0x67,0x2A,0x00,0x4D, /* [4202] OBJ_setct_CertReqTBE */ -0x67,0x2A,0x00,0x4E, /* [4206] OBJ_setct_CertReqTBEX */ -0x67,0x2A,0x00,0x4F, /* [4210] OBJ_setct_CertResTBE */ -0x67,0x2A,0x00,0x50, /* [4214] OBJ_setct_CRLNotificationTBS */ -0x67,0x2A,0x00,0x51, /* [4218] OBJ_setct_CRLNotificationResTBS */ -0x67,0x2A,0x00,0x52, /* [4222] OBJ_setct_BCIDistributionTBS */ -0x67,0x2A,0x01,0x01, /* [4226] OBJ_setext_genCrypt */ -0x67,0x2A,0x01,0x03, /* [4230] OBJ_setext_miAuth */ -0x67,0x2A,0x01,0x04, /* [4234] OBJ_setext_pinSecure */ -0x67,0x2A,0x01,0x05, /* [4238] OBJ_setext_pinAny */ -0x67,0x2A,0x01,0x07, /* [4242] OBJ_setext_track2 */ -0x67,0x2A,0x01,0x08, /* [4246] OBJ_setext_cv */ -0x67,0x2A,0x05,0x00, /* [4250] OBJ_set_policy_root */ -0x67,0x2A,0x07,0x00, /* [4254] OBJ_setCext_hashedRoot */ -0x67,0x2A,0x07,0x01, /* [4258] OBJ_setCext_certType */ -0x67,0x2A,0x07,0x02, /* [4262] OBJ_setCext_merchData */ -0x67,0x2A,0x07,0x03, /* [4266] OBJ_setCext_cCertRequired */ -0x67,0x2A,0x07,0x04, /* [4270] OBJ_setCext_tunneling */ -0x67,0x2A,0x07,0x05, /* [4274] OBJ_setCext_setExt */ -0x67,0x2A,0x07,0x06, /* [4278] OBJ_setCext_setQualf */ -0x67,0x2A,0x07,0x07, /* [4282] OBJ_setCext_PGWYcapabilities */ -0x67,0x2A,0x07,0x08, /* [4286] OBJ_setCext_TokenIdentifier */ -0x67,0x2A,0x07,0x09, /* [4290] OBJ_setCext_Track2Data */ -0x67,0x2A,0x07,0x0A, /* [4294] OBJ_setCext_TokenType */ -0x67,0x2A,0x07,0x0B, /* [4298] OBJ_setCext_IssuerCapabilities */ -0x67,0x2A,0x03,0x00, /* [4302] OBJ_setAttr_Cert */ -0x67,0x2A,0x03,0x01, /* [4306] OBJ_setAttr_PGWYcap */ -0x67,0x2A,0x03,0x02, /* [4310] OBJ_setAttr_TokenType */ -0x67,0x2A,0x03,0x03, /* [4314] OBJ_setAttr_IssCap */ -0x67,0x2A,0x03,0x00,0x00, /* [4318] OBJ_set_rootKeyThumb */ -0x67,0x2A,0x03,0x00,0x01, /* [4323] OBJ_set_addPolicy */ -0x67,0x2A,0x03,0x02,0x01, /* [4328] OBJ_setAttr_Token_EMV */ -0x67,0x2A,0x03,0x02,0x02, /* [4333] OBJ_setAttr_Token_B0Prime */ -0x67,0x2A,0x03,0x03,0x03, /* [4338] OBJ_setAttr_IssCap_CVM */ -0x67,0x2A,0x03,0x03,0x04, /* [4343] OBJ_setAttr_IssCap_T2 */ -0x67,0x2A,0x03,0x03,0x05, /* [4348] OBJ_setAttr_IssCap_Sig */ -0x67,0x2A,0x03,0x03,0x03,0x01, /* [4353] OBJ_setAttr_GenCryptgrm */ -0x67,0x2A,0x03,0x03,0x04,0x01, /* [4359] OBJ_setAttr_T2Enc */ -0x67,0x2A,0x03,0x03,0x04,0x02, /* [4365] OBJ_setAttr_T2cleartxt */ -0x67,0x2A,0x03,0x03,0x05,0x01, /* [4371] OBJ_setAttr_TokICCsig */ -0x67,0x2A,0x03,0x03,0x05,0x02, /* [4377] OBJ_setAttr_SecDevSig */ -0x67,0x2A,0x08,0x01, /* [4383] OBJ_set_brand_IATA_ATA */ -0x67,0x2A,0x08,0x1E, /* [4387] OBJ_set_brand_Diners */ -0x67,0x2A,0x08,0x22, /* [4391] OBJ_set_brand_AmericanExpress */ -0x67,0x2A,0x08,0x23, /* [4395] OBJ_set_brand_JCB */ -0x67,0x2A,0x08,0x04, /* [4399] OBJ_set_brand_Visa */ -0x67,0x2A,0x08,0x05, /* [4403] OBJ_set_brand_MasterCard */ -0x67,0x2A,0x08,0xAE,0x7B, /* [4407] OBJ_set_brand_Novus */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4412] OBJ_des_cdmf */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4420] OBJ_rsaOAEPEncryptionSET */ -0x67, /* [4429] OBJ_international_organizations */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4430] OBJ_ms_smartcard_login */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4440] OBJ_ms_upn */ -0x55,0x04,0x09, /* [4450] OBJ_streetAddress */ -0x55,0x04,0x11, /* [4453] OBJ_postalCode */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4456] OBJ_id_ppl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4463] OBJ_proxyCertInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4471] OBJ_id_ppl_anyLanguage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4479] OBJ_id_ppl_inheritAll */ -0x55,0x1D,0x1E, /* [4487] OBJ_name_constraints */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4490] OBJ_Independent */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4498] OBJ_sha256WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4507] OBJ_sha384WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4516] OBJ_sha512WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4525] OBJ_sha224WithRSAEncryption */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4534] OBJ_sha256 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4543] OBJ_sha384 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4552] OBJ_sha512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4561] OBJ_sha224 */ -0x2B, /* [4570] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4571] OBJ_certicom_arc */ -0x67,0x2B, /* [4574] OBJ_wap */ -0x67,0x2B,0x01, /* [4576] OBJ_wap_wsg */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4579] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4587] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4596] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4605] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4614] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4622] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4630] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4638] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4646] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4654] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4662] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4670] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4678] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4686] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4694] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4702] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4710] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4718] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4726] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4734] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4742] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4750] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4758] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4766] OBJ_X9_62_c2tnb431r1 */ -0x2B,0x81,0x04,0x00,0x06, /* [4774] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4779] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4784] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4789] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4794] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4799] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4804] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4809] OBJ_secp192k1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4814] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4819] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4824] OBJ_secp256k1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4829] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4834] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4839] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4844] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4849] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4854] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4859] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4864] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4869] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4874] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4879] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4884] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4889] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4894] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4899] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4904] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4909] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4914] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4919] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4924] OBJ_sect571r1 */ -0x67,0x2B,0x01,0x04,0x01, /* [4929] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x01,0x04,0x03, /* [4934] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x01,0x04,0x04, /* [4939] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x01,0x04,0x05, /* [4944] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x01,0x04,0x06, /* [4949] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x01,0x04,0x07, /* [4954] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x01,0x04,0x08, /* [4959] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x01,0x04,0x09, /* [4964] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x01,0x04,0x0A, /* [4969] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x01,0x04,0x0B, /* [4974] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x01,0x04,0x0C, /* [4979] OBJ_wap_wsg_idm_ecid_wtls12 */ -0x55,0x1D,0x20,0x00, /* [4984] OBJ_any_policy */ -0x55,0x1D,0x21, /* [4988] OBJ_policy_mappings */ -0x55,0x1D,0x36, /* [4991] OBJ_inhibit_any_policy */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [4994] OBJ_camellia_128_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5005] OBJ_camellia_192_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5016] OBJ_camellia_256_cbc */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5027] OBJ_camellia_128_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5035] OBJ_camellia_192_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5043] OBJ_camellia_256_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5051] OBJ_camellia_128_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5059] OBJ_camellia_192_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5067] OBJ_camellia_256_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5075] OBJ_camellia_128_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5083] OBJ_camellia_192_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5091] OBJ_camellia_256_ofb128 */ -0x55,0x1D,0x09, /* [5099] OBJ_subject_directory_attributes */ -0x55,0x1D,0x1C, /* [5102] OBJ_issuing_distribution_point */ -0x55,0x1D,0x1D, /* [5105] OBJ_certificate_issuer */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5108] OBJ_kisa */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5114] OBJ_seed_ecb */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5122] OBJ_seed_cbc */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5130] OBJ_seed_ofb128 */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5138] OBJ_seed_cfb128 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5146] OBJ_hmac_md5 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5154] OBJ_hmac_sha1 */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5162] OBJ_id_PasswordBasedMAC */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5171] OBJ_id_DHBasedMac */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5180] OBJ_id_it_suppLangTags */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5188] OBJ_caRepository */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5196] OBJ_id_smime_ct_compressedData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5207] OBJ_id_ct_asciiTextWithCRLF */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5218] OBJ_id_aes128_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5227] OBJ_id_aes192_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5236] OBJ_id_aes256_wrap */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5245] OBJ_ecdsa_with_Recommended */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5252] OBJ_ecdsa_with_Specified */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5259] OBJ_ecdsa_with_SHA224 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5267] OBJ_ecdsa_with_SHA256 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5275] OBJ_ecdsa_with_SHA384 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5283] OBJ_ecdsa_with_SHA512 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5291] OBJ_hmacWithMD5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5299] OBJ_hmacWithSHA224 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5307] OBJ_hmacWithSHA256 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5315] OBJ_hmacWithSHA384 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5323] OBJ_hmacWithSHA512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5331] OBJ_dsa_with_SHA224 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5340] OBJ_dsa_with_SHA256 */ -0x28,0xCF,0x06,0x03,0x00,0x37, /* [5349] OBJ_whirlpool */ -0x2A,0x85,0x03,0x02,0x02, /* [5355] OBJ_cryptopro */ -0x2A,0x85,0x03,0x02,0x09, /* [5360] OBJ_cryptocom */ -0x2A,0x85,0x03,0x02,0x02,0x03, /* [5365] OBJ_id_GostR3411_94_with_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x04, /* [5371] OBJ_id_GostR3411_94_with_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x09, /* [5377] OBJ_id_GostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5383] OBJ_id_HMACGostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x13, /* [5389] OBJ_id_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x14, /* [5395] OBJ_id_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x15, /* [5401] OBJ_id_Gost28147_89 */ -0x2A,0x85,0x03,0x02,0x02,0x16, /* [5407] OBJ_id_Gost28147_89_MAC */ -0x2A,0x85,0x03,0x02,0x02,0x17, /* [5413] OBJ_id_GostR3411_94_prf */ -0x2A,0x85,0x03,0x02,0x02,0x62, /* [5419] OBJ_id_GostR3410_2001DH */ -0x2A,0x85,0x03,0x02,0x02,0x63, /* [5425] OBJ_id_GostR3410_94DH */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5431] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5438] OBJ_id_Gost28147_89_None_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5445] OBJ_id_GostR3411_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5452] OBJ_id_GostR3411_94_CryptoProParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5459] OBJ_id_Gost28147_89_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5466] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5473] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5480] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5487] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5494] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5501] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5508] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5515] OBJ_id_GostR3410_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5522] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5529] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5536] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5543] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5550] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5557] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5564] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5571] OBJ_id_GostR3410_2001_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5578] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5585] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5592] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5599] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5606] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5613] OBJ_id_GostR3410_94_a */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5620] OBJ_id_GostR3410_94_aBis */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5627] OBJ_id_GostR3410_94_b */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5634] OBJ_id_GostR3410_94_bBis */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5641] OBJ_id_Gost28147_89_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5649] OBJ_id_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5657] OBJ_id_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5665] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5673] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5681] OBJ_id_GostR3410_2001_ParamSet_cc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5689] OBJ_LocalKeySet */ -0x55,0x1D,0x2E, /* [5698] OBJ_freshest_crl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5701] OBJ_id_on_permanentIdentifier */ -0x55,0x04,0x0E, /* [5709] OBJ_searchGuide */ -0x55,0x04,0x0F, /* [5712] OBJ_businessCategory */ -0x55,0x04,0x10, /* [5715] OBJ_postalAddress */ -0x55,0x04,0x12, /* [5718] OBJ_postOfficeBox */ -0x55,0x04,0x13, /* [5721] OBJ_physicalDeliveryOfficeName */ -0x55,0x04,0x14, /* [5724] OBJ_telephoneNumber */ -0x55,0x04,0x15, /* [5727] OBJ_telexNumber */ -0x55,0x04,0x16, /* [5730] OBJ_teletexTerminalIdentifier */ -0x55,0x04,0x17, /* [5733] OBJ_facsimileTelephoneNumber */ -0x55,0x04,0x18, /* [5736] OBJ_x121Address */ -0x55,0x04,0x19, /* [5739] OBJ_internationaliSDNNumber */ -0x55,0x04,0x1A, /* [5742] OBJ_registeredAddress */ -0x55,0x04,0x1B, /* [5745] OBJ_destinationIndicator */ -0x55,0x04,0x1C, /* [5748] OBJ_preferredDeliveryMethod */ -0x55,0x04,0x1D, /* [5751] OBJ_presentationAddress */ -0x55,0x04,0x1E, /* [5754] OBJ_supportedApplicationContext */ -0x55,0x04,0x1F, /* [5757] OBJ_member */ -0x55,0x04,0x20, /* [5760] OBJ_owner */ -0x55,0x04,0x21, /* [5763] OBJ_roleOccupant */ -0x55,0x04,0x22, /* [5766] OBJ_seeAlso */ -0x55,0x04,0x23, /* [5769] OBJ_userPassword */ -0x55,0x04,0x24, /* [5772] OBJ_userCertificate */ -0x55,0x04,0x25, /* [5775] OBJ_cACertificate */ -0x55,0x04,0x26, /* [5778] OBJ_authorityRevocationList */ -0x55,0x04,0x27, /* [5781] OBJ_certificateRevocationList */ -0x55,0x04,0x28, /* [5784] OBJ_crossCertificatePair */ -0x55,0x04,0x2F, /* [5787] OBJ_enhancedSearchGuide */ -0x55,0x04,0x30, /* [5790] OBJ_protocolInformation */ -0x55,0x04,0x31, /* [5793] OBJ_distinguishedName */ -0x55,0x04,0x32, /* [5796] OBJ_uniqueMember */ -0x55,0x04,0x33, /* [5799] OBJ_houseIdentifier */ -0x55,0x04,0x34, /* [5802] OBJ_supportedAlgorithms */ -0x55,0x04,0x35, /* [5805] OBJ_deltaRevocationList */ -0x55,0x04,0x36, /* [5808] OBJ_dmdName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5811] OBJ_id_alg_PWRI_KEK */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5822] OBJ_aes_128_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5831] OBJ_aes_128_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5840] OBJ_id_aes128_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5849] OBJ_aes_192_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5858] OBJ_aes_192_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5867] OBJ_id_aes192_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5876] OBJ_aes_256_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5885] OBJ_aes_256_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5894] OBJ_id_aes256_wrap_pad */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5903] OBJ_id_camellia128_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5914] OBJ_id_camellia192_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5925] OBJ_id_camellia256_wrap */ -0x55,0x1D,0x25,0x00, /* [5936] OBJ_anyExtendedKeyUsage */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5940] OBJ_mgf1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5949] OBJ_rsassaPss */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5958] OBJ_rsaesOaep */ -0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5967] OBJ_dhpublicnumber */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5974] OBJ_brainpoolP160r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5983] OBJ_brainpoolP160t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5992] OBJ_brainpoolP192r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6001] OBJ_brainpoolP192t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6010] OBJ_brainpoolP224r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6019] OBJ_brainpoolP224t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6028] OBJ_brainpoolP256r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6037] OBJ_brainpoolP256t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6046] OBJ_brainpoolP320r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6055] OBJ_brainpoolP320t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6064] OBJ_brainpoolP384r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6073] OBJ_brainpoolP384t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6082] OBJ_brainpoolP512r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6091] OBJ_brainpoolP512t1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6100] OBJ_pSpecified */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6109] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6118] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6124] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6130] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6136] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6142] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6151] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6157] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6163] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6169] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ +static const uint8_t kObjectData[] = { + /* NID_rsadsi */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + /* NID_pkcs */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + /* NID_md2 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02, + /* NID_md5 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, + /* NID_rc4 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x04, + /* NID_rsaEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + /* NID_md2WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, + /* NID_md5WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, + /* NID_pbeWithMD2AndDES_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x01, + /* NID_pbeWithMD5AndDES_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x03, + /* NID_X500 */ + 0x55, + /* NID_X509 */ + 0x55, 0x04, + /* NID_commonName */ + 0x55, 0x04, 0x03, + /* NID_countryName */ + 0x55, 0x04, 0x06, + /* NID_localityName */ + 0x55, 0x04, 0x07, + /* NID_stateOrProvinceName */ + 0x55, 0x04, 0x08, + /* NID_organizationName */ + 0x55, 0x04, 0x0a, + /* NID_organizationalUnitName */ + 0x55, 0x04, 0x0b, + /* NID_rsa */ + 0x55, 0x08, 0x01, 0x01, + /* NID_pkcs7 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + /* NID_pkcs7_data */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + /* NID_pkcs7_signed */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, + /* NID_pkcs7_enveloped */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x03, + /* NID_pkcs7_signedAndEnveloped */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x04, + /* NID_pkcs7_digest */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x05, + /* NID_pkcs7_encrypted */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06, + /* NID_pkcs3 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, + /* NID_dhKeyAgreement */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, + /* NID_des_ecb */ + 0x2b, 0x0e, 0x03, 0x02, 0x06, + /* NID_des_cfb64 */ + 0x2b, 0x0e, 0x03, 0x02, 0x09, + /* NID_des_cbc */ + 0x2b, 0x0e, 0x03, 0x02, 0x07, + /* NID_des_ede_ecb */ + 0x2b, 0x0e, 0x03, 0x02, 0x11, + /* NID_idea_cbc */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x3c, 0x07, 0x01, 0x01, 0x02, + /* NID_rc2_cbc */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x02, + /* NID_sha */ + 0x2b, 0x0e, 0x03, 0x02, 0x12, + /* NID_shaWithRSAEncryption */ + 0x2b, 0x0e, 0x03, 0x02, 0x0f, + /* NID_des_ede3_cbc */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, + /* NID_des_ofb64 */ + 0x2b, 0x0e, 0x03, 0x02, 0x08, + /* NID_pkcs9 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + /* NID_pkcs9_emailAddress */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, + /* NID_pkcs9_unstructuredName */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x02, + /* NID_pkcs9_contentType */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x03, + /* NID_pkcs9_messageDigest */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, + /* NID_pkcs9_signingTime */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05, + /* NID_pkcs9_countersignature */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x06, + /* NID_pkcs9_challengePassword */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x07, + /* NID_pkcs9_unstructuredAddress */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x08, + /* NID_pkcs9_extCertAttributes */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x09, + /* NID_netscape */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, + /* NID_netscape_cert_extension */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, + /* NID_netscape_data_type */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, + /* NID_sha1 */ + 0x2b, 0x0e, 0x03, 0x02, 0x1a, + /* NID_sha1WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + /* NID_dsaWithSHA */ + 0x2b, 0x0e, 0x03, 0x02, 0x0d, + /* NID_dsa_2 */ + 0x2b, 0x0e, 0x03, 0x02, 0x0c, + /* NID_pbeWithSHA1AndRC2_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0b, + /* NID_id_pbkdf2 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c, + /* NID_dsaWithSHA1_2 */ + 0x2b, 0x0e, 0x03, 0x02, 0x1b, + /* NID_netscape_cert_type */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, + /* NID_netscape_base_url */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x02, + /* NID_netscape_revocation_url */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x03, + /* NID_netscape_ca_revocation_url */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x04, + /* NID_netscape_renewal_url */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x07, + /* NID_netscape_ca_policy_url */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, + /* NID_netscape_ssl_server_name */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0c, + /* NID_netscape_comment */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d, + /* NID_netscape_cert_sequence */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, 0x05, + /* NID_id_ce */ + 0x55, 0x1d, + /* NID_subject_key_identifier */ + 0x55, 0x1d, 0x0e, + /* NID_key_usage */ + 0x55, 0x1d, 0x0f, + /* NID_private_key_usage_period */ + 0x55, 0x1d, 0x10, + /* NID_subject_alt_name */ + 0x55, 0x1d, 0x11, + /* NID_issuer_alt_name */ + 0x55, 0x1d, 0x12, + /* NID_basic_constraints */ + 0x55, 0x1d, 0x13, + /* NID_crl_number */ + 0x55, 0x1d, 0x14, + /* NID_certificate_policies */ + 0x55, 0x1d, 0x20, + /* NID_authority_key_identifier */ + 0x55, 0x1d, 0x23, + /* NID_bf_cbc */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x02, + /* NID_mdc2 */ + 0x55, 0x08, 0x03, 0x65, + /* NID_mdc2WithRSA */ + 0x55, 0x08, 0x03, 0x64, + /* NID_givenName */ + 0x55, 0x04, 0x2a, + /* NID_surname */ + 0x55, 0x04, 0x04, + /* NID_initials */ + 0x55, 0x04, 0x2b, + /* NID_crl_distribution_points */ + 0x55, 0x1d, 0x1f, + /* NID_md5WithRSA */ + 0x2b, 0x0e, 0x03, 0x02, 0x03, + /* NID_serialNumber */ + 0x55, 0x04, 0x05, + /* NID_title */ + 0x55, 0x04, 0x0c, + /* NID_description */ + 0x55, 0x04, 0x0d, + /* NID_cast5_cbc */ + 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x0a, + /* NID_pbeWithMD5AndCast5_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x0c, + /* NID_dsaWithSHA1 */ + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03, + /* NID_sha1WithRSA */ + 0x2b, 0x0e, 0x03, 0x02, 0x1d, + /* NID_dsa */ + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x01, + /* NID_ripemd160 */ + 0x2b, 0x24, 0x03, 0x02, 0x01, + /* NID_ripemd160WithRSA */ + 0x2b, 0x24, 0x03, 0x03, 0x01, 0x02, + /* NID_rc5_cbc */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x08, + /* NID_zlib_compression */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x08, + /* NID_ext_key_usage */ + 0x55, 0x1d, 0x25, + /* NID_id_pkix */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + /* NID_id_kp */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, + /* NID_server_auth */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + /* NID_client_auth */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + /* NID_code_sign */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, + /* NID_email_protect */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, + /* NID_time_stamp */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, + /* NID_ms_code_ind */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15, + /* NID_ms_code_com */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16, + /* NID_ms_ctl_sign */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x01, + /* NID_ms_sgc */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x03, + /* NID_ms_efs */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x04, + /* NID_ns_sgc */ + 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01, + /* NID_delta_crl */ + 0x55, 0x1d, 0x1b, + /* NID_crl_reason */ + 0x55, 0x1d, 0x15, + /* NID_invalidity_date */ + 0x55, 0x1d, 0x18, + /* NID_sxnet */ + 0x2b, 0x65, 0x01, 0x04, 0x01, + /* NID_pbe_WithSHA1And128BitRC4 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01, + /* NID_pbe_WithSHA1And40BitRC4 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x02, + /* NID_pbe_WithSHA1And3_Key_TripleDES_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, + /* NID_pbe_WithSHA1And2_Key_TripleDES_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x04, + /* NID_pbe_WithSHA1And128BitRC2_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x05, + /* NID_pbe_WithSHA1And40BitRC2_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, + /* NID_keyBag */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x01, + /* NID_pkcs8ShroudedKeyBag */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, + /* NID_certBag */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x03, + /* NID_crlBag */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x04, + /* NID_secretBag */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x05, + /* NID_safeContentsBag */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x06, + /* NID_friendlyName */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14, + /* NID_localKeyID */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, + /* NID_x509Certificate */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x16, 0x01, + /* NID_sdsiCertificate */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x16, 0x02, + /* NID_x509Crl */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x17, 0x01, + /* NID_pbes2 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0d, + /* NID_pbmac1 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0e, + /* NID_hmacWithSHA1 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x07, + /* NID_id_qt_cps */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, + /* NID_id_qt_unotice */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, + /* NID_SMIMECapabilities */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0f, + /* NID_pbeWithMD2AndRC2_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x04, + /* NID_pbeWithMD5AndRC2_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x06, + /* NID_pbeWithSHA1AndDES_CBC */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0a, + /* NID_ms_ext_req */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0e, + /* NID_ext_req */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0e, + /* NID_name */ + 0x55, 0x04, 0x29, + /* NID_dnQualifier */ + 0x55, 0x04, 0x2e, + /* NID_id_pe */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, + /* NID_id_ad */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + /* NID_info_access */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, + /* NID_ad_OCSP */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, + /* NID_ad_ca_issuers */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, + /* NID_OCSP_sign */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, + /* NID_member_body */ + 0x2a, + /* NID_ISO_US */ + 0x2a, 0x86, 0x48, + /* NID_X9_57 */ + 0x2a, 0x86, 0x48, 0xce, 0x38, + /* NID_X9cm */ + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, + /* NID_pkcs1 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + /* NID_pkcs5 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, + /* NID_SMIME */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, + /* NID_id_smime_mod */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, + /* NID_id_smime_ct */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, + /* NID_id_smime_aa */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, + /* NID_id_smime_alg */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, + /* NID_id_smime_cd */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x04, + /* NID_id_smime_spq */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x05, + /* NID_id_smime_cti */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, + /* NID_id_smime_mod_cms */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x01, + /* NID_id_smime_mod_ess */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x02, + /* NID_id_smime_mod_oid */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x03, + /* NID_id_smime_mod_msg_v3 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x04, + /* NID_id_smime_mod_ets_eSignature_88 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x05, + /* NID_id_smime_mod_ets_eSignature_97 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x06, + /* NID_id_smime_mod_ets_eSigPolicy_88 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x07, + /* NID_id_smime_mod_ets_eSigPolicy_97 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x00, 0x08, + /* NID_id_smime_ct_receipt */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x01, + /* NID_id_smime_ct_authData */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x02, + /* NID_id_smime_ct_publishCert */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x03, + /* NID_id_smime_ct_TSTInfo */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x04, + /* NID_id_smime_ct_TDTInfo */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x05, + /* NID_id_smime_ct_contentInfo */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x06, + /* NID_id_smime_ct_DVCSRequestData */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x07, + /* NID_id_smime_ct_DVCSResponseData */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x08, + /* NID_id_smime_aa_receiptRequest */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x01, + /* NID_id_smime_aa_securityLabel */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x02, + /* NID_id_smime_aa_mlExpandHistory */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x03, + /* NID_id_smime_aa_contentHint */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x04, + /* NID_id_smime_aa_msgSigDigest */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x05, + /* NID_id_smime_aa_encapContentType */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x06, + /* NID_id_smime_aa_contentIdentifier */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x07, + /* NID_id_smime_aa_macValue */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x08, + /* NID_id_smime_aa_equivalentLabels */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x09, + /* NID_id_smime_aa_contentReference */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0a, + /* NID_id_smime_aa_encrypKeyPref */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0b, + /* NID_id_smime_aa_signingCertificate */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0c, + /* NID_id_smime_aa_smimeEncryptCerts */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0d, + /* NID_id_smime_aa_timeStampToken */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0e, + /* NID_id_smime_aa_ets_sigPolicyId */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0f, + /* NID_id_smime_aa_ets_commitmentType */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x10, + /* NID_id_smime_aa_ets_signerLocation */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x11, + /* NID_id_smime_aa_ets_signerAttr */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x12, + /* NID_id_smime_aa_ets_otherSigCert */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x13, + /* NID_id_smime_aa_ets_contentTimestamp */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x14, + /* NID_id_smime_aa_ets_CertificateRefs */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x15, + /* NID_id_smime_aa_ets_RevocationRefs */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x16, + /* NID_id_smime_aa_ets_certValues */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x17, + /* NID_id_smime_aa_ets_revocationValues */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x18, + /* NID_id_smime_aa_ets_escTimeStamp */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x19, + /* NID_id_smime_aa_ets_certCRLTimestamp */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1a, + /* NID_id_smime_aa_ets_archiveTimeStamp */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1b, + /* NID_id_smime_aa_signatureType */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1c, + /* NID_id_smime_aa_dvcs_dvc */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x1d, + /* NID_id_smime_alg_ESDHwith3DES */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x01, + /* NID_id_smime_alg_ESDHwithRC2 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x02, + /* NID_id_smime_alg_3DESwrap */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x03, + /* NID_id_smime_alg_RC2wrap */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x04, + /* NID_id_smime_alg_ESDH */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x05, + /* NID_id_smime_alg_CMS3DESwrap */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x06, + /* NID_id_smime_alg_CMSRC2wrap */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x07, + /* NID_id_smime_cd_ldap */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x04, 0x01, + /* NID_id_smime_spq_ets_sqt_uri */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x05, 0x01, + /* NID_id_smime_spq_ets_sqt_unotice */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x05, 0x02, + /* NID_id_smime_cti_ets_proofOfOrigin */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x01, + /* NID_id_smime_cti_ets_proofOfReceipt */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x02, + /* NID_id_smime_cti_ets_proofOfDelivery */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x03, + /* NID_id_smime_cti_ets_proofOfSender */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x04, + /* NID_id_smime_cti_ets_proofOfApproval */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x05, + /* NID_id_smime_cti_ets_proofOfCreation */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x06, 0x06, + /* NID_md4 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04, + /* NID_id_pkix_mod */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, + /* NID_id_qt */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, + /* NID_id_it */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, + /* NID_id_pkip */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, + /* NID_id_alg */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, + /* NID_id_cmc */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, + /* NID_id_on */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x08, + /* NID_id_pda */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, + /* NID_id_aca */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, + /* NID_id_qcs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0b, + /* NID_id_cct */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c, + /* NID_id_pkix1_explicit_88 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x01, + /* NID_id_pkix1_implicit_88 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x02, + /* NID_id_pkix1_explicit_93 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x03, + /* NID_id_pkix1_implicit_93 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x04, + /* NID_id_mod_crmf */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x05, + /* NID_id_mod_cmc */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x06, + /* NID_id_mod_kea_profile_88 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x07, + /* NID_id_mod_kea_profile_93 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x08, + /* NID_id_mod_cmp */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x09, + /* NID_id_mod_qualified_cert_88 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0a, + /* NID_id_mod_qualified_cert_93 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0b, + /* NID_id_mod_attribute_cert */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0c, + /* NID_id_mod_timestamp_protocol */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0d, + /* NID_id_mod_ocsp */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0e, + /* NID_id_mod_dvcs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x0f, + /* NID_id_mod_cmp2000 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x00, 0x10, + /* NID_biometricInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x02, + /* NID_qcStatements */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x03, + /* NID_ac_auditEntity */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x04, + /* NID_ac_targeting */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x05, + /* NID_aaControls */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x06, + /* NID_sbgp_ipAddrBlock */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x07, + /* NID_sbgp_autonomousSysNum */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x08, + /* NID_sbgp_routerIdentifier */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x09, + /* NID_textNotice */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x03, + /* NID_ipsecEndSystem */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05, + /* NID_ipsecTunnel */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06, + /* NID_ipsecUser */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07, + /* NID_dvcs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x0a, + /* NID_id_it_caProtEncCert */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x01, + /* NID_id_it_signKeyPairTypes */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x02, + /* NID_id_it_encKeyPairTypes */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x03, + /* NID_id_it_preferredSymmAlg */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x04, + /* NID_id_it_caKeyUpdateInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x05, + /* NID_id_it_currentCRL */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x06, + /* NID_id_it_unsupportedOIDs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x07, + /* NID_id_it_subscriptionRequest */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x08, + /* NID_id_it_subscriptionResponse */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x09, + /* NID_id_it_keyPairParamReq */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0a, + /* NID_id_it_keyPairParamRep */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0b, + /* NID_id_it_revPassphrase */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0c, + /* NID_id_it_implicitConfirm */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0d, + /* NID_id_it_confirmWaitTime */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0e, + /* NID_id_it_origPKIMessage */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x0f, + /* NID_id_regCtrl */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, + /* NID_id_regInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x02, + /* NID_id_regCtrl_regToken */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x01, + /* NID_id_regCtrl_authenticator */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x02, + /* NID_id_regCtrl_pkiPublicationInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x03, + /* NID_id_regCtrl_pkiArchiveOptions */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x04, + /* NID_id_regCtrl_oldCertID */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x05, + /* NID_id_regCtrl_protocolEncrKey */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x01, 0x06, + /* NID_id_regInfo_utf8Pairs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x02, 0x01, + /* NID_id_regInfo_certReq */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x05, 0x02, 0x02, + /* NID_id_alg_des40 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x01, + /* NID_id_alg_noSignature */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x02, + /* NID_id_alg_dh_sig_hmac_sha1 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x03, + /* NID_id_alg_dh_pop */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x04, + /* NID_id_cmc_statusInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x01, + /* NID_id_cmc_identification */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x02, + /* NID_id_cmc_identityProof */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x03, + /* NID_id_cmc_dataReturn */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x04, + /* NID_id_cmc_transactionId */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x05, + /* NID_id_cmc_senderNonce */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x06, + /* NID_id_cmc_recipientNonce */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x07, + /* NID_id_cmc_addExtensions */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x08, + /* NID_id_cmc_encryptedPOP */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x09, + /* NID_id_cmc_decryptedPOP */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x0a, + /* NID_id_cmc_lraPOPWitness */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x0b, + /* NID_id_cmc_getCert */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x0f, + /* NID_id_cmc_getCRL */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x10, + /* NID_id_cmc_revokeRequest */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x11, + /* NID_id_cmc_regInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x12, + /* NID_id_cmc_responseInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x13, + /* NID_id_cmc_queryPending */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x15, + /* NID_id_cmc_popLinkRandom */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x16, + /* NID_id_cmc_popLinkWitness */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x17, + /* NID_id_cmc_confirmCertAcceptance */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x07, 0x18, + /* NID_id_on_personalData */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x08, 0x01, + /* NID_id_pda_dateOfBirth */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x01, + /* NID_id_pda_placeOfBirth */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x02, + /* NID_id_pda_gender */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x03, + /* NID_id_pda_countryOfCitizenship */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x04, + /* NID_id_pda_countryOfResidence */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x09, 0x05, + /* NID_id_aca_authenticationInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x01, + /* NID_id_aca_accessIdentity */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x02, + /* NID_id_aca_chargingIdentity */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x03, + /* NID_id_aca_group */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x04, + /* NID_id_aca_role */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x05, + /* NID_id_qcs_pkixQCSyntax_v1 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0b, 0x01, + /* NID_id_cct_crs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c, 0x01, + /* NID_id_cct_PKIData */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c, 0x02, + /* NID_id_cct_PKIResponse */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0c, 0x03, + /* NID_ad_timeStamping */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x03, + /* NID_ad_dvcs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x04, + /* NID_id_pkix_OCSP_basic */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, + /* NID_id_pkix_OCSP_Nonce */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, + /* NID_id_pkix_OCSP_CrlID */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x03, + /* NID_id_pkix_OCSP_acceptableResponses */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04, + /* NID_id_pkix_OCSP_noCheck */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x05, + /* NID_id_pkix_OCSP_archiveCutoff */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x06, + /* NID_id_pkix_OCSP_serviceLocator */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x07, + /* NID_id_pkix_OCSP_extendedStatus */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x08, + /* NID_id_pkix_OCSP_valid */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x09, + /* NID_id_pkix_OCSP_path */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x0a, + /* NID_id_pkix_OCSP_trustRoot */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x0b, + /* NID_algorithm */ + 0x2b, 0x0e, 0x03, 0x02, + /* NID_rsaSignature */ + 0x2b, 0x0e, 0x03, 0x02, 0x0b, + /* NID_X500algorithms */ + 0x55, 0x08, + /* NID_org */ + 0x2b, + /* NID_dod */ + 0x2b, 0x06, + /* NID_iana */ + 0x2b, 0x06, 0x01, + /* NID_Directory */ + 0x2b, 0x06, 0x01, 0x01, + /* NID_Management */ + 0x2b, 0x06, 0x01, 0x02, + /* NID_Experimental */ + 0x2b, 0x06, 0x01, 0x03, + /* NID_Private */ + 0x2b, 0x06, 0x01, 0x04, + /* NID_Security */ + 0x2b, 0x06, 0x01, 0x05, + /* NID_SNMPv2 */ + 0x2b, 0x06, 0x01, 0x06, + /* NID_Mail */ + 0x2b, 0x06, 0x01, 0x07, + /* NID_Enterprises */ + 0x2b, 0x06, 0x01, 0x04, 0x01, + /* NID_dcObject */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x8b, 0x3a, 0x82, 0x58, + /* NID_domainComponent */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, + /* NID_Domain */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x0d, + /* NID_selected_attribute_types */ + 0x55, 0x01, 0x05, + /* NID_clearance */ + 0x55, 0x01, 0x05, 0x37, + /* NID_md4WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x03, + /* NID_ac_proxying */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0a, + /* NID_sinfo_access */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0b, + /* NID_id_aca_encAttrs */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a, 0x06, + /* NID_role */ + 0x55, 0x04, 0x48, + /* NID_policy_constraints */ + 0x55, 0x1d, 0x24, + /* NID_target_information */ + 0x55, 0x1d, 0x37, + /* NID_no_rev_avail */ + 0x55, 0x1d, 0x38, + /* NID_ansi_X9_62 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, + /* NID_X9_62_prime_field */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, + /* NID_X9_62_characteristic_two_field */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, + /* NID_X9_62_id_ecPublicKey */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, + /* NID_X9_62_prime192v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x01, + /* NID_X9_62_prime192v2 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x02, + /* NID_X9_62_prime192v3 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x03, + /* NID_X9_62_prime239v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x04, + /* NID_X9_62_prime239v2 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x05, + /* NID_X9_62_prime239v3 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x06, + /* NID_X9_62_prime256v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + /* NID_ecdsa_with_SHA1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01, + /* NID_ms_csp_name */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x11, 0x01, + /* NID_aes_128_ecb */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x01, + /* NID_aes_128_cbc */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x02, + /* NID_aes_128_ofb128 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x03, + /* NID_aes_128_cfb128 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x04, + /* NID_aes_192_ecb */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x15, + /* NID_aes_192_cbc */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x16, + /* NID_aes_192_ofb128 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x17, + /* NID_aes_192_cfb128 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x18, + /* NID_aes_256_ecb */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x29, + /* NID_aes_256_cbc */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2a, + /* NID_aes_256_ofb128 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2b, + /* NID_aes_256_cfb128 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2c, + /* NID_hold_instruction_code */ + 0x55, 0x1d, 0x17, + /* NID_hold_instruction_none */ + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x02, 0x01, + /* NID_hold_instruction_call_issuer */ + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x02, 0x02, + /* NID_hold_instruction_reject */ + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x02, 0x03, + /* NID_data */ + 0x09, + /* NID_pss */ + 0x09, 0x92, 0x26, + /* NID_ucl */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, + /* NID_pilot */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, + /* NID_pilotAttributeType */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, + /* NID_pilotAttributeSyntax */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x03, + /* NID_pilotObjectClass */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, + /* NID_pilotGroups */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x0a, + /* NID_iA5StringSyntax */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x03, 0x04, + /* NID_caseIgnoreIA5StringSyntax */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x03, 0x05, + /* NID_pilotObject */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x03, + /* NID_pilotPerson */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x04, + /* NID_account */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x05, + /* NID_document */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x06, + /* NID_room */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x07, + /* NID_documentSeries */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x09, + /* NID_rFC822localPart */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x0e, + /* NID_dNSDomain */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x0f, + /* NID_domainRelatedObject */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x11, + /* NID_friendlyCountry */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x12, + /* NID_simpleSecurityObject */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x13, + /* NID_pilotOrganization */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x14, + /* NID_pilotDSA */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x15, + /* NID_qualityLabelledData */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04, 0x16, + /* NID_userId */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x01, + /* NID_textEncodedORAddress */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x02, + /* NID_rfc822Mailbox */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x03, + /* NID_info */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x04, + /* NID_favouriteDrink */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x05, + /* NID_roomNumber */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x06, + /* NID_photo */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x07, + /* NID_userClass */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x08, + /* NID_host */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x09, + /* NID_manager */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0a, + /* NID_documentIdentifier */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0b, + /* NID_documentTitle */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0c, + /* NID_documentVersion */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0d, + /* NID_documentAuthor */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0e, + /* NID_documentLocation */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x0f, + /* NID_homeTelephoneNumber */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x14, + /* NID_secretary */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x15, + /* NID_otherMailbox */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x16, + /* NID_lastModifiedTime */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x17, + /* NID_lastModifiedBy */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x18, + /* NID_aRecord */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1a, + /* NID_pilotAttributeType27 */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1b, + /* NID_mXRecord */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1c, + /* NID_nSRecord */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1d, + /* NID_sOARecord */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1e, + /* NID_cNAMERecord */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x1f, + /* NID_associatedDomain */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x25, + /* NID_associatedName */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x26, + /* NID_homePostalAddress */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x27, + /* NID_personalTitle */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x28, + /* NID_mobileTelephoneNumber */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x29, + /* NID_pagerTelephoneNumber */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2a, + /* NID_friendlyCountryName */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2b, + /* NID_organizationalStatus */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2d, + /* NID_janetMailbox */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2e, + /* NID_mailPreferenceOption */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x2f, + /* NID_buildingName */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x30, + /* NID_dSAQuality */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x31, + /* NID_singleLevelQuality */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x32, + /* NID_subtreeMinimumQuality */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x33, + /* NID_subtreeMaximumQuality */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x34, + /* NID_personalSignature */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x35, + /* NID_dITRedirect */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x36, + /* NID_audio */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x37, + /* NID_documentPublisher */ + 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x38, + /* NID_x500UniqueIdentifier */ + 0x55, 0x04, 0x2d, + /* NID_mime_mhs */ + 0x2b, 0x06, 0x01, 0x07, 0x01, + /* NID_mime_mhs_headings */ + 0x2b, 0x06, 0x01, 0x07, 0x01, 0x01, + /* NID_mime_mhs_bodies */ + 0x2b, 0x06, 0x01, 0x07, 0x01, 0x02, + /* NID_id_hex_partial_message */ + 0x2b, 0x06, 0x01, 0x07, 0x01, 0x01, 0x01, + /* NID_id_hex_multipart_message */ + 0x2b, 0x06, 0x01, 0x07, 0x01, 0x01, 0x02, + /* NID_generationQualifier */ + 0x55, 0x04, 0x2c, + /* NID_pseudonym */ + 0x55, 0x04, 0x41, + /* NID_id_set */ + 0x67, 0x2a, + /* NID_set_ctype */ + 0x67, 0x2a, 0x00, + /* NID_set_msgExt */ + 0x67, 0x2a, 0x01, + /* NID_set_attr */ + 0x67, 0x2a, 0x03, + /* NID_set_policy */ + 0x67, 0x2a, 0x05, + /* NID_set_certExt */ + 0x67, 0x2a, 0x07, + /* NID_set_brand */ + 0x67, 0x2a, 0x08, + /* NID_setct_PANData */ + 0x67, 0x2a, 0x00, 0x00, + /* NID_setct_PANToken */ + 0x67, 0x2a, 0x00, 0x01, + /* NID_setct_PANOnly */ + 0x67, 0x2a, 0x00, 0x02, + /* NID_setct_OIData */ + 0x67, 0x2a, 0x00, 0x03, + /* NID_setct_PI */ + 0x67, 0x2a, 0x00, 0x04, + /* NID_setct_PIData */ + 0x67, 0x2a, 0x00, 0x05, + /* NID_setct_PIDataUnsigned */ + 0x67, 0x2a, 0x00, 0x06, + /* NID_setct_HODInput */ + 0x67, 0x2a, 0x00, 0x07, + /* NID_setct_AuthResBaggage */ + 0x67, 0x2a, 0x00, 0x08, + /* NID_setct_AuthRevReqBaggage */ + 0x67, 0x2a, 0x00, 0x09, + /* NID_setct_AuthRevResBaggage */ + 0x67, 0x2a, 0x00, 0x0a, + /* NID_setct_CapTokenSeq */ + 0x67, 0x2a, 0x00, 0x0b, + /* NID_setct_PInitResData */ + 0x67, 0x2a, 0x00, 0x0c, + /* NID_setct_PI_TBS */ + 0x67, 0x2a, 0x00, 0x0d, + /* NID_setct_PResData */ + 0x67, 0x2a, 0x00, 0x0e, + /* NID_setct_AuthReqTBS */ + 0x67, 0x2a, 0x00, 0x10, + /* NID_setct_AuthResTBS */ + 0x67, 0x2a, 0x00, 0x11, + /* NID_setct_AuthResTBSX */ + 0x67, 0x2a, 0x00, 0x12, + /* NID_setct_AuthTokenTBS */ + 0x67, 0x2a, 0x00, 0x13, + /* NID_setct_CapTokenData */ + 0x67, 0x2a, 0x00, 0x14, + /* NID_setct_CapTokenTBS */ + 0x67, 0x2a, 0x00, 0x15, + /* NID_setct_AcqCardCodeMsg */ + 0x67, 0x2a, 0x00, 0x16, + /* NID_setct_AuthRevReqTBS */ + 0x67, 0x2a, 0x00, 0x17, + /* NID_setct_AuthRevResData */ + 0x67, 0x2a, 0x00, 0x18, + /* NID_setct_AuthRevResTBS */ + 0x67, 0x2a, 0x00, 0x19, + /* NID_setct_CapReqTBS */ + 0x67, 0x2a, 0x00, 0x1a, + /* NID_setct_CapReqTBSX */ + 0x67, 0x2a, 0x00, 0x1b, + /* NID_setct_CapResData */ + 0x67, 0x2a, 0x00, 0x1c, + /* NID_setct_CapRevReqTBS */ + 0x67, 0x2a, 0x00, 0x1d, + /* NID_setct_CapRevReqTBSX */ + 0x67, 0x2a, 0x00, 0x1e, + /* NID_setct_CapRevResData */ + 0x67, 0x2a, 0x00, 0x1f, + /* NID_setct_CredReqTBS */ + 0x67, 0x2a, 0x00, 0x20, + /* NID_setct_CredReqTBSX */ + 0x67, 0x2a, 0x00, 0x21, + /* NID_setct_CredResData */ + 0x67, 0x2a, 0x00, 0x22, + /* NID_setct_CredRevReqTBS */ + 0x67, 0x2a, 0x00, 0x23, + /* NID_setct_CredRevReqTBSX */ + 0x67, 0x2a, 0x00, 0x24, + /* NID_setct_CredRevResData */ + 0x67, 0x2a, 0x00, 0x25, + /* NID_setct_PCertReqData */ + 0x67, 0x2a, 0x00, 0x26, + /* NID_setct_PCertResTBS */ + 0x67, 0x2a, 0x00, 0x27, + /* NID_setct_BatchAdminReqData */ + 0x67, 0x2a, 0x00, 0x28, + /* NID_setct_BatchAdminResData */ + 0x67, 0x2a, 0x00, 0x29, + /* NID_setct_CardCInitResTBS */ + 0x67, 0x2a, 0x00, 0x2a, + /* NID_setct_MeAqCInitResTBS */ + 0x67, 0x2a, 0x00, 0x2b, + /* NID_setct_RegFormResTBS */ + 0x67, 0x2a, 0x00, 0x2c, + /* NID_setct_CertReqData */ + 0x67, 0x2a, 0x00, 0x2d, + /* NID_setct_CertReqTBS */ + 0x67, 0x2a, 0x00, 0x2e, + /* NID_setct_CertResData */ + 0x67, 0x2a, 0x00, 0x2f, + /* NID_setct_CertInqReqTBS */ + 0x67, 0x2a, 0x00, 0x30, + /* NID_setct_ErrorTBS */ + 0x67, 0x2a, 0x00, 0x31, + /* NID_setct_PIDualSignedTBE */ + 0x67, 0x2a, 0x00, 0x32, + /* NID_setct_PIUnsignedTBE */ + 0x67, 0x2a, 0x00, 0x33, + /* NID_setct_AuthReqTBE */ + 0x67, 0x2a, 0x00, 0x34, + /* NID_setct_AuthResTBE */ + 0x67, 0x2a, 0x00, 0x35, + /* NID_setct_AuthResTBEX */ + 0x67, 0x2a, 0x00, 0x36, + /* NID_setct_AuthTokenTBE */ + 0x67, 0x2a, 0x00, 0x37, + /* NID_setct_CapTokenTBE */ + 0x67, 0x2a, 0x00, 0x38, + /* NID_setct_CapTokenTBEX */ + 0x67, 0x2a, 0x00, 0x39, + /* NID_setct_AcqCardCodeMsgTBE */ + 0x67, 0x2a, 0x00, 0x3a, + /* NID_setct_AuthRevReqTBE */ + 0x67, 0x2a, 0x00, 0x3b, + /* NID_setct_AuthRevResTBE */ + 0x67, 0x2a, 0x00, 0x3c, + /* NID_setct_AuthRevResTBEB */ + 0x67, 0x2a, 0x00, 0x3d, + /* NID_setct_CapReqTBE */ + 0x67, 0x2a, 0x00, 0x3e, + /* NID_setct_CapReqTBEX */ + 0x67, 0x2a, 0x00, 0x3f, + /* NID_setct_CapResTBE */ + 0x67, 0x2a, 0x00, 0x40, + /* NID_setct_CapRevReqTBE */ + 0x67, 0x2a, 0x00, 0x41, + /* NID_setct_CapRevReqTBEX */ + 0x67, 0x2a, 0x00, 0x42, + /* NID_setct_CapRevResTBE */ + 0x67, 0x2a, 0x00, 0x43, + /* NID_setct_CredReqTBE */ + 0x67, 0x2a, 0x00, 0x44, + /* NID_setct_CredReqTBEX */ + 0x67, 0x2a, 0x00, 0x45, + /* NID_setct_CredResTBE */ + 0x67, 0x2a, 0x00, 0x46, + /* NID_setct_CredRevReqTBE */ + 0x67, 0x2a, 0x00, 0x47, + /* NID_setct_CredRevReqTBEX */ + 0x67, 0x2a, 0x00, 0x48, + /* NID_setct_CredRevResTBE */ + 0x67, 0x2a, 0x00, 0x49, + /* NID_setct_BatchAdminReqTBE */ + 0x67, 0x2a, 0x00, 0x4a, + /* NID_setct_BatchAdminResTBE */ + 0x67, 0x2a, 0x00, 0x4b, + /* NID_setct_RegFormReqTBE */ + 0x67, 0x2a, 0x00, 0x4c, + /* NID_setct_CertReqTBE */ + 0x67, 0x2a, 0x00, 0x4d, + /* NID_setct_CertReqTBEX */ + 0x67, 0x2a, 0x00, 0x4e, + /* NID_setct_CertResTBE */ + 0x67, 0x2a, 0x00, 0x4f, + /* NID_setct_CRLNotificationTBS */ + 0x67, 0x2a, 0x00, 0x50, + /* NID_setct_CRLNotificationResTBS */ + 0x67, 0x2a, 0x00, 0x51, + /* NID_setct_BCIDistributionTBS */ + 0x67, 0x2a, 0x00, 0x52, + /* NID_setext_genCrypt */ + 0x67, 0x2a, 0x01, 0x01, + /* NID_setext_miAuth */ + 0x67, 0x2a, 0x01, 0x03, + /* NID_setext_pinSecure */ + 0x67, 0x2a, 0x01, 0x04, + /* NID_setext_pinAny */ + 0x67, 0x2a, 0x01, 0x05, + /* NID_setext_track2 */ + 0x67, 0x2a, 0x01, 0x07, + /* NID_setext_cv */ + 0x67, 0x2a, 0x01, 0x08, + /* NID_set_policy_root */ + 0x67, 0x2a, 0x05, 0x00, + /* NID_setCext_hashedRoot */ + 0x67, 0x2a, 0x07, 0x00, + /* NID_setCext_certType */ + 0x67, 0x2a, 0x07, 0x01, + /* NID_setCext_merchData */ + 0x67, 0x2a, 0x07, 0x02, + /* NID_setCext_cCertRequired */ + 0x67, 0x2a, 0x07, 0x03, + /* NID_setCext_tunneling */ + 0x67, 0x2a, 0x07, 0x04, + /* NID_setCext_setExt */ + 0x67, 0x2a, 0x07, 0x05, + /* NID_setCext_setQualf */ + 0x67, 0x2a, 0x07, 0x06, + /* NID_setCext_PGWYcapabilities */ + 0x67, 0x2a, 0x07, 0x07, + /* NID_setCext_TokenIdentifier */ + 0x67, 0x2a, 0x07, 0x08, + /* NID_setCext_Track2Data */ + 0x67, 0x2a, 0x07, 0x09, + /* NID_setCext_TokenType */ + 0x67, 0x2a, 0x07, 0x0a, + /* NID_setCext_IssuerCapabilities */ + 0x67, 0x2a, 0x07, 0x0b, + /* NID_setAttr_Cert */ + 0x67, 0x2a, 0x03, 0x00, + /* NID_setAttr_PGWYcap */ + 0x67, 0x2a, 0x03, 0x01, + /* NID_setAttr_TokenType */ + 0x67, 0x2a, 0x03, 0x02, + /* NID_setAttr_IssCap */ + 0x67, 0x2a, 0x03, 0x03, + /* NID_set_rootKeyThumb */ + 0x67, 0x2a, 0x03, 0x00, 0x00, + /* NID_set_addPolicy */ + 0x67, 0x2a, 0x03, 0x00, 0x01, + /* NID_setAttr_Token_EMV */ + 0x67, 0x2a, 0x03, 0x02, 0x01, + /* NID_setAttr_Token_B0Prime */ + 0x67, 0x2a, 0x03, 0x02, 0x02, + /* NID_setAttr_IssCap_CVM */ + 0x67, 0x2a, 0x03, 0x03, 0x03, + /* NID_setAttr_IssCap_T2 */ + 0x67, 0x2a, 0x03, 0x03, 0x04, + /* NID_setAttr_IssCap_Sig */ + 0x67, 0x2a, 0x03, 0x03, 0x05, + /* NID_setAttr_GenCryptgrm */ + 0x67, 0x2a, 0x03, 0x03, 0x03, 0x01, + /* NID_setAttr_T2Enc */ + 0x67, 0x2a, 0x03, 0x03, 0x04, 0x01, + /* NID_setAttr_T2cleartxt */ + 0x67, 0x2a, 0x03, 0x03, 0x04, 0x02, + /* NID_setAttr_TokICCsig */ + 0x67, 0x2a, 0x03, 0x03, 0x05, 0x01, + /* NID_setAttr_SecDevSig */ + 0x67, 0x2a, 0x03, 0x03, 0x05, 0x02, + /* NID_set_brand_IATA_ATA */ + 0x67, 0x2a, 0x08, 0x01, + /* NID_set_brand_Diners */ + 0x67, 0x2a, 0x08, 0x1e, + /* NID_set_brand_AmericanExpress */ + 0x67, 0x2a, 0x08, 0x22, + /* NID_set_brand_JCB */ + 0x67, 0x2a, 0x08, 0x23, + /* NID_set_brand_Visa */ + 0x67, 0x2a, 0x08, 0x04, + /* NID_set_brand_MasterCard */ + 0x67, 0x2a, 0x08, 0x05, + /* NID_set_brand_Novus */ + 0x67, 0x2a, 0x08, 0xae, 0x7b, + /* NID_des_cdmf */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x0a, + /* NID_rsaOAEPEncryptionSET */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x06, + /* NID_international_organizations */ + 0x67, + /* NID_ms_smartcard_login */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x02, + /* NID_ms_upn */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03, + /* NID_streetAddress */ + 0x55, 0x04, 0x09, + /* NID_postalCode */ + 0x55, 0x04, 0x11, + /* NID_id_ppl */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15, + /* NID_proxyCertInfo */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0e, + /* NID_id_ppl_anyLanguage */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15, 0x00, + /* NID_id_ppl_inheritAll */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15, 0x01, + /* NID_name_constraints */ + 0x55, 0x1d, 0x1e, + /* NID_Independent */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x15, 0x02, + /* NID_sha256WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + /* NID_sha384WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, + /* NID_sha512WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, + /* NID_sha224WithRSAEncryption */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0e, + /* NID_sha256 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + /* NID_sha384 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, + /* NID_sha512 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + /* NID_sha224 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, + /* NID_identified_organization */ + 0x2b, + /* NID_certicom_arc */ + 0x2b, 0x81, 0x04, + /* NID_wap */ + 0x67, 0x2b, + /* NID_wap_wsg */ + 0x67, 0x2b, 0x01, + /* NID_X9_62_id_characteristic_two_basis */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03, + /* NID_X9_62_onBasis */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03, 0x01, + /* NID_X9_62_tpBasis */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03, 0x02, + /* NID_X9_62_ppBasis */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x02, 0x03, 0x03, + /* NID_X9_62_c2pnb163v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x01, + /* NID_X9_62_c2pnb163v2 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x02, + /* NID_X9_62_c2pnb163v3 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x03, + /* NID_X9_62_c2pnb176v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x04, + /* NID_X9_62_c2tnb191v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x05, + /* NID_X9_62_c2tnb191v2 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x06, + /* NID_X9_62_c2tnb191v3 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x07, + /* NID_X9_62_c2onb191v4 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x08, + /* NID_X9_62_c2onb191v5 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x09, + /* NID_X9_62_c2pnb208w1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0a, + /* NID_X9_62_c2tnb239v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0b, + /* NID_X9_62_c2tnb239v2 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0c, + /* NID_X9_62_c2tnb239v3 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0d, + /* NID_X9_62_c2onb239v4 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0e, + /* NID_X9_62_c2onb239v5 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x0f, + /* NID_X9_62_c2pnb272w1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x10, + /* NID_X9_62_c2pnb304w1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x11, + /* NID_X9_62_c2tnb359v1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x12, + /* NID_X9_62_c2pnb368w1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x13, + /* NID_X9_62_c2tnb431r1 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x00, 0x14, + /* NID_secp112r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x06, + /* NID_secp112r2 */ + 0x2b, 0x81, 0x04, 0x00, 0x07, + /* NID_secp128r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x1c, + /* NID_secp128r2 */ + 0x2b, 0x81, 0x04, 0x00, 0x1d, + /* NID_secp160k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x09, + /* NID_secp160r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x08, + /* NID_secp160r2 */ + 0x2b, 0x81, 0x04, 0x00, 0x1e, + /* NID_secp192k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x1f, + /* NID_secp224k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x20, + /* NID_secp224r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x21, + /* NID_secp256k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x0a, + /* NID_secp384r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x22, + /* NID_secp521r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x23, + /* NID_sect113r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x04, + /* NID_sect113r2 */ + 0x2b, 0x81, 0x04, 0x00, 0x05, + /* NID_sect131r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x16, + /* NID_sect131r2 */ + 0x2b, 0x81, 0x04, 0x00, 0x17, + /* NID_sect163k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x01, + /* NID_sect163r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x02, + /* NID_sect163r2 */ + 0x2b, 0x81, 0x04, 0x00, 0x0f, + /* NID_sect193r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x18, + /* NID_sect193r2 */ + 0x2b, 0x81, 0x04, 0x00, 0x19, + /* NID_sect233k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x1a, + /* NID_sect233r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x1b, + /* NID_sect239k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x03, + /* NID_sect283k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x10, + /* NID_sect283r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x11, + /* NID_sect409k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x24, + /* NID_sect409r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x25, + /* NID_sect571k1 */ + 0x2b, 0x81, 0x04, 0x00, 0x26, + /* NID_sect571r1 */ + 0x2b, 0x81, 0x04, 0x00, 0x27, + /* NID_wap_wsg_idm_ecid_wtls1 */ + 0x67, 0x2b, 0x01, 0x04, 0x01, + /* NID_wap_wsg_idm_ecid_wtls3 */ + 0x67, 0x2b, 0x01, 0x04, 0x03, + /* NID_wap_wsg_idm_ecid_wtls4 */ + 0x67, 0x2b, 0x01, 0x04, 0x04, + /* NID_wap_wsg_idm_ecid_wtls5 */ + 0x67, 0x2b, 0x01, 0x04, 0x05, + /* NID_wap_wsg_idm_ecid_wtls6 */ + 0x67, 0x2b, 0x01, 0x04, 0x06, + /* NID_wap_wsg_idm_ecid_wtls7 */ + 0x67, 0x2b, 0x01, 0x04, 0x07, + /* NID_wap_wsg_idm_ecid_wtls8 */ + 0x67, 0x2b, 0x01, 0x04, 0x08, + /* NID_wap_wsg_idm_ecid_wtls9 */ + 0x67, 0x2b, 0x01, 0x04, 0x09, + /* NID_wap_wsg_idm_ecid_wtls10 */ + 0x67, 0x2b, 0x01, 0x04, 0x0a, + /* NID_wap_wsg_idm_ecid_wtls11 */ + 0x67, 0x2b, 0x01, 0x04, 0x0b, + /* NID_wap_wsg_idm_ecid_wtls12 */ + 0x67, 0x2b, 0x01, 0x04, 0x0c, + /* NID_any_policy */ + 0x55, 0x1d, 0x20, 0x00, + /* NID_policy_mappings */ + 0x55, 0x1d, 0x21, + /* NID_inhibit_any_policy */ + 0x55, 0x1d, 0x36, + /* NID_camellia_128_cbc */ + 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x01, 0x02, + /* NID_camellia_192_cbc */ + 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x01, 0x03, + /* NID_camellia_256_cbc */ + 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x01, 0x04, + /* NID_camellia_128_ecb */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x01, + /* NID_camellia_192_ecb */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x15, + /* NID_camellia_256_ecb */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x29, + /* NID_camellia_128_cfb128 */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x04, + /* NID_camellia_192_cfb128 */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x18, + /* NID_camellia_256_cfb128 */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x2c, + /* NID_camellia_128_ofb128 */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x03, + /* NID_camellia_192_ofb128 */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x17, + /* NID_camellia_256_ofb128 */ + 0x03, 0xa2, 0x31, 0x05, 0x03, 0x01, 0x09, 0x2b, + /* NID_subject_directory_attributes */ + 0x55, 0x1d, 0x09, + /* NID_issuing_distribution_point */ + 0x55, 0x1d, 0x1c, + /* NID_certificate_issuer */ + 0x55, 0x1d, 0x1d, + /* NID_kisa */ + 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, + /* NID_seed_ecb */ + 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x03, + /* NID_seed_cbc */ + 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x04, + /* NID_seed_ofb128 */ + 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x06, + /* NID_seed_cfb128 */ + 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01, 0x05, + /* NID_hmac_md5 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x08, 0x01, 0x01, + /* NID_hmac_sha1 */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x08, 0x01, 0x02, + /* NID_id_PasswordBasedMAC */ + 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x0d, + /* NID_id_DHBasedMac */ + 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x42, 0x1e, + /* NID_id_it_suppLangTags */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x04, 0x10, + /* NID_caRepository */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x05, + /* NID_id_smime_ct_compressedData */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x09, + /* NID_id_ct_asciiTextWithCRLF */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x1b, + /* NID_id_aes128_wrap */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x05, + /* NID_id_aes192_wrap */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x19, + /* NID_id_aes256_wrap */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2d, + /* NID_ecdsa_with_Recommended */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x02, + /* NID_ecdsa_with_Specified */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, + /* NID_ecdsa_with_SHA224 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x01, + /* NID_ecdsa_with_SHA256 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, + /* NID_ecdsa_with_SHA384 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, + /* NID_ecdsa_with_SHA512 */ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, + /* NID_hmacWithMD5 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x06, + /* NID_hmacWithSHA224 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x08, + /* NID_hmacWithSHA256 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x09, + /* NID_hmacWithSHA384 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0a, + /* NID_hmacWithSHA512 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x0b, + /* NID_dsa_with_SHA224 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x01, + /* NID_dsa_with_SHA256 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x02, + /* NID_whirlpool */ + 0x28, 0xcf, 0x06, 0x03, 0x00, 0x37, + /* NID_cryptopro */ + 0x2a, 0x85, 0x03, 0x02, 0x02, + /* NID_cryptocom */ + 0x2a, 0x85, 0x03, 0x02, 0x09, + /* NID_id_GostR3411_94_with_GostR3410_2001 */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x03, + /* NID_id_GostR3411_94_with_GostR3410_94 */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x04, + /* NID_id_GostR3411_94 */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x09, + /* NID_id_HMACGostR3411_94 */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x0a, + /* NID_id_GostR3410_2001 */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x13, + /* NID_id_GostR3410_94 */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, + /* NID_id_Gost28147_89 */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x15, + /* NID_id_Gost28147_89_MAC */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, + /* NID_id_GostR3411_94_prf */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17, + /* NID_id_GostR3410_2001DH */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x62, + /* NID_id_GostR3410_94DH */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x63, + /* NID_id_Gost28147_89_CryptoPro_KeyMeshing */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x0e, 0x01, + /* NID_id_Gost28147_89_None_KeyMeshing */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x0e, 0x00, + /* NID_id_GostR3411_94_TestParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x00, + /* NID_id_GostR3411_94_CryptoProParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x01, + /* NID_id_Gost28147_89_TestParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x00, + /* NID_id_Gost28147_89_CryptoPro_A_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x01, + /* NID_id_Gost28147_89_CryptoPro_B_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x02, + /* NID_id_Gost28147_89_CryptoPro_C_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x03, + /* NID_id_Gost28147_89_CryptoPro_D_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x04, + /* NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x05, + /* NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x06, + /* NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x07, + /* NID_id_GostR3410_94_TestParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x00, + /* NID_id_GostR3410_94_CryptoPro_A_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x02, + /* NID_id_GostR3410_94_CryptoPro_B_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x03, + /* NID_id_GostR3410_94_CryptoPro_C_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x04, + /* NID_id_GostR3410_94_CryptoPro_D_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x20, 0x05, + /* NID_id_GostR3410_94_CryptoPro_XchA_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x21, 0x01, + /* NID_id_GostR3410_94_CryptoPro_XchB_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x21, 0x02, + /* NID_id_GostR3410_94_CryptoPro_XchC_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x21, 0x03, + /* NID_id_GostR3410_2001_TestParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00, + /* NID_id_GostR3410_2001_CryptoPro_A_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01, + /* NID_id_GostR3410_2001_CryptoPro_B_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x02, + /* NID_id_GostR3410_2001_CryptoPro_C_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x03, + /* NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x24, 0x00, + /* NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x24, 0x01, + /* NID_id_GostR3410_94_a */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x01, + /* NID_id_GostR3410_94_aBis */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x02, + /* NID_id_GostR3410_94_b */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x03, + /* NID_id_GostR3410_94_bBis */ + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x14, 0x04, + /* NID_id_Gost28147_89_cc */ + 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x06, 0x01, + /* NID_id_GostR3410_94_cc */ + 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x05, 0x03, + /* NID_id_GostR3410_2001_cc */ + 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x05, 0x04, + /* NID_id_GostR3411_94_with_GostR3410_94_cc */ + 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x03, 0x03, + /* NID_id_GostR3411_94_with_GostR3410_2001_cc */ + 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x03, 0x04, + /* NID_id_GostR3410_2001_ParamSet_cc */ + 0x2a, 0x85, 0x03, 0x02, 0x09, 0x01, 0x08, 0x01, + /* NID_LocalKeySet */ + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x11, 0x02, + /* NID_freshest_crl */ + 0x55, 0x1d, 0x2e, + /* NID_id_on_permanentIdentifier */ + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x08, 0x03, + /* NID_searchGuide */ + 0x55, 0x04, 0x0e, + /* NID_businessCategory */ + 0x55, 0x04, 0x0f, + /* NID_postalAddress */ + 0x55, 0x04, 0x10, + /* NID_postOfficeBox */ + 0x55, 0x04, 0x12, + /* NID_physicalDeliveryOfficeName */ + 0x55, 0x04, 0x13, + /* NID_telephoneNumber */ + 0x55, 0x04, 0x14, + /* NID_telexNumber */ + 0x55, 0x04, 0x15, + /* NID_teletexTerminalIdentifier */ + 0x55, 0x04, 0x16, + /* NID_facsimileTelephoneNumber */ + 0x55, 0x04, 0x17, + /* NID_x121Address */ + 0x55, 0x04, 0x18, + /* NID_internationaliSDNNumber */ + 0x55, 0x04, 0x19, + /* NID_registeredAddress */ + 0x55, 0x04, 0x1a, + /* NID_destinationIndicator */ + 0x55, 0x04, 0x1b, + /* NID_preferredDeliveryMethod */ + 0x55, 0x04, 0x1c, + /* NID_presentationAddress */ + 0x55, 0x04, 0x1d, + /* NID_supportedApplicationContext */ + 0x55, 0x04, 0x1e, + /* NID_member */ + 0x55, 0x04, 0x1f, + /* NID_owner */ + 0x55, 0x04, 0x20, + /* NID_roleOccupant */ + 0x55, 0x04, 0x21, + /* NID_seeAlso */ + 0x55, 0x04, 0x22, + /* NID_userPassword */ + 0x55, 0x04, 0x23, + /* NID_userCertificate */ + 0x55, 0x04, 0x24, + /* NID_cACertificate */ + 0x55, 0x04, 0x25, + /* NID_authorityRevocationList */ + 0x55, 0x04, 0x26, + /* NID_certificateRevocationList */ + 0x55, 0x04, 0x27, + /* NID_crossCertificatePair */ + 0x55, 0x04, 0x28, + /* NID_enhancedSearchGuide */ + 0x55, 0x04, 0x2f, + /* NID_protocolInformation */ + 0x55, 0x04, 0x30, + /* NID_distinguishedName */ + 0x55, 0x04, 0x31, + /* NID_uniqueMember */ + 0x55, 0x04, 0x32, + /* NID_houseIdentifier */ + 0x55, 0x04, 0x33, + /* NID_supportedAlgorithms */ + 0x55, 0x04, 0x34, + /* NID_deltaRevocationList */ + 0x55, 0x04, 0x35, + /* NID_dmdName */ + 0x55, 0x04, 0x36, + /* NID_id_alg_PWRI_KEK */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x03, 0x09, + /* NID_aes_128_gcm */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x06, + /* NID_aes_128_ccm */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x07, + /* NID_id_aes128_wrap_pad */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x08, + /* NID_aes_192_gcm */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1a, + /* NID_aes_192_ccm */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1b, + /* NID_id_aes192_wrap_pad */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1c, + /* NID_aes_256_gcm */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2e, + /* NID_aes_256_ccm */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2f, + /* NID_id_aes256_wrap_pad */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x30, + /* NID_id_camellia128_wrap */ + 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x03, 0x02, + /* NID_id_camellia192_wrap */ + 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x03, 0x03, + /* NID_id_camellia256_wrap */ + 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01, 0x03, 0x04, + /* NID_anyExtendedKeyUsage */ + 0x55, 0x1d, 0x25, 0x00, + /* NID_mgf1 */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, + /* NID_rsassaPss */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a, + /* NID_rsaesOaep */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x07, + /* NID_dhpublicnumber */ + 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x02, 0x01, + /* NID_brainpoolP160r1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01, + /* NID_brainpoolP160t1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x02, + /* NID_brainpoolP192r1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03, + /* NID_brainpoolP192t1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x04, + /* NID_brainpoolP224r1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05, + /* NID_brainpoolP224t1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x06, + /* NID_brainpoolP256r1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07, + /* NID_brainpoolP256t1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x08, + /* NID_brainpoolP320r1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09, + /* NID_brainpoolP320t1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0a, + /* NID_brainpoolP384r1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0b, + /* NID_brainpoolP384t1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0c, + /* NID_brainpoolP512r1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0d, + /* NID_brainpoolP512t1 */ + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0e, + /* NID_pSpecified */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x09, + /* NID_dhSinglePass_stdDH_sha1kdf_scheme */ + 0x2b, 0x81, 0x05, 0x10, 0x86, 0x48, 0x3f, 0x00, 0x02, + /* NID_dhSinglePass_stdDH_sha224kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x00, + /* NID_dhSinglePass_stdDH_sha256kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x01, + /* NID_dhSinglePass_stdDH_sha384kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x02, + /* NID_dhSinglePass_stdDH_sha512kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0b, 0x03, + /* NID_dhSinglePass_cofactorDH_sha1kdf_scheme */ + 0x2b, 0x81, 0x05, 0x10, 0x86, 0x48, 0x3f, 0x00, 0x03, + /* NID_dhSinglePass_cofactorDH_sha224kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x00, + /* NID_dhSinglePass_cofactorDH_sha256kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x01, + /* NID_dhSinglePass_cofactorDH_sha384kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x02, + /* NID_dhSinglePass_cofactorDH_sha512kdf_scheme */ + 0x2b, 0x81, 0x04, 0x01, 0x0e, 0x03, }; -static const ASN1_OBJECT kObjects[NUM_NID]={ -{"UNDEF","undefined",NID_undef,0,NULL,0}, -{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0}, -{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0}, -{"MD2","md2",NID_md2,8,&(lvalues[13]),0}, -{"MD5","md5",NID_md5,8,&(lvalues[21]),0}, -{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0}, -{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0}, -{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9, - &(lvalues[46]),0}, -{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9, - &(lvalues[55]),0}, -{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9, - &(lvalues[64]),0}, -{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9, - &(lvalues[73]),0}, -{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0}, -{"X509","X509",NID_X509,2,&(lvalues[83]),0}, -{"CN","commonName",NID_commonName,3,&(lvalues[85]),0}, -{"C","countryName",NID_countryName,3,&(lvalues[88]),0}, -{"L","localityName",NID_localityName,3,&(lvalues[91]),0}, -{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0}, -{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0}, -{"OU","organizationalUnitName",NID_organizationalUnitName,3, - &(lvalues[100]),0}, -{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0}, -{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0}, -{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0}, -{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9, - &(lvalues[124]),0}, -{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9, - &(lvalues[133]),0}, -{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData", - NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0}, -{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9, - &(lvalues[151]),0}, -{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9, - &(lvalues[160]),0}, -{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0}, -{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9, - &(lvalues[177]),0}, -{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0}, -{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0}, -{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0}, -{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0}, -{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0}, -{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0}, -{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0}, -{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0}, -{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0}, -{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0}, -{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0}, -{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0}, -{"SHA","sha",NID_sha,5,&(lvalues[225]),0}, -{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5, - &(lvalues[230]),0}, -{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0}, -{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0}, -{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0}, -{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0}, -{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0}, -{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9, - &(lvalues[256]),0}, -{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9, - &(lvalues[265]),0}, -{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0}, -{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9, - &(lvalues[283]),0}, -{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0}, -{"countersignature","countersignature",NID_pkcs9_countersignature,9, - &(lvalues[301]),0}, -{"challengePassword","challengePassword",NID_pkcs9_challengePassword, - 9,&(lvalues[310]),0}, -{"unstructuredAddress","unstructuredAddress", - NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0}, -{"extendedCertificateAttributes","extendedCertificateAttributes", - NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0}, -{"Netscape","Netscape Communications Corp.",NID_netscape,7, - &(lvalues[337]),0}, -{"nsCertExt","Netscape Certificate Extension", - NID_netscape_cert_extension,8,&(lvalues[344]),0}, -{"nsDataType","Netscape Data Type",NID_netscape_data_type,8, - &(lvalues[352]),0}, -{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0}, -{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0}, -{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0}, -{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0}, -{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0}, -{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9, - &(lvalues[365]),0}, -{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0}, -{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0}, -{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC, - 9,&(lvalues[384]),0}, -{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0}, -{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0}, -{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9, - &(lvalues[407]),0}, -{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9, - &(lvalues[416]),0}, -{"nsRevocationUrl","Netscape Revocation Url", - NID_netscape_revocation_url,9,&(lvalues[425]),0}, -{"nsCaRevocationUrl","Netscape CA Revocation Url", - NID_netscape_ca_revocation_url,9,&(lvalues[434]),0}, -{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9, - &(lvalues[443]),0}, -{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url, - 9,&(lvalues[452]),0}, -{"nsSslServerName","Netscape SSL Server Name", - NID_netscape_ssl_server_name,9,&(lvalues[461]),0}, -{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0}, -{"nsCertSequence","Netscape Certificate Sequence", - NID_netscape_cert_sequence,9,&(lvalues[479]),0}, -{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0}, -{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0}, -{"subjectKeyIdentifier","X509v3 Subject Key Identifier", - NID_subject_key_identifier,3,&(lvalues[490]),0}, -{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0}, -{"privateKeyUsagePeriod","X509v3 Private Key Usage Period", - NID_private_key_usage_period,3,&(lvalues[496]),0}, -{"subjectAltName","X509v3 Subject Alternative Name", - NID_subject_alt_name,3,&(lvalues[499]),0}, -{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name, - 3,&(lvalues[502]),0}, -{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints, - 3,&(lvalues[505]),0}, -{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0}, -{"certificatePolicies","X509v3 Certificate Policies", - NID_certificate_policies,3,&(lvalues[511]),0}, -{"authorityKeyIdentifier","X509v3 Authority Key Identifier", - NID_authority_key_identifier,3,&(lvalues[514]),0}, -{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0}, -{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0}, -{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0}, -{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0}, -{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0}, -{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0}, -{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0}, -{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0}, -{"GN","givenName",NID_givenName,3,&(lvalues[534]),0}, -{"SN","surname",NID_surname,3,&(lvalues[537]),0}, -{"initials","initials",NID_initials,3,&(lvalues[540]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{"crlDistributionPoints","X509v3 CRL Distribution Points", - NID_crl_distribution_points,3,&(lvalues[543]),0}, -{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0}, -{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0}, -{"title","title",NID_title,3,&(lvalues[554]),0}, -{"description","description",NID_description,3,&(lvalues[557]),0}, -{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0}, -{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0}, -{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0}, -{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0}, -{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", - NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0}, -{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0}, -{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0}, -{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0}, -{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0}, -{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, - &(lvalues[602]),0}, -{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0}, -{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, -{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, -{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[616]),0}, -{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, - &(lvalues[627]),0}, -{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[630]),0}, -{"id-kp","id-kp",NID_id_kp,7,&(lvalues[636]),0}, -{"serverAuth","TLS Web Server Authentication",NID_server_auth,8, - &(lvalues[643]),0}, -{"clientAuth","TLS Web Client Authentication",NID_client_auth,8, - &(lvalues[651]),0}, -{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[659]),0}, -{"emailProtection","E-mail Protection",NID_email_protect,8, - &(lvalues[667]),0}, -{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[675]),0}, -{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, - &(lvalues[683]),0}, -{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, - &(lvalues[693]),0}, -{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, - &(lvalues[703]),0}, -{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[713]),0}, -{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, - &(lvalues[723]),0}, -{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[733]),0}, -{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, - &(lvalues[742]),0}, -{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[745]),0}, -{"invalidityDate","Invalidity Date",NID_invalidity_date,3, - &(lvalues[748]),0}, -{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[751]),0}, -{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", - NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[756]),0}, -{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", - NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[766]),0}, -{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[776]),0}, -{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", - NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[786]),0}, -{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", - NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[796]),0}, -{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", - NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[806]),0}, -{"keyBag","keyBag",NID_keyBag,11,&(lvalues[816]),0}, -{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, - 11,&(lvalues[827]),0}, -{"certBag","certBag",NID_certBag,11,&(lvalues[838]),0}, -{"crlBag","crlBag",NID_crlBag,11,&(lvalues[849]),0}, -{"secretBag","secretBag",NID_secretBag,11,&(lvalues[860]),0}, -{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, - &(lvalues[871]),0}, -{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[882]),0}, -{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[891]),0}, -{"x509Certificate","x509Certificate",NID_x509Certificate,10, - &(lvalues[900]),0}, -{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, - &(lvalues[910]),0}, -{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[920]),0}, -{"PBES2","PBES2",NID_pbes2,9,&(lvalues[930]),0}, -{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[939]),0}, -{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[948]),0}, -{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[956]),0}, -{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, - &(lvalues[964]),0}, -{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, -{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, - &(lvalues[972]),0}, -{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, - &(lvalues[981]),0}, -{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, - &(lvalues[990]),0}, -{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, - &(lvalues[999]),0}, -{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, - &(lvalues[1008]),0}, -{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1018]),0}, -{"name","name",NID_name,3,&(lvalues[1027]),0}, -{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1030]),0}, -{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1033]),0}, -{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1040]),0}, -{"authorityInfoAccess","Authority Information Access",NID_info_access, - 8,&(lvalues[1047]),0}, -{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1055]),0}, -{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1063]),0}, -{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1071]),0}, -{"ISO","iso",NID_iso,0,NULL,0}, -{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1079]),0}, -{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1080]),0}, -{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1083]),0}, -{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1088]),0}, -{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1094]),0}, -{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1102]),0}, -{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1110]),0}, -{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1119]),0}, -{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1129]),0}, -{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1139]),0}, -{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1149]),0}, -{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1159]),0}, -{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1169]),0}, -{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1179]),0}, -{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, - &(lvalues[1189]),0}, -{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, - &(lvalues[1200]),0}, -{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, - &(lvalues[1211]),0}, -{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, - 11,&(lvalues[1222]),0}, -{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", - NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1233]),0}, -{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", - NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1244]),0}, -{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", - NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1255]),0}, -{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", - NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1266]),0}, -{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, - 11,&(lvalues[1277]),0}, -{"id-smime-ct-authData","id-smime-ct-authData", - NID_id_smime_ct_authData,11,&(lvalues[1288]),0}, -{"id-smime-ct-publishCert","id-smime-ct-publishCert", - NID_id_smime_ct_publishCert,11,&(lvalues[1299]),0}, -{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, - 11,&(lvalues[1310]),0}, -{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, - 11,&(lvalues[1321]),0}, -{"id-smime-ct-contentInfo","id-smime-ct-contentInfo", - NID_id_smime_ct_contentInfo,11,&(lvalues[1332]),0}, -{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", - NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1343]),0}, -{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", - NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1354]),0}, -{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", - NID_id_smime_aa_receiptRequest,11,&(lvalues[1365]),0}, -{"id-smime-aa-securityLabel","id-smime-aa-securityLabel", - NID_id_smime_aa_securityLabel,11,&(lvalues[1376]),0}, -{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", - NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1387]),0}, -{"id-smime-aa-contentHint","id-smime-aa-contentHint", - NID_id_smime_aa_contentHint,11,&(lvalues[1398]),0}, -{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", - NID_id_smime_aa_msgSigDigest,11,&(lvalues[1409]),0}, -{"id-smime-aa-encapContentType","id-smime-aa-encapContentType", - NID_id_smime_aa_encapContentType,11,&(lvalues[1420]),0}, -{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", - NID_id_smime_aa_contentIdentifier,11,&(lvalues[1431]),0}, -{"id-smime-aa-macValue","id-smime-aa-macValue", - NID_id_smime_aa_macValue,11,&(lvalues[1442]),0}, -{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", - NID_id_smime_aa_equivalentLabels,11,&(lvalues[1453]),0}, -{"id-smime-aa-contentReference","id-smime-aa-contentReference", - NID_id_smime_aa_contentReference,11,&(lvalues[1464]),0}, -{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", - NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1475]),0}, -{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", - NID_id_smime_aa_signingCertificate,11,&(lvalues[1486]),0}, -{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", - NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1497]),0}, -{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", - NID_id_smime_aa_timeStampToken,11,&(lvalues[1508]),0}, -{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", - NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1519]),0}, -{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", - NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1530]),0}, -{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", - NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1541]),0}, -{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", - NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1552]),0}, -{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", - NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1563]),0}, -{"id-smime-aa-ets-contentTimestamp", - "id-smime-aa-ets-contentTimestamp", - NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1574]),0}, -{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", - NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1585]),0}, -{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", - NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1596]),0}, -{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", - NID_id_smime_aa_ets_certValues,11,&(lvalues[1607]),0}, -{"id-smime-aa-ets-revocationValues", - "id-smime-aa-ets-revocationValues", - NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1618]),0}, -{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", - NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1629]),0}, -{"id-smime-aa-ets-certCRLTimestamp", - "id-smime-aa-ets-certCRLTimestamp", - NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1640]),0}, -{"id-smime-aa-ets-archiveTimeStamp", - "id-smime-aa-ets-archiveTimeStamp", - NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1651]),0}, -{"id-smime-aa-signatureType","id-smime-aa-signatureType", - NID_id_smime_aa_signatureType,11,&(lvalues[1662]),0}, -{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", - NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1673]),0}, -{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", - NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1684]),0}, -{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", - NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1695]),0}, -{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", - NID_id_smime_alg_3DESwrap,11,&(lvalues[1706]),0}, -{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", - NID_id_smime_alg_RC2wrap,11,&(lvalues[1717]),0}, -{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, - &(lvalues[1728]),0}, -{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", - NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1739]),0}, -{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", - NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1750]),0}, -{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, - &(lvalues[1761]),0}, -{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", - NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1772]),0}, -{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", - NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1783]),0}, -{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", - NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1794]),0}, -{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", - NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1805]),0}, -{"id-smime-cti-ets-proofOfDelivery", - "id-smime-cti-ets-proofOfDelivery", - NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1816]),0}, -{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", - NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1827]),0}, -{"id-smime-cti-ets-proofOfApproval", - "id-smime-cti-ets-proofOfApproval", - NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1838]),0}, -{"id-smime-cti-ets-proofOfCreation", - "id-smime-cti-ets-proofOfCreation", - NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1849]),0}, -{"MD4","md4",NID_md4,8,&(lvalues[1860]),0}, -{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1868]),0}, -{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1875]),0}, -{"id-it","id-it",NID_id_it,7,&(lvalues[1882]),0}, -{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1889]),0}, -{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1896]),0}, -{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1903]),0}, -{"id-on","id-on",NID_id_on,7,&(lvalues[1910]),0}, -{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1917]),0}, -{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1924]),0}, -{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1931]),0}, -{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1938]),0}, -{"id-pkix1-explicit-88","id-pkix1-explicit-88", - NID_id_pkix1_explicit_88,8,&(lvalues[1945]),0}, -{"id-pkix1-implicit-88","id-pkix1-implicit-88", - NID_id_pkix1_implicit_88,8,&(lvalues[1953]),0}, -{"id-pkix1-explicit-93","id-pkix1-explicit-93", - NID_id_pkix1_explicit_93,8,&(lvalues[1961]),0}, -{"id-pkix1-implicit-93","id-pkix1-implicit-93", - NID_id_pkix1_implicit_93,8,&(lvalues[1969]),0}, -{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1977]),0}, -{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1985]),0}, -{"id-mod-kea-profile-88","id-mod-kea-profile-88", - NID_id_mod_kea_profile_88,8,&(lvalues[1993]),0}, -{"id-mod-kea-profile-93","id-mod-kea-profile-93", - NID_id_mod_kea_profile_93,8,&(lvalues[2001]),0}, -{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2009]),0}, -{"id-mod-qualified-cert-88","id-mod-qualified-cert-88", - NID_id_mod_qualified_cert_88,8,&(lvalues[2017]),0}, -{"id-mod-qualified-cert-93","id-mod-qualified-cert-93", - NID_id_mod_qualified_cert_93,8,&(lvalues[2025]),0}, -{"id-mod-attribute-cert","id-mod-attribute-cert", - NID_id_mod_attribute_cert,8,&(lvalues[2033]),0}, -{"id-mod-timestamp-protocol","id-mod-timestamp-protocol", - NID_id_mod_timestamp_protocol,8,&(lvalues[2041]),0}, -{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2049]),0}, -{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2057]),0}, -{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, - &(lvalues[2065]),0}, -{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2073]),0}, -{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2081]),0}, -{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, - &(lvalues[2089]),0}, -{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2097]),0}, -{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2105]),0}, -{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, - &(lvalues[2113]),0}, -{"sbgp-autonomousSysNum","sbgp-autonomousSysNum", - NID_sbgp_autonomousSysNum,8,&(lvalues[2121]),0}, -{"sbgp-routerIdentifier","sbgp-routerIdentifier", - NID_sbgp_routerIdentifier,8,&(lvalues[2129]),0}, -{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2137]),0}, -{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2145]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2153]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2161]),0}, -{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2169]),0}, -{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, - 8,&(lvalues[2177]),0}, -{"id-it-signKeyPairTypes","id-it-signKeyPairTypes", - NID_id_it_signKeyPairTypes,8,&(lvalues[2185]),0}, -{"id-it-encKeyPairTypes","id-it-encKeyPairTypes", - NID_id_it_encKeyPairTypes,8,&(lvalues[2193]),0}, -{"id-it-preferredSymmAlg","id-it-preferredSymmAlg", - NID_id_it_preferredSymmAlg,8,&(lvalues[2201]),0}, -{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", - NID_id_it_caKeyUpdateInfo,8,&(lvalues[2209]),0}, -{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, - &(lvalues[2217]),0}, -{"id-it-unsupportedOIDs","id-it-unsupportedOIDs", - NID_id_it_unsupportedOIDs,8,&(lvalues[2225]),0}, -{"id-it-subscriptionRequest","id-it-subscriptionRequest", - NID_id_it_subscriptionRequest,8,&(lvalues[2233]),0}, -{"id-it-subscriptionResponse","id-it-subscriptionResponse", - NID_id_it_subscriptionResponse,8,&(lvalues[2241]),0}, -{"id-it-keyPairParamReq","id-it-keyPairParamReq", - NID_id_it_keyPairParamReq,8,&(lvalues[2249]),0}, -{"id-it-keyPairParamRep","id-it-keyPairParamRep", - NID_id_it_keyPairParamRep,8,&(lvalues[2257]),0}, -{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, - 8,&(lvalues[2265]),0}, -{"id-it-implicitConfirm","id-it-implicitConfirm", - NID_id_it_implicitConfirm,8,&(lvalues[2273]),0}, -{"id-it-confirmWaitTime","id-it-confirmWaitTime", - NID_id_it_confirmWaitTime,8,&(lvalues[2281]),0}, -{"id-it-origPKIMessage","id-it-origPKIMessage", - NID_id_it_origPKIMessage,8,&(lvalues[2289]),0}, -{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2297]),0}, -{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2305]),0}, -{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, - 9,&(lvalues[2313]),0}, -{"id-regCtrl-authenticator","id-regCtrl-authenticator", - NID_id_regCtrl_authenticator,9,&(lvalues[2322]),0}, -{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", - NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2331]),0}, -{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", - NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2340]),0}, -{"id-regCtrl-oldCertID","id-regCtrl-oldCertID", - NID_id_regCtrl_oldCertID,9,&(lvalues[2349]),0}, -{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", - NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2358]),0}, -{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", - NID_id_regInfo_utf8Pairs,9,&(lvalues[2367]),0}, -{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, - &(lvalues[2376]),0}, -{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2385]),0}, -{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, - &(lvalues[2393]),0}, -{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", - NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2401]),0}, -{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2409]),0}, -{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, - &(lvalues[2417]),0}, -{"id-cmc-identification","id-cmc-identification", - NID_id_cmc_identification,8,&(lvalues[2425]),0}, -{"id-cmc-identityProof","id-cmc-identityProof", - NID_id_cmc_identityProof,8,&(lvalues[2433]),0}, -{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, - &(lvalues[2441]),0}, -{"id-cmc-transactionId","id-cmc-transactionId", - NID_id_cmc_transactionId,8,&(lvalues[2449]),0}, -{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, - &(lvalues[2457]),0}, -{"id-cmc-recipientNonce","id-cmc-recipientNonce", - NID_id_cmc_recipientNonce,8,&(lvalues[2465]),0}, -{"id-cmc-addExtensions","id-cmc-addExtensions", - NID_id_cmc_addExtensions,8,&(lvalues[2473]),0}, -{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, - 8,&(lvalues[2481]),0}, -{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, - 8,&(lvalues[2489]),0}, -{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", - NID_id_cmc_lraPOPWitness,8,&(lvalues[2497]),0}, -{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, - &(lvalues[2505]),0}, -{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2513]),0}, -{"id-cmc-revokeRequest","id-cmc-revokeRequest", - NID_id_cmc_revokeRequest,8,&(lvalues[2521]),0}, -{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, - &(lvalues[2529]),0}, -{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, - 8,&(lvalues[2537]),0}, -{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, - 8,&(lvalues[2545]),0}, -{"id-cmc-popLinkRandom","id-cmc-popLinkRandom", - NID_id_cmc_popLinkRandom,8,&(lvalues[2553]),0}, -{"id-cmc-popLinkWitness","id-cmc-popLinkWitness", - NID_id_cmc_popLinkWitness,8,&(lvalues[2561]),0}, -{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", - NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2569]),0}, -{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, - &(lvalues[2577]),0}, -{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, - &(lvalues[2585]),0}, -{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, - 8,&(lvalues[2593]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2601]),0}, -{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2609]),0}, -{"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2617]),0}, -{"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2625]),0}, -{"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2633]),0}, -{"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2641]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2649]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2657]),0}, -{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2665]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2673]),0}, -{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2681]),0}, -{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2689]),0}, -{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2697]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2705]),0}, -{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2713]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2722]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2731]),0}, -{"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2740]),0}, -{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2749]),0}, -{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2758]),0}, -{"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2767]),0}, -{"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2776]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2785]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2794]),0}, -{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2803]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2812]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2816]),0}, -{"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2821]),0}, -{"ORG","org",NID_org,1,&(lvalues[2823]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2824]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2826]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2829]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2833]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2837]),0}, -{"private","Private",NID_Private,4,&(lvalues[2841]),0}, -{"security","Security",NID_Security,4,&(lvalues[2845]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2849]),0}, -{"Mail","Mail",NID_Mail,4,&(lvalues[2853]),0}, -{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2857]),0}, -{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2862]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2871]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2881]),0}, -{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0}, -{"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2891]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2894]),0}, -{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2898]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2907]),0}, -{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2915]),0}, -{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2923]),0}, -{"role","role",NID_role,3,&(lvalues[2931]),0}, -{"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2934]),0}, -{"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2937]),0}, -{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2940]),0}, -{"NULL","NULL",NID_ccitt,0,NULL,0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2943]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2948]),0}, -{"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2955]),0}, -{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2962]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2969]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2977]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2985]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2993]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3001]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3009]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3017]),0}, -{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3025]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3032]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3041]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3050]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3059]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3068]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3077]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3086]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3095]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3104]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3113]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3122]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3131]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3140]),0}, -{"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3149]),0}, -{"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3152]),0}, -{"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3159]),0}, -{"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3166]),0}, -{"data","data",NID_data,1,&(lvalues[3173]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3174]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3177]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3184]),0}, -{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3192]),0}, -{"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3201]),0}, -{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3210]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3219]),0}, -{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3228]),0}, -{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3238]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3248]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3258]),0}, -{"account","account",NID_account,10,&(lvalues[3268]),0}, -{"document","document",NID_document,10,&(lvalues[3278]),0}, -{"room","room",NID_room,10,&(lvalues[3288]),0}, -{"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3298]),0}, -{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, - &(lvalues[3308]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3318]),0}, -{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3328]),0}, -{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3338]),0}, -{"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3348]),0}, -{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3358]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3368]),0}, -{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3378]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3388]),0}, -{"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3398]),0}, -{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3408]),0}, -{"info","info",NID_info,10,&(lvalues[3418]),0}, -{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3428]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3438]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3448]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3458]),0}, -{"host","host",NID_host,10,&(lvalues[3468]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3478]),0}, -{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3488]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3498]),0}, -{"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3508]),0}, -{"documentAuthor","documentAuthor",NID_documentAuthor,10, - &(lvalues[3518]),0}, -{"documentLocation","documentLocation",NID_documentLocation,10, - &(lvalues[3528]),0}, -{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3538]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3548]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3558]),0}, -{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3568]),0}, -{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, - &(lvalues[3578]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3588]),0}, -{"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3598]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3608]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3618]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3628]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3638]),0}, -{"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3648]),0}, -{"associatedName","associatedName",NID_associatedName,10, - &(lvalues[3658]),0}, -{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, - &(lvalues[3668]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3678]),0}, -{"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3688]),0}, -{"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3698]),0}, -{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3708]),0}, -{"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3718]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3728]),0}, -{"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3738]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3748]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3758]),0}, -{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3768]),0}, -{"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3778]),0}, -{"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3788]),0}, -{"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3798]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3808]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3818]),0}, -{"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3828]),0}, -{"x500UniqueIdentifier","x500UniqueIdentifier", - NID_x500UniqueIdentifier,3,&(lvalues[3838]),0}, -{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3841]),0}, -{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, - &(lvalues[3846]),0}, -{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, - &(lvalues[3852]),0}, -{"id-hex-partial-message","id-hex-partial-message", - NID_id_hex_partial_message,7,&(lvalues[3858]),0}, -{"id-hex-multipart-message","id-hex-multipart-message", - NID_id_hex_multipart_message,7,&(lvalues[3865]),0}, -{"generationQualifier","generationQualifier",NID_generationQualifier, - 3,&(lvalues[3872]),0}, -{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3875]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{"id-set","Secure Electronic Transactions",NID_id_set,2, - &(lvalues[3878]),0}, -{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3880]),0}, -{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3883]),0}, -{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3886]),0}, -{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3889]),0}, -{"set-certExt","certificate extensions",NID_set_certExt,3, - &(lvalues[3892]),0}, -{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3895]),0}, -{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3898]),0}, -{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, - &(lvalues[3902]),0}, -{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3906]),0}, -{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3910]),0}, -{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3914]),0}, -{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3918]),0}, -{"setct-PIDataUnsigned","setct-PIDataUnsigned", - NID_setct_PIDataUnsigned,4,&(lvalues[3922]),0}, -{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, - &(lvalues[3926]),0}, -{"setct-AuthResBaggage","setct-AuthResBaggage", - NID_setct_AuthResBaggage,4,&(lvalues[3930]),0}, -{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", - NID_setct_AuthRevReqBaggage,4,&(lvalues[3934]),0}, -{"setct-AuthRevResBaggage","setct-AuthRevResBaggage", - NID_setct_AuthRevResBaggage,4,&(lvalues[3938]),0}, -{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, - &(lvalues[3942]),0}, -{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, - &(lvalues[3946]),0}, -{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3950]),0}, -{"setct-PResData","setct-PResData",NID_setct_PResData,4, - &(lvalues[3954]),0}, -{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, - &(lvalues[3958]),0}, -{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, - &(lvalues[3962]),0}, -{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, - &(lvalues[3966]),0}, -{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, - &(lvalues[3970]),0}, -{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, - &(lvalues[3974]),0}, -{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, - &(lvalues[3978]),0}, -{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", - NID_setct_AcqCardCodeMsg,4,&(lvalues[3982]),0}, -{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, - 4,&(lvalues[3986]),0}, -{"setct-AuthRevResData","setct-AuthRevResData", - NID_setct_AuthRevResData,4,&(lvalues[3990]),0}, -{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, - 4,&(lvalues[3994]),0}, -{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, - &(lvalues[3998]),0}, -{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, - &(lvalues[4002]),0}, -{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, - &(lvalues[4006]),0}, -{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, - &(lvalues[4010]),0}, -{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, - 4,&(lvalues[4014]),0}, -{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, - 4,&(lvalues[4018]),0}, -{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, - &(lvalues[4022]),0}, -{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, - &(lvalues[4026]),0}, -{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, - &(lvalues[4030]),0}, -{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, - 4,&(lvalues[4034]),0}, -{"setct-CredRevReqTBSX","setct-CredRevReqTBSX", - NID_setct_CredRevReqTBSX,4,&(lvalues[4038]),0}, -{"setct-CredRevResData","setct-CredRevResData", - NID_setct_CredRevResData,4,&(lvalues[4042]),0}, -{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, - &(lvalues[4046]),0}, -{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, - &(lvalues[4050]),0}, -{"setct-BatchAdminReqData","setct-BatchAdminReqData", - NID_setct_BatchAdminReqData,4,&(lvalues[4054]),0}, -{"setct-BatchAdminResData","setct-BatchAdminResData", - NID_setct_BatchAdminResData,4,&(lvalues[4058]),0}, -{"setct-CardCInitResTBS","setct-CardCInitResTBS", - NID_setct_CardCInitResTBS,4,&(lvalues[4062]),0}, -{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", - NID_setct_MeAqCInitResTBS,4,&(lvalues[4066]),0}, -{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, - 4,&(lvalues[4070]),0}, -{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, - &(lvalues[4074]),0}, -{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, - &(lvalues[4078]),0}, -{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, - &(lvalues[4082]),0}, -{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, - 4,&(lvalues[4086]),0}, -{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, - &(lvalues[4090]),0}, -{"setct-PIDualSignedTBE","setct-PIDualSignedTBE", - NID_setct_PIDualSignedTBE,4,&(lvalues[4094]),0}, -{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, - 4,&(lvalues[4098]),0}, -{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, - &(lvalues[4102]),0}, -{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, - &(lvalues[4106]),0}, -{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, - &(lvalues[4110]),0}, -{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, - &(lvalues[4114]),0}, -{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, - &(lvalues[4118]),0}, -{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, - &(lvalues[4122]),0}, -{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", - NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4126]),0}, -{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, - 4,&(lvalues[4130]),0}, -{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, - 4,&(lvalues[4134]),0}, -{"setct-AuthRevResTBEB","setct-AuthRevResTBEB", - NID_setct_AuthRevResTBEB,4,&(lvalues[4138]),0}, -{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, - &(lvalues[4142]),0}, -{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, - &(lvalues[4146]),0}, -{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, - &(lvalues[4150]),0}, -{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, - &(lvalues[4154]),0}, -{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, - 4,&(lvalues[4158]),0}, -{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, - &(lvalues[4162]),0}, -{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, - &(lvalues[4166]),0}, -{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, - &(lvalues[4170]),0}, -{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, - &(lvalues[4174]),0}, -{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, - 4,&(lvalues[4178]),0}, -{"setct-CredRevReqTBEX","setct-CredRevReqTBEX", - NID_setct_CredRevReqTBEX,4,&(lvalues[4182]),0}, -{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, - 4,&(lvalues[4186]),0}, -{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", - NID_setct_BatchAdminReqTBE,4,&(lvalues[4190]),0}, -{"setct-BatchAdminResTBE","setct-BatchAdminResTBE", - NID_setct_BatchAdminResTBE,4,&(lvalues[4194]),0}, -{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, - 4,&(lvalues[4198]),0}, -{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, - &(lvalues[4202]),0}, -{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, - &(lvalues[4206]),0}, -{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, - &(lvalues[4210]),0}, -{"setct-CRLNotificationTBS","setct-CRLNotificationTBS", - NID_setct_CRLNotificationTBS,4,&(lvalues[4214]),0}, -{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", - NID_setct_CRLNotificationResTBS,4,&(lvalues[4218]),0}, -{"setct-BCIDistributionTBS","setct-BCIDistributionTBS", - NID_setct_BCIDistributionTBS,4,&(lvalues[4222]),0}, -{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, - &(lvalues[4226]),0}, -{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, - &(lvalues[4230]),0}, -{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, - &(lvalues[4234]),0}, -{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4238]),0}, -{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4242]),0}, -{"setext-cv","additional verification",NID_setext_cv,4, - &(lvalues[4246]),0}, -{"set-policy-root","set-policy-root",NID_set_policy_root,4, - &(lvalues[4250]),0}, -{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, - &(lvalues[4254]),0}, -{"setCext-certType","setCext-certType",NID_setCext_certType,4, - &(lvalues[4258]),0}, -{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, - &(lvalues[4262]),0}, -{"setCext-cCertRequired","setCext-cCertRequired", - NID_setCext_cCertRequired,4,&(lvalues[4266]),0}, -{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, - &(lvalues[4270]),0}, -{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, - &(lvalues[4274]),0}, -{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, - &(lvalues[4278]),0}, -{"setCext-PGWYcapabilities","setCext-PGWYcapabilities", - NID_setCext_PGWYcapabilities,4,&(lvalues[4282]),0}, -{"setCext-TokenIdentifier","setCext-TokenIdentifier", - NID_setCext_TokenIdentifier,4,&(lvalues[4286]),0}, -{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, - &(lvalues[4290]),0}, -{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, - &(lvalues[4294]),0}, -{"setCext-IssuerCapabilities","setCext-IssuerCapabilities", - NID_setCext_IssuerCapabilities,4,&(lvalues[4298]),0}, -{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4302]),0}, -{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, - 4,&(lvalues[4306]),0}, -{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, - &(lvalues[4310]),0}, -{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, - &(lvalues[4314]),0}, -{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, - &(lvalues[4318]),0}, -{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4323]),0}, -{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, - &(lvalues[4328]),0}, -{"setAttr-Token-B0Prime","setAttr-Token-B0Prime", - NID_setAttr_Token_B0Prime,5,&(lvalues[4333]),0}, -{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, - &(lvalues[4338]),0}, -{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, - &(lvalues[4343]),0}, -{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, - &(lvalues[4348]),0}, -{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, - 6,&(lvalues[4353]),0}, -{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, - &(lvalues[4359]),0}, -{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, - &(lvalues[4365]),0}, -{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, - &(lvalues[4371]),0}, -{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, - 6,&(lvalues[4377]),0}, -{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, - &(lvalues[4383]),0}, -{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, - &(lvalues[4387]),0}, -{"set-brand-AmericanExpress","set-brand-AmericanExpress", - NID_set_brand_AmericanExpress,4,&(lvalues[4391]),0}, -{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4395]),0}, -{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, - &(lvalues[4399]),0}, -{"set-brand-MasterCard","set-brand-MasterCard", - NID_set_brand_MasterCard,4,&(lvalues[4403]),0}, -{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, - &(lvalues[4407]),0}, -{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4412]),0}, -{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", - NID_rsaOAEPEncryptionSET,9,&(lvalues[4420]),0}, -{"ITU-T","itu-t",NID_itu_t,0,NULL,0}, -{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0}, -{"international-organizations","International Organizations", - NID_international_organizations,1,&(lvalues[4429]),0}, -{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, - 10,&(lvalues[4430]),0}, -{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, - &(lvalues[4440]),0}, -{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, -{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, -{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, -{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0}, -{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0}, -{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0}, -{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0}, -{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, -{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, -{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"street","streetAddress",NID_streetAddress,3,&(lvalues[4450]),0}, -{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4453]),0}, -{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4456]),0}, -{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, - &(lvalues[4463]),0}, -{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, - &(lvalues[4471]),0}, -{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, - &(lvalues[4479]),0}, -{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, - &(lvalues[4487]),0}, -{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4490]),0}, -{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, - &(lvalues[4498]),0}, -{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, - &(lvalues[4507]),0}, -{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, - &(lvalues[4516]),0}, -{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, - &(lvalues[4525]),0}, -{"SHA256","sha256",NID_sha256,9,&(lvalues[4534]),0}, -{"SHA384","sha384",NID_sha384,9,&(lvalues[4543]),0}, -{"SHA512","sha512",NID_sha512,9,&(lvalues[4552]),0}, -{"SHA224","sha224",NID_sha224,9,&(lvalues[4561]),0}, -{"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4570]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4571]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4574]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4576]),0}, -{"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4579]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4587]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4596]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4605]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4614]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4622]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4630]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4638]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4646]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4654]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4662]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4670]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4678]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4686]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4694]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4702]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4710]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4718]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4726]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4734]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4742]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4750]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4758]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4766]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4774]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4779]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4784]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4789]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4794]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4799]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4804]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4809]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4814]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4819]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4824]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4829]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4834]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4839]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4844]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4849]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4854]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4859]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4864]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4869]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4874]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4879]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4884]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4889]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4894]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4899]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4904]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4909]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4914]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4919]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4924]),0}, -{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4929]),0}, -{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", - NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4934]),0}, -{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", - NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4939]),0}, -{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", - NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4944]),0}, -{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4949]),0}, -{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", - NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4954]),0}, -{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4959]),0}, -{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4964]),0}, -{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", - NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4969]),0}, -{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", - NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4974]),0}, -{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", - NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4979]),0}, -{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4984]),0}, -{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, - &(lvalues[4988]),0}, -{"inhibitAnyPolicy","X509v3 Inhibit Any Policy", - NID_inhibit_any_policy,3,&(lvalues[4991]),0}, -{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, -{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, -{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, - &(lvalues[4994]),0}, -{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, - &(lvalues[5005]),0}, -{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, - &(lvalues[5016]),0}, -{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, - &(lvalues[5027]),0}, -{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, - &(lvalues[5035]),0}, -{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, - &(lvalues[5043]),0}, -{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, - &(lvalues[5051]),0}, -{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, - &(lvalues[5059]),0}, -{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, - &(lvalues[5067]),0}, -{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, -{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, -{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, -{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0}, -{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, -{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, -{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, - &(lvalues[5075]),0}, -{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, - &(lvalues[5083]),0}, -{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, - &(lvalues[5091]),0}, -{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", - NID_subject_directory_attributes,3,&(lvalues[5099]),0}, -{"issuingDistributionPoint","X509v3 Issuing Distribution Point", - NID_issuing_distribution_point,3,&(lvalues[5102]),0}, -{"certificateIssuer","X509v3 Certificate Issuer", - NID_certificate_issuer,3,&(lvalues[5105]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{"KISA","kisa",NID_kisa,6,&(lvalues[5108]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5114]),0}, -{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5122]),0}, -{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5130]),0}, -{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5138]),0}, -{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5146]),0}, -{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5154]),0}, -{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, - &(lvalues[5162]),0}, -{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, - &(lvalues[5171]),0}, -{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, - &(lvalues[5180]),0}, -{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5188]),0}, -{"id-smime-ct-compressedData","id-smime-ct-compressedData", - NID_id_smime_ct_compressedData,11,&(lvalues[5196]),0}, -{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", - NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5207]),0}, -{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, - &(lvalues[5218]),0}, -{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, - &(lvalues[5227]),0}, -{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, - &(lvalues[5236]),0}, -{"ecdsa-with-Recommended","ecdsa-with-Recommended", - NID_ecdsa_with_Recommended,7,&(lvalues[5245]),0}, -{"ecdsa-with-Specified","ecdsa-with-Specified", - NID_ecdsa_with_Specified,7,&(lvalues[5252]),0}, -{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, - &(lvalues[5259]),0}, -{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, - &(lvalues[5267]),0}, -{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, - &(lvalues[5275]),0}, -{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, - &(lvalues[5283]),0}, -{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5291]),0}, -{"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, - &(lvalues[5299]),0}, -{"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, - &(lvalues[5307]),0}, -{"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, - &(lvalues[5315]),0}, -{"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, - &(lvalues[5323]),0}, -{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, - &(lvalues[5331]),0}, -{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, - &(lvalues[5340]),0}, -{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5349]),0}, -{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5355]),0}, -{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5360]),0}, -{"id-GostR3411-94-with-GostR3410-2001", - "GOST R 34.11-94 with GOST R 34.10-2001", - NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5365]),0}, -{"id-GostR3411-94-with-GostR3410-94", - "GOST R 34.11-94 with GOST R 34.10-94", - NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5371]),0}, -{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5377]),0}, -{"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, - &(lvalues[5383]),0}, -{"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, - &(lvalues[5389]),0}, -{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5395]),0}, -{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5401]),0}, -{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, -{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, - &(lvalues[5407]),0}, -{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, - &(lvalues[5413]),0}, -{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, - 6,&(lvalues[5419]),0}, -{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, - &(lvalues[5425]),0}, -{"id-Gost28147-89-CryptoPro-KeyMeshing", - "id-Gost28147-89-CryptoPro-KeyMeshing", - NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5431]),0}, -{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", - NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5438]),0}, -{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", - NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5445]),0}, -{"id-GostR3411-94-CryptoProParamSet", - "id-GostR3411-94-CryptoProParamSet", - NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5452]),0}, -{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", - NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5459]),0}, -{"id-Gost28147-89-CryptoPro-A-ParamSet", - "id-Gost28147-89-CryptoPro-A-ParamSet", - NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5466]),0}, -{"id-Gost28147-89-CryptoPro-B-ParamSet", - "id-Gost28147-89-CryptoPro-B-ParamSet", - NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5473]),0}, -{"id-Gost28147-89-CryptoPro-C-ParamSet", - "id-Gost28147-89-CryptoPro-C-ParamSet", - NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5480]),0}, -{"id-Gost28147-89-CryptoPro-D-ParamSet", - "id-Gost28147-89-CryptoPro-D-ParamSet", - NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5487]),0}, -{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", - "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5494]), - 0}, -{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", - "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5501]), - 0}, -{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", - "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5508]),0}, -{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", - NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5515]),0}, -{"id-GostR3410-94-CryptoPro-A-ParamSet", - "id-GostR3410-94-CryptoPro-A-ParamSet", - NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5522]),0}, -{"id-GostR3410-94-CryptoPro-B-ParamSet", - "id-GostR3410-94-CryptoPro-B-ParamSet", - NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5529]),0}, -{"id-GostR3410-94-CryptoPro-C-ParamSet", - "id-GostR3410-94-CryptoPro-C-ParamSet", - NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5536]),0}, -{"id-GostR3410-94-CryptoPro-D-ParamSet", - "id-GostR3410-94-CryptoPro-D-ParamSet", - NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5543]),0}, -{"id-GostR3410-94-CryptoPro-XchA-ParamSet", - "id-GostR3410-94-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5550]),0}, -{"id-GostR3410-94-CryptoPro-XchB-ParamSet", - "id-GostR3410-94-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5557]),0}, -{"id-GostR3410-94-CryptoPro-XchC-ParamSet", - "id-GostR3410-94-CryptoPro-XchC-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5564]),0}, -{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", - NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5571]),0}, -{"id-GostR3410-2001-CryptoPro-A-ParamSet", - "id-GostR3410-2001-CryptoPro-A-ParamSet", - NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5578]),0}, -{"id-GostR3410-2001-CryptoPro-B-ParamSet", - "id-GostR3410-2001-CryptoPro-B-ParamSet", - NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5585]),0}, -{"id-GostR3410-2001-CryptoPro-C-ParamSet", - "id-GostR3410-2001-CryptoPro-C-ParamSet", - NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5592]),0}, -{"id-GostR3410-2001-CryptoPro-XchA-ParamSet", - "id-GostR3410-2001-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5599]),0}, - -{"id-GostR3410-2001-CryptoPro-XchB-ParamSet", - "id-GostR3410-2001-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5606]),0}, - -{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, - &(lvalues[5613]),0}, -{"id-GostR3410-94-aBis","id-GostR3410-94-aBis", - NID_id_GostR3410_94_aBis,7,&(lvalues[5620]),0}, -{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, - &(lvalues[5627]),0}, -{"id-GostR3410-94-bBis","id-GostR3410-94-bBis", - NID_id_GostR3410_94_bBis,7,&(lvalues[5634]),0}, -{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", - NID_id_Gost28147_89_cc,8,&(lvalues[5641]),0}, -{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, - &(lvalues[5649]),0}, -{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, - &(lvalues[5657]),0}, -{"id-GostR3411-94-with-GostR3410-94-cc", - "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5665]),0}, -{"id-GostR3411-94-with-GostR3410-2001-cc", - "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5673]),0}, -{"id-GostR3410-2001-ParamSet-cc", - "GOST R 3410-2001 Parameter Set Cryptocom", - NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5681]),0}, -{"HMAC","hmac",NID_hmac,0,NULL,0}, -{"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, - &(lvalues[5689]),0}, -{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, - &(lvalues[5698]),0}, -{"id-on-permanentIdentifier","Permanent Identifier", - NID_id_on_permanentIdentifier,8,&(lvalues[5701]),0}, -{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5709]),0}, -{"businessCategory","businessCategory",NID_businessCategory,3, - &(lvalues[5712]),0}, -{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5715]),0}, -{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5718]),0}, -{"physicalDeliveryOfficeName","physicalDeliveryOfficeName", - NID_physicalDeliveryOfficeName,3,&(lvalues[5721]),0}, -{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, - &(lvalues[5724]),0}, -{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5727]),0}, -{"teletexTerminalIdentifier","teletexTerminalIdentifier", - NID_teletexTerminalIdentifier,3,&(lvalues[5730]),0}, -{"facsimileTelephoneNumber","facsimileTelephoneNumber", - NID_facsimileTelephoneNumber,3,&(lvalues[5733]),0}, -{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5736]),0}, -{"internationaliSDNNumber","internationaliSDNNumber", - NID_internationaliSDNNumber,3,&(lvalues[5739]),0}, -{"registeredAddress","registeredAddress",NID_registeredAddress,3, - &(lvalues[5742]),0}, -{"destinationIndicator","destinationIndicator", - NID_destinationIndicator,3,&(lvalues[5745]),0}, -{"preferredDeliveryMethod","preferredDeliveryMethod", - NID_preferredDeliveryMethod,3,&(lvalues[5748]),0}, -{"presentationAddress","presentationAddress",NID_presentationAddress, - 3,&(lvalues[5751]),0}, -{"supportedApplicationContext","supportedApplicationContext", - NID_supportedApplicationContext,3,&(lvalues[5754]),0}, -{"member","member",NID_member,3,&(lvalues[5757]),0}, -{"owner","owner",NID_owner,3,&(lvalues[5760]),0}, -{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5763]),0}, -{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5766]),0}, -{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5769]),0}, -{"userCertificate","userCertificate",NID_userCertificate,3, - &(lvalues[5772]),0}, -{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5775]),0}, -{"authorityRevocationList","authorityRevocationList", - NID_authorityRevocationList,3,&(lvalues[5778]),0}, -{"certificateRevocationList","certificateRevocationList", - NID_certificateRevocationList,3,&(lvalues[5781]),0}, -{"crossCertificatePair","crossCertificatePair", - NID_crossCertificatePair,3,&(lvalues[5784]),0}, -{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, - 3,&(lvalues[5787]),0}, -{"protocolInformation","protocolInformation",NID_protocolInformation, - 3,&(lvalues[5790]),0}, -{"distinguishedName","distinguishedName",NID_distinguishedName,3, - &(lvalues[5793]),0}, -{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5796]),0}, -{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, - &(lvalues[5799]),0}, -{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, - 3,&(lvalues[5802]),0}, -{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, - 3,&(lvalues[5805]),0}, -{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5808]),0}, -{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11, - &(lvalues[5811]),0}, -{"CMAC","cmac",NID_cmac,0,NULL,0}, -{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5822]),0}, -{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5831]),0}, -{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9, - &(lvalues[5840]),0}, -{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5849]),0}, -{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5858]),0}, -{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9, - &(lvalues[5867]),0}, -{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5876]),0}, -{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5885]),0}, -{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9, - &(lvalues[5894]),0}, -{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0}, -{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0}, -{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0}, -{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap, - 11,&(lvalues[5903]),0}, -{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap, - 11,&(lvalues[5914]),0}, -{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap, - 11,&(lvalues[5925]),0}, -{"anyExtendedKeyUsage","Any Extended Key Usage", - NID_anyExtendedKeyUsage,4,&(lvalues[5936]),0}, -{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5940]),0}, -{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5949]),0}, -{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0}, -{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0}, -{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0}, -{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1", - NID_aes_128_cbc_hmac_sha1,0,NULL,0}, -{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1", - NID_aes_192_cbc_hmac_sha1,0,NULL,0}, -{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", - NID_aes_256_cbc_hmac_sha1,0,NULL,0}, -{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5958]),0}, -{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5967]),0}, -{"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9, - &(lvalues[5974]),0}, -{"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9, - &(lvalues[5983]),0}, -{"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9, - &(lvalues[5992]),0}, -{"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9, - &(lvalues[6001]),0}, -{"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9, - &(lvalues[6010]),0}, -{"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9, - &(lvalues[6019]),0}, -{"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9, - &(lvalues[6028]),0}, -{"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9, - &(lvalues[6037]),0}, -{"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9, - &(lvalues[6046]),0}, -{"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9, - &(lvalues[6055]),0}, -{"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9, - &(lvalues[6064]),0}, -{"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9, - &(lvalues[6073]),0}, -{"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9, - &(lvalues[6082]),0}, -{"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, - &(lvalues[6091]),0}, -{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6100]),0}, -{"dhSinglePass-stdDH-sha1kdf-scheme", - "dhSinglePass-stdDH-sha1kdf-scheme", - NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6109]),0}, -{"dhSinglePass-stdDH-sha224kdf-scheme", - "dhSinglePass-stdDH-sha224kdf-scheme", - NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6118]),0}, -{"dhSinglePass-stdDH-sha256kdf-scheme", - "dhSinglePass-stdDH-sha256kdf-scheme", - NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6124]),0}, -{"dhSinglePass-stdDH-sha384kdf-scheme", - "dhSinglePass-stdDH-sha384kdf-scheme", - NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6130]),0}, -{"dhSinglePass-stdDH-sha512kdf-scheme", - "dhSinglePass-stdDH-sha512kdf-scheme", - NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6136]),0}, -{"dhSinglePass-cofactorDH-sha1kdf-scheme", - "dhSinglePass-cofactorDH-sha1kdf-scheme", - NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6142]),0}, -{"dhSinglePass-cofactorDH-sha224kdf-scheme", - "dhSinglePass-cofactorDH-sha224kdf-scheme", - NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6151]),0}, -{"dhSinglePass-cofactorDH-sha256kdf-scheme", - "dhSinglePass-cofactorDH-sha256kdf-scheme", - NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6157]),0}, -{"dhSinglePass-cofactorDH-sha384kdf-scheme", - "dhSinglePass-cofactorDH-sha384kdf-scheme", - NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6163]),0}, -{"dhSinglePass-cofactorDH-sha512kdf-scheme", - "dhSinglePass-cofactorDH-sha512kdf-scheme", - NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6169]),0}, -{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, -{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, -{"X25519","X25519",NID_X25519,0,NULL,0}, +static const ASN1_OBJECT kObjects[NUM_NID] = { + {"UNDEF", "undefined", NID_undef, 0, NULL, 0}, + {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &kObjectData[0], 0}, + {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &kObjectData[6], 0}, + {"MD2", "md2", NID_md2, 8, &kObjectData[13], 0}, + {"MD5", "md5", NID_md5, 8, &kObjectData[21], 0}, + {"RC4", "rc4", NID_rc4, 8, &kObjectData[29], 0}, + {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &kObjectData[37], + 0}, + {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, + &kObjectData[46], 0}, + {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, + &kObjectData[55], 0}, + {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, + &kObjectData[64], 0}, + {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, + &kObjectData[73], 0}, + {"X500", "directory services (X.500)", NID_X500, 1, &kObjectData[82], 0}, + {"X509", "X509", NID_X509, 2, &kObjectData[83], 0}, + {"CN", "commonName", NID_commonName, 3, &kObjectData[85], 0}, + {"C", "countryName", NID_countryName, 3, &kObjectData[88], 0}, + {"L", "localityName", NID_localityName, 3, &kObjectData[91], 0}, + {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &kObjectData[94], + 0}, + {"O", "organizationName", NID_organizationName, 3, &kObjectData[97], 0}, + {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, + &kObjectData[100], 0}, + {"RSA", "rsa", NID_rsa, 4, &kObjectData[103], 0}, + {"pkcs7", "pkcs7", NID_pkcs7, 8, &kObjectData[107], 0}, + {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &kObjectData[115], 0}, + {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, + &kObjectData[124], 0}, + {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, + &kObjectData[133], 0}, + {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", + NID_pkcs7_signedAndEnveloped, 9, &kObjectData[142], 0}, + {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, + &kObjectData[151], 0}, + {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, + &kObjectData[160], 0}, + {"pkcs3", "pkcs3", NID_pkcs3, 8, &kObjectData[169], 0}, + {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, + &kObjectData[177], 0}, + {"DES-ECB", "des-ecb", NID_des_ecb, 5, &kObjectData[186], 0}, + {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &kObjectData[191], 0}, + {"DES-CBC", "des-cbc", NID_des_cbc, 5, &kObjectData[196], 0}, + {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &kObjectData[201], 0}, + {"DES-EDE3", "des-ede3", NID_des_ede3_ecb, 0, NULL, 0}, + {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &kObjectData[206], 0}, + {"IDEA-CFB", "idea-cfb", NID_idea_cfb64, 0, NULL, 0}, + {"IDEA-ECB", "idea-ecb", NID_idea_ecb, 0, NULL, 0}, + {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &kObjectData[217], 0}, + {"RC2-ECB", "rc2-ecb", NID_rc2_ecb, 0, NULL, 0}, + {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64, 0, NULL, 0}, + {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64, 0, NULL, 0}, + {"SHA", "sha", NID_sha, 5, &kObjectData[225], 0}, + {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, + &kObjectData[230], 0}, + {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc, 0, NULL, 0}, + {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &kObjectData[235], 0}, + {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &kObjectData[243], 0}, + {"IDEA-OFB", "idea-ofb", NID_idea_ofb64, 0, NULL, 0}, + {"pkcs9", "pkcs9", NID_pkcs9, 8, &kObjectData[248], 0}, + {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, + &kObjectData[256], 0}, + {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, + &kObjectData[265], 0}, + {"contentType", "contentType", NID_pkcs9_contentType, 9, &kObjectData[274], + 0}, + {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, + &kObjectData[283], 0}, + {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &kObjectData[292], + 0}, + {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, + &kObjectData[301], 0}, + {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, + &kObjectData[310], 0}, + {"unstructuredAddress", "unstructuredAddress", + NID_pkcs9_unstructuredAddress, 9, &kObjectData[319], 0}, + {"extendedCertificateAttributes", "extendedCertificateAttributes", + NID_pkcs9_extCertAttributes, 9, &kObjectData[328], 0}, + {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, + &kObjectData[337], 0}, + {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, + 8, &kObjectData[344], 0}, + {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, + &kObjectData[352], 0}, + {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64, 0, NULL, 0}, + {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64, 0, NULL, 0}, + {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64, 0, NULL, 0}, + {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64, 0, NULL, 0}, + {"SHA1", "sha1", NID_sha1, 5, &kObjectData[360], 0}, + {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, + &kObjectData[365], 0}, + {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &kObjectData[374], 0}, + {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &kObjectData[379], 0}, + {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, + &kObjectData[384], 0}, + {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &kObjectData[393], 0}, + {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &kObjectData[402], + 0}, + {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, + &kObjectData[407], 0}, + {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, + &kObjectData[416], 0}, + {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, + 9, &kObjectData[425], 0}, + {"nsCaRevocationUrl", "Netscape CA Revocation Url", + NID_netscape_ca_revocation_url, 9, &kObjectData[434], 0}, + {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, + &kObjectData[443], 0}, + {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, + &kObjectData[452], 0}, + {"nsSslServerName", "Netscape SSL Server Name", + NID_netscape_ssl_server_name, 9, &kObjectData[461], 0}, + {"nsComment", "Netscape Comment", NID_netscape_comment, 9, + &kObjectData[470], 0}, + {"nsCertSequence", "Netscape Certificate Sequence", + NID_netscape_cert_sequence, 9, &kObjectData[479], 0}, + {"DESX-CBC", "desx-cbc", NID_desx_cbc, 0, NULL, 0}, + {"id-ce", "id-ce", NID_id_ce, 2, &kObjectData[488], 0}, + {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", + NID_subject_key_identifier, 3, &kObjectData[490], 0}, + {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &kObjectData[493], 0}, + {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", + NID_private_key_usage_period, 3, &kObjectData[496], 0}, + {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, + 3, &kObjectData[499], 0}, + {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, + &kObjectData[502], 0}, + {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, + &kObjectData[505], 0}, + {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &kObjectData[508], 0}, + {"certificatePolicies", "X509v3 Certificate Policies", + NID_certificate_policies, 3, &kObjectData[511], 0}, + {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", + NID_authority_key_identifier, 3, &kObjectData[514], 0}, + {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &kObjectData[517], 0}, + {"BF-ECB", "bf-ecb", NID_bf_ecb, 0, NULL, 0}, + {"BF-CFB", "bf-cfb", NID_bf_cfb64, 0, NULL, 0}, + {"BF-OFB", "bf-ofb", NID_bf_ofb64, 0, NULL, 0}, + {"MDC2", "mdc2", NID_mdc2, 4, &kObjectData[526], 0}, + {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &kObjectData[530], 0}, + {"RC4-40", "rc4-40", NID_rc4_40, 0, NULL, 0}, + {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc, 0, NULL, 0}, + {"GN", "givenName", NID_givenName, 3, &kObjectData[534], 0}, + {"SN", "surname", NID_surname, 3, &kObjectData[537], 0}, + {"initials", "initials", NID_initials, 3, &kObjectData[540], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"crlDistributionPoints", "X509v3 CRL Distribution Points", + NID_crl_distribution_points, 3, &kObjectData[543], 0}, + {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &kObjectData[546], 0}, + {"serialNumber", "serialNumber", NID_serialNumber, 3, &kObjectData[551], 0}, + {"title", "title", NID_title, 3, &kObjectData[554], 0}, + {"description", "description", NID_description, 3, &kObjectData[557], 0}, + {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &kObjectData[560], 0}, + {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb, 0, NULL, 0}, + {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64, 0, NULL, 0}, + {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64, 0, NULL, 0}, + {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", + NID_pbeWithMD5AndCast5_CBC, 9, &kObjectData[569], 0}, + {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &kObjectData[578], 0}, + {"MD5-SHA1", "md5-sha1", NID_md5_sha1, 0, NULL, 0}, + {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &kObjectData[585], 0}, + {"DSA", "dsaEncryption", NID_dsa, 7, &kObjectData[590], 0}, + {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &kObjectData[597], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, + &kObjectData[602], 0}, + {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &kObjectData[608], 0}, + {"RC5-ECB", "rc5-ecb", NID_rc5_ecb, 0, NULL, 0}, + {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64, 0, NULL, 0}, + {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64, 0, NULL, 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"ZLIB", "zlib compression", NID_zlib_compression, 11, &kObjectData[616], + 0}, + {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, + &kObjectData[627], 0}, + {"PKIX", "PKIX", NID_id_pkix, 6, &kObjectData[630], 0}, + {"id-kp", "id-kp", NID_id_kp, 7, &kObjectData[636], 0}, + {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, + &kObjectData[643], 0}, + {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, + &kObjectData[651], 0}, + {"codeSigning", "Code Signing", NID_code_sign, 8, &kObjectData[659], 0}, + {"emailProtection", "E-mail Protection", NID_email_protect, 8, + &kObjectData[667], 0}, + {"timeStamping", "Time Stamping", NID_time_stamp, 8, &kObjectData[675], 0}, + {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, + &kObjectData[683], 0}, + {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, + &kObjectData[693], 0}, + {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, + &kObjectData[703], 0}, + {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, + &kObjectData[713], 0}, + {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, + &kObjectData[723], 0}, + {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &kObjectData[733], + 0}, + {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, + &kObjectData[742], 0}, + {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, + &kObjectData[745], 0}, + {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, + &kObjectData[748], 0}, + {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &kObjectData[751], 0}, + {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", + NID_pbe_WithSHA1And128BitRC4, 10, &kObjectData[756], 0}, + {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, + 10, &kObjectData[766], 0}, + {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", + NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &kObjectData[776], 0}, + {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", + NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &kObjectData[786], 0}, + {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", + NID_pbe_WithSHA1And128BitRC2_CBC, 10, &kObjectData[796], 0}, + {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", + NID_pbe_WithSHA1And40BitRC2_CBC, 10, &kObjectData[806], 0}, + {"keyBag", "keyBag", NID_keyBag, 11, &kObjectData[816], 0}, + {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, + &kObjectData[827], 0}, + {"certBag", "certBag", NID_certBag, 11, &kObjectData[838], 0}, + {"crlBag", "crlBag", NID_crlBag, 11, &kObjectData[849], 0}, + {"secretBag", "secretBag", NID_secretBag, 11, &kObjectData[860], 0}, + {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, + &kObjectData[871], 0}, + {"friendlyName", "friendlyName", NID_friendlyName, 9, &kObjectData[882], 0}, + {"localKeyID", "localKeyID", NID_localKeyID, 9, &kObjectData[891], 0}, + {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, + &kObjectData[900], 0}, + {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, + &kObjectData[910], 0}, + {"x509Crl", "x509Crl", NID_x509Crl, 10, &kObjectData[920], 0}, + {"PBES2", "PBES2", NID_pbes2, 9, &kObjectData[930], 0}, + {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &kObjectData[939], 0}, + {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &kObjectData[948], 0}, + {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &kObjectData[956], + 0}, + {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, + &kObjectData[964], 0}, + {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc, 0, NULL, 0}, + {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, + &kObjectData[972], 0}, + {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, + &kObjectData[981], 0}, + {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, + &kObjectData[990], 0}, + {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, + &kObjectData[999], 0}, + {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, + &kObjectData[1008], 0}, + {"extReq", "Extension Request", NID_ext_req, 9, &kObjectData[1018], 0}, + {"name", "name", NID_name, 3, &kObjectData[1027], 0}, + {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &kObjectData[1030], 0}, + {"id-pe", "id-pe", NID_id_pe, 7, &kObjectData[1033], 0}, + {"id-ad", "id-ad", NID_id_ad, 7, &kObjectData[1040], 0}, + {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, + &kObjectData[1047], 0}, + {"OCSP", "OCSP", NID_ad_OCSP, 8, &kObjectData[1055], 0}, + {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &kObjectData[1063], 0}, + {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &kObjectData[1071], 0}, + {"ISO", "iso", NID_iso, 0, NULL, 0}, + {"member-body", "ISO Member Body", NID_member_body, 1, &kObjectData[1079], + 0}, + {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &kObjectData[1080], 0}, + {"X9-57", "X9.57", NID_X9_57, 5, &kObjectData[1083], 0}, + {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &kObjectData[1088], 0}, + {"pkcs1", "pkcs1", NID_pkcs1, 8, &kObjectData[1094], 0}, + {"pkcs5", "pkcs5", NID_pkcs5, 8, &kObjectData[1102], 0}, + {"SMIME", "S/MIME", NID_SMIME, 9, &kObjectData[1110], 0}, + {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &kObjectData[1119], + 0}, + {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &kObjectData[1129], 0}, + {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &kObjectData[1139], 0}, + {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &kObjectData[1149], + 0}, + {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &kObjectData[1159], 0}, + {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &kObjectData[1169], + 0}, + {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &kObjectData[1179], + 0}, + {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, + &kObjectData[1189], 0}, + {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, + &kObjectData[1200], 0}, + {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, + &kObjectData[1211], 0}, + {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, + &kObjectData[1222], 0}, + {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", + NID_id_smime_mod_ets_eSignature_88, 11, &kObjectData[1233], 0}, + {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", + NID_id_smime_mod_ets_eSignature_97, 11, &kObjectData[1244], 0}, + {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", + NID_id_smime_mod_ets_eSigPolicy_88, 11, &kObjectData[1255], 0}, + {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", + NID_id_smime_mod_ets_eSigPolicy_97, 11, &kObjectData[1266], 0}, + {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, + &kObjectData[1277], 0}, + {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, + 11, &kObjectData[1288], 0}, + {"id-smime-ct-publishCert", "id-smime-ct-publishCert", + NID_id_smime_ct_publishCert, 11, &kObjectData[1299], 0}, + {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, + &kObjectData[1310], 0}, + {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, + &kObjectData[1321], 0}, + {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", + NID_id_smime_ct_contentInfo, 11, &kObjectData[1332], 0}, + {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", + NID_id_smime_ct_DVCSRequestData, 11, &kObjectData[1343], 0}, + {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", + NID_id_smime_ct_DVCSResponseData, 11, &kObjectData[1354], 0}, + {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", + NID_id_smime_aa_receiptRequest, 11, &kObjectData[1365], 0}, + {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", + NID_id_smime_aa_securityLabel, 11, &kObjectData[1376], 0}, + {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", + NID_id_smime_aa_mlExpandHistory, 11, &kObjectData[1387], 0}, + {"id-smime-aa-contentHint", "id-smime-aa-contentHint", + NID_id_smime_aa_contentHint, 11, &kObjectData[1398], 0}, + {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", + NID_id_smime_aa_msgSigDigest, 11, &kObjectData[1409], 0}, + {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", + NID_id_smime_aa_encapContentType, 11, &kObjectData[1420], 0}, + {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", + NID_id_smime_aa_contentIdentifier, 11, &kObjectData[1431], 0}, + {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, + 11, &kObjectData[1442], 0}, + {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", + NID_id_smime_aa_equivalentLabels, 11, &kObjectData[1453], 0}, + {"id-smime-aa-contentReference", "id-smime-aa-contentReference", + NID_id_smime_aa_contentReference, 11, &kObjectData[1464], 0}, + {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", + NID_id_smime_aa_encrypKeyPref, 11, &kObjectData[1475], 0}, + {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", + NID_id_smime_aa_signingCertificate, 11, &kObjectData[1486], 0}, + {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", + NID_id_smime_aa_smimeEncryptCerts, 11, &kObjectData[1497], 0}, + {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", + NID_id_smime_aa_timeStampToken, 11, &kObjectData[1508], 0}, + {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", + NID_id_smime_aa_ets_sigPolicyId, 11, &kObjectData[1519], 0}, + {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", + NID_id_smime_aa_ets_commitmentType, 11, &kObjectData[1530], 0}, + {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", + NID_id_smime_aa_ets_signerLocation, 11, &kObjectData[1541], 0}, + {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", + NID_id_smime_aa_ets_signerAttr, 11, &kObjectData[1552], 0}, + {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", + NID_id_smime_aa_ets_otherSigCert, 11, &kObjectData[1563], 0}, + {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", + NID_id_smime_aa_ets_contentTimestamp, 11, &kObjectData[1574], 0}, + {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", + NID_id_smime_aa_ets_CertificateRefs, 11, &kObjectData[1585], 0}, + {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", + NID_id_smime_aa_ets_RevocationRefs, 11, &kObjectData[1596], 0}, + {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", + NID_id_smime_aa_ets_certValues, 11, &kObjectData[1607], 0}, + {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", + NID_id_smime_aa_ets_revocationValues, 11, &kObjectData[1618], 0}, + {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", + NID_id_smime_aa_ets_escTimeStamp, 11, &kObjectData[1629], 0}, + {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", + NID_id_smime_aa_ets_certCRLTimestamp, 11, &kObjectData[1640], 0}, + {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", + NID_id_smime_aa_ets_archiveTimeStamp, 11, &kObjectData[1651], 0}, + {"id-smime-aa-signatureType", "id-smime-aa-signatureType", + NID_id_smime_aa_signatureType, 11, &kObjectData[1662], 0}, + {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, + 11, &kObjectData[1673], 0}, + {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", + NID_id_smime_alg_ESDHwith3DES, 11, &kObjectData[1684], 0}, + {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", + NID_id_smime_alg_ESDHwithRC2, 11, &kObjectData[1695], 0}, + {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", + NID_id_smime_alg_3DESwrap, 11, &kObjectData[1706], 0}, + {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, + 11, &kObjectData[1717], 0}, + {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, + &kObjectData[1728], 0}, + {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", + NID_id_smime_alg_CMS3DESwrap, 11, &kObjectData[1739], 0}, + {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", + NID_id_smime_alg_CMSRC2wrap, 11, &kObjectData[1750], 0}, + {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, + &kObjectData[1761], 0}, + {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", + NID_id_smime_spq_ets_sqt_uri, 11, &kObjectData[1772], 0}, + {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", + NID_id_smime_spq_ets_sqt_unotice, 11, &kObjectData[1783], 0}, + {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", + NID_id_smime_cti_ets_proofOfOrigin, 11, &kObjectData[1794], 0}, + {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", + NID_id_smime_cti_ets_proofOfReceipt, 11, &kObjectData[1805], 0}, + {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", + NID_id_smime_cti_ets_proofOfDelivery, 11, &kObjectData[1816], 0}, + {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", + NID_id_smime_cti_ets_proofOfSender, 11, &kObjectData[1827], 0}, + {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", + NID_id_smime_cti_ets_proofOfApproval, 11, &kObjectData[1838], 0}, + {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", + NID_id_smime_cti_ets_proofOfCreation, 11, &kObjectData[1849], 0}, + {"MD4", "md4", NID_md4, 8, &kObjectData[1860], 0}, + {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &kObjectData[1868], 0}, + {"id-qt", "id-qt", NID_id_qt, 7, &kObjectData[1875], 0}, + {"id-it", "id-it", NID_id_it, 7, &kObjectData[1882], 0}, + {"id-pkip", "id-pkip", NID_id_pkip, 7, &kObjectData[1889], 0}, + {"id-alg", "id-alg", NID_id_alg, 7, &kObjectData[1896], 0}, + {"id-cmc", "id-cmc", NID_id_cmc, 7, &kObjectData[1903], 0}, + {"id-on", "id-on", NID_id_on, 7, &kObjectData[1910], 0}, + {"id-pda", "id-pda", NID_id_pda, 7, &kObjectData[1917], 0}, + {"id-aca", "id-aca", NID_id_aca, 7, &kObjectData[1924], 0}, + {"id-qcs", "id-qcs", NID_id_qcs, 7, &kObjectData[1931], 0}, + {"id-cct", "id-cct", NID_id_cct, 7, &kObjectData[1938], 0}, + {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, + 8, &kObjectData[1945], 0}, + {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, + 8, &kObjectData[1953], 0}, + {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, + 8, &kObjectData[1961], 0}, + {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, + 8, &kObjectData[1969], 0}, + {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &kObjectData[1977], 0}, + {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &kObjectData[1985], 0}, + {"id-mod-kea-profile-88", "id-mod-kea-profile-88", + NID_id_mod_kea_profile_88, 8, &kObjectData[1993], 0}, + {"id-mod-kea-profile-93", "id-mod-kea-profile-93", + NID_id_mod_kea_profile_93, 8, &kObjectData[2001], 0}, + {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &kObjectData[2009], 0}, + {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", + NID_id_mod_qualified_cert_88, 8, &kObjectData[2017], 0}, + {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", + NID_id_mod_qualified_cert_93, 8, &kObjectData[2025], 0}, + {"id-mod-attribute-cert", "id-mod-attribute-cert", + NID_id_mod_attribute_cert, 8, &kObjectData[2033], 0}, + {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", + NID_id_mod_timestamp_protocol, 8, &kObjectData[2041], 0}, + {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &kObjectData[2049], 0}, + {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &kObjectData[2057], 0}, + {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, + &kObjectData[2065], 0}, + {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, + &kObjectData[2073], 0}, + {"qcStatements", "qcStatements", NID_qcStatements, 8, &kObjectData[2081], + 0}, + {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, + &kObjectData[2089], 0}, + {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &kObjectData[2097], + 0}, + {"aaControls", "aaControls", NID_aaControls, 8, &kObjectData[2105], 0}, + {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, + &kObjectData[2113], 0}, + {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", + NID_sbgp_autonomousSysNum, 8, &kObjectData[2121], 0}, + {"sbgp-routerIdentifier", "sbgp-routerIdentifier", + NID_sbgp_routerIdentifier, 8, &kObjectData[2129], 0}, + {"textNotice", "textNotice", NID_textNotice, 8, &kObjectData[2137], 0}, + {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, + &kObjectData[2145], 0}, + {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &kObjectData[2153], 0}, + {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &kObjectData[2161], 0}, + {"DVCS", "dvcs", NID_dvcs, 8, &kObjectData[2169], 0}, + {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, + &kObjectData[2177], 0}, + {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", + NID_id_it_signKeyPairTypes, 8, &kObjectData[2185], 0}, + {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", + NID_id_it_encKeyPairTypes, 8, &kObjectData[2193], 0}, + {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", + NID_id_it_preferredSymmAlg, 8, &kObjectData[2201], 0}, + {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", + NID_id_it_caKeyUpdateInfo, 8, &kObjectData[2209], 0}, + {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, + &kObjectData[2217], 0}, + {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", + NID_id_it_unsupportedOIDs, 8, &kObjectData[2225], 0}, + {"id-it-subscriptionRequest", "id-it-subscriptionRequest", + NID_id_it_subscriptionRequest, 8, &kObjectData[2233], 0}, + {"id-it-subscriptionResponse", "id-it-subscriptionResponse", + NID_id_it_subscriptionResponse, 8, &kObjectData[2241], 0}, + {"id-it-keyPairParamReq", "id-it-keyPairParamReq", + NID_id_it_keyPairParamReq, 8, &kObjectData[2249], 0}, + {"id-it-keyPairParamRep", "id-it-keyPairParamRep", + NID_id_it_keyPairParamRep, 8, &kObjectData[2257], 0}, + {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, + &kObjectData[2265], 0}, + {"id-it-implicitConfirm", "id-it-implicitConfirm", + NID_id_it_implicitConfirm, 8, &kObjectData[2273], 0}, + {"id-it-confirmWaitTime", "id-it-confirmWaitTime", + NID_id_it_confirmWaitTime, 8, &kObjectData[2281], 0}, + {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, + 8, &kObjectData[2289], 0}, + {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &kObjectData[2297], 0}, + {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &kObjectData[2305], 0}, + {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, + &kObjectData[2313], 0}, + {"id-regCtrl-authenticator", "id-regCtrl-authenticator", + NID_id_regCtrl_authenticator, 9, &kObjectData[2322], 0}, + {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", + NID_id_regCtrl_pkiPublicationInfo, 9, &kObjectData[2331], 0}, + {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", + NID_id_regCtrl_pkiArchiveOptions, 9, &kObjectData[2340], 0}, + {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, + 9, &kObjectData[2349], 0}, + {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", + NID_id_regCtrl_protocolEncrKey, 9, &kObjectData[2358], 0}, + {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, + 9, &kObjectData[2367], 0}, + {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, + &kObjectData[2376], 0}, + {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &kObjectData[2385], + 0}, + {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, + &kObjectData[2393], 0}, + {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", + NID_id_alg_dh_sig_hmac_sha1, 8, &kObjectData[2401], 0}, + {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &kObjectData[2409], + 0}, + {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, + &kObjectData[2417], 0}, + {"id-cmc-identification", "id-cmc-identification", + NID_id_cmc_identification, 8, &kObjectData[2425], 0}, + {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, + 8, &kObjectData[2433], 0}, + {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, + &kObjectData[2441], 0}, + {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, + 8, &kObjectData[2449], 0}, + {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, + &kObjectData[2457], 0}, + {"id-cmc-recipientNonce", "id-cmc-recipientNonce", + NID_id_cmc_recipientNonce, 8, &kObjectData[2465], 0}, + {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, + 8, &kObjectData[2473], 0}, + {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, + &kObjectData[2481], 0}, + {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, + &kObjectData[2489], 0}, + {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, + 8, &kObjectData[2497], 0}, + {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, + &kObjectData[2505], 0}, + {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &kObjectData[2513], + 0}, + {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, + 8, &kObjectData[2521], 0}, + {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, + &kObjectData[2529], 0}, + {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, + &kObjectData[2537], 0}, + {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, + &kObjectData[2545], 0}, + {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, + 8, &kObjectData[2553], 0}, + {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", + NID_id_cmc_popLinkWitness, 8, &kObjectData[2561], 0}, + {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", + NID_id_cmc_confirmCertAcceptance, 8, &kObjectData[2569], 0}, + {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, + &kObjectData[2577], 0}, + {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, + &kObjectData[2585], 0}, + {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, + &kObjectData[2593], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &kObjectData[2601], + 0}, + {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", + NID_id_pda_countryOfCitizenship, 8, &kObjectData[2609], 0}, + {"id-pda-countryOfResidence", "id-pda-countryOfResidence", + NID_id_pda_countryOfResidence, 8, &kObjectData[2617], 0}, + {"id-aca-authenticationInfo", "id-aca-authenticationInfo", + NID_id_aca_authenticationInfo, 8, &kObjectData[2625], 0}, + {"id-aca-accessIdentity", "id-aca-accessIdentity", + NID_id_aca_accessIdentity, 8, &kObjectData[2633], 0}, + {"id-aca-chargingIdentity", "id-aca-chargingIdentity", + NID_id_aca_chargingIdentity, 8, &kObjectData[2641], 0}, + {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &kObjectData[2649], + 0}, + {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &kObjectData[2657], 0}, + {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", + NID_id_qcs_pkixQCSyntax_v1, 8, &kObjectData[2665], 0}, + {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &kObjectData[2673], 0}, + {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, + &kObjectData[2681], 0}, + {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, + &kObjectData[2689], 0}, + {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, + &kObjectData[2697], 0}, + {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &kObjectData[2705], 0}, + {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, + &kObjectData[2713], 0}, + {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &kObjectData[2722], 0}, + {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &kObjectData[2731], 0}, + {"acceptableResponses", "Acceptable OCSP Responses", + NID_id_pkix_OCSP_acceptableResponses, 9, &kObjectData[2740], 0}, + {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, + &kObjectData[2749], 0}, + {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, + &kObjectData[2758], 0}, + {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, + 9, &kObjectData[2767], 0}, + {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, + 9, &kObjectData[2776], 0}, + {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &kObjectData[2785], 0}, + {"path", "path", NID_id_pkix_OCSP_path, 9, &kObjectData[2794], 0}, + {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, + &kObjectData[2803], 0}, + {"algorithm", "algorithm", NID_algorithm, 4, &kObjectData[2812], 0}, + {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &kObjectData[2816], + 0}, + {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, + &kObjectData[2821], 0}, + {"ORG", "org", NID_org, 1, &kObjectData[2823], 0}, + {"DOD", "dod", NID_dod, 2, &kObjectData[2824], 0}, + {"IANA", "iana", NID_iana, 3, &kObjectData[2826], 0}, + {"directory", "Directory", NID_Directory, 4, &kObjectData[2829], 0}, + {"mgmt", "Management", NID_Management, 4, &kObjectData[2833], 0}, + {"experimental", "Experimental", NID_Experimental, 4, &kObjectData[2837], + 0}, + {"private", "Private", NID_Private, 4, &kObjectData[2841], 0}, + {"security", "Security", NID_Security, 4, &kObjectData[2845], 0}, + {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &kObjectData[2849], 0}, + {"Mail", "Mail", NID_Mail, 4, &kObjectData[2853], 0}, + {"enterprises", "Enterprises", NID_Enterprises, 5, &kObjectData[2857], 0}, + {"dcobject", "dcObject", NID_dcObject, 9, &kObjectData[2862], 0}, + {"DC", "domainComponent", NID_domainComponent, 10, &kObjectData[2871], 0}, + {"domain", "Domain", NID_Domain, 10, &kObjectData[2881], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"selected-attribute-types", "Selected Attribute Types", + NID_selected_attribute_types, 3, &kObjectData[2891], 0}, + {"clearance", "clearance", NID_clearance, 4, &kObjectData[2894], 0}, + {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, + &kObjectData[2898], 0}, + {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &kObjectData[2907], 0}, + {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, + &kObjectData[2915], 0}, + {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, + &kObjectData[2923], 0}, + {"role", "role", NID_role, 3, &kObjectData[2931], 0}, + {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, + 3, &kObjectData[2934], 0}, + {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, + &kObjectData[2937], 0}, + {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, + &kObjectData[2940], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &kObjectData[2943], 0}, + {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &kObjectData[2948], + 0}, + {"characteristic-two-field", "characteristic-two-field", + NID_X9_62_characteristic_two_field, 7, &kObjectData[2955], 0}, + {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, + &kObjectData[2962], 0}, + {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &kObjectData[2969], + 0}, + {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &kObjectData[2977], + 0}, + {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &kObjectData[2985], + 0}, + {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &kObjectData[2993], + 0}, + {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &kObjectData[3001], + 0}, + {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &kObjectData[3009], + 0}, + {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &kObjectData[3017], + 0}, + {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, + &kObjectData[3025], 0}, + {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &kObjectData[3032], + 0}, + {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &kObjectData[3041], 0}, + {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &kObjectData[3050], 0}, + {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &kObjectData[3059], + 0}, + {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &kObjectData[3068], + 0}, + {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &kObjectData[3077], 0}, + {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &kObjectData[3086], 0}, + {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &kObjectData[3095], + 0}, + {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &kObjectData[3104], + 0}, + {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &kObjectData[3113], 0}, + {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &kObjectData[3122], 0}, + {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &kObjectData[3131], + 0}, + {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &kObjectData[3140], + 0}, + {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, + 3, &kObjectData[3149], 0}, + {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, + 7, &kObjectData[3152], 0}, + {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", + NID_hold_instruction_call_issuer, 7, &kObjectData[3159], 0}, + {"holdInstructionReject", "Hold Instruction Reject", + NID_hold_instruction_reject, 7, &kObjectData[3166], 0}, + {"data", "data", NID_data, 1, &kObjectData[3173], 0}, + {"pss", "pss", NID_pss, 3, &kObjectData[3174], 0}, + {"ucl", "ucl", NID_ucl, 7, &kObjectData[3177], 0}, + {"pilot", "pilot", NID_pilot, 8, &kObjectData[3184], 0}, + {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, + &kObjectData[3192], 0}, + {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, + 9, &kObjectData[3201], 0}, + {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, + &kObjectData[3210], 0}, + {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &kObjectData[3219], 0}, + {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, + &kObjectData[3228], 0}, + {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", + NID_caseIgnoreIA5StringSyntax, 10, &kObjectData[3238], 0}, + {"pilotObject", "pilotObject", NID_pilotObject, 10, &kObjectData[3248], 0}, + {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &kObjectData[3258], 0}, + {"account", "account", NID_account, 10, &kObjectData[3268], 0}, + {"document", "document", NID_document, 10, &kObjectData[3278], 0}, + {"room", "room", NID_room, 10, &kObjectData[3288], 0}, + {"documentSeries", "documentSeries", NID_documentSeries, 10, + &kObjectData[3298], 0}, + {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, + &kObjectData[3308], 0}, + {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &kObjectData[3318], 0}, + {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, + &kObjectData[3328], 0}, + {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, + &kObjectData[3338], 0}, + {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, + 10, &kObjectData[3348], 0}, + {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, + &kObjectData[3358], 0}, + {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &kObjectData[3368], 0}, + {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, + &kObjectData[3378], 0}, + {"UID", "userId", NID_userId, 10, &kObjectData[3388], 0}, + {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, + 10, &kObjectData[3398], 0}, + {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &kObjectData[3408], 0}, + {"info", "info", NID_info, 10, &kObjectData[3418], 0}, + {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, + &kObjectData[3428], 0}, + {"roomNumber", "roomNumber", NID_roomNumber, 10, &kObjectData[3438], 0}, + {"photo", "photo", NID_photo, 10, &kObjectData[3448], 0}, + {"userClass", "userClass", NID_userClass, 10, &kObjectData[3458], 0}, + {"host", "host", NID_host, 10, &kObjectData[3468], 0}, + {"manager", "manager", NID_manager, 10, &kObjectData[3478], 0}, + {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, + &kObjectData[3488], 0}, + {"documentTitle", "documentTitle", NID_documentTitle, 10, + &kObjectData[3498], 0}, + {"documentVersion", "documentVersion", NID_documentVersion, 10, + &kObjectData[3508], 0}, + {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, + &kObjectData[3518], 0}, + {"documentLocation", "documentLocation", NID_documentLocation, 10, + &kObjectData[3528], 0}, + {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, + &kObjectData[3538], 0}, + {"secretary", "secretary", NID_secretary, 10, &kObjectData[3548], 0}, + {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &kObjectData[3558], + 0}, + {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, + &kObjectData[3568], 0}, + {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, + &kObjectData[3578], 0}, + {"aRecord", "aRecord", NID_aRecord, 10, &kObjectData[3588], 0}, + {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, + 10, &kObjectData[3598], 0}, + {"mXRecord", "mXRecord", NID_mXRecord, 10, &kObjectData[3608], 0}, + {"nSRecord", "nSRecord", NID_nSRecord, 10, &kObjectData[3618], 0}, + {"sOARecord", "sOARecord", NID_sOARecord, 10, &kObjectData[3628], 0}, + {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &kObjectData[3638], 0}, + {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, + &kObjectData[3648], 0}, + {"associatedName", "associatedName", NID_associatedName, 10, + &kObjectData[3658], 0}, + {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, + &kObjectData[3668], 0}, + {"personalTitle", "personalTitle", NID_personalTitle, 10, + &kObjectData[3678], 0}, + {"mobileTelephoneNumber", "mobileTelephoneNumber", + NID_mobileTelephoneNumber, 10, &kObjectData[3688], 0}, + {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, + 10, &kObjectData[3698], 0}, + {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, + &kObjectData[3708], 0}, + {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, + 10, &kObjectData[3718], 0}, + {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &kObjectData[3728], + 0}, + {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, + 10, &kObjectData[3738], 0}, + {"buildingName", "buildingName", NID_buildingName, 10, &kObjectData[3748], + 0}, + {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &kObjectData[3758], 0}, + {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, + &kObjectData[3768], 0}, + {"subtreeMinimumQuality", "subtreeMinimumQuality", + NID_subtreeMinimumQuality, 10, &kObjectData[3778], 0}, + {"subtreeMaximumQuality", "subtreeMaximumQuality", + NID_subtreeMaximumQuality, 10, &kObjectData[3788], 0}, + {"personalSignature", "personalSignature", NID_personalSignature, 10, + &kObjectData[3798], 0}, + {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &kObjectData[3808], 0}, + {"audio", "audio", NID_audio, 10, &kObjectData[3818], 0}, + {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, + &kObjectData[3828], 0}, + {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, + 3, &kObjectData[3838], 0}, + {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &kObjectData[3841], 0}, + {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, + &kObjectData[3846], 0}, + {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, + &kObjectData[3852], 0}, + {"id-hex-partial-message", "id-hex-partial-message", + NID_id_hex_partial_message, 7, &kObjectData[3858], 0}, + {"id-hex-multipart-message", "id-hex-multipart-message", + NID_id_hex_multipart_message, 7, &kObjectData[3865], 0}, + {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, + &kObjectData[3872], 0}, + {"pseudonym", "pseudonym", NID_pseudonym, 3, &kObjectData[3875], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"id-set", "Secure Electronic Transactions", NID_id_set, 2, + &kObjectData[3878], 0}, + {"set-ctype", "content types", NID_set_ctype, 3, &kObjectData[3880], 0}, + {"set-msgExt", "message extensions", NID_set_msgExt, 3, &kObjectData[3883], + 0}, + {"set-attr", "set-attr", NID_set_attr, 3, &kObjectData[3886], 0}, + {"set-policy", "set-policy", NID_set_policy, 3, &kObjectData[3889], 0}, + {"set-certExt", "certificate extensions", NID_set_certExt, 3, + &kObjectData[3892], 0}, + {"set-brand", "set-brand", NID_set_brand, 3, &kObjectData[3895], 0}, + {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &kObjectData[3898], + 0}, + {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, + &kObjectData[3902], 0}, + {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &kObjectData[3906], + 0}, + {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &kObjectData[3910], + 0}, + {"setct-PI", "setct-PI", NID_setct_PI, 4, &kObjectData[3914], 0}, + {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &kObjectData[3918], + 0}, + {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, + 4, &kObjectData[3922], 0}, + {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, + &kObjectData[3926], 0}, + {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, + 4, &kObjectData[3930], 0}, + {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", + NID_setct_AuthRevReqBaggage, 4, &kObjectData[3934], 0}, + {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", + NID_setct_AuthRevResBaggage, 4, &kObjectData[3938], 0}, + {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, + &kObjectData[3942], 0}, + {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, + &kObjectData[3946], 0}, + {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &kObjectData[3950], + 0}, + {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, + &kObjectData[3954], 0}, + {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, + &kObjectData[3958], 0}, + {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, + &kObjectData[3962], 0}, + {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, + &kObjectData[3966], 0}, + {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, + &kObjectData[3970], 0}, + {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, + &kObjectData[3974], 0}, + {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, + &kObjectData[3978], 0}, + {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, + 4, &kObjectData[3982], 0}, + {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, + &kObjectData[3986], 0}, + {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, + 4, &kObjectData[3990], 0}, + {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, + &kObjectData[3994], 0}, + {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, + &kObjectData[3998], 0}, + {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, + &kObjectData[4002], 0}, + {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, + &kObjectData[4006], 0}, + {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, + &kObjectData[4010], 0}, + {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, + &kObjectData[4014], 0}, + {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, + &kObjectData[4018], 0}, + {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, + &kObjectData[4022], 0}, + {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, + &kObjectData[4026], 0}, + {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, + &kObjectData[4030], 0}, + {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, + &kObjectData[4034], 0}, + {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, + 4, &kObjectData[4038], 0}, + {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, + 4, &kObjectData[4042], 0}, + {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, + &kObjectData[4046], 0}, + {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, + &kObjectData[4050], 0}, + {"setct-BatchAdminReqData", "setct-BatchAdminReqData", + NID_setct_BatchAdminReqData, 4, &kObjectData[4054], 0}, + {"setct-BatchAdminResData", "setct-BatchAdminResData", + NID_setct_BatchAdminResData, 4, &kObjectData[4058], 0}, + {"setct-CardCInitResTBS", "setct-CardCInitResTBS", + NID_setct_CardCInitResTBS, 4, &kObjectData[4062], 0}, + {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", + NID_setct_MeAqCInitResTBS, 4, &kObjectData[4066], 0}, + {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, + &kObjectData[4070], 0}, + {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, + &kObjectData[4074], 0}, + {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, + &kObjectData[4078], 0}, + {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, + &kObjectData[4082], 0}, + {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, + &kObjectData[4086], 0}, + {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, + &kObjectData[4090], 0}, + {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", + NID_setct_PIDualSignedTBE, 4, &kObjectData[4094], 0}, + {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, + &kObjectData[4098], 0}, + {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, + &kObjectData[4102], 0}, + {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, + &kObjectData[4106], 0}, + {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, + &kObjectData[4110], 0}, + {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, + &kObjectData[4114], 0}, + {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, + &kObjectData[4118], 0}, + {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, + &kObjectData[4122], 0}, + {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", + NID_setct_AcqCardCodeMsgTBE, 4, &kObjectData[4126], 0}, + {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, + &kObjectData[4130], 0}, + {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, + &kObjectData[4134], 0}, + {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, + 4, &kObjectData[4138], 0}, + {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, + &kObjectData[4142], 0}, + {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, + &kObjectData[4146], 0}, + {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, + &kObjectData[4150], 0}, + {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, + &kObjectData[4154], 0}, + {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, + &kObjectData[4158], 0}, + {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, + &kObjectData[4162], 0}, + {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, + &kObjectData[4166], 0}, + {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, + &kObjectData[4170], 0}, + {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, + &kObjectData[4174], 0}, + {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, + &kObjectData[4178], 0}, + {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, + 4, &kObjectData[4182], 0}, + {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, + &kObjectData[4186], 0}, + {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", + NID_setct_BatchAdminReqTBE, 4, &kObjectData[4190], 0}, + {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", + NID_setct_BatchAdminResTBE, 4, &kObjectData[4194], 0}, + {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, + &kObjectData[4198], 0}, + {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, + &kObjectData[4202], 0}, + {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, + &kObjectData[4206], 0}, + {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, + &kObjectData[4210], 0}, + {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", + NID_setct_CRLNotificationTBS, 4, &kObjectData[4214], 0}, + {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", + NID_setct_CRLNotificationResTBS, 4, &kObjectData[4218], 0}, + {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", + NID_setct_BCIDistributionTBS, 4, &kObjectData[4222], 0}, + {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, + &kObjectData[4226], 0}, + {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, + &kObjectData[4230], 0}, + {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, + &kObjectData[4234], 0}, + {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &kObjectData[4238], + 0}, + {"setext-track2", "setext-track2", NID_setext_track2, 4, &kObjectData[4242], + 0}, + {"setext-cv", "additional verification", NID_setext_cv, 4, + &kObjectData[4246], 0}, + {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, + &kObjectData[4250], 0}, + {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, + &kObjectData[4254], 0}, + {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, + &kObjectData[4258], 0}, + {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, + &kObjectData[4262], 0}, + {"setCext-cCertRequired", "setCext-cCertRequired", + NID_setCext_cCertRequired, 4, &kObjectData[4266], 0}, + {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, + &kObjectData[4270], 0}, + {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, + &kObjectData[4274], 0}, + {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, + &kObjectData[4278], 0}, + {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", + NID_setCext_PGWYcapabilities, 4, &kObjectData[4282], 0}, + {"setCext-TokenIdentifier", "setCext-TokenIdentifier", + NID_setCext_TokenIdentifier, 4, &kObjectData[4286], 0}, + {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, + &kObjectData[4290], 0}, + {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, + &kObjectData[4294], 0}, + {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", + NID_setCext_IssuerCapabilities, 4, &kObjectData[4298], 0}, + {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &kObjectData[4302], + 0}, + {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, + &kObjectData[4306], 0}, + {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, + &kObjectData[4310], 0}, + {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, + &kObjectData[4314], 0}, + {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, + &kObjectData[4318], 0}, + {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &kObjectData[4323], + 0}, + {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, + &kObjectData[4328], 0}, + {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", + NID_setAttr_Token_B0Prime, 5, &kObjectData[4333], 0}, + {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, + &kObjectData[4338], 0}, + {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, + &kObjectData[4343], 0}, + {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, + &kObjectData[4348], 0}, + {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, + &kObjectData[4353], 0}, + {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, + &kObjectData[4359], 0}, + {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, + &kObjectData[4365], 0}, + {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, + &kObjectData[4371], 0}, + {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, + &kObjectData[4377], 0}, + {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, + &kObjectData[4383], 0}, + {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, + &kObjectData[4387], 0}, + {"set-brand-AmericanExpress", "set-brand-AmericanExpress", + NID_set_brand_AmericanExpress, 4, &kObjectData[4391], 0}, + {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &kObjectData[4395], + 0}, + {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, + &kObjectData[4399], 0}, + {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, + 4, &kObjectData[4403], 0}, + {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, + &kObjectData[4407], 0}, + {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &kObjectData[4412], 0}, + {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, + 9, &kObjectData[4420], 0}, + {"ITU-T", "itu-t", NID_itu_t, 0, NULL, 0}, + {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t, 0, NULL, 0}, + {"international-organizations", "International Organizations", + NID_international_organizations, 1, &kObjectData[4429], 0}, + {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, + &kObjectData[4430], 0}, + {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, + &kObjectData[4440], 0}, + {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1, 0, NULL, 0}, + {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1, 0, NULL, 0}, + {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1, 0, NULL, 0}, + {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8, 0, NULL, 0}, + {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8, 0, NULL, 0}, + {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8, 0, NULL, 0}, + {"DES-CFB1", "des-cfb1", NID_des_cfb1, 0, NULL, 0}, + {"DES-CFB8", "des-cfb8", NID_des_cfb8, 0, NULL, 0}, + {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1, 0, NULL, 0}, + {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8, 0, NULL, 0}, + {"street", "streetAddress", NID_streetAddress, 3, &kObjectData[4450], 0}, + {"postalCode", "postalCode", NID_postalCode, 3, &kObjectData[4453], 0}, + {"id-ppl", "id-ppl", NID_id_ppl, 7, &kObjectData[4456], 0}, + {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, + &kObjectData[4463], 0}, + {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, + &kObjectData[4471], 0}, + {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, + &kObjectData[4479], 0}, + {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, + &kObjectData[4487], 0}, + {"id-ppl-independent", "Independent", NID_Independent, 8, + &kObjectData[4490], 0}, + {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, + &kObjectData[4498], 0}, + {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, + &kObjectData[4507], 0}, + {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, + &kObjectData[4516], 0}, + {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, + &kObjectData[4525], 0}, + {"SHA256", "sha256", NID_sha256, 9, &kObjectData[4534], 0}, + {"SHA384", "sha384", NID_sha384, 9, &kObjectData[4543], 0}, + {"SHA512", "sha512", NID_sha512, 9, &kObjectData[4552], 0}, + {"SHA224", "sha224", NID_sha224, 9, &kObjectData[4561], 0}, + {"identified-organization", "identified-organization", + NID_identified_organization, 1, &kObjectData[4570], 0}, + {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &kObjectData[4571], + 0}, + {"wap", "wap", NID_wap, 2, &kObjectData[4574], 0}, + {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &kObjectData[4576], 0}, + {"id-characteristic-two-basis", "id-characteristic-two-basis", + NID_X9_62_id_characteristic_two_basis, 8, &kObjectData[4579], 0}, + {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &kObjectData[4587], 0}, + {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &kObjectData[4596], 0}, + {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &kObjectData[4605], 0}, + {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &kObjectData[4614], + 0}, + {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &kObjectData[4622], + 0}, + {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &kObjectData[4630], + 0}, + {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &kObjectData[4638], + 0}, + {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &kObjectData[4646], + 0}, + {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &kObjectData[4654], + 0}, + {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &kObjectData[4662], + 0}, + {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &kObjectData[4670], + 0}, + {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &kObjectData[4678], + 0}, + {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &kObjectData[4686], + 0}, + {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &kObjectData[4694], + 0}, + {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &kObjectData[4702], + 0}, + {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &kObjectData[4710], + 0}, + {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &kObjectData[4718], + 0}, + {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &kObjectData[4726], + 0}, + {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &kObjectData[4734], + 0}, + {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &kObjectData[4742], + 0}, + {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &kObjectData[4750], + 0}, + {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &kObjectData[4758], + 0}, + {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &kObjectData[4766], + 0}, + {"secp112r1", "secp112r1", NID_secp112r1, 5, &kObjectData[4774], 0}, + {"secp112r2", "secp112r2", NID_secp112r2, 5, &kObjectData[4779], 0}, + {"secp128r1", "secp128r1", NID_secp128r1, 5, &kObjectData[4784], 0}, + {"secp128r2", "secp128r2", NID_secp128r2, 5, &kObjectData[4789], 0}, + {"secp160k1", "secp160k1", NID_secp160k1, 5, &kObjectData[4794], 0}, + {"secp160r1", "secp160r1", NID_secp160r1, 5, &kObjectData[4799], 0}, + {"secp160r2", "secp160r2", NID_secp160r2, 5, &kObjectData[4804], 0}, + {"secp192k1", "secp192k1", NID_secp192k1, 5, &kObjectData[4809], 0}, + {"secp224k1", "secp224k1", NID_secp224k1, 5, &kObjectData[4814], 0}, + {"secp224r1", "secp224r1", NID_secp224r1, 5, &kObjectData[4819], 0}, + {"secp256k1", "secp256k1", NID_secp256k1, 5, &kObjectData[4824], 0}, + {"secp384r1", "secp384r1", NID_secp384r1, 5, &kObjectData[4829], 0}, + {"secp521r1", "secp521r1", NID_secp521r1, 5, &kObjectData[4834], 0}, + {"sect113r1", "sect113r1", NID_sect113r1, 5, &kObjectData[4839], 0}, + {"sect113r2", "sect113r2", NID_sect113r2, 5, &kObjectData[4844], 0}, + {"sect131r1", "sect131r1", NID_sect131r1, 5, &kObjectData[4849], 0}, + {"sect131r2", "sect131r2", NID_sect131r2, 5, &kObjectData[4854], 0}, + {"sect163k1", "sect163k1", NID_sect163k1, 5, &kObjectData[4859], 0}, + {"sect163r1", "sect163r1", NID_sect163r1, 5, &kObjectData[4864], 0}, + {"sect163r2", "sect163r2", NID_sect163r2, 5, &kObjectData[4869], 0}, + {"sect193r1", "sect193r1", NID_sect193r1, 5, &kObjectData[4874], 0}, + {"sect193r2", "sect193r2", NID_sect193r2, 5, &kObjectData[4879], 0}, + {"sect233k1", "sect233k1", NID_sect233k1, 5, &kObjectData[4884], 0}, + {"sect233r1", "sect233r1", NID_sect233r1, 5, &kObjectData[4889], 0}, + {"sect239k1", "sect239k1", NID_sect239k1, 5, &kObjectData[4894], 0}, + {"sect283k1", "sect283k1", NID_sect283k1, 5, &kObjectData[4899], 0}, + {"sect283r1", "sect283r1", NID_sect283r1, 5, &kObjectData[4904], 0}, + {"sect409k1", "sect409k1", NID_sect409k1, 5, &kObjectData[4909], 0}, + {"sect409r1", "sect409r1", NID_sect409r1, 5, &kObjectData[4914], 0}, + {"sect571k1", "sect571k1", NID_sect571k1, 5, &kObjectData[4919], 0}, + {"sect571r1", "sect571r1", NID_sect571r1, 5, &kObjectData[4924], 0}, + {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", + NID_wap_wsg_idm_ecid_wtls1, 5, &kObjectData[4929], 0}, + {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", + NID_wap_wsg_idm_ecid_wtls3, 5, &kObjectData[4934], 0}, + {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", + NID_wap_wsg_idm_ecid_wtls4, 5, &kObjectData[4939], 0}, + {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", + NID_wap_wsg_idm_ecid_wtls5, 5, &kObjectData[4944], 0}, + {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", + NID_wap_wsg_idm_ecid_wtls6, 5, &kObjectData[4949], 0}, + {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", + NID_wap_wsg_idm_ecid_wtls7, 5, &kObjectData[4954], 0}, + {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", + NID_wap_wsg_idm_ecid_wtls8, 5, &kObjectData[4959], 0}, + {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", + NID_wap_wsg_idm_ecid_wtls9, 5, &kObjectData[4964], 0}, + {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", + NID_wap_wsg_idm_ecid_wtls10, 5, &kObjectData[4969], 0}, + {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", + NID_wap_wsg_idm_ecid_wtls11, 5, &kObjectData[4974], 0}, + {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", + NID_wap_wsg_idm_ecid_wtls12, 5, &kObjectData[4979], 0}, + {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &kObjectData[4984], + 0}, + {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, + &kObjectData[4988], 0}, + {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, + &kObjectData[4991], 0}, + {"Oakley-EC2N-3", "ipsec3", NID_ipsec3, 0, NULL, 0}, + {"Oakley-EC2N-4", "ipsec4", NID_ipsec4, 0, NULL, 0}, + {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, + &kObjectData[4994], 0}, + {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, + &kObjectData[5005], 0}, + {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, + &kObjectData[5016], 0}, + {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, + &kObjectData[5027], 0}, + {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, + &kObjectData[5035], 0}, + {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, + &kObjectData[5043], 0}, + {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, + &kObjectData[5051], 0}, + {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, + &kObjectData[5059], 0}, + {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, + &kObjectData[5067], 0}, + {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1, 0, NULL, + 0}, + {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1, 0, NULL, + 0}, + {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1, 0, NULL, + 0}, + {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8, 0, NULL, + 0}, + {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8, 0, NULL, + 0}, + {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8, 0, NULL, + 0}, + {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, + &kObjectData[5075], 0}, + {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, + &kObjectData[5083], 0}, + {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, + &kObjectData[5091], 0}, + {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", + NID_subject_directory_attributes, 3, &kObjectData[5099], 0}, + {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", + NID_issuing_distribution_point, 3, &kObjectData[5102], 0}, + {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, + 3, &kObjectData[5105], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"KISA", "kisa", NID_kisa, 6, &kObjectData[5108], 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {NULL, NULL, NID_undef, 0, NULL, 0}, + {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &kObjectData[5114], 0}, + {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &kObjectData[5122], 0}, + {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &kObjectData[5130], 0}, + {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &kObjectData[5138], 0}, + {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &kObjectData[5146], 0}, + {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &kObjectData[5154], 0}, + {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, + &kObjectData[5162], 0}, + {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, + &kObjectData[5171], 0}, + {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, + &kObjectData[5180], 0}, + {"caRepository", "CA Repository", NID_caRepository, 8, &kObjectData[5188], + 0}, + {"id-smime-ct-compressedData", "id-smime-ct-compressedData", + NID_id_smime_ct_compressedData, 11, &kObjectData[5196], 0}, + {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", + NID_id_ct_asciiTextWithCRLF, 11, &kObjectData[5207], 0}, + {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, + &kObjectData[5218], 0}, + {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, + &kObjectData[5227], 0}, + {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, + &kObjectData[5236], 0}, + {"ecdsa-with-Recommended", "ecdsa-with-Recommended", + NID_ecdsa_with_Recommended, 7, &kObjectData[5245], 0}, + {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, + 7, &kObjectData[5252], 0}, + {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, + &kObjectData[5259], 0}, + {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, + &kObjectData[5267], 0}, + {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, + &kObjectData[5275], 0}, + {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, + &kObjectData[5283], 0}, + {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &kObjectData[5291], 0}, + {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, + &kObjectData[5299], 0}, + {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, + &kObjectData[5307], 0}, + {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, + &kObjectData[5315], 0}, + {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, + &kObjectData[5323], 0}, + {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, + &kObjectData[5331], 0}, + {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, + &kObjectData[5340], 0}, + {"whirlpool", "whirlpool", NID_whirlpool, 6, &kObjectData[5349], 0}, + {"cryptopro", "cryptopro", NID_cryptopro, 5, &kObjectData[5355], 0}, + {"cryptocom", "cryptocom", NID_cryptocom, 5, &kObjectData[5360], 0}, + {"id-GostR3411-94-with-GostR3410-2001", + "GOST R 34.11-94 with GOST R 34.10-2001", + NID_id_GostR3411_94_with_GostR3410_2001, 6, &kObjectData[5365], 0}, + {"id-GostR3411-94-with-GostR3410-94", + "GOST R 34.11-94 with GOST R 34.10-94", + NID_id_GostR3411_94_with_GostR3410_94, 6, &kObjectData[5371], 0}, + {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &kObjectData[5377], + 0}, + {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, + &kObjectData[5383], 0}, + {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, + &kObjectData[5389], 0}, + {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &kObjectData[5395], + 0}, + {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &kObjectData[5401], 0}, + {"gost89-cnt", "gost89-cnt", NID_gost89_cnt, 0, NULL, 0}, + {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, + &kObjectData[5407], 0}, + {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, + &kObjectData[5413], 0}, + {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, + &kObjectData[5419], 0}, + {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, + &kObjectData[5425], 0}, + {"id-Gost28147-89-CryptoPro-KeyMeshing", + "id-Gost28147-89-CryptoPro-KeyMeshing", + NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &kObjectData[5431], 0}, + {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", + NID_id_Gost28147_89_None_KeyMeshing, 7, &kObjectData[5438], 0}, + {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", + NID_id_GostR3411_94_TestParamSet, 7, &kObjectData[5445], 0}, + {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", + NID_id_GostR3411_94_CryptoProParamSet, 7, &kObjectData[5452], 0}, + {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", + NID_id_Gost28147_89_TestParamSet, 7, &kObjectData[5459], 0}, + {"id-Gost28147-89-CryptoPro-A-ParamSet", + "id-Gost28147-89-CryptoPro-A-ParamSet", + NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &kObjectData[5466], 0}, + {"id-Gost28147-89-CryptoPro-B-ParamSet", + "id-Gost28147-89-CryptoPro-B-ParamSet", + NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &kObjectData[5473], 0}, + {"id-Gost28147-89-CryptoPro-C-ParamSet", + "id-Gost28147-89-CryptoPro-C-ParamSet", + NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &kObjectData[5480], 0}, + {"id-Gost28147-89-CryptoPro-D-ParamSet", + "id-Gost28147-89-CryptoPro-D-ParamSet", + NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &kObjectData[5487], 0}, + {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", + "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", + NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &kObjectData[5494], + 0}, + {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", + "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", + NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &kObjectData[5501], + 0}, + {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", + "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", + NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &kObjectData[5508], 0}, + {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", + NID_id_GostR3410_94_TestParamSet, 7, &kObjectData[5515], 0}, + {"id-GostR3410-94-CryptoPro-A-ParamSet", + "id-GostR3410-94-CryptoPro-A-ParamSet", + NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &kObjectData[5522], 0}, + {"id-GostR3410-94-CryptoPro-B-ParamSet", + "id-GostR3410-94-CryptoPro-B-ParamSet", + NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &kObjectData[5529], 0}, + {"id-GostR3410-94-CryptoPro-C-ParamSet", + "id-GostR3410-94-CryptoPro-C-ParamSet", + NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &kObjectData[5536], 0}, + {"id-GostR3410-94-CryptoPro-D-ParamSet", + "id-GostR3410-94-CryptoPro-D-ParamSet", + NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &kObjectData[5543], 0}, + {"id-GostR3410-94-CryptoPro-XchA-ParamSet", + "id-GostR3410-94-CryptoPro-XchA-ParamSet", + NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &kObjectData[5550], 0}, + {"id-GostR3410-94-CryptoPro-XchB-ParamSet", + "id-GostR3410-94-CryptoPro-XchB-ParamSet", + NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &kObjectData[5557], 0}, + {"id-GostR3410-94-CryptoPro-XchC-ParamSet", + "id-GostR3410-94-CryptoPro-XchC-ParamSet", + NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &kObjectData[5564], 0}, + {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", + NID_id_GostR3410_2001_TestParamSet, 7, &kObjectData[5571], 0}, + {"id-GostR3410-2001-CryptoPro-A-ParamSet", + "id-GostR3410-2001-CryptoPro-A-ParamSet", + NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &kObjectData[5578], 0}, + {"id-GostR3410-2001-CryptoPro-B-ParamSet", + "id-GostR3410-2001-CryptoPro-B-ParamSet", + NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &kObjectData[5585], 0}, + {"id-GostR3410-2001-CryptoPro-C-ParamSet", + "id-GostR3410-2001-CryptoPro-C-ParamSet", + NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &kObjectData[5592], 0}, + {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", + "id-GostR3410-2001-CryptoPro-XchA-ParamSet", + NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &kObjectData[5599], 0}, + {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", + "id-GostR3410-2001-CryptoPro-XchB-ParamSet", + NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &kObjectData[5606], 0}, + {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, + &kObjectData[5613], 0}, + {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, + 7, &kObjectData[5620], 0}, + {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, + &kObjectData[5627], 0}, + {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, + 7, &kObjectData[5634], 0}, + {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", + NID_id_Gost28147_89_cc, 8, &kObjectData[5641], 0}, + {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, + &kObjectData[5649], 0}, + {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, + &kObjectData[5657], 0}, + {"id-GostR3411-94-with-GostR3410-94-cc", + "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", + NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &kObjectData[5665], 0}, + {"id-GostR3411-94-with-GostR3410-2001-cc", + "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", + NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &kObjectData[5673], 0}, + {"id-GostR3410-2001-ParamSet-cc", + "GOST R 3410-2001 Parameter Set Cryptocom", + NID_id_GostR3410_2001_ParamSet_cc, 8, &kObjectData[5681], 0}, + {"HMAC", "hmac", NID_hmac, 0, NULL, 0}, + {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, + &kObjectData[5689], 0}, + {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, + &kObjectData[5698], 0}, + {"id-on-permanentIdentifier", "Permanent Identifier", + NID_id_on_permanentIdentifier, 8, &kObjectData[5701], 0}, + {"searchGuide", "searchGuide", NID_searchGuide, 3, &kObjectData[5709], 0}, + {"businessCategory", "businessCategory", NID_businessCategory, 3, + &kObjectData[5712], 0}, + {"postalAddress", "postalAddress", NID_postalAddress, 3, &kObjectData[5715], + 0}, + {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &kObjectData[5718], + 0}, + {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", + NID_physicalDeliveryOfficeName, 3, &kObjectData[5721], 0}, + {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, + &kObjectData[5724], 0}, + {"telexNumber", "telexNumber", NID_telexNumber, 3, &kObjectData[5727], 0}, + {"teletexTerminalIdentifier", "teletexTerminalIdentifier", + NID_teletexTerminalIdentifier, 3, &kObjectData[5730], 0}, + {"facsimileTelephoneNumber", "facsimileTelephoneNumber", + NID_facsimileTelephoneNumber, 3, &kObjectData[5733], 0}, + {"x121Address", "x121Address", NID_x121Address, 3, &kObjectData[5736], 0}, + {"internationaliSDNNumber", "internationaliSDNNumber", + NID_internationaliSDNNumber, 3, &kObjectData[5739], 0}, + {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, + &kObjectData[5742], 0}, + {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, + 3, &kObjectData[5745], 0}, + {"preferredDeliveryMethod", "preferredDeliveryMethod", + NID_preferredDeliveryMethod, 3, &kObjectData[5748], 0}, + {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, + &kObjectData[5751], 0}, + {"supportedApplicationContext", "supportedApplicationContext", + NID_supportedApplicationContext, 3, &kObjectData[5754], 0}, + {"member", "member", NID_member, 3, &kObjectData[5757], 0}, + {"owner", "owner", NID_owner, 3, &kObjectData[5760], 0}, + {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &kObjectData[5763], + 0}, + {"seeAlso", "seeAlso", NID_seeAlso, 3, &kObjectData[5766], 0}, + {"userPassword", "userPassword", NID_userPassword, 3, &kObjectData[5769], + 0}, + {"userCertificate", "userCertificate", NID_userCertificate, 3, + &kObjectData[5772], 0}, + {"cACertificate", "cACertificate", NID_cACertificate, 3, &kObjectData[5775], + 0}, + {"authorityRevocationList", "authorityRevocationList", + NID_authorityRevocationList, 3, &kObjectData[5778], 0}, + {"certificateRevocationList", "certificateRevocationList", + NID_certificateRevocationList, 3, &kObjectData[5781], 0}, + {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, + 3, &kObjectData[5784], 0}, + {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, + &kObjectData[5787], 0}, + {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, + &kObjectData[5790], 0}, + {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, + &kObjectData[5793], 0}, + {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &kObjectData[5796], + 0}, + {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, + &kObjectData[5799], 0}, + {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, + &kObjectData[5802], 0}, + {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, + &kObjectData[5805], 0}, + {"dmdName", "dmdName", NID_dmdName, 3, &kObjectData[5808], 0}, + {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, + &kObjectData[5811], 0}, + {"CMAC", "cmac", NID_cmac, 0, NULL, 0}, + {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &kObjectData[5822], 0}, + {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &kObjectData[5831], 0}, + {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, + &kObjectData[5840], 0}, + {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &kObjectData[5849], 0}, + {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &kObjectData[5858], 0}, + {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, + &kObjectData[5867], 0}, + {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &kObjectData[5876], 0}, + {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &kObjectData[5885], 0}, + {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, + &kObjectData[5894], 0}, + {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr, 0, NULL, 0}, + {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr, 0, NULL, 0}, + {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr, 0, NULL, 0}, + {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, + &kObjectData[5903], 0}, + {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, + &kObjectData[5914], 0}, + {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, + &kObjectData[5925], 0}, + {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, + 4, &kObjectData[5936], 0}, + {"MGF1", "mgf1", NID_mgf1, 9, &kObjectData[5940], 0}, + {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &kObjectData[5949], 0}, + {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts, 0, NULL, 0}, + {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts, 0, NULL, 0}, + {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5, 0, NULL, 0}, + {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", + NID_aes_128_cbc_hmac_sha1, 0, NULL, 0}, + {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", + NID_aes_192_cbc_hmac_sha1, 0, NULL, 0}, + {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", + NID_aes_256_cbc_hmac_sha1, 0, NULL, 0}, + {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &kObjectData[5958], 0}, + {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &kObjectData[5967], + 0}, + {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, + &kObjectData[5974], 0}, + {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, + &kObjectData[5983], 0}, + {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, + &kObjectData[5992], 0}, + {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, + &kObjectData[6001], 0}, + {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, + &kObjectData[6010], 0}, + {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, + &kObjectData[6019], 0}, + {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, + &kObjectData[6028], 0}, + {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, + &kObjectData[6037], 0}, + {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, + &kObjectData[6046], 0}, + {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, + &kObjectData[6055], 0}, + {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, + &kObjectData[6064], 0}, + {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, + &kObjectData[6073], 0}, + {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, + &kObjectData[6082], 0}, + {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, + &kObjectData[6091], 0}, + {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &kObjectData[6100], 0}, + {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", + NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &kObjectData[6109], 0}, + {"dhSinglePass-stdDH-sha224kdf-scheme", + "dhSinglePass-stdDH-sha224kdf-scheme", + NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &kObjectData[6118], 0}, + {"dhSinglePass-stdDH-sha256kdf-scheme", + "dhSinglePass-stdDH-sha256kdf-scheme", + NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &kObjectData[6124], 0}, + {"dhSinglePass-stdDH-sha384kdf-scheme", + "dhSinglePass-stdDH-sha384kdf-scheme", + NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &kObjectData[6130], 0}, + {"dhSinglePass-stdDH-sha512kdf-scheme", + "dhSinglePass-stdDH-sha512kdf-scheme", + NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &kObjectData[6136], 0}, + {"dhSinglePass-cofactorDH-sha1kdf-scheme", + "dhSinglePass-cofactorDH-sha1kdf-scheme", + NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &kObjectData[6142], 0}, + {"dhSinglePass-cofactorDH-sha224kdf-scheme", + "dhSinglePass-cofactorDH-sha224kdf-scheme", + NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &kObjectData[6151], 0}, + {"dhSinglePass-cofactorDH-sha256kdf-scheme", + "dhSinglePass-cofactorDH-sha256kdf-scheme", + NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &kObjectData[6157], 0}, + {"dhSinglePass-cofactorDH-sha384kdf-scheme", + "dhSinglePass-cofactorDH-sha384kdf-scheme", + NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &kObjectData[6163], 0}, + {"dhSinglePass-cofactorDH-sha512kdf-scheme", + "dhSinglePass-cofactorDH-sha512kdf-scheme", + NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &kObjectData[6169], 0}, + {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf, 0, NULL, 0}, + {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf, 0, NULL, 0}, + {"X25519", "X25519", NID_X25519, 0, NULL, 0}, }; -static const unsigned int kNIDsInShortNameOrder[NUM_SN]={ -364, /* "AD_DVCS" */ -419, /* "AES-128-CBC" */ -916, /* "AES-128-CBC-HMAC-SHA1" */ -421, /* "AES-128-CFB" */ -650, /* "AES-128-CFB1" */ -653, /* "AES-128-CFB8" */ -904, /* "AES-128-CTR" */ -418, /* "AES-128-ECB" */ -420, /* "AES-128-OFB" */ -913, /* "AES-128-XTS" */ -423, /* "AES-192-CBC" */ -917, /* "AES-192-CBC-HMAC-SHA1" */ -425, /* "AES-192-CFB" */ -651, /* "AES-192-CFB1" */ -654, /* "AES-192-CFB8" */ -905, /* "AES-192-CTR" */ -422, /* "AES-192-ECB" */ -424, /* "AES-192-OFB" */ -427, /* "AES-256-CBC" */ -918, /* "AES-256-CBC-HMAC-SHA1" */ -429, /* "AES-256-CFB" */ -652, /* "AES-256-CFB1" */ -655, /* "AES-256-CFB8" */ -906, /* "AES-256-CTR" */ -426, /* "AES-256-ECB" */ -428, /* "AES-256-OFB" */ -914, /* "AES-256-XTS" */ -91, /* "BF-CBC" */ -93, /* "BF-CFB" */ -92, /* "BF-ECB" */ -94, /* "BF-OFB" */ -14, /* "C" */ -751, /* "CAMELLIA-128-CBC" */ -757, /* "CAMELLIA-128-CFB" */ -760, /* "CAMELLIA-128-CFB1" */ -763, /* "CAMELLIA-128-CFB8" */ -754, /* "CAMELLIA-128-ECB" */ -766, /* "CAMELLIA-128-OFB" */ -752, /* "CAMELLIA-192-CBC" */ -758, /* "CAMELLIA-192-CFB" */ -761, /* "CAMELLIA-192-CFB1" */ -764, /* "CAMELLIA-192-CFB8" */ -755, /* "CAMELLIA-192-ECB" */ -767, /* "CAMELLIA-192-OFB" */ -753, /* "CAMELLIA-256-CBC" */ -759, /* "CAMELLIA-256-CFB" */ -762, /* "CAMELLIA-256-CFB1" */ -765, /* "CAMELLIA-256-CFB8" */ -756, /* "CAMELLIA-256-ECB" */ -768, /* "CAMELLIA-256-OFB" */ -108, /* "CAST5-CBC" */ -110, /* "CAST5-CFB" */ -109, /* "CAST5-ECB" */ -111, /* "CAST5-OFB" */ -894, /* "CMAC" */ -13, /* "CN" */ -141, /* "CRLReason" */ -417, /* "CSPName" */ -367, /* "CrlID" */ -391, /* "DC" */ -31, /* "DES-CBC" */ -643, /* "DES-CDMF" */ -30, /* "DES-CFB" */ -656, /* "DES-CFB1" */ -657, /* "DES-CFB8" */ -29, /* "DES-ECB" */ -32, /* "DES-EDE" */ -43, /* "DES-EDE-CBC" */ -60, /* "DES-EDE-CFB" */ -62, /* "DES-EDE-OFB" */ -33, /* "DES-EDE3" */ -44, /* "DES-EDE3-CBC" */ -61, /* "DES-EDE3-CFB" */ -658, /* "DES-EDE3-CFB1" */ -659, /* "DES-EDE3-CFB8" */ -63, /* "DES-EDE3-OFB" */ -45, /* "DES-OFB" */ -80, /* "DESX-CBC" */ -380, /* "DOD" */ -116, /* "DSA" */ -66, /* "DSA-SHA" */ -113, /* "DSA-SHA1" */ -70, /* "DSA-SHA1-old" */ -67, /* "DSA-old" */ -297, /* "DVCS" */ -99, /* "GN" */ -855, /* "HMAC" */ -780, /* "HMAC-MD5" */ -781, /* "HMAC-SHA1" */ -381, /* "IANA" */ -34, /* "IDEA-CBC" */ -35, /* "IDEA-CFB" */ -36, /* "IDEA-ECB" */ -46, /* "IDEA-OFB" */ -181, /* "ISO" */ -183, /* "ISO-US" */ -645, /* "ITU-T" */ -646, /* "JOINT-ISO-ITU-T" */ -773, /* "KISA" */ -15, /* "L" */ -856, /* "LocalKeySet" */ - 3, /* "MD2" */ -257, /* "MD4" */ - 4, /* "MD5" */ -114, /* "MD5-SHA1" */ -95, /* "MDC2" */ -911, /* "MGF1" */ -388, /* "Mail" */ -393, /* "NULL" */ -404, /* "NULL" */ -57, /* "Netscape" */ -366, /* "Nonce" */ -17, /* "O" */ -178, /* "OCSP" */ -180, /* "OCSPSigning" */ -379, /* "ORG" */ -18, /* "OU" */ -749, /* "Oakley-EC2N-3" */ -750, /* "Oakley-EC2N-4" */ - 9, /* "PBE-MD2-DES" */ -168, /* "PBE-MD2-RC2-64" */ -10, /* "PBE-MD5-DES" */ -169, /* "PBE-MD5-RC2-64" */ -147, /* "PBE-SHA1-2DES" */ -146, /* "PBE-SHA1-3DES" */ -170, /* "PBE-SHA1-DES" */ -148, /* "PBE-SHA1-RC2-128" */ -149, /* "PBE-SHA1-RC2-40" */ -68, /* "PBE-SHA1-RC2-64" */ -144, /* "PBE-SHA1-RC4-128" */ -145, /* "PBE-SHA1-RC4-40" */ -161, /* "PBES2" */ -69, /* "PBKDF2" */ -162, /* "PBMAC1" */ -127, /* "PKIX" */ -935, /* "PSPECIFIED" */ -98, /* "RC2-40-CBC" */ -166, /* "RC2-64-CBC" */ -37, /* "RC2-CBC" */ -39, /* "RC2-CFB" */ -38, /* "RC2-ECB" */ -40, /* "RC2-OFB" */ - 5, /* "RC4" */ -97, /* "RC4-40" */ -915, /* "RC4-HMAC-MD5" */ -120, /* "RC5-CBC" */ -122, /* "RC5-CFB" */ -121, /* "RC5-ECB" */ -123, /* "RC5-OFB" */ -117, /* "RIPEMD160" */ -19, /* "RSA" */ - 7, /* "RSA-MD2" */ -396, /* "RSA-MD4" */ - 8, /* "RSA-MD5" */ -96, /* "RSA-MDC2" */ -104, /* "RSA-NP-MD5" */ -119, /* "RSA-RIPEMD160" */ -42, /* "RSA-SHA" */ -65, /* "RSA-SHA1" */ -115, /* "RSA-SHA1-2" */ -671, /* "RSA-SHA224" */ -668, /* "RSA-SHA256" */ -669, /* "RSA-SHA384" */ -670, /* "RSA-SHA512" */ -919, /* "RSAES-OAEP" */ -912, /* "RSASSA-PSS" */ -777, /* "SEED-CBC" */ -779, /* "SEED-CFB" */ -776, /* "SEED-ECB" */ -778, /* "SEED-OFB" */ -41, /* "SHA" */ -64, /* "SHA1" */ -675, /* "SHA224" */ -672, /* "SHA256" */ -673, /* "SHA384" */ -674, /* "SHA512" */ -188, /* "SMIME" */ -167, /* "SMIME-CAPS" */ -100, /* "SN" */ -16, /* "ST" */ -143, /* "SXNetID" */ -458, /* "UID" */ - 0, /* "UNDEF" */ -948, /* "X25519" */ -11, /* "X500" */ -378, /* "X500algorithms" */ -12, /* "X509" */ -184, /* "X9-57" */ -185, /* "X9cm" */ -125, /* "ZLIB" */ -478, /* "aRecord" */ -289, /* "aaControls" */ -287, /* "ac-auditEntity" */ -397, /* "ac-proxying" */ -288, /* "ac-targeting" */ -368, /* "acceptableResponses" */ -446, /* "account" */ -363, /* "ad_timestamping" */ -376, /* "algorithm" */ -405, /* "ansi-X9-62" */ -910, /* "anyExtendedKeyUsage" */ -746, /* "anyPolicy" */ -370, /* "archiveCutoff" */ -484, /* "associatedDomain" */ -485, /* "associatedName" */ -501, /* "audio" */ -177, /* "authorityInfoAccess" */ -90, /* "authorityKeyIdentifier" */ -882, /* "authorityRevocationList" */ -87, /* "basicConstraints" */ -365, /* "basicOCSPResponse" */ -285, /* "biometricInfo" */ -921, /* "brainpoolP160r1" */ -922, /* "brainpoolP160t1" */ -923, /* "brainpoolP192r1" */ -924, /* "brainpoolP192t1" */ -925, /* "brainpoolP224r1" */ -926, /* "brainpoolP224t1" */ -927, /* "brainpoolP256r1" */ -928, /* "brainpoolP256t1" */ -929, /* "brainpoolP320r1" */ -930, /* "brainpoolP320t1" */ -931, /* "brainpoolP384r1" */ -932, /* "brainpoolP384t1" */ -933, /* "brainpoolP512r1" */ -934, /* "brainpoolP512t1" */ -494, /* "buildingName" */ -860, /* "businessCategory" */ -691, /* "c2onb191v4" */ -692, /* "c2onb191v5" */ -697, /* "c2onb239v4" */ -698, /* "c2onb239v5" */ -684, /* "c2pnb163v1" */ -685, /* "c2pnb163v2" */ -686, /* "c2pnb163v3" */ -687, /* "c2pnb176v1" */ -693, /* "c2pnb208w1" */ -699, /* "c2pnb272w1" */ -700, /* "c2pnb304w1" */ -702, /* "c2pnb368w1" */ -688, /* "c2tnb191v1" */ -689, /* "c2tnb191v2" */ -690, /* "c2tnb191v3" */ -694, /* "c2tnb239v1" */ -695, /* "c2tnb239v2" */ -696, /* "c2tnb239v3" */ -701, /* "c2tnb359v1" */ -703, /* "c2tnb431r1" */ -881, /* "cACertificate" */ -483, /* "cNAMERecord" */ -179, /* "caIssuers" */ -785, /* "caRepository" */ -443, /* "caseIgnoreIA5StringSyntax" */ -152, /* "certBag" */ -677, /* "certicom-arc" */ -771, /* "certificateIssuer" */ -89, /* "certificatePolicies" */ -883, /* "certificateRevocationList" */ -54, /* "challengePassword" */ -407, /* "characteristic-two-field" */ -395, /* "clearance" */ -130, /* "clientAuth" */ -131, /* "codeSigning" */ -50, /* "contentType" */ -53, /* "countersignature" */ -153, /* "crlBag" */ -103, /* "crlDistributionPoints" */ -88, /* "crlNumber" */ -884, /* "crossCertificatePair" */ -806, /* "cryptocom" */ -805, /* "cryptopro" */ -500, /* "dITRedirect" */ -451, /* "dNSDomain" */ -495, /* "dSAQuality" */ -434, /* "data" */ -390, /* "dcobject" */ -140, /* "deltaCRL" */ -891, /* "deltaRevocationList" */ -107, /* "description" */ -871, /* "destinationIndicator" */ -947, /* "dh-cofactor-kdf" */ -946, /* "dh-std-kdf" */ -28, /* "dhKeyAgreement" */ -941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ -920, /* "dhpublicnumber" */ -382, /* "directory" */ -887, /* "distinguishedName" */ -892, /* "dmdName" */ -174, /* "dnQualifier" */ -447, /* "document" */ -471, /* "documentAuthor" */ -468, /* "documentIdentifier" */ -472, /* "documentLocation" */ -502, /* "documentPublisher" */ -449, /* "documentSeries" */ -469, /* "documentTitle" */ -470, /* "documentVersion" */ -392, /* "domain" */ -452, /* "domainRelatedObject" */ -802, /* "dsa_with_SHA224" */ -803, /* "dsa_with_SHA256" */ -791, /* "ecdsa-with-Recommended" */ -416, /* "ecdsa-with-SHA1" */ -793, /* "ecdsa-with-SHA224" */ -794, /* "ecdsa-with-SHA256" */ -795, /* "ecdsa-with-SHA384" */ -796, /* "ecdsa-with-SHA512" */ -792, /* "ecdsa-with-Specified" */ -48, /* "emailAddress" */ -132, /* "emailProtection" */ -885, /* "enhancedSearchGuide" */ -389, /* "enterprises" */ -384, /* "experimental" */ -172, /* "extReq" */ -56, /* "extendedCertificateAttributes" */ -126, /* "extendedKeyUsage" */ -372, /* "extendedStatus" */ -867, /* "facsimileTelephoneNumber" */ -462, /* "favouriteDrink" */ -857, /* "freshestCRL" */ -453, /* "friendlyCountry" */ -490, /* "friendlyCountryName" */ -156, /* "friendlyName" */ -509, /* "generationQualifier" */ -815, /* "gost-mac" */ -811, /* "gost2001" */ -851, /* "gost2001cc" */ -813, /* "gost89" */ -814, /* "gost89-cnt" */ -812, /* "gost94" */ -850, /* "gost94cc" */ -797, /* "hmacWithMD5" */ -163, /* "hmacWithSHA1" */ -798, /* "hmacWithSHA224" */ -799, /* "hmacWithSHA256" */ -800, /* "hmacWithSHA384" */ -801, /* "hmacWithSHA512" */ -432, /* "holdInstructionCallIssuer" */ -430, /* "holdInstructionCode" */ -431, /* "holdInstructionNone" */ -433, /* "holdInstructionReject" */ -486, /* "homePostalAddress" */ -473, /* "homeTelephoneNumber" */ -466, /* "host" */ -889, /* "houseIdentifier" */ -442, /* "iA5StringSyntax" */ -783, /* "id-DHBasedMac" */ -824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -820, /* "id-Gost28147-89-None-KeyMeshing" */ -823, /* "id-Gost28147-89-TestParamSet" */ -849, /* "id-Gost28147-89-cc" */ -840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -854, /* "id-GostR3410-2001-ParamSet-cc" */ -839, /* "id-GostR3410-2001-TestParamSet" */ -817, /* "id-GostR3410-2001DH" */ -832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -831, /* "id-GostR3410-94-TestParamSet" */ -845, /* "id-GostR3410-94-a" */ -846, /* "id-GostR3410-94-aBis" */ -847, /* "id-GostR3410-94-b" */ -848, /* "id-GostR3410-94-bBis" */ -818, /* "id-GostR3410-94DH" */ -822, /* "id-GostR3411-94-CryptoProParamSet" */ -821, /* "id-GostR3411-94-TestParamSet" */ -807, /* "id-GostR3411-94-with-GostR3410-2001" */ -853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ -808, /* "id-GostR3411-94-with-GostR3410-94" */ -852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ -810, /* "id-HMACGostR3411-94" */ -782, /* "id-PasswordBasedMAC" */ -266, /* "id-aca" */ -355, /* "id-aca-accessIdentity" */ -354, /* "id-aca-authenticationInfo" */ -356, /* "id-aca-chargingIdentity" */ -399, /* "id-aca-encAttrs" */ -357, /* "id-aca-group" */ -358, /* "id-aca-role" */ -176, /* "id-ad" */ -896, /* "id-aes128-CCM" */ -895, /* "id-aes128-GCM" */ -788, /* "id-aes128-wrap" */ -897, /* "id-aes128-wrap-pad" */ -899, /* "id-aes192-CCM" */ -898, /* "id-aes192-GCM" */ -789, /* "id-aes192-wrap" */ -900, /* "id-aes192-wrap-pad" */ -902, /* "id-aes256-CCM" */ -901, /* "id-aes256-GCM" */ -790, /* "id-aes256-wrap" */ -903, /* "id-aes256-wrap-pad" */ -262, /* "id-alg" */ -893, /* "id-alg-PWRI-KEK" */ -323, /* "id-alg-des40" */ -326, /* "id-alg-dh-pop" */ -325, /* "id-alg-dh-sig-hmac-sha1" */ -324, /* "id-alg-noSignature" */ -907, /* "id-camellia128-wrap" */ -908, /* "id-camellia192-wrap" */ -909, /* "id-camellia256-wrap" */ -268, /* "id-cct" */ -361, /* "id-cct-PKIData" */ -362, /* "id-cct-PKIResponse" */ -360, /* "id-cct-crs" */ -81, /* "id-ce" */ -680, /* "id-characteristic-two-basis" */ -263, /* "id-cmc" */ -334, /* "id-cmc-addExtensions" */ -346, /* "id-cmc-confirmCertAcceptance" */ -330, /* "id-cmc-dataReturn" */ -336, /* "id-cmc-decryptedPOP" */ -335, /* "id-cmc-encryptedPOP" */ -339, /* "id-cmc-getCRL" */ -338, /* "id-cmc-getCert" */ -328, /* "id-cmc-identification" */ -329, /* "id-cmc-identityProof" */ -337, /* "id-cmc-lraPOPWitness" */ -344, /* "id-cmc-popLinkRandom" */ -345, /* "id-cmc-popLinkWitness" */ -343, /* "id-cmc-queryPending" */ -333, /* "id-cmc-recipientNonce" */ -341, /* "id-cmc-regInfo" */ -342, /* "id-cmc-responseInfo" */ -340, /* "id-cmc-revokeRequest" */ -332, /* "id-cmc-senderNonce" */ -327, /* "id-cmc-statusInfo" */ -331, /* "id-cmc-transactionId" */ -787, /* "id-ct-asciiTextWithCRLF" */ -408, /* "id-ecPublicKey" */ -508, /* "id-hex-multipart-message" */ -507, /* "id-hex-partial-message" */ -260, /* "id-it" */ -302, /* "id-it-caKeyUpdateInfo" */ -298, /* "id-it-caProtEncCert" */ -311, /* "id-it-confirmWaitTime" */ -303, /* "id-it-currentCRL" */ -300, /* "id-it-encKeyPairTypes" */ -310, /* "id-it-implicitConfirm" */ -308, /* "id-it-keyPairParamRep" */ -307, /* "id-it-keyPairParamReq" */ -312, /* "id-it-origPKIMessage" */ -301, /* "id-it-preferredSymmAlg" */ -309, /* "id-it-revPassphrase" */ -299, /* "id-it-signKeyPairTypes" */ -305, /* "id-it-subscriptionRequest" */ -306, /* "id-it-subscriptionResponse" */ -784, /* "id-it-suppLangTags" */ -304, /* "id-it-unsupportedOIDs" */ -128, /* "id-kp" */ -280, /* "id-mod-attribute-cert" */ -274, /* "id-mod-cmc" */ -277, /* "id-mod-cmp" */ -284, /* "id-mod-cmp2000" */ -273, /* "id-mod-crmf" */ -283, /* "id-mod-dvcs" */ -275, /* "id-mod-kea-profile-88" */ -276, /* "id-mod-kea-profile-93" */ -282, /* "id-mod-ocsp" */ -278, /* "id-mod-qualified-cert-88" */ -279, /* "id-mod-qualified-cert-93" */ -281, /* "id-mod-timestamp-protocol" */ -264, /* "id-on" */ -858, /* "id-on-permanentIdentifier" */ -347, /* "id-on-personalData" */ -265, /* "id-pda" */ -352, /* "id-pda-countryOfCitizenship" */ -353, /* "id-pda-countryOfResidence" */ -348, /* "id-pda-dateOfBirth" */ -351, /* "id-pda-gender" */ -349, /* "id-pda-placeOfBirth" */ -175, /* "id-pe" */ -261, /* "id-pkip" */ -258, /* "id-pkix-mod" */ -269, /* "id-pkix1-explicit-88" */ -271, /* "id-pkix1-explicit-93" */ -270, /* "id-pkix1-implicit-88" */ -272, /* "id-pkix1-implicit-93" */ -662, /* "id-ppl" */ -664, /* "id-ppl-anyLanguage" */ -667, /* "id-ppl-independent" */ -665, /* "id-ppl-inheritAll" */ -267, /* "id-qcs" */ -359, /* "id-qcs-pkixQCSyntax-v1" */ -259, /* "id-qt" */ -164, /* "id-qt-cps" */ -165, /* "id-qt-unotice" */ -313, /* "id-regCtrl" */ -316, /* "id-regCtrl-authenticator" */ -319, /* "id-regCtrl-oldCertID" */ -318, /* "id-regCtrl-pkiArchiveOptions" */ -317, /* "id-regCtrl-pkiPublicationInfo" */ -320, /* "id-regCtrl-protocolEncrKey" */ -315, /* "id-regCtrl-regToken" */ -314, /* "id-regInfo" */ -322, /* "id-regInfo-certReq" */ -321, /* "id-regInfo-utf8Pairs" */ -512, /* "id-set" */ -191, /* "id-smime-aa" */ -215, /* "id-smime-aa-contentHint" */ -218, /* "id-smime-aa-contentIdentifier" */ -221, /* "id-smime-aa-contentReference" */ -240, /* "id-smime-aa-dvcs-dvc" */ -217, /* "id-smime-aa-encapContentType" */ -222, /* "id-smime-aa-encrypKeyPref" */ -220, /* "id-smime-aa-equivalentLabels" */ -232, /* "id-smime-aa-ets-CertificateRefs" */ -233, /* "id-smime-aa-ets-RevocationRefs" */ -238, /* "id-smime-aa-ets-archiveTimeStamp" */ -237, /* "id-smime-aa-ets-certCRLTimestamp" */ -234, /* "id-smime-aa-ets-certValues" */ -227, /* "id-smime-aa-ets-commitmentType" */ -231, /* "id-smime-aa-ets-contentTimestamp" */ -236, /* "id-smime-aa-ets-escTimeStamp" */ -230, /* "id-smime-aa-ets-otherSigCert" */ -235, /* "id-smime-aa-ets-revocationValues" */ -226, /* "id-smime-aa-ets-sigPolicyId" */ -229, /* "id-smime-aa-ets-signerAttr" */ -228, /* "id-smime-aa-ets-signerLocation" */ -219, /* "id-smime-aa-macValue" */ -214, /* "id-smime-aa-mlExpandHistory" */ -216, /* "id-smime-aa-msgSigDigest" */ -212, /* "id-smime-aa-receiptRequest" */ -213, /* "id-smime-aa-securityLabel" */ -239, /* "id-smime-aa-signatureType" */ -223, /* "id-smime-aa-signingCertificate" */ -224, /* "id-smime-aa-smimeEncryptCerts" */ -225, /* "id-smime-aa-timeStampToken" */ -192, /* "id-smime-alg" */ -243, /* "id-smime-alg-3DESwrap" */ -246, /* "id-smime-alg-CMS3DESwrap" */ -247, /* "id-smime-alg-CMSRC2wrap" */ -245, /* "id-smime-alg-ESDH" */ -241, /* "id-smime-alg-ESDHwith3DES" */ -242, /* "id-smime-alg-ESDHwithRC2" */ -244, /* "id-smime-alg-RC2wrap" */ -193, /* "id-smime-cd" */ -248, /* "id-smime-cd-ldap" */ -190, /* "id-smime-ct" */ -210, /* "id-smime-ct-DVCSRequestData" */ -211, /* "id-smime-ct-DVCSResponseData" */ -208, /* "id-smime-ct-TDTInfo" */ -207, /* "id-smime-ct-TSTInfo" */ -205, /* "id-smime-ct-authData" */ -786, /* "id-smime-ct-compressedData" */ -209, /* "id-smime-ct-contentInfo" */ -206, /* "id-smime-ct-publishCert" */ -204, /* "id-smime-ct-receipt" */ -195, /* "id-smime-cti" */ -255, /* "id-smime-cti-ets-proofOfApproval" */ -256, /* "id-smime-cti-ets-proofOfCreation" */ -253, /* "id-smime-cti-ets-proofOfDelivery" */ -251, /* "id-smime-cti-ets-proofOfOrigin" */ -252, /* "id-smime-cti-ets-proofOfReceipt" */ -254, /* "id-smime-cti-ets-proofOfSender" */ -189, /* "id-smime-mod" */ -196, /* "id-smime-mod-cms" */ -197, /* "id-smime-mod-ess" */ -202, /* "id-smime-mod-ets-eSigPolicy-88" */ -203, /* "id-smime-mod-ets-eSigPolicy-97" */ -200, /* "id-smime-mod-ets-eSignature-88" */ -201, /* "id-smime-mod-ets-eSignature-97" */ -199, /* "id-smime-mod-msg-v3" */ -198, /* "id-smime-mod-oid" */ -194, /* "id-smime-spq" */ -250, /* "id-smime-spq-ets-sqt-unotice" */ -249, /* "id-smime-spq-ets-sqt-uri" */ -676, /* "identified-organization" */ -461, /* "info" */ -748, /* "inhibitAnyPolicy" */ -101, /* "initials" */ -647, /* "international-organizations" */ -869, /* "internationaliSDNNumber" */ -142, /* "invalidityDate" */ -294, /* "ipsecEndSystem" */ -295, /* "ipsecTunnel" */ -296, /* "ipsecUser" */ -86, /* "issuerAltName" */ -770, /* "issuingDistributionPoint" */ -492, /* "janetMailbox" */ -150, /* "keyBag" */ -83, /* "keyUsage" */ -477, /* "lastModifiedBy" */ -476, /* "lastModifiedTime" */ -157, /* "localKeyID" */ -480, /* "mXRecord" */ -460, /* "mail" */ -493, /* "mailPreferenceOption" */ -467, /* "manager" */ -809, /* "md_gost94" */ -875, /* "member" */ -182, /* "member-body" */ -51, /* "messageDigest" */ -383, /* "mgmt" */ -504, /* "mime-mhs" */ -506, /* "mime-mhs-bodies" */ -505, /* "mime-mhs-headings" */ -488, /* "mobileTelephoneNumber" */ -136, /* "msCTLSign" */ -135, /* "msCodeCom" */ -134, /* "msCodeInd" */ -138, /* "msEFS" */ -171, /* "msExtReq" */ -137, /* "msSGC" */ -648, /* "msSmartcardLogin" */ -649, /* "msUPN" */ -481, /* "nSRecord" */ -173, /* "name" */ -666, /* "nameConstraints" */ -369, /* "noCheck" */ -403, /* "noRevAvail" */ -72, /* "nsBaseUrl" */ -76, /* "nsCaPolicyUrl" */ -74, /* "nsCaRevocationUrl" */ -58, /* "nsCertExt" */ -79, /* "nsCertSequence" */ -71, /* "nsCertType" */ -78, /* "nsComment" */ -59, /* "nsDataType" */ -75, /* "nsRenewalUrl" */ -73, /* "nsRevocationUrl" */ -139, /* "nsSGC" */ -77, /* "nsSslServerName" */ -681, /* "onBasis" */ -491, /* "organizationalStatus" */ -475, /* "otherMailbox" */ -876, /* "owner" */ -489, /* "pagerTelephoneNumber" */ -374, /* "path" */ -112, /* "pbeWithMD5AndCast5CBC" */ -499, /* "personalSignature" */ -487, /* "personalTitle" */ -464, /* "photo" */ -863, /* "physicalDeliveryOfficeName" */ -437, /* "pilot" */ -439, /* "pilotAttributeSyntax" */ -438, /* "pilotAttributeType" */ -479, /* "pilotAttributeType27" */ -456, /* "pilotDSA" */ -441, /* "pilotGroups" */ -444, /* "pilotObject" */ -440, /* "pilotObjectClass" */ -455, /* "pilotOrganization" */ -445, /* "pilotPerson" */ - 2, /* "pkcs" */ -186, /* "pkcs1" */ -27, /* "pkcs3" */ -187, /* "pkcs5" */ -20, /* "pkcs7" */ -21, /* "pkcs7-data" */ -25, /* "pkcs7-digestData" */ -26, /* "pkcs7-encryptedData" */ -23, /* "pkcs7-envelopedData" */ -24, /* "pkcs7-signedAndEnvelopedData" */ -22, /* "pkcs7-signedData" */ -151, /* "pkcs8ShroudedKeyBag" */ -47, /* "pkcs9" */ -401, /* "policyConstraints" */ -747, /* "policyMappings" */ -862, /* "postOfficeBox" */ -861, /* "postalAddress" */ -661, /* "postalCode" */ -683, /* "ppBasis" */ -872, /* "preferredDeliveryMethod" */ -873, /* "presentationAddress" */ -816, /* "prf-gostr3411-94" */ -406, /* "prime-field" */ -409, /* "prime192v1" */ -410, /* "prime192v2" */ -411, /* "prime192v3" */ -412, /* "prime239v1" */ -413, /* "prime239v2" */ -414, /* "prime239v3" */ -415, /* "prime256v1" */ -385, /* "private" */ -84, /* "privateKeyUsagePeriod" */ -886, /* "protocolInformation" */ -663, /* "proxyCertInfo" */ -510, /* "pseudonym" */ -435, /* "pss" */ -286, /* "qcStatements" */ -457, /* "qualityLabelledData" */ -450, /* "rFC822localPart" */ -870, /* "registeredAddress" */ -400, /* "role" */ -877, /* "roleOccupant" */ -448, /* "room" */ -463, /* "roomNumber" */ - 6, /* "rsaEncryption" */ -644, /* "rsaOAEPEncryptionSET" */ -377, /* "rsaSignature" */ - 1, /* "rsadsi" */ -482, /* "sOARecord" */ -155, /* "safeContentsBag" */ -291, /* "sbgp-autonomousSysNum" */ -290, /* "sbgp-ipAddrBlock" */ -292, /* "sbgp-routerIdentifier" */ -159, /* "sdsiCertificate" */ -859, /* "searchGuide" */ -704, /* "secp112r1" */ -705, /* "secp112r2" */ -706, /* "secp128r1" */ -707, /* "secp128r2" */ -708, /* "secp160k1" */ -709, /* "secp160r1" */ -710, /* "secp160r2" */ -711, /* "secp192k1" */ -712, /* "secp224k1" */ -713, /* "secp224r1" */ -714, /* "secp256k1" */ -715, /* "secp384r1" */ -716, /* "secp521r1" */ -154, /* "secretBag" */ -474, /* "secretary" */ -717, /* "sect113r1" */ -718, /* "sect113r2" */ -719, /* "sect131r1" */ -720, /* "sect131r2" */ -721, /* "sect163k1" */ -722, /* "sect163r1" */ -723, /* "sect163r2" */ -724, /* "sect193r1" */ -725, /* "sect193r2" */ -726, /* "sect233k1" */ -727, /* "sect233r1" */ -728, /* "sect239k1" */ -729, /* "sect283k1" */ -730, /* "sect283r1" */ -731, /* "sect409k1" */ -732, /* "sect409r1" */ -733, /* "sect571k1" */ -734, /* "sect571r1" */ -386, /* "security" */ -878, /* "seeAlso" */ -394, /* "selected-attribute-types" */ -105, /* "serialNumber" */ -129, /* "serverAuth" */ -371, /* "serviceLocator" */ -625, /* "set-addPolicy" */ -515, /* "set-attr" */ -518, /* "set-brand" */ -638, /* "set-brand-AmericanExpress" */ -637, /* "set-brand-Diners" */ -636, /* "set-brand-IATA-ATA" */ -639, /* "set-brand-JCB" */ -641, /* "set-brand-MasterCard" */ -642, /* "set-brand-Novus" */ -640, /* "set-brand-Visa" */ -517, /* "set-certExt" */ -513, /* "set-ctype" */ -514, /* "set-msgExt" */ -516, /* "set-policy" */ -607, /* "set-policy-root" */ -624, /* "set-rootKeyThumb" */ -620, /* "setAttr-Cert" */ -631, /* "setAttr-GenCryptgrm" */ -623, /* "setAttr-IssCap" */ -628, /* "setAttr-IssCap-CVM" */ -630, /* "setAttr-IssCap-Sig" */ -629, /* "setAttr-IssCap-T2" */ -621, /* "setAttr-PGWYcap" */ -635, /* "setAttr-SecDevSig" */ -632, /* "setAttr-T2Enc" */ -633, /* "setAttr-T2cleartxt" */ -634, /* "setAttr-TokICCsig" */ -627, /* "setAttr-Token-B0Prime" */ -626, /* "setAttr-Token-EMV" */ -622, /* "setAttr-TokenType" */ -619, /* "setCext-IssuerCapabilities" */ -615, /* "setCext-PGWYcapabilities" */ -616, /* "setCext-TokenIdentifier" */ -618, /* "setCext-TokenType" */ -617, /* "setCext-Track2Data" */ -611, /* "setCext-cCertRequired" */ -609, /* "setCext-certType" */ -608, /* "setCext-hashedRoot" */ -610, /* "setCext-merchData" */ -613, /* "setCext-setExt" */ -614, /* "setCext-setQualf" */ -612, /* "setCext-tunneling" */ -540, /* "setct-AcqCardCodeMsg" */ -576, /* "setct-AcqCardCodeMsgTBE" */ -570, /* "setct-AuthReqTBE" */ -534, /* "setct-AuthReqTBS" */ -527, /* "setct-AuthResBaggage" */ -571, /* "setct-AuthResTBE" */ -572, /* "setct-AuthResTBEX" */ -535, /* "setct-AuthResTBS" */ -536, /* "setct-AuthResTBSX" */ -528, /* "setct-AuthRevReqBaggage" */ -577, /* "setct-AuthRevReqTBE" */ -541, /* "setct-AuthRevReqTBS" */ -529, /* "setct-AuthRevResBaggage" */ -542, /* "setct-AuthRevResData" */ -578, /* "setct-AuthRevResTBE" */ -579, /* "setct-AuthRevResTBEB" */ -543, /* "setct-AuthRevResTBS" */ -573, /* "setct-AuthTokenTBE" */ -537, /* "setct-AuthTokenTBS" */ -600, /* "setct-BCIDistributionTBS" */ -558, /* "setct-BatchAdminReqData" */ -592, /* "setct-BatchAdminReqTBE" */ -559, /* "setct-BatchAdminResData" */ -593, /* "setct-BatchAdminResTBE" */ -599, /* "setct-CRLNotificationResTBS" */ -598, /* "setct-CRLNotificationTBS" */ -580, /* "setct-CapReqTBE" */ -581, /* "setct-CapReqTBEX" */ -544, /* "setct-CapReqTBS" */ -545, /* "setct-CapReqTBSX" */ -546, /* "setct-CapResData" */ -582, /* "setct-CapResTBE" */ -583, /* "setct-CapRevReqTBE" */ -584, /* "setct-CapRevReqTBEX" */ -547, /* "setct-CapRevReqTBS" */ -548, /* "setct-CapRevReqTBSX" */ -549, /* "setct-CapRevResData" */ -585, /* "setct-CapRevResTBE" */ -538, /* "setct-CapTokenData" */ -530, /* "setct-CapTokenSeq" */ -574, /* "setct-CapTokenTBE" */ -575, /* "setct-CapTokenTBEX" */ -539, /* "setct-CapTokenTBS" */ -560, /* "setct-CardCInitResTBS" */ -566, /* "setct-CertInqReqTBS" */ -563, /* "setct-CertReqData" */ -595, /* "setct-CertReqTBE" */ -596, /* "setct-CertReqTBEX" */ -564, /* "setct-CertReqTBS" */ -565, /* "setct-CertResData" */ -597, /* "setct-CertResTBE" */ -586, /* "setct-CredReqTBE" */ -587, /* "setct-CredReqTBEX" */ -550, /* "setct-CredReqTBS" */ -551, /* "setct-CredReqTBSX" */ -552, /* "setct-CredResData" */ -588, /* "setct-CredResTBE" */ -589, /* "setct-CredRevReqTBE" */ -590, /* "setct-CredRevReqTBEX" */ -553, /* "setct-CredRevReqTBS" */ -554, /* "setct-CredRevReqTBSX" */ -555, /* "setct-CredRevResData" */ -591, /* "setct-CredRevResTBE" */ -567, /* "setct-ErrorTBS" */ -526, /* "setct-HODInput" */ -561, /* "setct-MeAqCInitResTBS" */ -522, /* "setct-OIData" */ -519, /* "setct-PANData" */ -521, /* "setct-PANOnly" */ -520, /* "setct-PANToken" */ -556, /* "setct-PCertReqData" */ -557, /* "setct-PCertResTBS" */ -523, /* "setct-PI" */ -532, /* "setct-PI-TBS" */ -524, /* "setct-PIData" */ -525, /* "setct-PIDataUnsigned" */ -568, /* "setct-PIDualSignedTBE" */ -569, /* "setct-PIUnsignedTBE" */ -531, /* "setct-PInitResData" */ -533, /* "setct-PResData" */ -594, /* "setct-RegFormReqTBE" */ -562, /* "setct-RegFormResTBS" */ -606, /* "setext-cv" */ -601, /* "setext-genCrypt" */ -602, /* "setext-miAuth" */ -604, /* "setext-pinAny" */ -603, /* "setext-pinSecure" */ -605, /* "setext-track2" */ -52, /* "signingTime" */ -454, /* "simpleSecurityObject" */ -496, /* "singleLevelQuality" */ -387, /* "snmpv2" */ -660, /* "street" */ -85, /* "subjectAltName" */ -769, /* "subjectDirectoryAttributes" */ -398, /* "subjectInfoAccess" */ -82, /* "subjectKeyIdentifier" */ -498, /* "subtreeMaximumQuality" */ -497, /* "subtreeMinimumQuality" */ -890, /* "supportedAlgorithms" */ -874, /* "supportedApplicationContext" */ -402, /* "targetInformation" */ -864, /* "telephoneNumber" */ -866, /* "teletexTerminalIdentifier" */ -865, /* "telexNumber" */ -459, /* "textEncodedORAddress" */ -293, /* "textNotice" */ -133, /* "timeStamping" */ -106, /* "title" */ -682, /* "tpBasis" */ -375, /* "trustRoot" */ -436, /* "ucl" */ -888, /* "uniqueMember" */ -55, /* "unstructuredAddress" */ -49, /* "unstructuredName" */ -880, /* "userCertificate" */ -465, /* "userClass" */ -879, /* "userPassword" */ -373, /* "valid" */ -678, /* "wap" */ -679, /* "wap-wsg" */ -735, /* "wap-wsg-idm-ecid-wtls1" */ -743, /* "wap-wsg-idm-ecid-wtls10" */ -744, /* "wap-wsg-idm-ecid-wtls11" */ -745, /* "wap-wsg-idm-ecid-wtls12" */ -736, /* "wap-wsg-idm-ecid-wtls3" */ -737, /* "wap-wsg-idm-ecid-wtls4" */ -738, /* "wap-wsg-idm-ecid-wtls5" */ -739, /* "wap-wsg-idm-ecid-wtls6" */ -740, /* "wap-wsg-idm-ecid-wtls7" */ -741, /* "wap-wsg-idm-ecid-wtls8" */ -742, /* "wap-wsg-idm-ecid-wtls9" */ -804, /* "whirlpool" */ -868, /* "x121Address" */ -503, /* "x500UniqueIdentifier" */ -158, /* "x509Certificate" */ -160, /* "x509Crl" */ +static const unsigned kNIDsInShortNameOrder[] = { + 364 /* AD_DVCS */, + 419 /* AES-128-CBC */, + 916 /* AES-128-CBC-HMAC-SHA1 */, + 421 /* AES-128-CFB */, + 650 /* AES-128-CFB1 */, + 653 /* AES-128-CFB8 */, + 904 /* AES-128-CTR */, + 418 /* AES-128-ECB */, + 420 /* AES-128-OFB */, + 913 /* AES-128-XTS */, + 423 /* AES-192-CBC */, + 917 /* AES-192-CBC-HMAC-SHA1 */, + 425 /* AES-192-CFB */, + 651 /* AES-192-CFB1 */, + 654 /* AES-192-CFB8 */, + 905 /* AES-192-CTR */, + 422 /* AES-192-ECB */, + 424 /* AES-192-OFB */, + 427 /* AES-256-CBC */, + 918 /* AES-256-CBC-HMAC-SHA1 */, + 429 /* AES-256-CFB */, + 652 /* AES-256-CFB1 */, + 655 /* AES-256-CFB8 */, + 906 /* AES-256-CTR */, + 426 /* AES-256-ECB */, + 428 /* AES-256-OFB */, + 914 /* AES-256-XTS */, + 91 /* BF-CBC */, + 93 /* BF-CFB */, + 92 /* BF-ECB */, + 94 /* BF-OFB */, + 14 /* C */, + 751 /* CAMELLIA-128-CBC */, + 757 /* CAMELLIA-128-CFB */, + 760 /* CAMELLIA-128-CFB1 */, + 763 /* CAMELLIA-128-CFB8 */, + 754 /* CAMELLIA-128-ECB */, + 766 /* CAMELLIA-128-OFB */, + 752 /* CAMELLIA-192-CBC */, + 758 /* CAMELLIA-192-CFB */, + 761 /* CAMELLIA-192-CFB1 */, + 764 /* CAMELLIA-192-CFB8 */, + 755 /* CAMELLIA-192-ECB */, + 767 /* CAMELLIA-192-OFB */, + 753 /* CAMELLIA-256-CBC */, + 759 /* CAMELLIA-256-CFB */, + 762 /* CAMELLIA-256-CFB1 */, + 765 /* CAMELLIA-256-CFB8 */, + 756 /* CAMELLIA-256-ECB */, + 768 /* CAMELLIA-256-OFB */, + 108 /* CAST5-CBC */, + 110 /* CAST5-CFB */, + 109 /* CAST5-ECB */, + 111 /* CAST5-OFB */, + 894 /* CMAC */, + 13 /* CN */, + 141 /* CRLReason */, + 417 /* CSPName */, + 367 /* CrlID */, + 391 /* DC */, + 31 /* DES-CBC */, + 643 /* DES-CDMF */, + 30 /* DES-CFB */, + 656 /* DES-CFB1 */, + 657 /* DES-CFB8 */, + 29 /* DES-ECB */, + 32 /* DES-EDE */, + 43 /* DES-EDE-CBC */, + 60 /* DES-EDE-CFB */, + 62 /* DES-EDE-OFB */, + 33 /* DES-EDE3 */, + 44 /* DES-EDE3-CBC */, + 61 /* DES-EDE3-CFB */, + 658 /* DES-EDE3-CFB1 */, + 659 /* DES-EDE3-CFB8 */, + 63 /* DES-EDE3-OFB */, + 45 /* DES-OFB */, + 80 /* DESX-CBC */, + 380 /* DOD */, + 116 /* DSA */, + 66 /* DSA-SHA */, + 113 /* DSA-SHA1 */, + 70 /* DSA-SHA1-old */, + 67 /* DSA-old */, + 297 /* DVCS */, + 99 /* GN */, + 855 /* HMAC */, + 780 /* HMAC-MD5 */, + 781 /* HMAC-SHA1 */, + 381 /* IANA */, + 34 /* IDEA-CBC */, + 35 /* IDEA-CFB */, + 36 /* IDEA-ECB */, + 46 /* IDEA-OFB */, + 181 /* ISO */, + 183 /* ISO-US */, + 645 /* ITU-T */, + 646 /* JOINT-ISO-ITU-T */, + 773 /* KISA */, + 15 /* L */, + 856 /* LocalKeySet */, + 3 /* MD2 */, + 257 /* MD4 */, + 4 /* MD5 */, + 114 /* MD5-SHA1 */, + 95 /* MDC2 */, + 911 /* MGF1 */, + 388 /* Mail */, + 57 /* Netscape */, + 366 /* Nonce */, + 17 /* O */, + 178 /* OCSP */, + 180 /* OCSPSigning */, + 379 /* ORG */, + 18 /* OU */, + 749 /* Oakley-EC2N-3 */, + 750 /* Oakley-EC2N-4 */, + 9 /* PBE-MD2-DES */, + 168 /* PBE-MD2-RC2-64 */, + 10 /* PBE-MD5-DES */, + 169 /* PBE-MD5-RC2-64 */, + 147 /* PBE-SHA1-2DES */, + 146 /* PBE-SHA1-3DES */, + 170 /* PBE-SHA1-DES */, + 148 /* PBE-SHA1-RC2-128 */, + 149 /* PBE-SHA1-RC2-40 */, + 68 /* PBE-SHA1-RC2-64 */, + 144 /* PBE-SHA1-RC4-128 */, + 145 /* PBE-SHA1-RC4-40 */, + 161 /* PBES2 */, + 69 /* PBKDF2 */, + 162 /* PBMAC1 */, + 127 /* PKIX */, + 935 /* PSPECIFIED */, + 98 /* RC2-40-CBC */, + 166 /* RC2-64-CBC */, + 37 /* RC2-CBC */, + 39 /* RC2-CFB */, + 38 /* RC2-ECB */, + 40 /* RC2-OFB */, + 5 /* RC4 */, + 97 /* RC4-40 */, + 915 /* RC4-HMAC-MD5 */, + 120 /* RC5-CBC */, + 122 /* RC5-CFB */, + 121 /* RC5-ECB */, + 123 /* RC5-OFB */, + 117 /* RIPEMD160 */, + 19 /* RSA */, + 7 /* RSA-MD2 */, + 396 /* RSA-MD4 */, + 8 /* RSA-MD5 */, + 96 /* RSA-MDC2 */, + 104 /* RSA-NP-MD5 */, + 119 /* RSA-RIPEMD160 */, + 42 /* RSA-SHA */, + 65 /* RSA-SHA1 */, + 115 /* RSA-SHA1-2 */, + 671 /* RSA-SHA224 */, + 668 /* RSA-SHA256 */, + 669 /* RSA-SHA384 */, + 670 /* RSA-SHA512 */, + 919 /* RSAES-OAEP */, + 912 /* RSASSA-PSS */, + 777 /* SEED-CBC */, + 779 /* SEED-CFB */, + 776 /* SEED-ECB */, + 778 /* SEED-OFB */, + 41 /* SHA */, + 64 /* SHA1 */, + 675 /* SHA224 */, + 672 /* SHA256 */, + 673 /* SHA384 */, + 674 /* SHA512 */, + 188 /* SMIME */, + 167 /* SMIME-CAPS */, + 100 /* SN */, + 16 /* ST */, + 143 /* SXNetID */, + 458 /* UID */, + 0 /* UNDEF */, + 948 /* X25519 */, + 11 /* X500 */, + 378 /* X500algorithms */, + 12 /* X509 */, + 184 /* X9-57 */, + 185 /* X9cm */, + 125 /* ZLIB */, + 478 /* aRecord */, + 289 /* aaControls */, + 287 /* ac-auditEntity */, + 397 /* ac-proxying */, + 288 /* ac-targeting */, + 368 /* acceptableResponses */, + 446 /* account */, + 363 /* ad_timestamping */, + 376 /* algorithm */, + 405 /* ansi-X9-62 */, + 910 /* anyExtendedKeyUsage */, + 746 /* anyPolicy */, + 370 /* archiveCutoff */, + 484 /* associatedDomain */, + 485 /* associatedName */, + 501 /* audio */, + 177 /* authorityInfoAccess */, + 90 /* authorityKeyIdentifier */, + 882 /* authorityRevocationList */, + 87 /* basicConstraints */, + 365 /* basicOCSPResponse */, + 285 /* biometricInfo */, + 921 /* brainpoolP160r1 */, + 922 /* brainpoolP160t1 */, + 923 /* brainpoolP192r1 */, + 924 /* brainpoolP192t1 */, + 925 /* brainpoolP224r1 */, + 926 /* brainpoolP224t1 */, + 927 /* brainpoolP256r1 */, + 928 /* brainpoolP256t1 */, + 929 /* brainpoolP320r1 */, + 930 /* brainpoolP320t1 */, + 931 /* brainpoolP384r1 */, + 932 /* brainpoolP384t1 */, + 933 /* brainpoolP512r1 */, + 934 /* brainpoolP512t1 */, + 494 /* buildingName */, + 860 /* businessCategory */, + 691 /* c2onb191v4 */, + 692 /* c2onb191v5 */, + 697 /* c2onb239v4 */, + 698 /* c2onb239v5 */, + 684 /* c2pnb163v1 */, + 685 /* c2pnb163v2 */, + 686 /* c2pnb163v3 */, + 687 /* c2pnb176v1 */, + 693 /* c2pnb208w1 */, + 699 /* c2pnb272w1 */, + 700 /* c2pnb304w1 */, + 702 /* c2pnb368w1 */, + 688 /* c2tnb191v1 */, + 689 /* c2tnb191v2 */, + 690 /* c2tnb191v3 */, + 694 /* c2tnb239v1 */, + 695 /* c2tnb239v2 */, + 696 /* c2tnb239v3 */, + 701 /* c2tnb359v1 */, + 703 /* c2tnb431r1 */, + 881 /* cACertificate */, + 483 /* cNAMERecord */, + 179 /* caIssuers */, + 785 /* caRepository */, + 443 /* caseIgnoreIA5StringSyntax */, + 152 /* certBag */, + 677 /* certicom-arc */, + 771 /* certificateIssuer */, + 89 /* certificatePolicies */, + 883 /* certificateRevocationList */, + 54 /* challengePassword */, + 407 /* characteristic-two-field */, + 395 /* clearance */, + 130 /* clientAuth */, + 131 /* codeSigning */, + 50 /* contentType */, + 53 /* countersignature */, + 153 /* crlBag */, + 103 /* crlDistributionPoints */, + 88 /* crlNumber */, + 884 /* crossCertificatePair */, + 806 /* cryptocom */, + 805 /* cryptopro */, + 500 /* dITRedirect */, + 451 /* dNSDomain */, + 495 /* dSAQuality */, + 434 /* data */, + 390 /* dcobject */, + 140 /* deltaCRL */, + 891 /* deltaRevocationList */, + 107 /* description */, + 871 /* destinationIndicator */, + 947 /* dh-cofactor-kdf */, + 946 /* dh-std-kdf */, + 28 /* dhKeyAgreement */, + 941 /* dhSinglePass-cofactorDH-sha1kdf-scheme */, + 942 /* dhSinglePass-cofactorDH-sha224kdf-scheme */, + 943 /* dhSinglePass-cofactorDH-sha256kdf-scheme */, + 944 /* dhSinglePass-cofactorDH-sha384kdf-scheme */, + 945 /* dhSinglePass-cofactorDH-sha512kdf-scheme */, + 936 /* dhSinglePass-stdDH-sha1kdf-scheme */, + 937 /* dhSinglePass-stdDH-sha224kdf-scheme */, + 938 /* dhSinglePass-stdDH-sha256kdf-scheme */, + 939 /* dhSinglePass-stdDH-sha384kdf-scheme */, + 940 /* dhSinglePass-stdDH-sha512kdf-scheme */, + 920 /* dhpublicnumber */, + 382 /* directory */, + 887 /* distinguishedName */, + 892 /* dmdName */, + 174 /* dnQualifier */, + 447 /* document */, + 471 /* documentAuthor */, + 468 /* documentIdentifier */, + 472 /* documentLocation */, + 502 /* documentPublisher */, + 449 /* documentSeries */, + 469 /* documentTitle */, + 470 /* documentVersion */, + 392 /* domain */, + 452 /* domainRelatedObject */, + 802 /* dsa_with_SHA224 */, + 803 /* dsa_with_SHA256 */, + 791 /* ecdsa-with-Recommended */, + 416 /* ecdsa-with-SHA1 */, + 793 /* ecdsa-with-SHA224 */, + 794 /* ecdsa-with-SHA256 */, + 795 /* ecdsa-with-SHA384 */, + 796 /* ecdsa-with-SHA512 */, + 792 /* ecdsa-with-Specified */, + 48 /* emailAddress */, + 132 /* emailProtection */, + 885 /* enhancedSearchGuide */, + 389 /* enterprises */, + 384 /* experimental */, + 172 /* extReq */, + 56 /* extendedCertificateAttributes */, + 126 /* extendedKeyUsage */, + 372 /* extendedStatus */, + 867 /* facsimileTelephoneNumber */, + 462 /* favouriteDrink */, + 857 /* freshestCRL */, + 453 /* friendlyCountry */, + 490 /* friendlyCountryName */, + 156 /* friendlyName */, + 509 /* generationQualifier */, + 815 /* gost-mac */, + 811 /* gost2001 */, + 851 /* gost2001cc */, + 813 /* gost89 */, + 814 /* gost89-cnt */, + 812 /* gost94 */, + 850 /* gost94cc */, + 797 /* hmacWithMD5 */, + 163 /* hmacWithSHA1 */, + 798 /* hmacWithSHA224 */, + 799 /* hmacWithSHA256 */, + 800 /* hmacWithSHA384 */, + 801 /* hmacWithSHA512 */, + 432 /* holdInstructionCallIssuer */, + 430 /* holdInstructionCode */, + 431 /* holdInstructionNone */, + 433 /* holdInstructionReject */, + 486 /* homePostalAddress */, + 473 /* homeTelephoneNumber */, + 466 /* host */, + 889 /* houseIdentifier */, + 442 /* iA5StringSyntax */, + 783 /* id-DHBasedMac */, + 824 /* id-Gost28147-89-CryptoPro-A-ParamSet */, + 825 /* id-Gost28147-89-CryptoPro-B-ParamSet */, + 826 /* id-Gost28147-89-CryptoPro-C-ParamSet */, + 827 /* id-Gost28147-89-CryptoPro-D-ParamSet */, + 819 /* id-Gost28147-89-CryptoPro-KeyMeshing */, + 829 /* id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet */, + 828 /* id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet */, + 830 /* id-Gost28147-89-CryptoPro-RIC-1-ParamSet */, + 820 /* id-Gost28147-89-None-KeyMeshing */, + 823 /* id-Gost28147-89-TestParamSet */, + 849 /* id-Gost28147-89-cc */, + 840 /* id-GostR3410-2001-CryptoPro-A-ParamSet */, + 841 /* id-GostR3410-2001-CryptoPro-B-ParamSet */, + 842 /* id-GostR3410-2001-CryptoPro-C-ParamSet */, + 843 /* id-GostR3410-2001-CryptoPro-XchA-ParamSet */, + 844 /* id-GostR3410-2001-CryptoPro-XchB-ParamSet */, + 854 /* id-GostR3410-2001-ParamSet-cc */, + 839 /* id-GostR3410-2001-TestParamSet */, + 817 /* id-GostR3410-2001DH */, + 832 /* id-GostR3410-94-CryptoPro-A-ParamSet */, + 833 /* id-GostR3410-94-CryptoPro-B-ParamSet */, + 834 /* id-GostR3410-94-CryptoPro-C-ParamSet */, + 835 /* id-GostR3410-94-CryptoPro-D-ParamSet */, + 836 /* id-GostR3410-94-CryptoPro-XchA-ParamSet */, + 837 /* id-GostR3410-94-CryptoPro-XchB-ParamSet */, + 838 /* id-GostR3410-94-CryptoPro-XchC-ParamSet */, + 831 /* id-GostR3410-94-TestParamSet */, + 845 /* id-GostR3410-94-a */, + 846 /* id-GostR3410-94-aBis */, + 847 /* id-GostR3410-94-b */, + 848 /* id-GostR3410-94-bBis */, + 818 /* id-GostR3410-94DH */, + 822 /* id-GostR3411-94-CryptoProParamSet */, + 821 /* id-GostR3411-94-TestParamSet */, + 807 /* id-GostR3411-94-with-GostR3410-2001 */, + 853 /* id-GostR3411-94-with-GostR3410-2001-cc */, + 808 /* id-GostR3411-94-with-GostR3410-94 */, + 852 /* id-GostR3411-94-with-GostR3410-94-cc */, + 810 /* id-HMACGostR3411-94 */, + 782 /* id-PasswordBasedMAC */, + 266 /* id-aca */, + 355 /* id-aca-accessIdentity */, + 354 /* id-aca-authenticationInfo */, + 356 /* id-aca-chargingIdentity */, + 399 /* id-aca-encAttrs */, + 357 /* id-aca-group */, + 358 /* id-aca-role */, + 176 /* id-ad */, + 896 /* id-aes128-CCM */, + 895 /* id-aes128-GCM */, + 788 /* id-aes128-wrap */, + 897 /* id-aes128-wrap-pad */, + 899 /* id-aes192-CCM */, + 898 /* id-aes192-GCM */, + 789 /* id-aes192-wrap */, + 900 /* id-aes192-wrap-pad */, + 902 /* id-aes256-CCM */, + 901 /* id-aes256-GCM */, + 790 /* id-aes256-wrap */, + 903 /* id-aes256-wrap-pad */, + 262 /* id-alg */, + 893 /* id-alg-PWRI-KEK */, + 323 /* id-alg-des40 */, + 326 /* id-alg-dh-pop */, + 325 /* id-alg-dh-sig-hmac-sha1 */, + 324 /* id-alg-noSignature */, + 907 /* id-camellia128-wrap */, + 908 /* id-camellia192-wrap */, + 909 /* id-camellia256-wrap */, + 268 /* id-cct */, + 361 /* id-cct-PKIData */, + 362 /* id-cct-PKIResponse */, + 360 /* id-cct-crs */, + 81 /* id-ce */, + 680 /* id-characteristic-two-basis */, + 263 /* id-cmc */, + 334 /* id-cmc-addExtensions */, + 346 /* id-cmc-confirmCertAcceptance */, + 330 /* id-cmc-dataReturn */, + 336 /* id-cmc-decryptedPOP */, + 335 /* id-cmc-encryptedPOP */, + 339 /* id-cmc-getCRL */, + 338 /* id-cmc-getCert */, + 328 /* id-cmc-identification */, + 329 /* id-cmc-identityProof */, + 337 /* id-cmc-lraPOPWitness */, + 344 /* id-cmc-popLinkRandom */, + 345 /* id-cmc-popLinkWitness */, + 343 /* id-cmc-queryPending */, + 333 /* id-cmc-recipientNonce */, + 341 /* id-cmc-regInfo */, + 342 /* id-cmc-responseInfo */, + 340 /* id-cmc-revokeRequest */, + 332 /* id-cmc-senderNonce */, + 327 /* id-cmc-statusInfo */, + 331 /* id-cmc-transactionId */, + 787 /* id-ct-asciiTextWithCRLF */, + 408 /* id-ecPublicKey */, + 508 /* id-hex-multipart-message */, + 507 /* id-hex-partial-message */, + 260 /* id-it */, + 302 /* id-it-caKeyUpdateInfo */, + 298 /* id-it-caProtEncCert */, + 311 /* id-it-confirmWaitTime */, + 303 /* id-it-currentCRL */, + 300 /* id-it-encKeyPairTypes */, + 310 /* id-it-implicitConfirm */, + 308 /* id-it-keyPairParamRep */, + 307 /* id-it-keyPairParamReq */, + 312 /* id-it-origPKIMessage */, + 301 /* id-it-preferredSymmAlg */, + 309 /* id-it-revPassphrase */, + 299 /* id-it-signKeyPairTypes */, + 305 /* id-it-subscriptionRequest */, + 306 /* id-it-subscriptionResponse */, + 784 /* id-it-suppLangTags */, + 304 /* id-it-unsupportedOIDs */, + 128 /* id-kp */, + 280 /* id-mod-attribute-cert */, + 274 /* id-mod-cmc */, + 277 /* id-mod-cmp */, + 284 /* id-mod-cmp2000 */, + 273 /* id-mod-crmf */, + 283 /* id-mod-dvcs */, + 275 /* id-mod-kea-profile-88 */, + 276 /* id-mod-kea-profile-93 */, + 282 /* id-mod-ocsp */, + 278 /* id-mod-qualified-cert-88 */, + 279 /* id-mod-qualified-cert-93 */, + 281 /* id-mod-timestamp-protocol */, + 264 /* id-on */, + 858 /* id-on-permanentIdentifier */, + 347 /* id-on-personalData */, + 265 /* id-pda */, + 352 /* id-pda-countryOfCitizenship */, + 353 /* id-pda-countryOfResidence */, + 348 /* id-pda-dateOfBirth */, + 351 /* id-pda-gender */, + 349 /* id-pda-placeOfBirth */, + 175 /* id-pe */, + 261 /* id-pkip */, + 258 /* id-pkix-mod */, + 269 /* id-pkix1-explicit-88 */, + 271 /* id-pkix1-explicit-93 */, + 270 /* id-pkix1-implicit-88 */, + 272 /* id-pkix1-implicit-93 */, + 662 /* id-ppl */, + 664 /* id-ppl-anyLanguage */, + 667 /* id-ppl-independent */, + 665 /* id-ppl-inheritAll */, + 267 /* id-qcs */, + 359 /* id-qcs-pkixQCSyntax-v1 */, + 259 /* id-qt */, + 164 /* id-qt-cps */, + 165 /* id-qt-unotice */, + 313 /* id-regCtrl */, + 316 /* id-regCtrl-authenticator */, + 319 /* id-regCtrl-oldCertID */, + 318 /* id-regCtrl-pkiArchiveOptions */, + 317 /* id-regCtrl-pkiPublicationInfo */, + 320 /* id-regCtrl-protocolEncrKey */, + 315 /* id-regCtrl-regToken */, + 314 /* id-regInfo */, + 322 /* id-regInfo-certReq */, + 321 /* id-regInfo-utf8Pairs */, + 512 /* id-set */, + 191 /* id-smime-aa */, + 215 /* id-smime-aa-contentHint */, + 218 /* id-smime-aa-contentIdentifier */, + 221 /* id-smime-aa-contentReference */, + 240 /* id-smime-aa-dvcs-dvc */, + 217 /* id-smime-aa-encapContentType */, + 222 /* id-smime-aa-encrypKeyPref */, + 220 /* id-smime-aa-equivalentLabels */, + 232 /* id-smime-aa-ets-CertificateRefs */, + 233 /* id-smime-aa-ets-RevocationRefs */, + 238 /* id-smime-aa-ets-archiveTimeStamp */, + 237 /* id-smime-aa-ets-certCRLTimestamp */, + 234 /* id-smime-aa-ets-certValues */, + 227 /* id-smime-aa-ets-commitmentType */, + 231 /* id-smime-aa-ets-contentTimestamp */, + 236 /* id-smime-aa-ets-escTimeStamp */, + 230 /* id-smime-aa-ets-otherSigCert */, + 235 /* id-smime-aa-ets-revocationValues */, + 226 /* id-smime-aa-ets-sigPolicyId */, + 229 /* id-smime-aa-ets-signerAttr */, + 228 /* id-smime-aa-ets-signerLocation */, + 219 /* id-smime-aa-macValue */, + 214 /* id-smime-aa-mlExpandHistory */, + 216 /* id-smime-aa-msgSigDigest */, + 212 /* id-smime-aa-receiptRequest */, + 213 /* id-smime-aa-securityLabel */, + 239 /* id-smime-aa-signatureType */, + 223 /* id-smime-aa-signingCertificate */, + 224 /* id-smime-aa-smimeEncryptCerts */, + 225 /* id-smime-aa-timeStampToken */, + 192 /* id-smime-alg */, + 243 /* id-smime-alg-3DESwrap */, + 246 /* id-smime-alg-CMS3DESwrap */, + 247 /* id-smime-alg-CMSRC2wrap */, + 245 /* id-smime-alg-ESDH */, + 241 /* id-smime-alg-ESDHwith3DES */, + 242 /* id-smime-alg-ESDHwithRC2 */, + 244 /* id-smime-alg-RC2wrap */, + 193 /* id-smime-cd */, + 248 /* id-smime-cd-ldap */, + 190 /* id-smime-ct */, + 210 /* id-smime-ct-DVCSRequestData */, + 211 /* id-smime-ct-DVCSResponseData */, + 208 /* id-smime-ct-TDTInfo */, + 207 /* id-smime-ct-TSTInfo */, + 205 /* id-smime-ct-authData */, + 786 /* id-smime-ct-compressedData */, + 209 /* id-smime-ct-contentInfo */, + 206 /* id-smime-ct-publishCert */, + 204 /* id-smime-ct-receipt */, + 195 /* id-smime-cti */, + 255 /* id-smime-cti-ets-proofOfApproval */, + 256 /* id-smime-cti-ets-proofOfCreation */, + 253 /* id-smime-cti-ets-proofOfDelivery */, + 251 /* id-smime-cti-ets-proofOfOrigin */, + 252 /* id-smime-cti-ets-proofOfReceipt */, + 254 /* id-smime-cti-ets-proofOfSender */, + 189 /* id-smime-mod */, + 196 /* id-smime-mod-cms */, + 197 /* id-smime-mod-ess */, + 202 /* id-smime-mod-ets-eSigPolicy-88 */, + 203 /* id-smime-mod-ets-eSigPolicy-97 */, + 200 /* id-smime-mod-ets-eSignature-88 */, + 201 /* id-smime-mod-ets-eSignature-97 */, + 199 /* id-smime-mod-msg-v3 */, + 198 /* id-smime-mod-oid */, + 194 /* id-smime-spq */, + 250 /* id-smime-spq-ets-sqt-unotice */, + 249 /* id-smime-spq-ets-sqt-uri */, + 676 /* identified-organization */, + 461 /* info */, + 748 /* inhibitAnyPolicy */, + 101 /* initials */, + 647 /* international-organizations */, + 869 /* internationaliSDNNumber */, + 142 /* invalidityDate */, + 294 /* ipsecEndSystem */, + 295 /* ipsecTunnel */, + 296 /* ipsecUser */, + 86 /* issuerAltName */, + 770 /* issuingDistributionPoint */, + 492 /* janetMailbox */, + 150 /* keyBag */, + 83 /* keyUsage */, + 477 /* lastModifiedBy */, + 476 /* lastModifiedTime */, + 157 /* localKeyID */, + 480 /* mXRecord */, + 460 /* mail */, + 493 /* mailPreferenceOption */, + 467 /* manager */, + 809 /* md_gost94 */, + 875 /* member */, + 182 /* member-body */, + 51 /* messageDigest */, + 383 /* mgmt */, + 504 /* mime-mhs */, + 506 /* mime-mhs-bodies */, + 505 /* mime-mhs-headings */, + 488 /* mobileTelephoneNumber */, + 136 /* msCTLSign */, + 135 /* msCodeCom */, + 134 /* msCodeInd */, + 138 /* msEFS */, + 171 /* msExtReq */, + 137 /* msSGC */, + 648 /* msSmartcardLogin */, + 649 /* msUPN */, + 481 /* nSRecord */, + 173 /* name */, + 666 /* nameConstraints */, + 369 /* noCheck */, + 403 /* noRevAvail */, + 72 /* nsBaseUrl */, + 76 /* nsCaPolicyUrl */, + 74 /* nsCaRevocationUrl */, + 58 /* nsCertExt */, + 79 /* nsCertSequence */, + 71 /* nsCertType */, + 78 /* nsComment */, + 59 /* nsDataType */, + 75 /* nsRenewalUrl */, + 73 /* nsRevocationUrl */, + 139 /* nsSGC */, + 77 /* nsSslServerName */, + 681 /* onBasis */, + 491 /* organizationalStatus */, + 475 /* otherMailbox */, + 876 /* owner */, + 489 /* pagerTelephoneNumber */, + 374 /* path */, + 112 /* pbeWithMD5AndCast5CBC */, + 499 /* personalSignature */, + 487 /* personalTitle */, + 464 /* photo */, + 863 /* physicalDeliveryOfficeName */, + 437 /* pilot */, + 439 /* pilotAttributeSyntax */, + 438 /* pilotAttributeType */, + 479 /* pilotAttributeType27 */, + 456 /* pilotDSA */, + 441 /* pilotGroups */, + 444 /* pilotObject */, + 440 /* pilotObjectClass */, + 455 /* pilotOrganization */, + 445 /* pilotPerson */, + 2 /* pkcs */, + 186 /* pkcs1 */, + 27 /* pkcs3 */, + 187 /* pkcs5 */, + 20 /* pkcs7 */, + 21 /* pkcs7-data */, + 25 /* pkcs7-digestData */, + 26 /* pkcs7-encryptedData */, + 23 /* pkcs7-envelopedData */, + 24 /* pkcs7-signedAndEnvelopedData */, + 22 /* pkcs7-signedData */, + 151 /* pkcs8ShroudedKeyBag */, + 47 /* pkcs9 */, + 401 /* policyConstraints */, + 747 /* policyMappings */, + 862 /* postOfficeBox */, + 861 /* postalAddress */, + 661 /* postalCode */, + 683 /* ppBasis */, + 872 /* preferredDeliveryMethod */, + 873 /* presentationAddress */, + 816 /* prf-gostr3411-94 */, + 406 /* prime-field */, + 409 /* prime192v1 */, + 410 /* prime192v2 */, + 411 /* prime192v3 */, + 412 /* prime239v1 */, + 413 /* prime239v2 */, + 414 /* prime239v3 */, + 415 /* prime256v1 */, + 385 /* private */, + 84 /* privateKeyUsagePeriod */, + 886 /* protocolInformation */, + 663 /* proxyCertInfo */, + 510 /* pseudonym */, + 435 /* pss */, + 286 /* qcStatements */, + 457 /* qualityLabelledData */, + 450 /* rFC822localPart */, + 870 /* registeredAddress */, + 400 /* role */, + 877 /* roleOccupant */, + 448 /* room */, + 463 /* roomNumber */, + 6 /* rsaEncryption */, + 644 /* rsaOAEPEncryptionSET */, + 377 /* rsaSignature */, + 1 /* rsadsi */, + 482 /* sOARecord */, + 155 /* safeContentsBag */, + 291 /* sbgp-autonomousSysNum */, + 290 /* sbgp-ipAddrBlock */, + 292 /* sbgp-routerIdentifier */, + 159 /* sdsiCertificate */, + 859 /* searchGuide */, + 704 /* secp112r1 */, + 705 /* secp112r2 */, + 706 /* secp128r1 */, + 707 /* secp128r2 */, + 708 /* secp160k1 */, + 709 /* secp160r1 */, + 710 /* secp160r2 */, + 711 /* secp192k1 */, + 712 /* secp224k1 */, + 713 /* secp224r1 */, + 714 /* secp256k1 */, + 715 /* secp384r1 */, + 716 /* secp521r1 */, + 154 /* secretBag */, + 474 /* secretary */, + 717 /* sect113r1 */, + 718 /* sect113r2 */, + 719 /* sect131r1 */, + 720 /* sect131r2 */, + 721 /* sect163k1 */, + 722 /* sect163r1 */, + 723 /* sect163r2 */, + 724 /* sect193r1 */, + 725 /* sect193r2 */, + 726 /* sect233k1 */, + 727 /* sect233r1 */, + 728 /* sect239k1 */, + 729 /* sect283k1 */, + 730 /* sect283r1 */, + 731 /* sect409k1 */, + 732 /* sect409r1 */, + 733 /* sect571k1 */, + 734 /* sect571r1 */, + 386 /* security */, + 878 /* seeAlso */, + 394 /* selected-attribute-types */, + 105 /* serialNumber */, + 129 /* serverAuth */, + 371 /* serviceLocator */, + 625 /* set-addPolicy */, + 515 /* set-attr */, + 518 /* set-brand */, + 638 /* set-brand-AmericanExpress */, + 637 /* set-brand-Diners */, + 636 /* set-brand-IATA-ATA */, + 639 /* set-brand-JCB */, + 641 /* set-brand-MasterCard */, + 642 /* set-brand-Novus */, + 640 /* set-brand-Visa */, + 517 /* set-certExt */, + 513 /* set-ctype */, + 514 /* set-msgExt */, + 516 /* set-policy */, + 607 /* set-policy-root */, + 624 /* set-rootKeyThumb */, + 620 /* setAttr-Cert */, + 631 /* setAttr-GenCryptgrm */, + 623 /* setAttr-IssCap */, + 628 /* setAttr-IssCap-CVM */, + 630 /* setAttr-IssCap-Sig */, + 629 /* setAttr-IssCap-T2 */, + 621 /* setAttr-PGWYcap */, + 635 /* setAttr-SecDevSig */, + 632 /* setAttr-T2Enc */, + 633 /* setAttr-T2cleartxt */, + 634 /* setAttr-TokICCsig */, + 627 /* setAttr-Token-B0Prime */, + 626 /* setAttr-Token-EMV */, + 622 /* setAttr-TokenType */, + 619 /* setCext-IssuerCapabilities */, + 615 /* setCext-PGWYcapabilities */, + 616 /* setCext-TokenIdentifier */, + 618 /* setCext-TokenType */, + 617 /* setCext-Track2Data */, + 611 /* setCext-cCertRequired */, + 609 /* setCext-certType */, + 608 /* setCext-hashedRoot */, + 610 /* setCext-merchData */, + 613 /* setCext-setExt */, + 614 /* setCext-setQualf */, + 612 /* setCext-tunneling */, + 540 /* setct-AcqCardCodeMsg */, + 576 /* setct-AcqCardCodeMsgTBE */, + 570 /* setct-AuthReqTBE */, + 534 /* setct-AuthReqTBS */, + 527 /* setct-AuthResBaggage */, + 571 /* setct-AuthResTBE */, + 572 /* setct-AuthResTBEX */, + 535 /* setct-AuthResTBS */, + 536 /* setct-AuthResTBSX */, + 528 /* setct-AuthRevReqBaggage */, + 577 /* setct-AuthRevReqTBE */, + 541 /* setct-AuthRevReqTBS */, + 529 /* setct-AuthRevResBaggage */, + 542 /* setct-AuthRevResData */, + 578 /* setct-AuthRevResTBE */, + 579 /* setct-AuthRevResTBEB */, + 543 /* setct-AuthRevResTBS */, + 573 /* setct-AuthTokenTBE */, + 537 /* setct-AuthTokenTBS */, + 600 /* setct-BCIDistributionTBS */, + 558 /* setct-BatchAdminReqData */, + 592 /* setct-BatchAdminReqTBE */, + 559 /* setct-BatchAdminResData */, + 593 /* setct-BatchAdminResTBE */, + 599 /* setct-CRLNotificationResTBS */, + 598 /* setct-CRLNotificationTBS */, + 580 /* setct-CapReqTBE */, + 581 /* setct-CapReqTBEX */, + 544 /* setct-CapReqTBS */, + 545 /* setct-CapReqTBSX */, + 546 /* setct-CapResData */, + 582 /* setct-CapResTBE */, + 583 /* setct-CapRevReqTBE */, + 584 /* setct-CapRevReqTBEX */, + 547 /* setct-CapRevReqTBS */, + 548 /* setct-CapRevReqTBSX */, + 549 /* setct-CapRevResData */, + 585 /* setct-CapRevResTBE */, + 538 /* setct-CapTokenData */, + 530 /* setct-CapTokenSeq */, + 574 /* setct-CapTokenTBE */, + 575 /* setct-CapTokenTBEX */, + 539 /* setct-CapTokenTBS */, + 560 /* setct-CardCInitResTBS */, + 566 /* setct-CertInqReqTBS */, + 563 /* setct-CertReqData */, + 595 /* setct-CertReqTBE */, + 596 /* setct-CertReqTBEX */, + 564 /* setct-CertReqTBS */, + 565 /* setct-CertResData */, + 597 /* setct-CertResTBE */, + 586 /* setct-CredReqTBE */, + 587 /* setct-CredReqTBEX */, + 550 /* setct-CredReqTBS */, + 551 /* setct-CredReqTBSX */, + 552 /* setct-CredResData */, + 588 /* setct-CredResTBE */, + 589 /* setct-CredRevReqTBE */, + 590 /* setct-CredRevReqTBEX */, + 553 /* setct-CredRevReqTBS */, + 554 /* setct-CredRevReqTBSX */, + 555 /* setct-CredRevResData */, + 591 /* setct-CredRevResTBE */, + 567 /* setct-ErrorTBS */, + 526 /* setct-HODInput */, + 561 /* setct-MeAqCInitResTBS */, + 522 /* setct-OIData */, + 519 /* setct-PANData */, + 521 /* setct-PANOnly */, + 520 /* setct-PANToken */, + 556 /* setct-PCertReqData */, + 557 /* setct-PCertResTBS */, + 523 /* setct-PI */, + 532 /* setct-PI-TBS */, + 524 /* setct-PIData */, + 525 /* setct-PIDataUnsigned */, + 568 /* setct-PIDualSignedTBE */, + 569 /* setct-PIUnsignedTBE */, + 531 /* setct-PInitResData */, + 533 /* setct-PResData */, + 594 /* setct-RegFormReqTBE */, + 562 /* setct-RegFormResTBS */, + 606 /* setext-cv */, + 601 /* setext-genCrypt */, + 602 /* setext-miAuth */, + 604 /* setext-pinAny */, + 603 /* setext-pinSecure */, + 605 /* setext-track2 */, + 52 /* signingTime */, + 454 /* simpleSecurityObject */, + 496 /* singleLevelQuality */, + 387 /* snmpv2 */, + 660 /* street */, + 85 /* subjectAltName */, + 769 /* subjectDirectoryAttributes */, + 398 /* subjectInfoAccess */, + 82 /* subjectKeyIdentifier */, + 498 /* subtreeMaximumQuality */, + 497 /* subtreeMinimumQuality */, + 890 /* supportedAlgorithms */, + 874 /* supportedApplicationContext */, + 402 /* targetInformation */, + 864 /* telephoneNumber */, + 866 /* teletexTerminalIdentifier */, + 865 /* telexNumber */, + 459 /* textEncodedORAddress */, + 293 /* textNotice */, + 133 /* timeStamping */, + 106 /* title */, + 682 /* tpBasis */, + 375 /* trustRoot */, + 436 /* ucl */, + 888 /* uniqueMember */, + 55 /* unstructuredAddress */, + 49 /* unstructuredName */, + 880 /* userCertificate */, + 465 /* userClass */, + 879 /* userPassword */, + 373 /* valid */, + 678 /* wap */, + 679 /* wap-wsg */, + 735 /* wap-wsg-idm-ecid-wtls1 */, + 743 /* wap-wsg-idm-ecid-wtls10 */, + 744 /* wap-wsg-idm-ecid-wtls11 */, + 745 /* wap-wsg-idm-ecid-wtls12 */, + 736 /* wap-wsg-idm-ecid-wtls3 */, + 737 /* wap-wsg-idm-ecid-wtls4 */, + 738 /* wap-wsg-idm-ecid-wtls5 */, + 739 /* wap-wsg-idm-ecid-wtls6 */, + 740 /* wap-wsg-idm-ecid-wtls7 */, + 741 /* wap-wsg-idm-ecid-wtls8 */, + 742 /* wap-wsg-idm-ecid-wtls9 */, + 804 /* whirlpool */, + 868 /* x121Address */, + 503 /* x500UniqueIdentifier */, + 158 /* x509Certificate */, + 160 /* x509Crl */, }; -static const unsigned int kNIDsInLongNameOrder[NUM_LN]={ -363, /* "AD Time Stamping" */ -405, /* "ANSI X9.62" */ -368, /* "Acceptable OCSP Responses" */ -910, /* "Any Extended Key Usage" */ -664, /* "Any language" */ -177, /* "Authority Information Access" */ -365, /* "Basic OCSP Response" */ -285, /* "Biometric Info" */ -179, /* "CA Issuers" */ -785, /* "CA Repository" */ -131, /* "Code Signing" */ -783, /* "Diffie-Hellman based MAC" */ -382, /* "Directory" */ -392, /* "Domain" */ -132, /* "E-mail Protection" */ -389, /* "Enterprises" */ -384, /* "Experimental" */ -372, /* "Extended OCSP Status" */ -172, /* "Extension Request" */ -813, /* "GOST 28147-89" */ -849, /* "GOST 28147-89 Cryptocom ParamSet" */ -815, /* "GOST 28147-89 MAC" */ -851, /* "GOST 34.10-2001 Cryptocom" */ -850, /* "GOST 34.10-94 Cryptocom" */ -811, /* "GOST R 34.10-2001" */ -817, /* "GOST R 34.10-2001 DH" */ -812, /* "GOST R 34.10-94" */ -818, /* "GOST R 34.10-94 DH" */ -809, /* "GOST R 34.11-94" */ -816, /* "GOST R 34.11-94 PRF" */ -807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ -853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ -808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ -852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ -854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ -810, /* "HMAC GOST 34.11-94" */ -432, /* "Hold Instruction Call Issuer" */ -430, /* "Hold Instruction Code" */ -431, /* "Hold Instruction None" */ -433, /* "Hold Instruction Reject" */ -634, /* "ICC or token signature" */ -294, /* "IPSec End System" */ -295, /* "IPSec Tunnel" */ -296, /* "IPSec User" */ -182, /* "ISO Member Body" */ -183, /* "ISO US Member Body" */ -667, /* "Independent" */ -665, /* "Inherit all" */ -647, /* "International Organizations" */ -142, /* "Invalidity Date" */ -504, /* "MIME MHS" */ -388, /* "Mail" */ -383, /* "Management" */ -417, /* "Microsoft CSP Name" */ -135, /* "Microsoft Commercial Code Signing" */ -138, /* "Microsoft Encrypted File System" */ -171, /* "Microsoft Extension Request" */ -134, /* "Microsoft Individual Code Signing" */ -856, /* "Microsoft Local Key set" */ -137, /* "Microsoft Server Gated Crypto" */ -648, /* "Microsoft Smartcardlogin" */ -136, /* "Microsoft Trust List Signing" */ -649, /* "Microsoft Universal Principal Name" */ -393, /* "NULL" */ -404, /* "NULL" */ -72, /* "Netscape Base Url" */ -76, /* "Netscape CA Policy Url" */ -74, /* "Netscape CA Revocation Url" */ -71, /* "Netscape Cert Type" */ -58, /* "Netscape Certificate Extension" */ -79, /* "Netscape Certificate Sequence" */ -78, /* "Netscape Comment" */ -57, /* "Netscape Communications Corp." */ -59, /* "Netscape Data Type" */ -75, /* "Netscape Renewal Url" */ -73, /* "Netscape Revocation Url" */ -77, /* "Netscape SSL Server Name" */ -139, /* "Netscape Server Gated Crypto" */ -178, /* "OCSP" */ -370, /* "OCSP Archive Cutoff" */ -367, /* "OCSP CRL ID" */ -369, /* "OCSP No Check" */ -366, /* "OCSP Nonce" */ -371, /* "OCSP Service Locator" */ -180, /* "OCSP Signing" */ -161, /* "PBES2" */ -69, /* "PBKDF2" */ -162, /* "PBMAC1" */ -127, /* "PKIX" */ -858, /* "Permanent Identifier" */ -164, /* "Policy Qualifier CPS" */ -165, /* "Policy Qualifier User Notice" */ -385, /* "Private" */ -663, /* "Proxy Certificate Information" */ - 1, /* "RSA Data Security, Inc." */ - 2, /* "RSA Data Security, Inc. PKCS" */ -188, /* "S/MIME" */ -167, /* "S/MIME Capabilities" */ -387, /* "SNMPv2" */ -512, /* "Secure Electronic Transactions" */ -386, /* "Security" */ -394, /* "Selected Attribute Types" */ -143, /* "Strong Extranet ID" */ -398, /* "Subject Information Access" */ -130, /* "TLS Web Client Authentication" */ -129, /* "TLS Web Server Authentication" */ -133, /* "Time Stamping" */ -375, /* "Trust Root" */ -948, /* "X25519" */ -12, /* "X509" */ -402, /* "X509v3 AC Targeting" */ -746, /* "X509v3 Any Policy" */ -90, /* "X509v3 Authority Key Identifier" */ -87, /* "X509v3 Basic Constraints" */ -103, /* "X509v3 CRL Distribution Points" */ -88, /* "X509v3 CRL Number" */ -141, /* "X509v3 CRL Reason Code" */ -771, /* "X509v3 Certificate Issuer" */ -89, /* "X509v3 Certificate Policies" */ -140, /* "X509v3 Delta CRL Indicator" */ -126, /* "X509v3 Extended Key Usage" */ -857, /* "X509v3 Freshest CRL" */ -748, /* "X509v3 Inhibit Any Policy" */ -86, /* "X509v3 Issuer Alternative Name" */ -770, /* "X509v3 Issuing Distribution Point" */ -83, /* "X509v3 Key Usage" */ -666, /* "X509v3 Name Constraints" */ -403, /* "X509v3 No Revocation Available" */ -401, /* "X509v3 Policy Constraints" */ -747, /* "X509v3 Policy Mappings" */ -84, /* "X509v3 Private Key Usage Period" */ -85, /* "X509v3 Subject Alternative Name" */ -769, /* "X509v3 Subject Directory Attributes" */ -82, /* "X509v3 Subject Key Identifier" */ -920, /* "X9.42 DH" */ -184, /* "X9.57" */ -185, /* "X9.57 CM ?" */ -478, /* "aRecord" */ -289, /* "aaControls" */ -287, /* "ac-auditEntity" */ -397, /* "ac-proxying" */ -288, /* "ac-targeting" */ -446, /* "account" */ -364, /* "ad dvcs" */ -606, /* "additional verification" */ -419, /* "aes-128-cbc" */ -916, /* "aes-128-cbc-hmac-sha1" */ -896, /* "aes-128-ccm" */ -421, /* "aes-128-cfb" */ -650, /* "aes-128-cfb1" */ -653, /* "aes-128-cfb8" */ -904, /* "aes-128-ctr" */ -418, /* "aes-128-ecb" */ -895, /* "aes-128-gcm" */ -420, /* "aes-128-ofb" */ -913, /* "aes-128-xts" */ -423, /* "aes-192-cbc" */ -917, /* "aes-192-cbc-hmac-sha1" */ -899, /* "aes-192-ccm" */ -425, /* "aes-192-cfb" */ -651, /* "aes-192-cfb1" */ -654, /* "aes-192-cfb8" */ -905, /* "aes-192-ctr" */ -422, /* "aes-192-ecb" */ -898, /* "aes-192-gcm" */ -424, /* "aes-192-ofb" */ -427, /* "aes-256-cbc" */ -918, /* "aes-256-cbc-hmac-sha1" */ -902, /* "aes-256-ccm" */ -429, /* "aes-256-cfb" */ -652, /* "aes-256-cfb1" */ -655, /* "aes-256-cfb8" */ -906, /* "aes-256-ctr" */ -426, /* "aes-256-ecb" */ -901, /* "aes-256-gcm" */ -428, /* "aes-256-ofb" */ -914, /* "aes-256-xts" */ -376, /* "algorithm" */ -484, /* "associatedDomain" */ -485, /* "associatedName" */ -501, /* "audio" */ -882, /* "authorityRevocationList" */ -91, /* "bf-cbc" */ -93, /* "bf-cfb" */ -92, /* "bf-ecb" */ -94, /* "bf-ofb" */ -921, /* "brainpoolP160r1" */ -922, /* "brainpoolP160t1" */ -923, /* "brainpoolP192r1" */ -924, /* "brainpoolP192t1" */ -925, /* "brainpoolP224r1" */ -926, /* "brainpoolP224t1" */ -927, /* "brainpoolP256r1" */ -928, /* "brainpoolP256t1" */ -929, /* "brainpoolP320r1" */ -930, /* "brainpoolP320t1" */ -931, /* "brainpoolP384r1" */ -932, /* "brainpoolP384t1" */ -933, /* "brainpoolP512r1" */ -934, /* "brainpoolP512t1" */ -494, /* "buildingName" */ -860, /* "businessCategory" */ -691, /* "c2onb191v4" */ -692, /* "c2onb191v5" */ -697, /* "c2onb239v4" */ -698, /* "c2onb239v5" */ -684, /* "c2pnb163v1" */ -685, /* "c2pnb163v2" */ -686, /* "c2pnb163v3" */ -687, /* "c2pnb176v1" */ -693, /* "c2pnb208w1" */ -699, /* "c2pnb272w1" */ -700, /* "c2pnb304w1" */ -702, /* "c2pnb368w1" */ -688, /* "c2tnb191v1" */ -689, /* "c2tnb191v2" */ -690, /* "c2tnb191v3" */ -694, /* "c2tnb239v1" */ -695, /* "c2tnb239v2" */ -696, /* "c2tnb239v3" */ -701, /* "c2tnb359v1" */ -703, /* "c2tnb431r1" */ -881, /* "cACertificate" */ -483, /* "cNAMERecord" */ -751, /* "camellia-128-cbc" */ -757, /* "camellia-128-cfb" */ -760, /* "camellia-128-cfb1" */ -763, /* "camellia-128-cfb8" */ -754, /* "camellia-128-ecb" */ -766, /* "camellia-128-ofb" */ -752, /* "camellia-192-cbc" */ -758, /* "camellia-192-cfb" */ -761, /* "camellia-192-cfb1" */ -764, /* "camellia-192-cfb8" */ -755, /* "camellia-192-ecb" */ -767, /* "camellia-192-ofb" */ -753, /* "camellia-256-cbc" */ -759, /* "camellia-256-cfb" */ -762, /* "camellia-256-cfb1" */ -765, /* "camellia-256-cfb8" */ -756, /* "camellia-256-ecb" */ -768, /* "camellia-256-ofb" */ -443, /* "caseIgnoreIA5StringSyntax" */ -108, /* "cast5-cbc" */ -110, /* "cast5-cfb" */ -109, /* "cast5-ecb" */ -111, /* "cast5-ofb" */ -152, /* "certBag" */ -677, /* "certicom-arc" */ -517, /* "certificate extensions" */ -883, /* "certificateRevocationList" */ -54, /* "challengePassword" */ -407, /* "characteristic-two-field" */ -395, /* "clearance" */ -633, /* "cleartext track 2" */ -894, /* "cmac" */ -13, /* "commonName" */ -513, /* "content types" */ -50, /* "contentType" */ -53, /* "countersignature" */ -14, /* "countryName" */ -153, /* "crlBag" */ -884, /* "crossCertificatePair" */ -806, /* "cryptocom" */ -805, /* "cryptopro" */ -500, /* "dITRedirect" */ -451, /* "dNSDomain" */ -495, /* "dSAQuality" */ -434, /* "data" */ -390, /* "dcObject" */ -891, /* "deltaRevocationList" */ -31, /* "des-cbc" */ -643, /* "des-cdmf" */ -30, /* "des-cfb" */ -656, /* "des-cfb1" */ -657, /* "des-cfb8" */ -29, /* "des-ecb" */ -32, /* "des-ede" */ -43, /* "des-ede-cbc" */ -60, /* "des-ede-cfb" */ -62, /* "des-ede-ofb" */ -33, /* "des-ede3" */ -44, /* "des-ede3-cbc" */ -61, /* "des-ede3-cfb" */ -658, /* "des-ede3-cfb1" */ -659, /* "des-ede3-cfb8" */ -63, /* "des-ede3-ofb" */ -45, /* "des-ofb" */ -107, /* "description" */ -871, /* "destinationIndicator" */ -80, /* "desx-cbc" */ -947, /* "dh-cofactor-kdf" */ -946, /* "dh-std-kdf" */ -28, /* "dhKeyAgreement" */ -941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ -11, /* "directory services (X.500)" */ -378, /* "directory services - algorithms" */ -887, /* "distinguishedName" */ -892, /* "dmdName" */ -174, /* "dnQualifier" */ -447, /* "document" */ -471, /* "documentAuthor" */ -468, /* "documentIdentifier" */ -472, /* "documentLocation" */ -502, /* "documentPublisher" */ -449, /* "documentSeries" */ -469, /* "documentTitle" */ -470, /* "documentVersion" */ -380, /* "dod" */ -391, /* "domainComponent" */ -452, /* "domainRelatedObject" */ -116, /* "dsaEncryption" */ -67, /* "dsaEncryption-old" */ -66, /* "dsaWithSHA" */ -113, /* "dsaWithSHA1" */ -70, /* "dsaWithSHA1-old" */ -802, /* "dsa_with_SHA224" */ -803, /* "dsa_with_SHA256" */ -297, /* "dvcs" */ -791, /* "ecdsa-with-Recommended" */ -416, /* "ecdsa-with-SHA1" */ -793, /* "ecdsa-with-SHA224" */ -794, /* "ecdsa-with-SHA256" */ -795, /* "ecdsa-with-SHA384" */ -796, /* "ecdsa-with-SHA512" */ -792, /* "ecdsa-with-Specified" */ -48, /* "emailAddress" */ -632, /* "encrypted track 2" */ -885, /* "enhancedSearchGuide" */ -56, /* "extendedCertificateAttributes" */ -867, /* "facsimileTelephoneNumber" */ -462, /* "favouriteDrink" */ -453, /* "friendlyCountry" */ -490, /* "friendlyCountryName" */ -156, /* "friendlyName" */ -631, /* "generate cryptogram" */ -509, /* "generationQualifier" */ -601, /* "generic cryptogram" */ -99, /* "givenName" */ -814, /* "gost89-cnt" */ -855, /* "hmac" */ -780, /* "hmac-md5" */ -781, /* "hmac-sha1" */ -797, /* "hmacWithMD5" */ -163, /* "hmacWithSHA1" */ -798, /* "hmacWithSHA224" */ -799, /* "hmacWithSHA256" */ -800, /* "hmacWithSHA384" */ -801, /* "hmacWithSHA512" */ -486, /* "homePostalAddress" */ -473, /* "homeTelephoneNumber" */ -466, /* "host" */ -889, /* "houseIdentifier" */ -442, /* "iA5StringSyntax" */ -381, /* "iana" */ -824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -820, /* "id-Gost28147-89-None-KeyMeshing" */ -823, /* "id-Gost28147-89-TestParamSet" */ -840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -839, /* "id-GostR3410-2001-TestParamSet" */ -832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -831, /* "id-GostR3410-94-TestParamSet" */ -845, /* "id-GostR3410-94-a" */ -846, /* "id-GostR3410-94-aBis" */ -847, /* "id-GostR3410-94-b" */ -848, /* "id-GostR3410-94-bBis" */ -822, /* "id-GostR3411-94-CryptoProParamSet" */ -821, /* "id-GostR3411-94-TestParamSet" */ -266, /* "id-aca" */ -355, /* "id-aca-accessIdentity" */ -354, /* "id-aca-authenticationInfo" */ -356, /* "id-aca-chargingIdentity" */ -399, /* "id-aca-encAttrs" */ -357, /* "id-aca-group" */ -358, /* "id-aca-role" */ -176, /* "id-ad" */ -788, /* "id-aes128-wrap" */ -897, /* "id-aes128-wrap-pad" */ -789, /* "id-aes192-wrap" */ -900, /* "id-aes192-wrap-pad" */ -790, /* "id-aes256-wrap" */ -903, /* "id-aes256-wrap-pad" */ -262, /* "id-alg" */ -893, /* "id-alg-PWRI-KEK" */ -323, /* "id-alg-des40" */ -326, /* "id-alg-dh-pop" */ -325, /* "id-alg-dh-sig-hmac-sha1" */ -324, /* "id-alg-noSignature" */ -907, /* "id-camellia128-wrap" */ -908, /* "id-camellia192-wrap" */ -909, /* "id-camellia256-wrap" */ -268, /* "id-cct" */ -361, /* "id-cct-PKIData" */ -362, /* "id-cct-PKIResponse" */ -360, /* "id-cct-crs" */ -81, /* "id-ce" */ -680, /* "id-characteristic-two-basis" */ -263, /* "id-cmc" */ -334, /* "id-cmc-addExtensions" */ -346, /* "id-cmc-confirmCertAcceptance" */ -330, /* "id-cmc-dataReturn" */ -336, /* "id-cmc-decryptedPOP" */ -335, /* "id-cmc-encryptedPOP" */ -339, /* "id-cmc-getCRL" */ -338, /* "id-cmc-getCert" */ -328, /* "id-cmc-identification" */ -329, /* "id-cmc-identityProof" */ -337, /* "id-cmc-lraPOPWitness" */ -344, /* "id-cmc-popLinkRandom" */ -345, /* "id-cmc-popLinkWitness" */ -343, /* "id-cmc-queryPending" */ -333, /* "id-cmc-recipientNonce" */ -341, /* "id-cmc-regInfo" */ -342, /* "id-cmc-responseInfo" */ -340, /* "id-cmc-revokeRequest" */ -332, /* "id-cmc-senderNonce" */ -327, /* "id-cmc-statusInfo" */ -331, /* "id-cmc-transactionId" */ -787, /* "id-ct-asciiTextWithCRLF" */ -408, /* "id-ecPublicKey" */ -508, /* "id-hex-multipart-message" */ -507, /* "id-hex-partial-message" */ -260, /* "id-it" */ -302, /* "id-it-caKeyUpdateInfo" */ -298, /* "id-it-caProtEncCert" */ -311, /* "id-it-confirmWaitTime" */ -303, /* "id-it-currentCRL" */ -300, /* "id-it-encKeyPairTypes" */ -310, /* "id-it-implicitConfirm" */ -308, /* "id-it-keyPairParamRep" */ -307, /* "id-it-keyPairParamReq" */ -312, /* "id-it-origPKIMessage" */ -301, /* "id-it-preferredSymmAlg" */ -309, /* "id-it-revPassphrase" */ -299, /* "id-it-signKeyPairTypes" */ -305, /* "id-it-subscriptionRequest" */ -306, /* "id-it-subscriptionResponse" */ -784, /* "id-it-suppLangTags" */ -304, /* "id-it-unsupportedOIDs" */ -128, /* "id-kp" */ -280, /* "id-mod-attribute-cert" */ -274, /* "id-mod-cmc" */ -277, /* "id-mod-cmp" */ -284, /* "id-mod-cmp2000" */ -273, /* "id-mod-crmf" */ -283, /* "id-mod-dvcs" */ -275, /* "id-mod-kea-profile-88" */ -276, /* "id-mod-kea-profile-93" */ -282, /* "id-mod-ocsp" */ -278, /* "id-mod-qualified-cert-88" */ -279, /* "id-mod-qualified-cert-93" */ -281, /* "id-mod-timestamp-protocol" */ -264, /* "id-on" */ -347, /* "id-on-personalData" */ -265, /* "id-pda" */ -352, /* "id-pda-countryOfCitizenship" */ -353, /* "id-pda-countryOfResidence" */ -348, /* "id-pda-dateOfBirth" */ -351, /* "id-pda-gender" */ -349, /* "id-pda-placeOfBirth" */ -175, /* "id-pe" */ -261, /* "id-pkip" */ -258, /* "id-pkix-mod" */ -269, /* "id-pkix1-explicit-88" */ -271, /* "id-pkix1-explicit-93" */ -270, /* "id-pkix1-implicit-88" */ -272, /* "id-pkix1-implicit-93" */ -662, /* "id-ppl" */ -267, /* "id-qcs" */ -359, /* "id-qcs-pkixQCSyntax-v1" */ -259, /* "id-qt" */ -313, /* "id-regCtrl" */ -316, /* "id-regCtrl-authenticator" */ -319, /* "id-regCtrl-oldCertID" */ -318, /* "id-regCtrl-pkiArchiveOptions" */ -317, /* "id-regCtrl-pkiPublicationInfo" */ -320, /* "id-regCtrl-protocolEncrKey" */ -315, /* "id-regCtrl-regToken" */ -314, /* "id-regInfo" */ -322, /* "id-regInfo-certReq" */ -321, /* "id-regInfo-utf8Pairs" */ -191, /* "id-smime-aa" */ -215, /* "id-smime-aa-contentHint" */ -218, /* "id-smime-aa-contentIdentifier" */ -221, /* "id-smime-aa-contentReference" */ -240, /* "id-smime-aa-dvcs-dvc" */ -217, /* "id-smime-aa-encapContentType" */ -222, /* "id-smime-aa-encrypKeyPref" */ -220, /* "id-smime-aa-equivalentLabels" */ -232, /* "id-smime-aa-ets-CertificateRefs" */ -233, /* "id-smime-aa-ets-RevocationRefs" */ -238, /* "id-smime-aa-ets-archiveTimeStamp" */ -237, /* "id-smime-aa-ets-certCRLTimestamp" */ -234, /* "id-smime-aa-ets-certValues" */ -227, /* "id-smime-aa-ets-commitmentType" */ -231, /* "id-smime-aa-ets-contentTimestamp" */ -236, /* "id-smime-aa-ets-escTimeStamp" */ -230, /* "id-smime-aa-ets-otherSigCert" */ -235, /* "id-smime-aa-ets-revocationValues" */ -226, /* "id-smime-aa-ets-sigPolicyId" */ -229, /* "id-smime-aa-ets-signerAttr" */ -228, /* "id-smime-aa-ets-signerLocation" */ -219, /* "id-smime-aa-macValue" */ -214, /* "id-smime-aa-mlExpandHistory" */ -216, /* "id-smime-aa-msgSigDigest" */ -212, /* "id-smime-aa-receiptRequest" */ -213, /* "id-smime-aa-securityLabel" */ -239, /* "id-smime-aa-signatureType" */ -223, /* "id-smime-aa-signingCertificate" */ -224, /* "id-smime-aa-smimeEncryptCerts" */ -225, /* "id-smime-aa-timeStampToken" */ -192, /* "id-smime-alg" */ -243, /* "id-smime-alg-3DESwrap" */ -246, /* "id-smime-alg-CMS3DESwrap" */ -247, /* "id-smime-alg-CMSRC2wrap" */ -245, /* "id-smime-alg-ESDH" */ -241, /* "id-smime-alg-ESDHwith3DES" */ -242, /* "id-smime-alg-ESDHwithRC2" */ -244, /* "id-smime-alg-RC2wrap" */ -193, /* "id-smime-cd" */ -248, /* "id-smime-cd-ldap" */ -190, /* "id-smime-ct" */ -210, /* "id-smime-ct-DVCSRequestData" */ -211, /* "id-smime-ct-DVCSResponseData" */ -208, /* "id-smime-ct-TDTInfo" */ -207, /* "id-smime-ct-TSTInfo" */ -205, /* "id-smime-ct-authData" */ -786, /* "id-smime-ct-compressedData" */ -209, /* "id-smime-ct-contentInfo" */ -206, /* "id-smime-ct-publishCert" */ -204, /* "id-smime-ct-receipt" */ -195, /* "id-smime-cti" */ -255, /* "id-smime-cti-ets-proofOfApproval" */ -256, /* "id-smime-cti-ets-proofOfCreation" */ -253, /* "id-smime-cti-ets-proofOfDelivery" */ -251, /* "id-smime-cti-ets-proofOfOrigin" */ -252, /* "id-smime-cti-ets-proofOfReceipt" */ -254, /* "id-smime-cti-ets-proofOfSender" */ -189, /* "id-smime-mod" */ -196, /* "id-smime-mod-cms" */ -197, /* "id-smime-mod-ess" */ -202, /* "id-smime-mod-ets-eSigPolicy-88" */ -203, /* "id-smime-mod-ets-eSigPolicy-97" */ -200, /* "id-smime-mod-ets-eSignature-88" */ -201, /* "id-smime-mod-ets-eSignature-97" */ -199, /* "id-smime-mod-msg-v3" */ -198, /* "id-smime-mod-oid" */ -194, /* "id-smime-spq" */ -250, /* "id-smime-spq-ets-sqt-unotice" */ -249, /* "id-smime-spq-ets-sqt-uri" */ -34, /* "idea-cbc" */ -35, /* "idea-cfb" */ -36, /* "idea-ecb" */ -46, /* "idea-ofb" */ -676, /* "identified-organization" */ -461, /* "info" */ -101, /* "initials" */ -869, /* "internationaliSDNNumber" */ -749, /* "ipsec3" */ -750, /* "ipsec4" */ -181, /* "iso" */ -623, /* "issuer capabilities" */ -645, /* "itu-t" */ -492, /* "janetMailbox" */ -646, /* "joint-iso-itu-t" */ -150, /* "keyBag" */ -773, /* "kisa" */ -477, /* "lastModifiedBy" */ -476, /* "lastModifiedTime" */ -157, /* "localKeyID" */ -15, /* "localityName" */ -480, /* "mXRecord" */ -493, /* "mailPreferenceOption" */ -467, /* "manager" */ - 3, /* "md2" */ - 7, /* "md2WithRSAEncryption" */ -257, /* "md4" */ -396, /* "md4WithRSAEncryption" */ - 4, /* "md5" */ -114, /* "md5-sha1" */ -104, /* "md5WithRSA" */ - 8, /* "md5WithRSAEncryption" */ -95, /* "mdc2" */ -96, /* "mdc2WithRSA" */ -875, /* "member" */ -602, /* "merchant initiated auth" */ -514, /* "message extensions" */ -51, /* "messageDigest" */ -911, /* "mgf1" */ -506, /* "mime-mhs-bodies" */ -505, /* "mime-mhs-headings" */ -488, /* "mobileTelephoneNumber" */ -481, /* "nSRecord" */ -173, /* "name" */ -681, /* "onBasis" */ -379, /* "org" */ -17, /* "organizationName" */ -491, /* "organizationalStatus" */ -18, /* "organizationalUnitName" */ -475, /* "otherMailbox" */ -876, /* "owner" */ -935, /* "pSpecified" */ -489, /* "pagerTelephoneNumber" */ -782, /* "password based MAC" */ -374, /* "path" */ -621, /* "payment gateway capabilities" */ - 9, /* "pbeWithMD2AndDES-CBC" */ -168, /* "pbeWithMD2AndRC2-CBC" */ -112, /* "pbeWithMD5AndCast5CBC" */ -10, /* "pbeWithMD5AndDES-CBC" */ -169, /* "pbeWithMD5AndRC2-CBC" */ -148, /* "pbeWithSHA1And128BitRC2-CBC" */ -144, /* "pbeWithSHA1And128BitRC4" */ -147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ -146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ -149, /* "pbeWithSHA1And40BitRC2-CBC" */ -145, /* "pbeWithSHA1And40BitRC4" */ -170, /* "pbeWithSHA1AndDES-CBC" */ -68, /* "pbeWithSHA1AndRC2-CBC" */ -499, /* "personalSignature" */ -487, /* "personalTitle" */ -464, /* "photo" */ -863, /* "physicalDeliveryOfficeName" */ -437, /* "pilot" */ -439, /* "pilotAttributeSyntax" */ -438, /* "pilotAttributeType" */ -479, /* "pilotAttributeType27" */ -456, /* "pilotDSA" */ -441, /* "pilotGroups" */ -444, /* "pilotObject" */ -440, /* "pilotObjectClass" */ -455, /* "pilotOrganization" */ -445, /* "pilotPerson" */ -186, /* "pkcs1" */ -27, /* "pkcs3" */ -187, /* "pkcs5" */ -20, /* "pkcs7" */ -21, /* "pkcs7-data" */ -25, /* "pkcs7-digestData" */ -26, /* "pkcs7-encryptedData" */ -23, /* "pkcs7-envelopedData" */ -24, /* "pkcs7-signedAndEnvelopedData" */ -22, /* "pkcs7-signedData" */ -151, /* "pkcs8ShroudedKeyBag" */ -47, /* "pkcs9" */ -862, /* "postOfficeBox" */ -861, /* "postalAddress" */ -661, /* "postalCode" */ -683, /* "ppBasis" */ -872, /* "preferredDeliveryMethod" */ -873, /* "presentationAddress" */ -406, /* "prime-field" */ -409, /* "prime192v1" */ -410, /* "prime192v2" */ -411, /* "prime192v3" */ -412, /* "prime239v1" */ -413, /* "prime239v2" */ -414, /* "prime239v3" */ -415, /* "prime256v1" */ -886, /* "protocolInformation" */ -510, /* "pseudonym" */ -435, /* "pss" */ -286, /* "qcStatements" */ -457, /* "qualityLabelledData" */ -450, /* "rFC822localPart" */ -98, /* "rc2-40-cbc" */ -166, /* "rc2-64-cbc" */ -37, /* "rc2-cbc" */ -39, /* "rc2-cfb" */ -38, /* "rc2-ecb" */ -40, /* "rc2-ofb" */ - 5, /* "rc4" */ -97, /* "rc4-40" */ -915, /* "rc4-hmac-md5" */ -120, /* "rc5-cbc" */ -122, /* "rc5-cfb" */ -121, /* "rc5-ecb" */ -123, /* "rc5-ofb" */ -870, /* "registeredAddress" */ -460, /* "rfc822Mailbox" */ -117, /* "ripemd160" */ -119, /* "ripemd160WithRSA" */ -400, /* "role" */ -877, /* "roleOccupant" */ -448, /* "room" */ -463, /* "roomNumber" */ -19, /* "rsa" */ - 6, /* "rsaEncryption" */ -644, /* "rsaOAEPEncryptionSET" */ -377, /* "rsaSignature" */ -919, /* "rsaesOaep" */ -912, /* "rsassaPss" */ -482, /* "sOARecord" */ -155, /* "safeContentsBag" */ -291, /* "sbgp-autonomousSysNum" */ -290, /* "sbgp-ipAddrBlock" */ -292, /* "sbgp-routerIdentifier" */ -159, /* "sdsiCertificate" */ -859, /* "searchGuide" */ -704, /* "secp112r1" */ -705, /* "secp112r2" */ -706, /* "secp128r1" */ -707, /* "secp128r2" */ -708, /* "secp160k1" */ -709, /* "secp160r1" */ -710, /* "secp160r2" */ -711, /* "secp192k1" */ -712, /* "secp224k1" */ -713, /* "secp224r1" */ -714, /* "secp256k1" */ -715, /* "secp384r1" */ -716, /* "secp521r1" */ -154, /* "secretBag" */ -474, /* "secretary" */ -717, /* "sect113r1" */ -718, /* "sect113r2" */ -719, /* "sect131r1" */ -720, /* "sect131r2" */ -721, /* "sect163k1" */ -722, /* "sect163r1" */ -723, /* "sect163r2" */ -724, /* "sect193r1" */ -725, /* "sect193r2" */ -726, /* "sect233k1" */ -727, /* "sect233r1" */ -728, /* "sect239k1" */ -729, /* "sect283k1" */ -730, /* "sect283r1" */ -731, /* "sect409k1" */ -732, /* "sect409r1" */ -733, /* "sect571k1" */ -734, /* "sect571r1" */ -635, /* "secure device signature" */ -878, /* "seeAlso" */ -777, /* "seed-cbc" */ -779, /* "seed-cfb" */ -776, /* "seed-ecb" */ -778, /* "seed-ofb" */ -105, /* "serialNumber" */ -625, /* "set-addPolicy" */ -515, /* "set-attr" */ -518, /* "set-brand" */ -638, /* "set-brand-AmericanExpress" */ -637, /* "set-brand-Diners" */ -636, /* "set-brand-IATA-ATA" */ -639, /* "set-brand-JCB" */ -641, /* "set-brand-MasterCard" */ -642, /* "set-brand-Novus" */ -640, /* "set-brand-Visa" */ -516, /* "set-policy" */ -607, /* "set-policy-root" */ -624, /* "set-rootKeyThumb" */ -620, /* "setAttr-Cert" */ -628, /* "setAttr-IssCap-CVM" */ -630, /* "setAttr-IssCap-Sig" */ -629, /* "setAttr-IssCap-T2" */ -627, /* "setAttr-Token-B0Prime" */ -626, /* "setAttr-Token-EMV" */ -622, /* "setAttr-TokenType" */ -619, /* "setCext-IssuerCapabilities" */ -615, /* "setCext-PGWYcapabilities" */ -616, /* "setCext-TokenIdentifier" */ -618, /* "setCext-TokenType" */ -617, /* "setCext-Track2Data" */ -611, /* "setCext-cCertRequired" */ -609, /* "setCext-certType" */ -608, /* "setCext-hashedRoot" */ -610, /* "setCext-merchData" */ -613, /* "setCext-setExt" */ -614, /* "setCext-setQualf" */ -612, /* "setCext-tunneling" */ -540, /* "setct-AcqCardCodeMsg" */ -576, /* "setct-AcqCardCodeMsgTBE" */ -570, /* "setct-AuthReqTBE" */ -534, /* "setct-AuthReqTBS" */ -527, /* "setct-AuthResBaggage" */ -571, /* "setct-AuthResTBE" */ -572, /* "setct-AuthResTBEX" */ -535, /* "setct-AuthResTBS" */ -536, /* "setct-AuthResTBSX" */ -528, /* "setct-AuthRevReqBaggage" */ -577, /* "setct-AuthRevReqTBE" */ -541, /* "setct-AuthRevReqTBS" */ -529, /* "setct-AuthRevResBaggage" */ -542, /* "setct-AuthRevResData" */ -578, /* "setct-AuthRevResTBE" */ -579, /* "setct-AuthRevResTBEB" */ -543, /* "setct-AuthRevResTBS" */ -573, /* "setct-AuthTokenTBE" */ -537, /* "setct-AuthTokenTBS" */ -600, /* "setct-BCIDistributionTBS" */ -558, /* "setct-BatchAdminReqData" */ -592, /* "setct-BatchAdminReqTBE" */ -559, /* "setct-BatchAdminResData" */ -593, /* "setct-BatchAdminResTBE" */ -599, /* "setct-CRLNotificationResTBS" */ -598, /* "setct-CRLNotificationTBS" */ -580, /* "setct-CapReqTBE" */ -581, /* "setct-CapReqTBEX" */ -544, /* "setct-CapReqTBS" */ -545, /* "setct-CapReqTBSX" */ -546, /* "setct-CapResData" */ -582, /* "setct-CapResTBE" */ -583, /* "setct-CapRevReqTBE" */ -584, /* "setct-CapRevReqTBEX" */ -547, /* "setct-CapRevReqTBS" */ -548, /* "setct-CapRevReqTBSX" */ -549, /* "setct-CapRevResData" */ -585, /* "setct-CapRevResTBE" */ -538, /* "setct-CapTokenData" */ -530, /* "setct-CapTokenSeq" */ -574, /* "setct-CapTokenTBE" */ -575, /* "setct-CapTokenTBEX" */ -539, /* "setct-CapTokenTBS" */ -560, /* "setct-CardCInitResTBS" */ -566, /* "setct-CertInqReqTBS" */ -563, /* "setct-CertReqData" */ -595, /* "setct-CertReqTBE" */ -596, /* "setct-CertReqTBEX" */ -564, /* "setct-CertReqTBS" */ -565, /* "setct-CertResData" */ -597, /* "setct-CertResTBE" */ -586, /* "setct-CredReqTBE" */ -587, /* "setct-CredReqTBEX" */ -550, /* "setct-CredReqTBS" */ -551, /* "setct-CredReqTBSX" */ -552, /* "setct-CredResData" */ -588, /* "setct-CredResTBE" */ -589, /* "setct-CredRevReqTBE" */ -590, /* "setct-CredRevReqTBEX" */ -553, /* "setct-CredRevReqTBS" */ -554, /* "setct-CredRevReqTBSX" */ -555, /* "setct-CredRevResData" */ -591, /* "setct-CredRevResTBE" */ -567, /* "setct-ErrorTBS" */ -526, /* "setct-HODInput" */ -561, /* "setct-MeAqCInitResTBS" */ -522, /* "setct-OIData" */ -519, /* "setct-PANData" */ -521, /* "setct-PANOnly" */ -520, /* "setct-PANToken" */ -556, /* "setct-PCertReqData" */ -557, /* "setct-PCertResTBS" */ -523, /* "setct-PI" */ -532, /* "setct-PI-TBS" */ -524, /* "setct-PIData" */ -525, /* "setct-PIDataUnsigned" */ -568, /* "setct-PIDualSignedTBE" */ -569, /* "setct-PIUnsignedTBE" */ -531, /* "setct-PInitResData" */ -533, /* "setct-PResData" */ -594, /* "setct-RegFormReqTBE" */ -562, /* "setct-RegFormResTBS" */ -604, /* "setext-pinAny" */ -603, /* "setext-pinSecure" */ -605, /* "setext-track2" */ -41, /* "sha" */ -64, /* "sha1" */ -115, /* "sha1WithRSA" */ -65, /* "sha1WithRSAEncryption" */ -675, /* "sha224" */ -671, /* "sha224WithRSAEncryption" */ -672, /* "sha256" */ -668, /* "sha256WithRSAEncryption" */ -673, /* "sha384" */ -669, /* "sha384WithRSAEncryption" */ -674, /* "sha512" */ -670, /* "sha512WithRSAEncryption" */ -42, /* "shaWithRSAEncryption" */ -52, /* "signingTime" */ -454, /* "simpleSecurityObject" */ -496, /* "singleLevelQuality" */ -16, /* "stateOrProvinceName" */ -660, /* "streetAddress" */ -498, /* "subtreeMaximumQuality" */ -497, /* "subtreeMinimumQuality" */ -890, /* "supportedAlgorithms" */ -874, /* "supportedApplicationContext" */ -100, /* "surname" */ -864, /* "telephoneNumber" */ -866, /* "teletexTerminalIdentifier" */ -865, /* "telexNumber" */ -459, /* "textEncodedORAddress" */ -293, /* "textNotice" */ -106, /* "title" */ -682, /* "tpBasis" */ -436, /* "ucl" */ - 0, /* "undefined" */ -888, /* "uniqueMember" */ -55, /* "unstructuredAddress" */ -49, /* "unstructuredName" */ -880, /* "userCertificate" */ -465, /* "userClass" */ -458, /* "userId" */ -879, /* "userPassword" */ -373, /* "valid" */ -678, /* "wap" */ -679, /* "wap-wsg" */ -735, /* "wap-wsg-idm-ecid-wtls1" */ -743, /* "wap-wsg-idm-ecid-wtls10" */ -744, /* "wap-wsg-idm-ecid-wtls11" */ -745, /* "wap-wsg-idm-ecid-wtls12" */ -736, /* "wap-wsg-idm-ecid-wtls3" */ -737, /* "wap-wsg-idm-ecid-wtls4" */ -738, /* "wap-wsg-idm-ecid-wtls5" */ -739, /* "wap-wsg-idm-ecid-wtls6" */ -740, /* "wap-wsg-idm-ecid-wtls7" */ -741, /* "wap-wsg-idm-ecid-wtls8" */ -742, /* "wap-wsg-idm-ecid-wtls9" */ -804, /* "whirlpool" */ -868, /* "x121Address" */ -503, /* "x500UniqueIdentifier" */ -158, /* "x509Certificate" */ -160, /* "x509Crl" */ -125, /* "zlib compression" */ +static const unsigned kNIDsInLongNameOrder[] = { + 363 /* AD Time Stamping */, + 405 /* ANSI X9.62 */, + 368 /* Acceptable OCSP Responses */, + 910 /* Any Extended Key Usage */, + 664 /* Any language */, + 177 /* Authority Information Access */, + 365 /* Basic OCSP Response */, + 285 /* Biometric Info */, + 179 /* CA Issuers */, + 785 /* CA Repository */, + 131 /* Code Signing */, + 783 /* Diffie-Hellman based MAC */, + 382 /* Directory */, + 392 /* Domain */, + 132 /* E-mail Protection */, + 389 /* Enterprises */, + 384 /* Experimental */, + 372 /* Extended OCSP Status */, + 172 /* Extension Request */, + 813 /* GOST 28147-89 */, + 849 /* GOST 28147-89 Cryptocom ParamSet */, + 815 /* GOST 28147-89 MAC */, + 851 /* GOST 34.10-2001 Cryptocom */, + 850 /* GOST 34.10-94 Cryptocom */, + 811 /* GOST R 34.10-2001 */, + 817 /* GOST R 34.10-2001 DH */, + 812 /* GOST R 34.10-94 */, + 818 /* GOST R 34.10-94 DH */, + 809 /* GOST R 34.11-94 */, + 816 /* GOST R 34.11-94 PRF */, + 807 /* GOST R 34.11-94 with GOST R 34.10-2001 */, + 853 /* GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom */, + 808 /* GOST R 34.11-94 with GOST R 34.10-94 */, + 852 /* GOST R 34.11-94 with GOST R 34.10-94 Cryptocom */, + 854 /* GOST R 3410-2001 Parameter Set Cryptocom */, + 810 /* HMAC GOST 34.11-94 */, + 432 /* Hold Instruction Call Issuer */, + 430 /* Hold Instruction Code */, + 431 /* Hold Instruction None */, + 433 /* Hold Instruction Reject */, + 634 /* ICC or token signature */, + 294 /* IPSec End System */, + 295 /* IPSec Tunnel */, + 296 /* IPSec User */, + 182 /* ISO Member Body */, + 183 /* ISO US Member Body */, + 667 /* Independent */, + 665 /* Inherit all */, + 647 /* International Organizations */, + 142 /* Invalidity Date */, + 504 /* MIME MHS */, + 388 /* Mail */, + 383 /* Management */, + 417 /* Microsoft CSP Name */, + 135 /* Microsoft Commercial Code Signing */, + 138 /* Microsoft Encrypted File System */, + 171 /* Microsoft Extension Request */, + 134 /* Microsoft Individual Code Signing */, + 856 /* Microsoft Local Key set */, + 137 /* Microsoft Server Gated Crypto */, + 648 /* Microsoft Smartcardlogin */, + 136 /* Microsoft Trust List Signing */, + 649 /* Microsoft Universal Principal Name */, + 72 /* Netscape Base Url */, + 76 /* Netscape CA Policy Url */, + 74 /* Netscape CA Revocation Url */, + 71 /* Netscape Cert Type */, + 58 /* Netscape Certificate Extension */, + 79 /* Netscape Certificate Sequence */, + 78 /* Netscape Comment */, + 57 /* Netscape Communications Corp. */, + 59 /* Netscape Data Type */, + 75 /* Netscape Renewal Url */, + 73 /* Netscape Revocation Url */, + 77 /* Netscape SSL Server Name */, + 139 /* Netscape Server Gated Crypto */, + 178 /* OCSP */, + 370 /* OCSP Archive Cutoff */, + 367 /* OCSP CRL ID */, + 369 /* OCSP No Check */, + 366 /* OCSP Nonce */, + 371 /* OCSP Service Locator */, + 180 /* OCSP Signing */, + 161 /* PBES2 */, + 69 /* PBKDF2 */, + 162 /* PBMAC1 */, + 127 /* PKIX */, + 858 /* Permanent Identifier */, + 164 /* Policy Qualifier CPS */, + 165 /* Policy Qualifier User Notice */, + 385 /* Private */, + 663 /* Proxy Certificate Information */, + 1 /* RSA Data Security, Inc. */, + 2 /* RSA Data Security, Inc. PKCS */, + 188 /* S/MIME */, + 167 /* S/MIME Capabilities */, + 387 /* SNMPv2 */, + 512 /* Secure Electronic Transactions */, + 386 /* Security */, + 394 /* Selected Attribute Types */, + 143 /* Strong Extranet ID */, + 398 /* Subject Information Access */, + 130 /* TLS Web Client Authentication */, + 129 /* TLS Web Server Authentication */, + 133 /* Time Stamping */, + 375 /* Trust Root */, + 948 /* X25519 */, + 12 /* X509 */, + 402 /* X509v3 AC Targeting */, + 746 /* X509v3 Any Policy */, + 90 /* X509v3 Authority Key Identifier */, + 87 /* X509v3 Basic Constraints */, + 103 /* X509v3 CRL Distribution Points */, + 88 /* X509v3 CRL Number */, + 141 /* X509v3 CRL Reason Code */, + 771 /* X509v3 Certificate Issuer */, + 89 /* X509v3 Certificate Policies */, + 140 /* X509v3 Delta CRL Indicator */, + 126 /* X509v3 Extended Key Usage */, + 857 /* X509v3 Freshest CRL */, + 748 /* X509v3 Inhibit Any Policy */, + 86 /* X509v3 Issuer Alternative Name */, + 770 /* X509v3 Issuing Distribution Point */, + 83 /* X509v3 Key Usage */, + 666 /* X509v3 Name Constraints */, + 403 /* X509v3 No Revocation Available */, + 401 /* X509v3 Policy Constraints */, + 747 /* X509v3 Policy Mappings */, + 84 /* X509v3 Private Key Usage Period */, + 85 /* X509v3 Subject Alternative Name */, + 769 /* X509v3 Subject Directory Attributes */, + 82 /* X509v3 Subject Key Identifier */, + 920 /* X9.42 DH */, + 184 /* X9.57 */, + 185 /* X9.57 CM ? */, + 478 /* aRecord */, + 289 /* aaControls */, + 287 /* ac-auditEntity */, + 397 /* ac-proxying */, + 288 /* ac-targeting */, + 446 /* account */, + 364 /* ad dvcs */, + 606 /* additional verification */, + 419 /* aes-128-cbc */, + 916 /* aes-128-cbc-hmac-sha1 */, + 896 /* aes-128-ccm */, + 421 /* aes-128-cfb */, + 650 /* aes-128-cfb1 */, + 653 /* aes-128-cfb8 */, + 904 /* aes-128-ctr */, + 418 /* aes-128-ecb */, + 895 /* aes-128-gcm */, + 420 /* aes-128-ofb */, + 913 /* aes-128-xts */, + 423 /* aes-192-cbc */, + 917 /* aes-192-cbc-hmac-sha1 */, + 899 /* aes-192-ccm */, + 425 /* aes-192-cfb */, + 651 /* aes-192-cfb1 */, + 654 /* aes-192-cfb8 */, + 905 /* aes-192-ctr */, + 422 /* aes-192-ecb */, + 898 /* aes-192-gcm */, + 424 /* aes-192-ofb */, + 427 /* aes-256-cbc */, + 918 /* aes-256-cbc-hmac-sha1 */, + 902 /* aes-256-ccm */, + 429 /* aes-256-cfb */, + 652 /* aes-256-cfb1 */, + 655 /* aes-256-cfb8 */, + 906 /* aes-256-ctr */, + 426 /* aes-256-ecb */, + 901 /* aes-256-gcm */, + 428 /* aes-256-ofb */, + 914 /* aes-256-xts */, + 376 /* algorithm */, + 484 /* associatedDomain */, + 485 /* associatedName */, + 501 /* audio */, + 882 /* authorityRevocationList */, + 91 /* bf-cbc */, + 93 /* bf-cfb */, + 92 /* bf-ecb */, + 94 /* bf-ofb */, + 921 /* brainpoolP160r1 */, + 922 /* brainpoolP160t1 */, + 923 /* brainpoolP192r1 */, + 924 /* brainpoolP192t1 */, + 925 /* brainpoolP224r1 */, + 926 /* brainpoolP224t1 */, + 927 /* brainpoolP256r1 */, + 928 /* brainpoolP256t1 */, + 929 /* brainpoolP320r1 */, + 930 /* brainpoolP320t1 */, + 931 /* brainpoolP384r1 */, + 932 /* brainpoolP384t1 */, + 933 /* brainpoolP512r1 */, + 934 /* brainpoolP512t1 */, + 494 /* buildingName */, + 860 /* businessCategory */, + 691 /* c2onb191v4 */, + 692 /* c2onb191v5 */, + 697 /* c2onb239v4 */, + 698 /* c2onb239v5 */, + 684 /* c2pnb163v1 */, + 685 /* c2pnb163v2 */, + 686 /* c2pnb163v3 */, + 687 /* c2pnb176v1 */, + 693 /* c2pnb208w1 */, + 699 /* c2pnb272w1 */, + 700 /* c2pnb304w1 */, + 702 /* c2pnb368w1 */, + 688 /* c2tnb191v1 */, + 689 /* c2tnb191v2 */, + 690 /* c2tnb191v3 */, + 694 /* c2tnb239v1 */, + 695 /* c2tnb239v2 */, + 696 /* c2tnb239v3 */, + 701 /* c2tnb359v1 */, + 703 /* c2tnb431r1 */, + 881 /* cACertificate */, + 483 /* cNAMERecord */, + 751 /* camellia-128-cbc */, + 757 /* camellia-128-cfb */, + 760 /* camellia-128-cfb1 */, + 763 /* camellia-128-cfb8 */, + 754 /* camellia-128-ecb */, + 766 /* camellia-128-ofb */, + 752 /* camellia-192-cbc */, + 758 /* camellia-192-cfb */, + 761 /* camellia-192-cfb1 */, + 764 /* camellia-192-cfb8 */, + 755 /* camellia-192-ecb */, + 767 /* camellia-192-ofb */, + 753 /* camellia-256-cbc */, + 759 /* camellia-256-cfb */, + 762 /* camellia-256-cfb1 */, + 765 /* camellia-256-cfb8 */, + 756 /* camellia-256-ecb */, + 768 /* camellia-256-ofb */, + 443 /* caseIgnoreIA5StringSyntax */, + 108 /* cast5-cbc */, + 110 /* cast5-cfb */, + 109 /* cast5-ecb */, + 111 /* cast5-ofb */, + 152 /* certBag */, + 677 /* certicom-arc */, + 517 /* certificate extensions */, + 883 /* certificateRevocationList */, + 54 /* challengePassword */, + 407 /* characteristic-two-field */, + 395 /* clearance */, + 633 /* cleartext track 2 */, + 894 /* cmac */, + 13 /* commonName */, + 513 /* content types */, + 50 /* contentType */, + 53 /* countersignature */, + 14 /* countryName */, + 153 /* crlBag */, + 884 /* crossCertificatePair */, + 806 /* cryptocom */, + 805 /* cryptopro */, + 500 /* dITRedirect */, + 451 /* dNSDomain */, + 495 /* dSAQuality */, + 434 /* data */, + 390 /* dcObject */, + 891 /* deltaRevocationList */, + 31 /* des-cbc */, + 643 /* des-cdmf */, + 30 /* des-cfb */, + 656 /* des-cfb1 */, + 657 /* des-cfb8 */, + 29 /* des-ecb */, + 32 /* des-ede */, + 43 /* des-ede-cbc */, + 60 /* des-ede-cfb */, + 62 /* des-ede-ofb */, + 33 /* des-ede3 */, + 44 /* des-ede3-cbc */, + 61 /* des-ede3-cfb */, + 658 /* des-ede3-cfb1 */, + 659 /* des-ede3-cfb8 */, + 63 /* des-ede3-ofb */, + 45 /* des-ofb */, + 107 /* description */, + 871 /* destinationIndicator */, + 80 /* desx-cbc */, + 947 /* dh-cofactor-kdf */, + 946 /* dh-std-kdf */, + 28 /* dhKeyAgreement */, + 941 /* dhSinglePass-cofactorDH-sha1kdf-scheme */, + 942 /* dhSinglePass-cofactorDH-sha224kdf-scheme */, + 943 /* dhSinglePass-cofactorDH-sha256kdf-scheme */, + 944 /* dhSinglePass-cofactorDH-sha384kdf-scheme */, + 945 /* dhSinglePass-cofactorDH-sha512kdf-scheme */, + 936 /* dhSinglePass-stdDH-sha1kdf-scheme */, + 937 /* dhSinglePass-stdDH-sha224kdf-scheme */, + 938 /* dhSinglePass-stdDH-sha256kdf-scheme */, + 939 /* dhSinglePass-stdDH-sha384kdf-scheme */, + 940 /* dhSinglePass-stdDH-sha512kdf-scheme */, + 11 /* directory services (X.500) */, + 378 /* directory services - algorithms */, + 887 /* distinguishedName */, + 892 /* dmdName */, + 174 /* dnQualifier */, + 447 /* document */, + 471 /* documentAuthor */, + 468 /* documentIdentifier */, + 472 /* documentLocation */, + 502 /* documentPublisher */, + 449 /* documentSeries */, + 469 /* documentTitle */, + 470 /* documentVersion */, + 380 /* dod */, + 391 /* domainComponent */, + 452 /* domainRelatedObject */, + 116 /* dsaEncryption */, + 67 /* dsaEncryption-old */, + 66 /* dsaWithSHA */, + 113 /* dsaWithSHA1 */, + 70 /* dsaWithSHA1-old */, + 802 /* dsa_with_SHA224 */, + 803 /* dsa_with_SHA256 */, + 297 /* dvcs */, + 791 /* ecdsa-with-Recommended */, + 416 /* ecdsa-with-SHA1 */, + 793 /* ecdsa-with-SHA224 */, + 794 /* ecdsa-with-SHA256 */, + 795 /* ecdsa-with-SHA384 */, + 796 /* ecdsa-with-SHA512 */, + 792 /* ecdsa-with-Specified */, + 48 /* emailAddress */, + 632 /* encrypted track 2 */, + 885 /* enhancedSearchGuide */, + 56 /* extendedCertificateAttributes */, + 867 /* facsimileTelephoneNumber */, + 462 /* favouriteDrink */, + 453 /* friendlyCountry */, + 490 /* friendlyCountryName */, + 156 /* friendlyName */, + 631 /* generate cryptogram */, + 509 /* generationQualifier */, + 601 /* generic cryptogram */, + 99 /* givenName */, + 814 /* gost89-cnt */, + 855 /* hmac */, + 780 /* hmac-md5 */, + 781 /* hmac-sha1 */, + 797 /* hmacWithMD5 */, + 163 /* hmacWithSHA1 */, + 798 /* hmacWithSHA224 */, + 799 /* hmacWithSHA256 */, + 800 /* hmacWithSHA384 */, + 801 /* hmacWithSHA512 */, + 486 /* homePostalAddress */, + 473 /* homeTelephoneNumber */, + 466 /* host */, + 889 /* houseIdentifier */, + 442 /* iA5StringSyntax */, + 381 /* iana */, + 824 /* id-Gost28147-89-CryptoPro-A-ParamSet */, + 825 /* id-Gost28147-89-CryptoPro-B-ParamSet */, + 826 /* id-Gost28147-89-CryptoPro-C-ParamSet */, + 827 /* id-Gost28147-89-CryptoPro-D-ParamSet */, + 819 /* id-Gost28147-89-CryptoPro-KeyMeshing */, + 829 /* id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet */, + 828 /* id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet */, + 830 /* id-Gost28147-89-CryptoPro-RIC-1-ParamSet */, + 820 /* id-Gost28147-89-None-KeyMeshing */, + 823 /* id-Gost28147-89-TestParamSet */, + 840 /* id-GostR3410-2001-CryptoPro-A-ParamSet */, + 841 /* id-GostR3410-2001-CryptoPro-B-ParamSet */, + 842 /* id-GostR3410-2001-CryptoPro-C-ParamSet */, + 843 /* id-GostR3410-2001-CryptoPro-XchA-ParamSet */, + 844 /* id-GostR3410-2001-CryptoPro-XchB-ParamSet */, + 839 /* id-GostR3410-2001-TestParamSet */, + 832 /* id-GostR3410-94-CryptoPro-A-ParamSet */, + 833 /* id-GostR3410-94-CryptoPro-B-ParamSet */, + 834 /* id-GostR3410-94-CryptoPro-C-ParamSet */, + 835 /* id-GostR3410-94-CryptoPro-D-ParamSet */, + 836 /* id-GostR3410-94-CryptoPro-XchA-ParamSet */, + 837 /* id-GostR3410-94-CryptoPro-XchB-ParamSet */, + 838 /* id-GostR3410-94-CryptoPro-XchC-ParamSet */, + 831 /* id-GostR3410-94-TestParamSet */, + 845 /* id-GostR3410-94-a */, + 846 /* id-GostR3410-94-aBis */, + 847 /* id-GostR3410-94-b */, + 848 /* id-GostR3410-94-bBis */, + 822 /* id-GostR3411-94-CryptoProParamSet */, + 821 /* id-GostR3411-94-TestParamSet */, + 266 /* id-aca */, + 355 /* id-aca-accessIdentity */, + 354 /* id-aca-authenticationInfo */, + 356 /* id-aca-chargingIdentity */, + 399 /* id-aca-encAttrs */, + 357 /* id-aca-group */, + 358 /* id-aca-role */, + 176 /* id-ad */, + 788 /* id-aes128-wrap */, + 897 /* id-aes128-wrap-pad */, + 789 /* id-aes192-wrap */, + 900 /* id-aes192-wrap-pad */, + 790 /* id-aes256-wrap */, + 903 /* id-aes256-wrap-pad */, + 262 /* id-alg */, + 893 /* id-alg-PWRI-KEK */, + 323 /* id-alg-des40 */, + 326 /* id-alg-dh-pop */, + 325 /* id-alg-dh-sig-hmac-sha1 */, + 324 /* id-alg-noSignature */, + 907 /* id-camellia128-wrap */, + 908 /* id-camellia192-wrap */, + 909 /* id-camellia256-wrap */, + 268 /* id-cct */, + 361 /* id-cct-PKIData */, + 362 /* id-cct-PKIResponse */, + 360 /* id-cct-crs */, + 81 /* id-ce */, + 680 /* id-characteristic-two-basis */, + 263 /* id-cmc */, + 334 /* id-cmc-addExtensions */, + 346 /* id-cmc-confirmCertAcceptance */, + 330 /* id-cmc-dataReturn */, + 336 /* id-cmc-decryptedPOP */, + 335 /* id-cmc-encryptedPOP */, + 339 /* id-cmc-getCRL */, + 338 /* id-cmc-getCert */, + 328 /* id-cmc-identification */, + 329 /* id-cmc-identityProof */, + 337 /* id-cmc-lraPOPWitness */, + 344 /* id-cmc-popLinkRandom */, + 345 /* id-cmc-popLinkWitness */, + 343 /* id-cmc-queryPending */, + 333 /* id-cmc-recipientNonce */, + 341 /* id-cmc-regInfo */, + 342 /* id-cmc-responseInfo */, + 340 /* id-cmc-revokeRequest */, + 332 /* id-cmc-senderNonce */, + 327 /* id-cmc-statusInfo */, + 331 /* id-cmc-transactionId */, + 787 /* id-ct-asciiTextWithCRLF */, + 408 /* id-ecPublicKey */, + 508 /* id-hex-multipart-message */, + 507 /* id-hex-partial-message */, + 260 /* id-it */, + 302 /* id-it-caKeyUpdateInfo */, + 298 /* id-it-caProtEncCert */, + 311 /* id-it-confirmWaitTime */, + 303 /* id-it-currentCRL */, + 300 /* id-it-encKeyPairTypes */, + 310 /* id-it-implicitConfirm */, + 308 /* id-it-keyPairParamRep */, + 307 /* id-it-keyPairParamReq */, + 312 /* id-it-origPKIMessage */, + 301 /* id-it-preferredSymmAlg */, + 309 /* id-it-revPassphrase */, + 299 /* id-it-signKeyPairTypes */, + 305 /* id-it-subscriptionRequest */, + 306 /* id-it-subscriptionResponse */, + 784 /* id-it-suppLangTags */, + 304 /* id-it-unsupportedOIDs */, + 128 /* id-kp */, + 280 /* id-mod-attribute-cert */, + 274 /* id-mod-cmc */, + 277 /* id-mod-cmp */, + 284 /* id-mod-cmp2000 */, + 273 /* id-mod-crmf */, + 283 /* id-mod-dvcs */, + 275 /* id-mod-kea-profile-88 */, + 276 /* id-mod-kea-profile-93 */, + 282 /* id-mod-ocsp */, + 278 /* id-mod-qualified-cert-88 */, + 279 /* id-mod-qualified-cert-93 */, + 281 /* id-mod-timestamp-protocol */, + 264 /* id-on */, + 347 /* id-on-personalData */, + 265 /* id-pda */, + 352 /* id-pda-countryOfCitizenship */, + 353 /* id-pda-countryOfResidence */, + 348 /* id-pda-dateOfBirth */, + 351 /* id-pda-gender */, + 349 /* id-pda-placeOfBirth */, + 175 /* id-pe */, + 261 /* id-pkip */, + 258 /* id-pkix-mod */, + 269 /* id-pkix1-explicit-88 */, + 271 /* id-pkix1-explicit-93 */, + 270 /* id-pkix1-implicit-88 */, + 272 /* id-pkix1-implicit-93 */, + 662 /* id-ppl */, + 267 /* id-qcs */, + 359 /* id-qcs-pkixQCSyntax-v1 */, + 259 /* id-qt */, + 313 /* id-regCtrl */, + 316 /* id-regCtrl-authenticator */, + 319 /* id-regCtrl-oldCertID */, + 318 /* id-regCtrl-pkiArchiveOptions */, + 317 /* id-regCtrl-pkiPublicationInfo */, + 320 /* id-regCtrl-protocolEncrKey */, + 315 /* id-regCtrl-regToken */, + 314 /* id-regInfo */, + 322 /* id-regInfo-certReq */, + 321 /* id-regInfo-utf8Pairs */, + 191 /* id-smime-aa */, + 215 /* id-smime-aa-contentHint */, + 218 /* id-smime-aa-contentIdentifier */, + 221 /* id-smime-aa-contentReference */, + 240 /* id-smime-aa-dvcs-dvc */, + 217 /* id-smime-aa-encapContentType */, + 222 /* id-smime-aa-encrypKeyPref */, + 220 /* id-smime-aa-equivalentLabels */, + 232 /* id-smime-aa-ets-CertificateRefs */, + 233 /* id-smime-aa-ets-RevocationRefs */, + 238 /* id-smime-aa-ets-archiveTimeStamp */, + 237 /* id-smime-aa-ets-certCRLTimestamp */, + 234 /* id-smime-aa-ets-certValues */, + 227 /* id-smime-aa-ets-commitmentType */, + 231 /* id-smime-aa-ets-contentTimestamp */, + 236 /* id-smime-aa-ets-escTimeStamp */, + 230 /* id-smime-aa-ets-otherSigCert */, + 235 /* id-smime-aa-ets-revocationValues */, + 226 /* id-smime-aa-ets-sigPolicyId */, + 229 /* id-smime-aa-ets-signerAttr */, + 228 /* id-smime-aa-ets-signerLocation */, + 219 /* id-smime-aa-macValue */, + 214 /* id-smime-aa-mlExpandHistory */, + 216 /* id-smime-aa-msgSigDigest */, + 212 /* id-smime-aa-receiptRequest */, + 213 /* id-smime-aa-securityLabel */, + 239 /* id-smime-aa-signatureType */, + 223 /* id-smime-aa-signingCertificate */, + 224 /* id-smime-aa-smimeEncryptCerts */, + 225 /* id-smime-aa-timeStampToken */, + 192 /* id-smime-alg */, + 243 /* id-smime-alg-3DESwrap */, + 246 /* id-smime-alg-CMS3DESwrap */, + 247 /* id-smime-alg-CMSRC2wrap */, + 245 /* id-smime-alg-ESDH */, + 241 /* id-smime-alg-ESDHwith3DES */, + 242 /* id-smime-alg-ESDHwithRC2 */, + 244 /* id-smime-alg-RC2wrap */, + 193 /* id-smime-cd */, + 248 /* id-smime-cd-ldap */, + 190 /* id-smime-ct */, + 210 /* id-smime-ct-DVCSRequestData */, + 211 /* id-smime-ct-DVCSResponseData */, + 208 /* id-smime-ct-TDTInfo */, + 207 /* id-smime-ct-TSTInfo */, + 205 /* id-smime-ct-authData */, + 786 /* id-smime-ct-compressedData */, + 209 /* id-smime-ct-contentInfo */, + 206 /* id-smime-ct-publishCert */, + 204 /* id-smime-ct-receipt */, + 195 /* id-smime-cti */, + 255 /* id-smime-cti-ets-proofOfApproval */, + 256 /* id-smime-cti-ets-proofOfCreation */, + 253 /* id-smime-cti-ets-proofOfDelivery */, + 251 /* id-smime-cti-ets-proofOfOrigin */, + 252 /* id-smime-cti-ets-proofOfReceipt */, + 254 /* id-smime-cti-ets-proofOfSender */, + 189 /* id-smime-mod */, + 196 /* id-smime-mod-cms */, + 197 /* id-smime-mod-ess */, + 202 /* id-smime-mod-ets-eSigPolicy-88 */, + 203 /* id-smime-mod-ets-eSigPolicy-97 */, + 200 /* id-smime-mod-ets-eSignature-88 */, + 201 /* id-smime-mod-ets-eSignature-97 */, + 199 /* id-smime-mod-msg-v3 */, + 198 /* id-smime-mod-oid */, + 194 /* id-smime-spq */, + 250 /* id-smime-spq-ets-sqt-unotice */, + 249 /* id-smime-spq-ets-sqt-uri */, + 34 /* idea-cbc */, + 35 /* idea-cfb */, + 36 /* idea-ecb */, + 46 /* idea-ofb */, + 676 /* identified-organization */, + 461 /* info */, + 101 /* initials */, + 869 /* internationaliSDNNumber */, + 749 /* ipsec3 */, + 750 /* ipsec4 */, + 181 /* iso */, + 623 /* issuer capabilities */, + 645 /* itu-t */, + 492 /* janetMailbox */, + 646 /* joint-iso-itu-t */, + 150 /* keyBag */, + 773 /* kisa */, + 477 /* lastModifiedBy */, + 476 /* lastModifiedTime */, + 157 /* localKeyID */, + 15 /* localityName */, + 480 /* mXRecord */, + 493 /* mailPreferenceOption */, + 467 /* manager */, + 3 /* md2 */, + 7 /* md2WithRSAEncryption */, + 257 /* md4 */, + 396 /* md4WithRSAEncryption */, + 4 /* md5 */, + 114 /* md5-sha1 */, + 104 /* md5WithRSA */, + 8 /* md5WithRSAEncryption */, + 95 /* mdc2 */, + 96 /* mdc2WithRSA */, + 875 /* member */, + 602 /* merchant initiated auth */, + 514 /* message extensions */, + 51 /* messageDigest */, + 911 /* mgf1 */, + 506 /* mime-mhs-bodies */, + 505 /* mime-mhs-headings */, + 488 /* mobileTelephoneNumber */, + 481 /* nSRecord */, + 173 /* name */, + 681 /* onBasis */, + 379 /* org */, + 17 /* organizationName */, + 491 /* organizationalStatus */, + 18 /* organizationalUnitName */, + 475 /* otherMailbox */, + 876 /* owner */, + 935 /* pSpecified */, + 489 /* pagerTelephoneNumber */, + 782 /* password based MAC */, + 374 /* path */, + 621 /* payment gateway capabilities */, + 9 /* pbeWithMD2AndDES-CBC */, + 168 /* pbeWithMD2AndRC2-CBC */, + 112 /* pbeWithMD5AndCast5CBC */, + 10 /* pbeWithMD5AndDES-CBC */, + 169 /* pbeWithMD5AndRC2-CBC */, + 148 /* pbeWithSHA1And128BitRC2-CBC */, + 144 /* pbeWithSHA1And128BitRC4 */, + 147 /* pbeWithSHA1And2-KeyTripleDES-CBC */, + 146 /* pbeWithSHA1And3-KeyTripleDES-CBC */, + 149 /* pbeWithSHA1And40BitRC2-CBC */, + 145 /* pbeWithSHA1And40BitRC4 */, + 170 /* pbeWithSHA1AndDES-CBC */, + 68 /* pbeWithSHA1AndRC2-CBC */, + 499 /* personalSignature */, + 487 /* personalTitle */, + 464 /* photo */, + 863 /* physicalDeliveryOfficeName */, + 437 /* pilot */, + 439 /* pilotAttributeSyntax */, + 438 /* pilotAttributeType */, + 479 /* pilotAttributeType27 */, + 456 /* pilotDSA */, + 441 /* pilotGroups */, + 444 /* pilotObject */, + 440 /* pilotObjectClass */, + 455 /* pilotOrganization */, + 445 /* pilotPerson */, + 186 /* pkcs1 */, + 27 /* pkcs3 */, + 187 /* pkcs5 */, + 20 /* pkcs7 */, + 21 /* pkcs7-data */, + 25 /* pkcs7-digestData */, + 26 /* pkcs7-encryptedData */, + 23 /* pkcs7-envelopedData */, + 24 /* pkcs7-signedAndEnvelopedData */, + 22 /* pkcs7-signedData */, + 151 /* pkcs8ShroudedKeyBag */, + 47 /* pkcs9 */, + 862 /* postOfficeBox */, + 861 /* postalAddress */, + 661 /* postalCode */, + 683 /* ppBasis */, + 872 /* preferredDeliveryMethod */, + 873 /* presentationAddress */, + 406 /* prime-field */, + 409 /* prime192v1 */, + 410 /* prime192v2 */, + 411 /* prime192v3 */, + 412 /* prime239v1 */, + 413 /* prime239v2 */, + 414 /* prime239v3 */, + 415 /* prime256v1 */, + 886 /* protocolInformation */, + 510 /* pseudonym */, + 435 /* pss */, + 286 /* qcStatements */, + 457 /* qualityLabelledData */, + 450 /* rFC822localPart */, + 98 /* rc2-40-cbc */, + 166 /* rc2-64-cbc */, + 37 /* rc2-cbc */, + 39 /* rc2-cfb */, + 38 /* rc2-ecb */, + 40 /* rc2-ofb */, + 5 /* rc4 */, + 97 /* rc4-40 */, + 915 /* rc4-hmac-md5 */, + 120 /* rc5-cbc */, + 122 /* rc5-cfb */, + 121 /* rc5-ecb */, + 123 /* rc5-ofb */, + 870 /* registeredAddress */, + 460 /* rfc822Mailbox */, + 117 /* ripemd160 */, + 119 /* ripemd160WithRSA */, + 400 /* role */, + 877 /* roleOccupant */, + 448 /* room */, + 463 /* roomNumber */, + 19 /* rsa */, + 6 /* rsaEncryption */, + 644 /* rsaOAEPEncryptionSET */, + 377 /* rsaSignature */, + 919 /* rsaesOaep */, + 912 /* rsassaPss */, + 482 /* sOARecord */, + 155 /* safeContentsBag */, + 291 /* sbgp-autonomousSysNum */, + 290 /* sbgp-ipAddrBlock */, + 292 /* sbgp-routerIdentifier */, + 159 /* sdsiCertificate */, + 859 /* searchGuide */, + 704 /* secp112r1 */, + 705 /* secp112r2 */, + 706 /* secp128r1 */, + 707 /* secp128r2 */, + 708 /* secp160k1 */, + 709 /* secp160r1 */, + 710 /* secp160r2 */, + 711 /* secp192k1 */, + 712 /* secp224k1 */, + 713 /* secp224r1 */, + 714 /* secp256k1 */, + 715 /* secp384r1 */, + 716 /* secp521r1 */, + 154 /* secretBag */, + 474 /* secretary */, + 717 /* sect113r1 */, + 718 /* sect113r2 */, + 719 /* sect131r1 */, + 720 /* sect131r2 */, + 721 /* sect163k1 */, + 722 /* sect163r1 */, + 723 /* sect163r2 */, + 724 /* sect193r1 */, + 725 /* sect193r2 */, + 726 /* sect233k1 */, + 727 /* sect233r1 */, + 728 /* sect239k1 */, + 729 /* sect283k1 */, + 730 /* sect283r1 */, + 731 /* sect409k1 */, + 732 /* sect409r1 */, + 733 /* sect571k1 */, + 734 /* sect571r1 */, + 635 /* secure device signature */, + 878 /* seeAlso */, + 777 /* seed-cbc */, + 779 /* seed-cfb */, + 776 /* seed-ecb */, + 778 /* seed-ofb */, + 105 /* serialNumber */, + 625 /* set-addPolicy */, + 515 /* set-attr */, + 518 /* set-brand */, + 638 /* set-brand-AmericanExpress */, + 637 /* set-brand-Diners */, + 636 /* set-brand-IATA-ATA */, + 639 /* set-brand-JCB */, + 641 /* set-brand-MasterCard */, + 642 /* set-brand-Novus */, + 640 /* set-brand-Visa */, + 516 /* set-policy */, + 607 /* set-policy-root */, + 624 /* set-rootKeyThumb */, + 620 /* setAttr-Cert */, + 628 /* setAttr-IssCap-CVM */, + 630 /* setAttr-IssCap-Sig */, + 629 /* setAttr-IssCap-T2 */, + 627 /* setAttr-Token-B0Prime */, + 626 /* setAttr-Token-EMV */, + 622 /* setAttr-TokenType */, + 619 /* setCext-IssuerCapabilities */, + 615 /* setCext-PGWYcapabilities */, + 616 /* setCext-TokenIdentifier */, + 618 /* setCext-TokenType */, + 617 /* setCext-Track2Data */, + 611 /* setCext-cCertRequired */, + 609 /* setCext-certType */, + 608 /* setCext-hashedRoot */, + 610 /* setCext-merchData */, + 613 /* setCext-setExt */, + 614 /* setCext-setQualf */, + 612 /* setCext-tunneling */, + 540 /* setct-AcqCardCodeMsg */, + 576 /* setct-AcqCardCodeMsgTBE */, + 570 /* setct-AuthReqTBE */, + 534 /* setct-AuthReqTBS */, + 527 /* setct-AuthResBaggage */, + 571 /* setct-AuthResTBE */, + 572 /* setct-AuthResTBEX */, + 535 /* setct-AuthResTBS */, + 536 /* setct-AuthResTBSX */, + 528 /* setct-AuthRevReqBaggage */, + 577 /* setct-AuthRevReqTBE */, + 541 /* setct-AuthRevReqTBS */, + 529 /* setct-AuthRevResBaggage */, + 542 /* setct-AuthRevResData */, + 578 /* setct-AuthRevResTBE */, + 579 /* setct-AuthRevResTBEB */, + 543 /* setct-AuthRevResTBS */, + 573 /* setct-AuthTokenTBE */, + 537 /* setct-AuthTokenTBS */, + 600 /* setct-BCIDistributionTBS */, + 558 /* setct-BatchAdminReqData */, + 592 /* setct-BatchAdminReqTBE */, + 559 /* setct-BatchAdminResData */, + 593 /* setct-BatchAdminResTBE */, + 599 /* setct-CRLNotificationResTBS */, + 598 /* setct-CRLNotificationTBS */, + 580 /* setct-CapReqTBE */, + 581 /* setct-CapReqTBEX */, + 544 /* setct-CapReqTBS */, + 545 /* setct-CapReqTBSX */, + 546 /* setct-CapResData */, + 582 /* setct-CapResTBE */, + 583 /* setct-CapRevReqTBE */, + 584 /* setct-CapRevReqTBEX */, + 547 /* setct-CapRevReqTBS */, + 548 /* setct-CapRevReqTBSX */, + 549 /* setct-CapRevResData */, + 585 /* setct-CapRevResTBE */, + 538 /* setct-CapTokenData */, + 530 /* setct-CapTokenSeq */, + 574 /* setct-CapTokenTBE */, + 575 /* setct-CapTokenTBEX */, + 539 /* setct-CapTokenTBS */, + 560 /* setct-CardCInitResTBS */, + 566 /* setct-CertInqReqTBS */, + 563 /* setct-CertReqData */, + 595 /* setct-CertReqTBE */, + 596 /* setct-CertReqTBEX */, + 564 /* setct-CertReqTBS */, + 565 /* setct-CertResData */, + 597 /* setct-CertResTBE */, + 586 /* setct-CredReqTBE */, + 587 /* setct-CredReqTBEX */, + 550 /* setct-CredReqTBS */, + 551 /* setct-CredReqTBSX */, + 552 /* setct-CredResData */, + 588 /* setct-CredResTBE */, + 589 /* setct-CredRevReqTBE */, + 590 /* setct-CredRevReqTBEX */, + 553 /* setct-CredRevReqTBS */, + 554 /* setct-CredRevReqTBSX */, + 555 /* setct-CredRevResData */, + 591 /* setct-CredRevResTBE */, + 567 /* setct-ErrorTBS */, + 526 /* setct-HODInput */, + 561 /* setct-MeAqCInitResTBS */, + 522 /* setct-OIData */, + 519 /* setct-PANData */, + 521 /* setct-PANOnly */, + 520 /* setct-PANToken */, + 556 /* setct-PCertReqData */, + 557 /* setct-PCertResTBS */, + 523 /* setct-PI */, + 532 /* setct-PI-TBS */, + 524 /* setct-PIData */, + 525 /* setct-PIDataUnsigned */, + 568 /* setct-PIDualSignedTBE */, + 569 /* setct-PIUnsignedTBE */, + 531 /* setct-PInitResData */, + 533 /* setct-PResData */, + 594 /* setct-RegFormReqTBE */, + 562 /* setct-RegFormResTBS */, + 604 /* setext-pinAny */, + 603 /* setext-pinSecure */, + 605 /* setext-track2 */, + 41 /* sha */, + 64 /* sha1 */, + 115 /* sha1WithRSA */, + 65 /* sha1WithRSAEncryption */, + 675 /* sha224 */, + 671 /* sha224WithRSAEncryption */, + 672 /* sha256 */, + 668 /* sha256WithRSAEncryption */, + 673 /* sha384 */, + 669 /* sha384WithRSAEncryption */, + 674 /* sha512 */, + 670 /* sha512WithRSAEncryption */, + 42 /* shaWithRSAEncryption */, + 52 /* signingTime */, + 454 /* simpleSecurityObject */, + 496 /* singleLevelQuality */, + 16 /* stateOrProvinceName */, + 660 /* streetAddress */, + 498 /* subtreeMaximumQuality */, + 497 /* subtreeMinimumQuality */, + 890 /* supportedAlgorithms */, + 874 /* supportedApplicationContext */, + 100 /* surname */, + 864 /* telephoneNumber */, + 866 /* teletexTerminalIdentifier */, + 865 /* telexNumber */, + 459 /* textEncodedORAddress */, + 293 /* textNotice */, + 106 /* title */, + 682 /* tpBasis */, + 436 /* ucl */, + 0 /* undefined */, + 888 /* uniqueMember */, + 55 /* unstructuredAddress */, + 49 /* unstructuredName */, + 880 /* userCertificate */, + 465 /* userClass */, + 458 /* userId */, + 879 /* userPassword */, + 373 /* valid */, + 678 /* wap */, + 679 /* wap-wsg */, + 735 /* wap-wsg-idm-ecid-wtls1 */, + 743 /* wap-wsg-idm-ecid-wtls10 */, + 744 /* wap-wsg-idm-ecid-wtls11 */, + 745 /* wap-wsg-idm-ecid-wtls12 */, + 736 /* wap-wsg-idm-ecid-wtls3 */, + 737 /* wap-wsg-idm-ecid-wtls4 */, + 738 /* wap-wsg-idm-ecid-wtls5 */, + 739 /* wap-wsg-idm-ecid-wtls6 */, + 740 /* wap-wsg-idm-ecid-wtls7 */, + 741 /* wap-wsg-idm-ecid-wtls8 */, + 742 /* wap-wsg-idm-ecid-wtls9 */, + 804 /* whirlpool */, + 868 /* x121Address */, + 503 /* x500UniqueIdentifier */, + 158 /* x509Certificate */, + 160 /* x509Crl */, + 125 /* zlib compression */, }; -static const unsigned int kNIDsInOIDOrder[NUM_OBJ]={ -434, /* OBJ_data 0 9 */ -182, /* OBJ_member_body 1 2 */ -379, /* OBJ_org 1 3 */ -676, /* OBJ_identified_organization 1 3 */ -11, /* OBJ_X500 2 5 */ -647, /* OBJ_international_organizations 2 23 */ -380, /* OBJ_dod 1 3 6 */ -12, /* OBJ_X509 2 5 4 */ -378, /* OBJ_X500algorithms 2 5 8 */ -81, /* OBJ_id_ce 2 5 29 */ -512, /* OBJ_id_set 2 23 42 */ -678, /* OBJ_wap 2 23 43 */ -435, /* OBJ_pss 0 9 2342 */ -183, /* OBJ_ISO_US 1 2 840 */ -381, /* OBJ_iana 1 3 6 1 */ -677, /* OBJ_certicom_arc 1 3 132 */ -394, /* OBJ_selected_attribute_types 2 5 1 5 */ -13, /* OBJ_commonName 2 5 4 3 */ -100, /* OBJ_surname 2 5 4 4 */ -105, /* OBJ_serialNumber 2 5 4 5 */ -14, /* OBJ_countryName 2 5 4 6 */ -15, /* OBJ_localityName 2 5 4 7 */ -16, /* OBJ_stateOrProvinceName 2 5 4 8 */ -660, /* OBJ_streetAddress 2 5 4 9 */ -17, /* OBJ_organizationName 2 5 4 10 */ -18, /* OBJ_organizationalUnitName 2 5 4 11 */ -106, /* OBJ_title 2 5 4 12 */ -107, /* OBJ_description 2 5 4 13 */ -859, /* OBJ_searchGuide 2 5 4 14 */ -860, /* OBJ_businessCategory 2 5 4 15 */ -861, /* OBJ_postalAddress 2 5 4 16 */ -661, /* OBJ_postalCode 2 5 4 17 */ -862, /* OBJ_postOfficeBox 2 5 4 18 */ -863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ -864, /* OBJ_telephoneNumber 2 5 4 20 */ -865, /* OBJ_telexNumber 2 5 4 21 */ -866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ -867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ -868, /* OBJ_x121Address 2 5 4 24 */ -869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ -870, /* OBJ_registeredAddress 2 5 4 26 */ -871, /* OBJ_destinationIndicator 2 5 4 27 */ -872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ -873, /* OBJ_presentationAddress 2 5 4 29 */ -874, /* OBJ_supportedApplicationContext 2 5 4 30 */ -875, /* OBJ_member 2 5 4 31 */ -876, /* OBJ_owner 2 5 4 32 */ -877, /* OBJ_roleOccupant 2 5 4 33 */ -878, /* OBJ_seeAlso 2 5 4 34 */ -879, /* OBJ_userPassword 2 5 4 35 */ -880, /* OBJ_userCertificate 2 5 4 36 */ -881, /* OBJ_cACertificate 2 5 4 37 */ -882, /* OBJ_authorityRevocationList 2 5 4 38 */ -883, /* OBJ_certificateRevocationList 2 5 4 39 */ -884, /* OBJ_crossCertificatePair 2 5 4 40 */ -173, /* OBJ_name 2 5 4 41 */ -99, /* OBJ_givenName 2 5 4 42 */ -101, /* OBJ_initials 2 5 4 43 */ -509, /* OBJ_generationQualifier 2 5 4 44 */ -503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ -174, /* OBJ_dnQualifier 2 5 4 46 */ -885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ -886, /* OBJ_protocolInformation 2 5 4 48 */ -887, /* OBJ_distinguishedName 2 5 4 49 */ -888, /* OBJ_uniqueMember 2 5 4 50 */ -889, /* OBJ_houseIdentifier 2 5 4 51 */ -890, /* OBJ_supportedAlgorithms 2 5 4 52 */ -891, /* OBJ_deltaRevocationList 2 5 4 53 */ -892, /* OBJ_dmdName 2 5 4 54 */ -510, /* OBJ_pseudonym 2 5 4 65 */ -400, /* OBJ_role 2 5 4 72 */ -769, /* OBJ_subject_directory_attributes 2 5 29 9 */ -82, /* OBJ_subject_key_identifier 2 5 29 14 */ -83, /* OBJ_key_usage 2 5 29 15 */ -84, /* OBJ_private_key_usage_period 2 5 29 16 */ -85, /* OBJ_subject_alt_name 2 5 29 17 */ -86, /* OBJ_issuer_alt_name 2 5 29 18 */ -87, /* OBJ_basic_constraints 2 5 29 19 */ -88, /* OBJ_crl_number 2 5 29 20 */ -141, /* OBJ_crl_reason 2 5 29 21 */ -430, /* OBJ_hold_instruction_code 2 5 29 23 */ -142, /* OBJ_invalidity_date 2 5 29 24 */ -140, /* OBJ_delta_crl 2 5 29 27 */ -770, /* OBJ_issuing_distribution_point 2 5 29 28 */ -771, /* OBJ_certificate_issuer 2 5 29 29 */ -666, /* OBJ_name_constraints 2 5 29 30 */ -103, /* OBJ_crl_distribution_points 2 5 29 31 */ -89, /* OBJ_certificate_policies 2 5 29 32 */ -747, /* OBJ_policy_mappings 2 5 29 33 */ -90, /* OBJ_authority_key_identifier 2 5 29 35 */ -401, /* OBJ_policy_constraints 2 5 29 36 */ -126, /* OBJ_ext_key_usage 2 5 29 37 */ -857, /* OBJ_freshest_crl 2 5 29 46 */ -748, /* OBJ_inhibit_any_policy 2 5 29 54 */ -402, /* OBJ_target_information 2 5 29 55 */ -403, /* OBJ_no_rev_avail 2 5 29 56 */ -513, /* OBJ_set_ctype 2 23 42 0 */ -514, /* OBJ_set_msgExt 2 23 42 1 */ -515, /* OBJ_set_attr 2 23 42 3 */ -516, /* OBJ_set_policy 2 23 42 5 */ -517, /* OBJ_set_certExt 2 23 42 7 */ -518, /* OBJ_set_brand 2 23 42 8 */ -679, /* OBJ_wap_wsg 2 23 43 1 */ -382, /* OBJ_Directory 1 3 6 1 1 */ -383, /* OBJ_Management 1 3 6 1 2 */ -384, /* OBJ_Experimental 1 3 6 1 3 */ -385, /* OBJ_Private 1 3 6 1 4 */ -386, /* OBJ_Security 1 3 6 1 5 */ -387, /* OBJ_SNMPv2 1 3 6 1 6 */ -388, /* OBJ_Mail 1 3 6 1 7 */ -376, /* OBJ_algorithm 1 3 14 3 2 */ -395, /* OBJ_clearance 2 5 1 5 55 */ -19, /* OBJ_rsa 2 5 8 1 1 */ -96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ -95, /* OBJ_mdc2 2 5 8 3 101 */ -746, /* OBJ_any_policy 2 5 29 32 0 */ -910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */ -519, /* OBJ_setct_PANData 2 23 42 0 0 */ -520, /* OBJ_setct_PANToken 2 23 42 0 1 */ -521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ -522, /* OBJ_setct_OIData 2 23 42 0 3 */ -523, /* OBJ_setct_PI 2 23 42 0 4 */ -524, /* OBJ_setct_PIData 2 23 42 0 5 */ -525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ -526, /* OBJ_setct_HODInput 2 23 42 0 7 */ -527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ -528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ -529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ -530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ -531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ -532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ -533, /* OBJ_setct_PResData 2 23 42 0 14 */ -534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ -535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ -536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ -537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ -538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ -539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ -540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ -541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ -542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ -543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ -544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ -545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ -546, /* OBJ_setct_CapResData 2 23 42 0 28 */ -547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ -548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ -549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ -550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ -551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ -552, /* OBJ_setct_CredResData 2 23 42 0 34 */ -553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ -554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ -555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ -556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ -557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ -558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ -559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ -560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ -561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ -562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ -563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ -564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ -565, /* OBJ_setct_CertResData 2 23 42 0 47 */ -566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ -567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ -568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ -569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ -570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ -571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ -572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ -573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ -574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ -575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ -576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ -577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ -578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ -579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ -580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ -581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ -582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ -583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ -584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ -585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ -586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ -587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ -588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ -589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ -590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ -591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ -592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ -593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ -594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ -595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ -596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ -597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ -598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ -599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ -600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ -601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ -602, /* OBJ_setext_miAuth 2 23 42 1 3 */ -603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ -604, /* OBJ_setext_pinAny 2 23 42 1 5 */ -605, /* OBJ_setext_track2 2 23 42 1 7 */ -606, /* OBJ_setext_cv 2 23 42 1 8 */ -620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ -621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ -622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ -623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ -607, /* OBJ_set_policy_root 2 23 42 5 0 */ -608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ -609, /* OBJ_setCext_certType 2 23 42 7 1 */ -610, /* OBJ_setCext_merchData 2 23 42 7 2 */ -611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ -612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ -613, /* OBJ_setCext_setExt 2 23 42 7 5 */ -614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ -615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ -616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ -617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ -618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ -619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ -636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ -640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ -641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ -637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ -638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ -639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ -805, /* OBJ_cryptopro 1 2 643 2 2 */ -806, /* OBJ_cryptocom 1 2 643 2 9 */ -184, /* OBJ_X9_57 1 2 840 10040 */ -405, /* OBJ_ansi_X9_62 1 2 840 10045 */ -389, /* OBJ_Enterprises 1 3 6 1 4 1 */ -504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ -104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ -29, /* OBJ_des_ecb 1 3 14 3 2 6 */ -31, /* OBJ_des_cbc 1 3 14 3 2 7 */ -45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ -30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ -377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ -67, /* OBJ_dsa_2 1 3 14 3 2 12 */ -66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ -42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ -32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ -41, /* OBJ_sha 1 3 14 3 2 18 */ -64, /* OBJ_sha1 1 3 14 3 2 26 */ -70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ -115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ -117, /* OBJ_ripemd160 1 3 36 3 2 1 */ -143, /* OBJ_sxnet 1 3 101 1 4 1 */ -721, /* OBJ_sect163k1 1 3 132 0 1 */ -722, /* OBJ_sect163r1 1 3 132 0 2 */ -728, /* OBJ_sect239k1 1 3 132 0 3 */ -717, /* OBJ_sect113r1 1 3 132 0 4 */ -718, /* OBJ_sect113r2 1 3 132 0 5 */ -704, /* OBJ_secp112r1 1 3 132 0 6 */ -705, /* OBJ_secp112r2 1 3 132 0 7 */ -709, /* OBJ_secp160r1 1 3 132 0 8 */ -708, /* OBJ_secp160k1 1 3 132 0 9 */ -714, /* OBJ_secp256k1 1 3 132 0 10 */ -723, /* OBJ_sect163r2 1 3 132 0 15 */ -729, /* OBJ_sect283k1 1 3 132 0 16 */ -730, /* OBJ_sect283r1 1 3 132 0 17 */ -719, /* OBJ_sect131r1 1 3 132 0 22 */ -720, /* OBJ_sect131r2 1 3 132 0 23 */ -724, /* OBJ_sect193r1 1 3 132 0 24 */ -725, /* OBJ_sect193r2 1 3 132 0 25 */ -726, /* OBJ_sect233k1 1 3 132 0 26 */ -727, /* OBJ_sect233r1 1 3 132 0 27 */ -706, /* OBJ_secp128r1 1 3 132 0 28 */ -707, /* OBJ_secp128r2 1 3 132 0 29 */ -710, /* OBJ_secp160r2 1 3 132 0 30 */ -711, /* OBJ_secp192k1 1 3 132 0 31 */ -712, /* OBJ_secp224k1 1 3 132 0 32 */ -713, /* OBJ_secp224r1 1 3 132 0 33 */ -715, /* OBJ_secp384r1 1 3 132 0 34 */ -716, /* OBJ_secp521r1 1 3 132 0 35 */ -731, /* OBJ_sect409k1 1 3 132 0 36 */ -732, /* OBJ_sect409r1 1 3 132 0 37 */ -733, /* OBJ_sect571k1 1 3 132 0 38 */ -734, /* OBJ_sect571r1 1 3 132 0 39 */ -624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ -625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ -626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ -627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ -628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ -629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ -630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ -642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ -735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ -736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ -737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ -738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ -739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ -740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ -741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ -742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ -743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ -744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ -745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ -804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ -773, /* OBJ_kisa 1 2 410 200004 */ -807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ -808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ -809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ -810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ -811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ -812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ -813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ -815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ -816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ -817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ -818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ - 1, /* OBJ_rsadsi 1 2 840 113549 */ -185, /* OBJ_X9cm 1 2 840 10040 4 */ -127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ -505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ -506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ -119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ -937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ -938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ -939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ -940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ -942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ -943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ -944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ -945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ -631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ -632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ -633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ -634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ -635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ -436, /* OBJ_ucl 0 9 2342 19200300 */ -820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ -819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ -845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ -846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ -847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ -848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ -821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ -822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ -823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ -824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ -825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ -826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ -827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ -828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ -829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ -830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ -831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ -832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ -833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ -834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ -835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ -836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ -837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ -838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ -839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ -840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ -841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ -842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ -843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ -844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ - 2, /* OBJ_pkcs 1 2 840 113549 1 */ -431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ -432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ -433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ -116, /* OBJ_dsa 1 2 840 10040 4 1 */ -113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ -406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ -407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ -408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ -416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ -791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ -792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ -920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ -258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ -175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ -259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ -128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ -260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ -261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ -262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ -263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ -264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ -265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ -266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ -267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ -268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ -662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ -176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ -507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ -508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ -57, /* OBJ_netscape 2 16 840 1 113730 */ -754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ -766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ -757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ -755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ -767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ -758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ -756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ -768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ -759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ -437, /* OBJ_pilot 0 9 2342 19200300 100 */ -776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ -777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ -779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ -778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ -852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ -853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ -850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ -851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ -849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ -854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ -186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ -27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ -187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ -20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ -47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ - 3, /* OBJ_md2 1 2 840 113549 2 2 */ -257, /* OBJ_md4 1 2 840 113549 2 4 */ - 4, /* OBJ_md5 1 2 840 113549 2 5 */ -797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ -163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ -798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ -799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ -800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ -801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ -37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ - 5, /* OBJ_rc4 1 2 840 113549 3 4 */ -44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ -120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ -643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ -680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ -684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ -685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ -686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ -687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ -688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ -689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ -690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ -691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ -692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ -693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ -694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ -695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ -696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ -697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ -698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ -699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ -700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ -701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ -702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ -703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ -409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ -410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ -411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ -412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ -413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ -414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ -415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ -793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ -794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ -795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ -796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ -269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ -270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ -271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ -272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ -273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ -274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ -275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ -276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ -277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ -278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ -279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ -280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ -281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ -282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ -283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ -284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ -177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ -285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ -286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ -287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ -288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ -289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ -290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ -291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ -292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ -397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ -398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ -663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ -164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ -165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ -293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ -129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ -130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ -131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ -132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ -294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ -295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ -296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ -133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ -180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ -297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ -298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ -299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ -300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ -301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ -302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ -303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ -304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ -305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ -306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ -307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ -308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ -309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ -310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ -311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ -312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ -784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ -313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ -314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ -323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ -324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ -325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ -326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ -327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ -328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ -329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ -330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ -331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ -332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ -333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ -334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ -335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ -336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ -337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ -338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ -339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ -340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ -341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ -342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ -343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ -344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ -345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ -346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ -347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ -858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ -348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ -349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ -351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ -352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ -353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ -354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ -355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ -356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ -357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ -358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ -399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ -359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ -360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ -361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ -362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ -664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ -665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ -667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ -178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ -179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ -363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ -364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ -785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ -780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ -781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ -58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ -59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ -438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ -439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ -440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ -441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ -108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ -112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ -782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ -783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ - 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ - 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ -396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ - 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ -65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ -644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ -919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ -911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ -935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ -912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ -668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ -669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ -670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ -671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ -28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ - 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ -10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ -168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ -169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ -170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ -68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ -69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ -161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ -162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ -21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ -22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ -23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ -24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ -25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ -26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ -48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ -49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ -50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ -51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ -52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ -53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ -54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ -55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ -56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ -172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ -167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ -188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ -156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ -157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ -681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ -682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ -683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ -417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ -856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ -390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ -91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ -315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ -316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ -317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ -318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ -319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ -320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ -321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ -322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ -365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ -366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ -367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ -368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ -369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ -370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ -371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ -372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ -373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ -374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ -375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ -921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */ -922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */ -923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */ -924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */ -925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */ -926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */ -927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */ -928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */ -929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */ -930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */ -931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */ -932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ -933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ -934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ -936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ -941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ -418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ -419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ -420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ -421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ -788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ -895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */ -896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */ -897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */ -422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ -423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ -424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ -425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ -789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ -898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */ -899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */ -900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */ -426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ -427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ -428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ -429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ -790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ -901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */ -902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */ -903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */ -672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ -673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ -674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ -675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ -802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ -803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ -71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ -72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ -73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ -74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ -75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ -76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ -77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ -78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ -79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ -139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ -458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ -459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ -460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ -461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ -462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ -463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ -464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ -465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ -466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ -467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ -468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ -469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ -470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ -471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ -472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ -473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ -474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ -475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ -476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ -477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ -391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ -478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ -479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ -480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ -481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ -482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ -483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ -484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ -485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ -486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ -487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ -488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ -489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ -490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ -491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ -492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ -493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ -494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ -495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ -496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ -497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ -498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ -499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ -500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ -501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ -502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ -442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ -443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ -444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ -445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ -446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ -447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ -448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ -449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ -392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ -450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ -451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ -452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ -453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ -454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ -455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ -456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ -457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ -189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ -190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ -191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ -192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ -193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ -194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ -195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ -158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ -159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ -160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ -144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ -145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ -146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ -147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ -148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ -149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ -171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ -134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ -135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ -136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ -137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ -138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ -648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ -649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ -751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ -752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ -753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ -907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ -908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ -909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ -196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ -197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ -198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ -199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ -200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ -201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ -202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ -203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ -204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ -205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ -206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ -207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ -208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ -209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ -210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ -211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ -786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ -787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ -212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ -213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ -214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ -215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ -216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ -217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ -218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ -219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ -220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ -221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ -222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ -223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ -224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ -225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ -226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ -227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ -228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ -229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ -230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ -231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ -232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ -233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ -234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ -235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ -236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ -237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ -238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ -239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ -240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ -241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ -242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ -243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ -244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ -245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ -246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ -247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ -125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ -893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */ -248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ -249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ -250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ -251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ -252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ -253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ -254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ -255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ -256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ -150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ -151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ -152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ -153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ -154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ -155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ -34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ +static const unsigned kNIDsInOIDOrder[] = { + 434 /* 0.9 (OBJ_data) */, 182 /* 1.2 (OBJ_member_body) */, + 379 /* 1.3 (OBJ_org) */, 676 /* 1.3 (OBJ_identified_organization) */, + 11 /* 2.5 (OBJ_X500) */, 647 /* 2.23 (OBJ_international_organizations) */, + 380 /* 1.3.6 (OBJ_dod) */, 12 /* 2.5.4 (OBJ_X509) */, + 378 /* 2.5.8 (OBJ_X500algorithms) */, 81 /* 2.5.29 (OBJ_id_ce) */, + 512 /* 2.23.42 (OBJ_id_set) */, 678 /* 2.23.43 (OBJ_wap) */, + 435 /* 0.9.2342 (OBJ_pss) */, 183 /* 1.2.840 (OBJ_ISO_US) */, + 381 /* 1.3.6.1 (OBJ_iana) */, 677 /* 1.3.132 (OBJ_certicom_arc) */, + 394 /* 2.5.1.5 (OBJ_selected_attribute_types) */, + 13 /* 2.5.4.3 (OBJ_commonName) */, 100 /* 2.5.4.4 (OBJ_surname) */, + 105 /* 2.5.4.5 (OBJ_serialNumber) */, 14 /* 2.5.4.6 (OBJ_countryName) */, + 15 /* 2.5.4.7 (OBJ_localityName) */, + 16 /* 2.5.4.8 (OBJ_stateOrProvinceName) */, + 660 /* 2.5.4.9 (OBJ_streetAddress) */, + 17 /* 2.5.4.10 (OBJ_organizationName) */, + 18 /* 2.5.4.11 (OBJ_organizationalUnitName) */, + 106 /* 2.5.4.12 (OBJ_title) */, 107 /* 2.5.4.13 (OBJ_description) */, + 859 /* 2.5.4.14 (OBJ_searchGuide) */, + 860 /* 2.5.4.15 (OBJ_businessCategory) */, + 861 /* 2.5.4.16 (OBJ_postalAddress) */, 661 /* 2.5.4.17 (OBJ_postalCode) */, + 862 /* 2.5.4.18 (OBJ_postOfficeBox) */, + 863 /* 2.5.4.19 (OBJ_physicalDeliveryOfficeName) */, + 864 /* 2.5.4.20 (OBJ_telephoneNumber) */, + 865 /* 2.5.4.21 (OBJ_telexNumber) */, + 866 /* 2.5.4.22 (OBJ_teletexTerminalIdentifier) */, + 867 /* 2.5.4.23 (OBJ_facsimileTelephoneNumber) */, + 868 /* 2.5.4.24 (OBJ_x121Address) */, + 869 /* 2.5.4.25 (OBJ_internationaliSDNNumber) */, + 870 /* 2.5.4.26 (OBJ_registeredAddress) */, + 871 /* 2.5.4.27 (OBJ_destinationIndicator) */, + 872 /* 2.5.4.28 (OBJ_preferredDeliveryMethod) */, + 873 /* 2.5.4.29 (OBJ_presentationAddress) */, + 874 /* 2.5.4.30 (OBJ_supportedApplicationContext) */, + 875 /* 2.5.4.31 (OBJ_member) */, 876 /* 2.5.4.32 (OBJ_owner) */, + 877 /* 2.5.4.33 (OBJ_roleOccupant) */, 878 /* 2.5.4.34 (OBJ_seeAlso) */, + 879 /* 2.5.4.35 (OBJ_userPassword) */, + 880 /* 2.5.4.36 (OBJ_userCertificate) */, + 881 /* 2.5.4.37 (OBJ_cACertificate) */, + 882 /* 2.5.4.38 (OBJ_authorityRevocationList) */, + 883 /* 2.5.4.39 (OBJ_certificateRevocationList) */, + 884 /* 2.5.4.40 (OBJ_crossCertificatePair) */, + 173 /* 2.5.4.41 (OBJ_name) */, 99 /* 2.5.4.42 (OBJ_givenName) */, + 101 /* 2.5.4.43 (OBJ_initials) */, + 509 /* 2.5.4.44 (OBJ_generationQualifier) */, + 503 /* 2.5.4.45 (OBJ_x500UniqueIdentifier) */, + 174 /* 2.5.4.46 (OBJ_dnQualifier) */, + 885 /* 2.5.4.47 (OBJ_enhancedSearchGuide) */, + 886 /* 2.5.4.48 (OBJ_protocolInformation) */, + 887 /* 2.5.4.49 (OBJ_distinguishedName) */, + 888 /* 2.5.4.50 (OBJ_uniqueMember) */, + 889 /* 2.5.4.51 (OBJ_houseIdentifier) */, + 890 /* 2.5.4.52 (OBJ_supportedAlgorithms) */, + 891 /* 2.5.4.53 (OBJ_deltaRevocationList) */, + 892 /* 2.5.4.54 (OBJ_dmdName) */, 510 /* 2.5.4.65 (OBJ_pseudonym) */, + 400 /* 2.5.4.72 (OBJ_role) */, + 769 /* 2.5.29.9 (OBJ_subject_directory_attributes) */, + 82 /* 2.5.29.14 (OBJ_subject_key_identifier) */, + 83 /* 2.5.29.15 (OBJ_key_usage) */, + 84 /* 2.5.29.16 (OBJ_private_key_usage_period) */, + 85 /* 2.5.29.17 (OBJ_subject_alt_name) */, + 86 /* 2.5.29.18 (OBJ_issuer_alt_name) */, + 87 /* 2.5.29.19 (OBJ_basic_constraints) */, + 88 /* 2.5.29.20 (OBJ_crl_number) */, 141 /* 2.5.29.21 (OBJ_crl_reason) */, + 430 /* 2.5.29.23 (OBJ_hold_instruction_code) */, + 142 /* 2.5.29.24 (OBJ_invalidity_date) */, + 140 /* 2.5.29.27 (OBJ_delta_crl) */, + 770 /* 2.5.29.28 (OBJ_issuing_distribution_point) */, + 771 /* 2.5.29.29 (OBJ_certificate_issuer) */, + 666 /* 2.5.29.30 (OBJ_name_constraints) */, + 103 /* 2.5.29.31 (OBJ_crl_distribution_points) */, + 89 /* 2.5.29.32 (OBJ_certificate_policies) */, + 747 /* 2.5.29.33 (OBJ_policy_mappings) */, + 90 /* 2.5.29.35 (OBJ_authority_key_identifier) */, + 401 /* 2.5.29.36 (OBJ_policy_constraints) */, + 126 /* 2.5.29.37 (OBJ_ext_key_usage) */, + 857 /* 2.5.29.46 (OBJ_freshest_crl) */, + 748 /* 2.5.29.54 (OBJ_inhibit_any_policy) */, + 402 /* 2.5.29.55 (OBJ_target_information) */, + 403 /* 2.5.29.56 (OBJ_no_rev_avail) */, 513 /* 2.23.42.0 (OBJ_set_ctype) */, + 514 /* 2.23.42.1 (OBJ_set_msgExt) */, 515 /* 2.23.42.3 (OBJ_set_attr) */, + 516 /* 2.23.42.5 (OBJ_set_policy) */, 517 /* 2.23.42.7 (OBJ_set_certExt) */, + 518 /* 2.23.42.8 (OBJ_set_brand) */, 679 /* 2.23.43.1 (OBJ_wap_wsg) */, + 382 /* 1.3.6.1.1 (OBJ_Directory) */, 383 /* 1.3.6.1.2 (OBJ_Management) */, + 384 /* 1.3.6.1.3 (OBJ_Experimental) */, 385 /* 1.3.6.1.4 (OBJ_Private) */, + 386 /* 1.3.6.1.5 (OBJ_Security) */, 387 /* 1.3.6.1.6 (OBJ_SNMPv2) */, + 388 /* 1.3.6.1.7 (OBJ_Mail) */, 376 /* 1.3.14.3.2 (OBJ_algorithm) */, + 395 /* 2.5.1.5.55 (OBJ_clearance) */, 19 /* 2.5.8.1.1 (OBJ_rsa) */, + 96 /* 2.5.8.3.100 (OBJ_mdc2WithRSA) */, 95 /* 2.5.8.3.101 (OBJ_mdc2) */, + 746 /* 2.5.29.32.0 (OBJ_any_policy) */, + 910 /* 2.5.29.37.0 (OBJ_anyExtendedKeyUsage) */, + 519 /* 2.23.42.0.0 (OBJ_setct_PANData) */, + 520 /* 2.23.42.0.1 (OBJ_setct_PANToken) */, + 521 /* 2.23.42.0.2 (OBJ_setct_PANOnly) */, + 522 /* 2.23.42.0.3 (OBJ_setct_OIData) */, + 523 /* 2.23.42.0.4 (OBJ_setct_PI) */, + 524 /* 2.23.42.0.5 (OBJ_setct_PIData) */, + 525 /* 2.23.42.0.6 (OBJ_setct_PIDataUnsigned) */, + 526 /* 2.23.42.0.7 (OBJ_setct_HODInput) */, + 527 /* 2.23.42.0.8 (OBJ_setct_AuthResBaggage) */, + 528 /* 2.23.42.0.9 (OBJ_setct_AuthRevReqBaggage) */, + 529 /* 2.23.42.0.10 (OBJ_setct_AuthRevResBaggage) */, + 530 /* 2.23.42.0.11 (OBJ_setct_CapTokenSeq) */, + 531 /* 2.23.42.0.12 (OBJ_setct_PInitResData) */, + 532 /* 2.23.42.0.13 (OBJ_setct_PI_TBS) */, + 533 /* 2.23.42.0.14 (OBJ_setct_PResData) */, + 534 /* 2.23.42.0.16 (OBJ_setct_AuthReqTBS) */, + 535 /* 2.23.42.0.17 (OBJ_setct_AuthResTBS) */, + 536 /* 2.23.42.0.18 (OBJ_setct_AuthResTBSX) */, + 537 /* 2.23.42.0.19 (OBJ_setct_AuthTokenTBS) */, + 538 /* 2.23.42.0.20 (OBJ_setct_CapTokenData) */, + 539 /* 2.23.42.0.21 (OBJ_setct_CapTokenTBS) */, + 540 /* 2.23.42.0.22 (OBJ_setct_AcqCardCodeMsg) */, + 541 /* 2.23.42.0.23 (OBJ_setct_AuthRevReqTBS) */, + 542 /* 2.23.42.0.24 (OBJ_setct_AuthRevResData) */, + 543 /* 2.23.42.0.25 (OBJ_setct_AuthRevResTBS) */, + 544 /* 2.23.42.0.26 (OBJ_setct_CapReqTBS) */, + 545 /* 2.23.42.0.27 (OBJ_setct_CapReqTBSX) */, + 546 /* 2.23.42.0.28 (OBJ_setct_CapResData) */, + 547 /* 2.23.42.0.29 (OBJ_setct_CapRevReqTBS) */, + 548 /* 2.23.42.0.30 (OBJ_setct_CapRevReqTBSX) */, + 549 /* 2.23.42.0.31 (OBJ_setct_CapRevResData) */, + 550 /* 2.23.42.0.32 (OBJ_setct_CredReqTBS) */, + 551 /* 2.23.42.0.33 (OBJ_setct_CredReqTBSX) */, + 552 /* 2.23.42.0.34 (OBJ_setct_CredResData) */, + 553 /* 2.23.42.0.35 (OBJ_setct_CredRevReqTBS) */, + 554 /* 2.23.42.0.36 (OBJ_setct_CredRevReqTBSX) */, + 555 /* 2.23.42.0.37 (OBJ_setct_CredRevResData) */, + 556 /* 2.23.42.0.38 (OBJ_setct_PCertReqData) */, + 557 /* 2.23.42.0.39 (OBJ_setct_PCertResTBS) */, + 558 /* 2.23.42.0.40 (OBJ_setct_BatchAdminReqData) */, + 559 /* 2.23.42.0.41 (OBJ_setct_BatchAdminResData) */, + 560 /* 2.23.42.0.42 (OBJ_setct_CardCInitResTBS) */, + 561 /* 2.23.42.0.43 (OBJ_setct_MeAqCInitResTBS) */, + 562 /* 2.23.42.0.44 (OBJ_setct_RegFormResTBS) */, + 563 /* 2.23.42.0.45 (OBJ_setct_CertReqData) */, + 564 /* 2.23.42.0.46 (OBJ_setct_CertReqTBS) */, + 565 /* 2.23.42.0.47 (OBJ_setct_CertResData) */, + 566 /* 2.23.42.0.48 (OBJ_setct_CertInqReqTBS) */, + 567 /* 2.23.42.0.49 (OBJ_setct_ErrorTBS) */, + 568 /* 2.23.42.0.50 (OBJ_setct_PIDualSignedTBE) */, + 569 /* 2.23.42.0.51 (OBJ_setct_PIUnsignedTBE) */, + 570 /* 2.23.42.0.52 (OBJ_setct_AuthReqTBE) */, + 571 /* 2.23.42.0.53 (OBJ_setct_AuthResTBE) */, + 572 /* 2.23.42.0.54 (OBJ_setct_AuthResTBEX) */, + 573 /* 2.23.42.0.55 (OBJ_setct_AuthTokenTBE) */, + 574 /* 2.23.42.0.56 (OBJ_setct_CapTokenTBE) */, + 575 /* 2.23.42.0.57 (OBJ_setct_CapTokenTBEX) */, + 576 /* 2.23.42.0.58 (OBJ_setct_AcqCardCodeMsgTBE) */, + 577 /* 2.23.42.0.59 (OBJ_setct_AuthRevReqTBE) */, + 578 /* 2.23.42.0.60 (OBJ_setct_AuthRevResTBE) */, + 579 /* 2.23.42.0.61 (OBJ_setct_AuthRevResTBEB) */, + 580 /* 2.23.42.0.62 (OBJ_setct_CapReqTBE) */, + 581 /* 2.23.42.0.63 (OBJ_setct_CapReqTBEX) */, + 582 /* 2.23.42.0.64 (OBJ_setct_CapResTBE) */, + 583 /* 2.23.42.0.65 (OBJ_setct_CapRevReqTBE) */, + 584 /* 2.23.42.0.66 (OBJ_setct_CapRevReqTBEX) */, + 585 /* 2.23.42.0.67 (OBJ_setct_CapRevResTBE) */, + 586 /* 2.23.42.0.68 (OBJ_setct_CredReqTBE) */, + 587 /* 2.23.42.0.69 (OBJ_setct_CredReqTBEX) */, + 588 /* 2.23.42.0.70 (OBJ_setct_CredResTBE) */, + 589 /* 2.23.42.0.71 (OBJ_setct_CredRevReqTBE) */, + 590 /* 2.23.42.0.72 (OBJ_setct_CredRevReqTBEX) */, + 591 /* 2.23.42.0.73 (OBJ_setct_CredRevResTBE) */, + 592 /* 2.23.42.0.74 (OBJ_setct_BatchAdminReqTBE) */, + 593 /* 2.23.42.0.75 (OBJ_setct_BatchAdminResTBE) */, + 594 /* 2.23.42.0.76 (OBJ_setct_RegFormReqTBE) */, + 595 /* 2.23.42.0.77 (OBJ_setct_CertReqTBE) */, + 596 /* 2.23.42.0.78 (OBJ_setct_CertReqTBEX) */, + 597 /* 2.23.42.0.79 (OBJ_setct_CertResTBE) */, + 598 /* 2.23.42.0.80 (OBJ_setct_CRLNotificationTBS) */, + 599 /* 2.23.42.0.81 (OBJ_setct_CRLNotificationResTBS) */, + 600 /* 2.23.42.0.82 (OBJ_setct_BCIDistributionTBS) */, + 601 /* 2.23.42.1.1 (OBJ_setext_genCrypt) */, + 602 /* 2.23.42.1.3 (OBJ_setext_miAuth) */, + 603 /* 2.23.42.1.4 (OBJ_setext_pinSecure) */, + 604 /* 2.23.42.1.5 (OBJ_setext_pinAny) */, + 605 /* 2.23.42.1.7 (OBJ_setext_track2) */, + 606 /* 2.23.42.1.8 (OBJ_setext_cv) */, + 620 /* 2.23.42.3.0 (OBJ_setAttr_Cert) */, + 621 /* 2.23.42.3.1 (OBJ_setAttr_PGWYcap) */, + 622 /* 2.23.42.3.2 (OBJ_setAttr_TokenType) */, + 623 /* 2.23.42.3.3 (OBJ_setAttr_IssCap) */, + 607 /* 2.23.42.5.0 (OBJ_set_policy_root) */, + 608 /* 2.23.42.7.0 (OBJ_setCext_hashedRoot) */, + 609 /* 2.23.42.7.1 (OBJ_setCext_certType) */, + 610 /* 2.23.42.7.2 (OBJ_setCext_merchData) */, + 611 /* 2.23.42.7.3 (OBJ_setCext_cCertRequired) */, + 612 /* 2.23.42.7.4 (OBJ_setCext_tunneling) */, + 613 /* 2.23.42.7.5 (OBJ_setCext_setExt) */, + 614 /* 2.23.42.7.6 (OBJ_setCext_setQualf) */, + 615 /* 2.23.42.7.7 (OBJ_setCext_PGWYcapabilities) */, + 616 /* 2.23.42.7.8 (OBJ_setCext_TokenIdentifier) */, + 617 /* 2.23.42.7.9 (OBJ_setCext_Track2Data) */, + 618 /* 2.23.42.7.10 (OBJ_setCext_TokenType) */, + 619 /* 2.23.42.7.11 (OBJ_setCext_IssuerCapabilities) */, + 636 /* 2.23.42.8.1 (OBJ_set_brand_IATA_ATA) */, + 640 /* 2.23.42.8.4 (OBJ_set_brand_Visa) */, + 641 /* 2.23.42.8.5 (OBJ_set_brand_MasterCard) */, + 637 /* 2.23.42.8.30 (OBJ_set_brand_Diners) */, + 638 /* 2.23.42.8.34 (OBJ_set_brand_AmericanExpress) */, + 639 /* 2.23.42.8.35 (OBJ_set_brand_JCB) */, + 805 /* 1.2.643.2.2 (OBJ_cryptopro) */, + 806 /* 1.2.643.2.9 (OBJ_cryptocom) */, 184 /* 1.2.840.10040 (OBJ_X9_57) */, + 405 /* 1.2.840.10045 (OBJ_ansi_X9_62) */, + 389 /* 1.3.6.1.4.1 (OBJ_Enterprises) */, + 504 /* 1.3.6.1.7.1 (OBJ_mime_mhs) */, + 104 /* 1.3.14.3.2.3 (OBJ_md5WithRSA) */, + 29 /* 1.3.14.3.2.6 (OBJ_des_ecb) */, 31 /* 1.3.14.3.2.7 (OBJ_des_cbc) */, + 45 /* 1.3.14.3.2.8 (OBJ_des_ofb64) */, + 30 /* 1.3.14.3.2.9 (OBJ_des_cfb64) */, + 377 /* 1.3.14.3.2.11 (OBJ_rsaSignature) */, + 67 /* 1.3.14.3.2.12 (OBJ_dsa_2) */, 66 /* 1.3.14.3.2.13 (OBJ_dsaWithSHA) */, + 42 /* 1.3.14.3.2.15 (OBJ_shaWithRSAEncryption) */, + 32 /* 1.3.14.3.2.17 (OBJ_des_ede_ecb) */, 41 /* 1.3.14.3.2.18 (OBJ_sha) */, + 64 /* 1.3.14.3.2.26 (OBJ_sha1) */, + 70 /* 1.3.14.3.2.27 (OBJ_dsaWithSHA1_2) */, + 115 /* 1.3.14.3.2.29 (OBJ_sha1WithRSA) */, + 117 /* 1.3.36.3.2.1 (OBJ_ripemd160) */, 143 /* 1.3.101.1.4.1 (OBJ_sxnet) */, + 721 /* 1.3.132.0.1 (OBJ_sect163k1) */, + 722 /* 1.3.132.0.2 (OBJ_sect163r1) */, + 728 /* 1.3.132.0.3 (OBJ_sect239k1) */, + 717 /* 1.3.132.0.4 (OBJ_sect113r1) */, + 718 /* 1.3.132.0.5 (OBJ_sect113r2) */, + 704 /* 1.3.132.0.6 (OBJ_secp112r1) */, + 705 /* 1.3.132.0.7 (OBJ_secp112r2) */, + 709 /* 1.3.132.0.8 (OBJ_secp160r1) */, + 708 /* 1.3.132.0.9 (OBJ_secp160k1) */, + 714 /* 1.3.132.0.10 (OBJ_secp256k1) */, + 723 /* 1.3.132.0.15 (OBJ_sect163r2) */, + 729 /* 1.3.132.0.16 (OBJ_sect283k1) */, + 730 /* 1.3.132.0.17 (OBJ_sect283r1) */, + 719 /* 1.3.132.0.22 (OBJ_sect131r1) */, + 720 /* 1.3.132.0.23 (OBJ_sect131r2) */, + 724 /* 1.3.132.0.24 (OBJ_sect193r1) */, + 725 /* 1.3.132.0.25 (OBJ_sect193r2) */, + 726 /* 1.3.132.0.26 (OBJ_sect233k1) */, + 727 /* 1.3.132.0.27 (OBJ_sect233r1) */, + 706 /* 1.3.132.0.28 (OBJ_secp128r1) */, + 707 /* 1.3.132.0.29 (OBJ_secp128r2) */, + 710 /* 1.3.132.0.30 (OBJ_secp160r2) */, + 711 /* 1.3.132.0.31 (OBJ_secp192k1) */, + 712 /* 1.3.132.0.32 (OBJ_secp224k1) */, + 713 /* 1.3.132.0.33 (OBJ_secp224r1) */, + 715 /* 1.3.132.0.34 (OBJ_secp384r1) */, + 716 /* 1.3.132.0.35 (OBJ_secp521r1) */, + 731 /* 1.3.132.0.36 (OBJ_sect409k1) */, + 732 /* 1.3.132.0.37 (OBJ_sect409r1) */, + 733 /* 1.3.132.0.38 (OBJ_sect571k1) */, + 734 /* 1.3.132.0.39 (OBJ_sect571r1) */, + 624 /* 2.23.42.3.0.0 (OBJ_set_rootKeyThumb) */, + 625 /* 2.23.42.3.0.1 (OBJ_set_addPolicy) */, + 626 /* 2.23.42.3.2.1 (OBJ_setAttr_Token_EMV) */, + 627 /* 2.23.42.3.2.2 (OBJ_setAttr_Token_B0Prime) */, + 628 /* 2.23.42.3.3.3 (OBJ_setAttr_IssCap_CVM) */, + 629 /* 2.23.42.3.3.4 (OBJ_setAttr_IssCap_T2) */, + 630 /* 2.23.42.3.3.5 (OBJ_setAttr_IssCap_Sig) */, + 642 /* 2.23.42.8.6011 (OBJ_set_brand_Novus) */, + 735 /* 2.23.43.1.4.1 (OBJ_wap_wsg_idm_ecid_wtls1) */, + 736 /* 2.23.43.1.4.3 (OBJ_wap_wsg_idm_ecid_wtls3) */, + 737 /* 2.23.43.1.4.4 (OBJ_wap_wsg_idm_ecid_wtls4) */, + 738 /* 2.23.43.1.4.5 (OBJ_wap_wsg_idm_ecid_wtls5) */, + 739 /* 2.23.43.1.4.6 (OBJ_wap_wsg_idm_ecid_wtls6) */, + 740 /* 2.23.43.1.4.7 (OBJ_wap_wsg_idm_ecid_wtls7) */, + 741 /* 2.23.43.1.4.8 (OBJ_wap_wsg_idm_ecid_wtls8) */, + 742 /* 2.23.43.1.4.9 (OBJ_wap_wsg_idm_ecid_wtls9) */, + 743 /* 2.23.43.1.4.10 (OBJ_wap_wsg_idm_ecid_wtls10) */, + 744 /* 2.23.43.1.4.11 (OBJ_wap_wsg_idm_ecid_wtls11) */, + 745 /* 2.23.43.1.4.12 (OBJ_wap_wsg_idm_ecid_wtls12) */, + 804 /* 1.0.10118.3.0.55 (OBJ_whirlpool) */, + 773 /* 1.2.410.200004 (OBJ_kisa) */, + 807 /* 1.2.643.2.2.3 (OBJ_id_GostR3411_94_with_GostR3410_2001) */, + 808 /* 1.2.643.2.2.4 (OBJ_id_GostR3411_94_with_GostR3410_94) */, + 809 /* 1.2.643.2.2.9 (OBJ_id_GostR3411_94) */, + 810 /* 1.2.643.2.2.10 (OBJ_id_HMACGostR3411_94) */, + 811 /* 1.2.643.2.2.19 (OBJ_id_GostR3410_2001) */, + 812 /* 1.2.643.2.2.20 (OBJ_id_GostR3410_94) */, + 813 /* 1.2.643.2.2.21 (OBJ_id_Gost28147_89) */, + 815 /* 1.2.643.2.2.22 (OBJ_id_Gost28147_89_MAC) */, + 816 /* 1.2.643.2.2.23 (OBJ_id_GostR3411_94_prf) */, + 817 /* 1.2.643.2.2.98 (OBJ_id_GostR3410_2001DH) */, + 818 /* 1.2.643.2.2.99 (OBJ_id_GostR3410_94DH) */, + 1 /* 1.2.840.113549 (OBJ_rsadsi) */, 185 /* 1.2.840.10040.4 (OBJ_X9cm) */, + 127 /* 1.3.6.1.5.5.7 (OBJ_id_pkix) */, + 505 /* 1.3.6.1.7.1.1 (OBJ_mime_mhs_headings) */, + 506 /* 1.3.6.1.7.1.2 (OBJ_mime_mhs_bodies) */, + 119 /* 1.3.36.3.3.1.2 (OBJ_ripemd160WithRSA) */, + 937 /* 1.3.132.1.11.0 (OBJ_dhSinglePass_stdDH_sha224kdf_scheme) */, + 938 /* 1.3.132.1.11.1 (OBJ_dhSinglePass_stdDH_sha256kdf_scheme) */, + 939 /* 1.3.132.1.11.2 (OBJ_dhSinglePass_stdDH_sha384kdf_scheme) */, + 940 /* 1.3.132.1.11.3 (OBJ_dhSinglePass_stdDH_sha512kdf_scheme) */, + 942 /* 1.3.132.1.14.0 (OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme) */, + 943 /* 1.3.132.1.14.1 (OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme) */, + 944 /* 1.3.132.1.14.2 (OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme) */, + 945 /* 1.3.132.1.14.3 (OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme) */, + 631 /* 2.23.42.3.3.3.1 (OBJ_setAttr_GenCryptgrm) */, + 632 /* 2.23.42.3.3.4.1 (OBJ_setAttr_T2Enc) */, + 633 /* 2.23.42.3.3.4.2 (OBJ_setAttr_T2cleartxt) */, + 634 /* 2.23.42.3.3.5.1 (OBJ_setAttr_TokICCsig) */, + 635 /* 2.23.42.3.3.5.2 (OBJ_setAttr_SecDevSig) */, + 436 /* 0.9.2342.19200300 (OBJ_ucl) */, + 820 /* 1.2.643.2.2.14.0 (OBJ_id_Gost28147_89_None_KeyMeshing) */, + 819 /* 1.2.643.2.2.14.1 (OBJ_id_Gost28147_89_CryptoPro_KeyMeshing) */, + 845 /* 1.2.643.2.2.20.1 (OBJ_id_GostR3410_94_a) */, + 846 /* 1.2.643.2.2.20.2 (OBJ_id_GostR3410_94_aBis) */, + 847 /* 1.2.643.2.2.20.3 (OBJ_id_GostR3410_94_b) */, + 848 /* 1.2.643.2.2.20.4 (OBJ_id_GostR3410_94_bBis) */, + 821 /* 1.2.643.2.2.30.0 (OBJ_id_GostR3411_94_TestParamSet) */, + 822 /* 1.2.643.2.2.30.1 (OBJ_id_GostR3411_94_CryptoProParamSet) */, + 823 /* 1.2.643.2.2.31.0 (OBJ_id_Gost28147_89_TestParamSet) */, + 824 /* 1.2.643.2.2.31.1 (OBJ_id_Gost28147_89_CryptoPro_A_ParamSet) */, + 825 /* 1.2.643.2.2.31.2 (OBJ_id_Gost28147_89_CryptoPro_B_ParamSet) */, + 826 /* 1.2.643.2.2.31.3 (OBJ_id_Gost28147_89_CryptoPro_C_ParamSet) */, + 827 /* 1.2.643.2.2.31.4 (OBJ_id_Gost28147_89_CryptoPro_D_ParamSet) */, + 828 /* 1.2.643.2.2.31.5 (OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet) */ + , + 829 /* 1.2.643.2.2.31.6 (OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet) */ + , + 830 /* 1.2.643.2.2.31.7 (OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet) */, + 831 /* 1.2.643.2.2.32.0 (OBJ_id_GostR3410_94_TestParamSet) */, + 832 /* 1.2.643.2.2.32.2 (OBJ_id_GostR3410_94_CryptoPro_A_ParamSet) */, + 833 /* 1.2.643.2.2.32.3 (OBJ_id_GostR3410_94_CryptoPro_B_ParamSet) */, + 834 /* 1.2.643.2.2.32.4 (OBJ_id_GostR3410_94_CryptoPro_C_ParamSet) */, + 835 /* 1.2.643.2.2.32.5 (OBJ_id_GostR3410_94_CryptoPro_D_ParamSet) */, + 836 /* 1.2.643.2.2.33.1 (OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet) */, + 837 /* 1.2.643.2.2.33.2 (OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet) */, + 838 /* 1.2.643.2.2.33.3 (OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet) */, + 839 /* 1.2.643.2.2.35.0 (OBJ_id_GostR3410_2001_TestParamSet) */, + 840 /* 1.2.643.2.2.35.1 (OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet) */, + 841 /* 1.2.643.2.2.35.2 (OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet) */, + 842 /* 1.2.643.2.2.35.3 (OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet) */, + 843 /* 1.2.643.2.2.36.0 (OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet) */, + 844 /* 1.2.643.2.2.36.1 (OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet) */, + 2 /* 1.2.840.113549.1 (OBJ_pkcs) */, + 431 /* 1.2.840.10040.2.1 (OBJ_hold_instruction_none) */, + 432 /* 1.2.840.10040.2.2 (OBJ_hold_instruction_call_issuer) */, + 433 /* 1.2.840.10040.2.3 (OBJ_hold_instruction_reject) */, + 116 /* 1.2.840.10040.4.1 (OBJ_dsa) */, + 113 /* 1.2.840.10040.4.3 (OBJ_dsaWithSHA1) */, + 406 /* 1.2.840.10045.1.1 (OBJ_X9_62_prime_field) */, + 407 /* 1.2.840.10045.1.2 (OBJ_X9_62_characteristic_two_field) */, + 408 /* 1.2.840.10045.2.1 (OBJ_X9_62_id_ecPublicKey) */, + 416 /* 1.2.840.10045.4.1 (OBJ_ecdsa_with_SHA1) */, + 791 /* 1.2.840.10045.4.2 (OBJ_ecdsa_with_Recommended) */, + 792 /* 1.2.840.10045.4.3 (OBJ_ecdsa_with_Specified) */, + 920 /* 1.2.840.10046.2.1 (OBJ_dhpublicnumber) */, + 258 /* 1.3.6.1.5.5.7.0 (OBJ_id_pkix_mod) */, + 175 /* 1.3.6.1.5.5.7.1 (OBJ_id_pe) */, + 259 /* 1.3.6.1.5.5.7.2 (OBJ_id_qt) */, + 128 /* 1.3.6.1.5.5.7.3 (OBJ_id_kp) */, + 260 /* 1.3.6.1.5.5.7.4 (OBJ_id_it) */, + 261 /* 1.3.6.1.5.5.7.5 (OBJ_id_pkip) */, + 262 /* 1.3.6.1.5.5.7.6 (OBJ_id_alg) */, + 263 /* 1.3.6.1.5.5.7.7 (OBJ_id_cmc) */, + 264 /* 1.3.6.1.5.5.7.8 (OBJ_id_on) */, + 265 /* 1.3.6.1.5.5.7.9 (OBJ_id_pda) */, + 266 /* 1.3.6.1.5.5.7.10 (OBJ_id_aca) */, + 267 /* 1.3.6.1.5.5.7.11 (OBJ_id_qcs) */, + 268 /* 1.3.6.1.5.5.7.12 (OBJ_id_cct) */, + 662 /* 1.3.6.1.5.5.7.21 (OBJ_id_ppl) */, + 176 /* 1.3.6.1.5.5.7.48 (OBJ_id_ad) */, + 507 /* 1.3.6.1.7.1.1.1 (OBJ_id_hex_partial_message) */, + 508 /* 1.3.6.1.7.1.1.2 (OBJ_id_hex_multipart_message) */, + 57 /* 2.16.840.1.113730 (OBJ_netscape) */, + 754 /* 0.3.4401.5.3.1.9.1 (OBJ_camellia_128_ecb) */, + 766 /* 0.3.4401.5.3.1.9.3 (OBJ_camellia_128_ofb128) */, + 757 /* 0.3.4401.5.3.1.9.4 (OBJ_camellia_128_cfb128) */, + 755 /* 0.3.4401.5.3.1.9.21 (OBJ_camellia_192_ecb) */, + 767 /* 0.3.4401.5.3.1.9.23 (OBJ_camellia_192_ofb128) */, + 758 /* 0.3.4401.5.3.1.9.24 (OBJ_camellia_192_cfb128) */, + 756 /* 0.3.4401.5.3.1.9.41 (OBJ_camellia_256_ecb) */, + 768 /* 0.3.4401.5.3.1.9.43 (OBJ_camellia_256_ofb128) */, + 759 /* 0.3.4401.5.3.1.9.44 (OBJ_camellia_256_cfb128) */, + 437 /* 0.9.2342.19200300.100 (OBJ_pilot) */, + 776 /* 1.2.410.200004.1.3 (OBJ_seed_ecb) */, + 777 /* 1.2.410.200004.1.4 (OBJ_seed_cbc) */, + 779 /* 1.2.410.200004.1.5 (OBJ_seed_cfb128) */, + 778 /* 1.2.410.200004.1.6 (OBJ_seed_ofb128) */, + 852 /* 1.2.643.2.9.1.3.3 (OBJ_id_GostR3411_94_with_GostR3410_94_cc) */, + 853 /* 1.2.643.2.9.1.3.4 (OBJ_id_GostR3411_94_with_GostR3410_2001_cc) */, + 850 /* 1.2.643.2.9.1.5.3 (OBJ_id_GostR3410_94_cc) */, + 851 /* 1.2.643.2.9.1.5.4 (OBJ_id_GostR3410_2001_cc) */, + 849 /* 1.2.643.2.9.1.6.1 (OBJ_id_Gost28147_89_cc) */, + 854 /* 1.2.643.2.9.1.8.1 (OBJ_id_GostR3410_2001_ParamSet_cc) */, + 186 /* 1.2.840.113549.1.1 (OBJ_pkcs1) */, + 27 /* 1.2.840.113549.1.3 (OBJ_pkcs3) */, + 187 /* 1.2.840.113549.1.5 (OBJ_pkcs5) */, + 20 /* 1.2.840.113549.1.7 (OBJ_pkcs7) */, + 47 /* 1.2.840.113549.1.9 (OBJ_pkcs9) */, + 3 /* 1.2.840.113549.2.2 (OBJ_md2) */, + 257 /* 1.2.840.113549.2.4 (OBJ_md4) */, + 4 /* 1.2.840.113549.2.5 (OBJ_md5) */, + 797 /* 1.2.840.113549.2.6 (OBJ_hmacWithMD5) */, + 163 /* 1.2.840.113549.2.7 (OBJ_hmacWithSHA1) */, + 798 /* 1.2.840.113549.2.8 (OBJ_hmacWithSHA224) */, + 799 /* 1.2.840.113549.2.9 (OBJ_hmacWithSHA256) */, + 800 /* 1.2.840.113549.2.10 (OBJ_hmacWithSHA384) */, + 801 /* 1.2.840.113549.2.11 (OBJ_hmacWithSHA512) */, + 37 /* 1.2.840.113549.3.2 (OBJ_rc2_cbc) */, + 5 /* 1.2.840.113549.3.4 (OBJ_rc4) */, + 44 /* 1.2.840.113549.3.7 (OBJ_des_ede3_cbc) */, + 120 /* 1.2.840.113549.3.8 (OBJ_rc5_cbc) */, + 643 /* 1.2.840.113549.3.10 (OBJ_des_cdmf) */, + 680 /* 1.2.840.10045.1.2.3 (OBJ_X9_62_id_characteristic_two_basis) */, + 684 /* 1.2.840.10045.3.0.1 (OBJ_X9_62_c2pnb163v1) */, + 685 /* 1.2.840.10045.3.0.2 (OBJ_X9_62_c2pnb163v2) */, + 686 /* 1.2.840.10045.3.0.3 (OBJ_X9_62_c2pnb163v3) */, + 687 /* 1.2.840.10045.3.0.4 (OBJ_X9_62_c2pnb176v1) */, + 688 /* 1.2.840.10045.3.0.5 (OBJ_X9_62_c2tnb191v1) */, + 689 /* 1.2.840.10045.3.0.6 (OBJ_X9_62_c2tnb191v2) */, + 690 /* 1.2.840.10045.3.0.7 (OBJ_X9_62_c2tnb191v3) */, + 691 /* 1.2.840.10045.3.0.8 (OBJ_X9_62_c2onb191v4) */, + 692 /* 1.2.840.10045.3.0.9 (OBJ_X9_62_c2onb191v5) */, + 693 /* 1.2.840.10045.3.0.10 (OBJ_X9_62_c2pnb208w1) */, + 694 /* 1.2.840.10045.3.0.11 (OBJ_X9_62_c2tnb239v1) */, + 695 /* 1.2.840.10045.3.0.12 (OBJ_X9_62_c2tnb239v2) */, + 696 /* 1.2.840.10045.3.0.13 (OBJ_X9_62_c2tnb239v3) */, + 697 /* 1.2.840.10045.3.0.14 (OBJ_X9_62_c2onb239v4) */, + 698 /* 1.2.840.10045.3.0.15 (OBJ_X9_62_c2onb239v5) */, + 699 /* 1.2.840.10045.3.0.16 (OBJ_X9_62_c2pnb272w1) */, + 700 /* 1.2.840.10045.3.0.17 (OBJ_X9_62_c2pnb304w1) */, + 701 /* 1.2.840.10045.3.0.18 (OBJ_X9_62_c2tnb359v1) */, + 702 /* 1.2.840.10045.3.0.19 (OBJ_X9_62_c2pnb368w1) */, + 703 /* 1.2.840.10045.3.0.20 (OBJ_X9_62_c2tnb431r1) */, + 409 /* 1.2.840.10045.3.1.1 (OBJ_X9_62_prime192v1) */, + 410 /* 1.2.840.10045.3.1.2 (OBJ_X9_62_prime192v2) */, + 411 /* 1.2.840.10045.3.1.3 (OBJ_X9_62_prime192v3) */, + 412 /* 1.2.840.10045.3.1.4 (OBJ_X9_62_prime239v1) */, + 413 /* 1.2.840.10045.3.1.5 (OBJ_X9_62_prime239v2) */, + 414 /* 1.2.840.10045.3.1.6 (OBJ_X9_62_prime239v3) */, + 415 /* 1.2.840.10045.3.1.7 (OBJ_X9_62_prime256v1) */, + 793 /* 1.2.840.10045.4.3.1 (OBJ_ecdsa_with_SHA224) */, + 794 /* 1.2.840.10045.4.3.2 (OBJ_ecdsa_with_SHA256) */, + 795 /* 1.2.840.10045.4.3.3 (OBJ_ecdsa_with_SHA384) */, + 796 /* 1.2.840.10045.4.3.4 (OBJ_ecdsa_with_SHA512) */, + 269 /* 1.3.6.1.5.5.7.0.1 (OBJ_id_pkix1_explicit_88) */, + 270 /* 1.3.6.1.5.5.7.0.2 (OBJ_id_pkix1_implicit_88) */, + 271 /* 1.3.6.1.5.5.7.0.3 (OBJ_id_pkix1_explicit_93) */, + 272 /* 1.3.6.1.5.5.7.0.4 (OBJ_id_pkix1_implicit_93) */, + 273 /* 1.3.6.1.5.5.7.0.5 (OBJ_id_mod_crmf) */, + 274 /* 1.3.6.1.5.5.7.0.6 (OBJ_id_mod_cmc) */, + 275 /* 1.3.6.1.5.5.7.0.7 (OBJ_id_mod_kea_profile_88) */, + 276 /* 1.3.6.1.5.5.7.0.8 (OBJ_id_mod_kea_profile_93) */, + 277 /* 1.3.6.1.5.5.7.0.9 (OBJ_id_mod_cmp) */, + 278 /* 1.3.6.1.5.5.7.0.10 (OBJ_id_mod_qualified_cert_88) */, + 279 /* 1.3.6.1.5.5.7.0.11 (OBJ_id_mod_qualified_cert_93) */, + 280 /* 1.3.6.1.5.5.7.0.12 (OBJ_id_mod_attribute_cert) */, + 281 /* 1.3.6.1.5.5.7.0.13 (OBJ_id_mod_timestamp_protocol) */, + 282 /* 1.3.6.1.5.5.7.0.14 (OBJ_id_mod_ocsp) */, + 283 /* 1.3.6.1.5.5.7.0.15 (OBJ_id_mod_dvcs) */, + 284 /* 1.3.6.1.5.5.7.0.16 (OBJ_id_mod_cmp2000) */, + 177 /* 1.3.6.1.5.5.7.1.1 (OBJ_info_access) */, + 285 /* 1.3.6.1.5.5.7.1.2 (OBJ_biometricInfo) */, + 286 /* 1.3.6.1.5.5.7.1.3 (OBJ_qcStatements) */, + 287 /* 1.3.6.1.5.5.7.1.4 (OBJ_ac_auditEntity) */, + 288 /* 1.3.6.1.5.5.7.1.5 (OBJ_ac_targeting) */, + 289 /* 1.3.6.1.5.5.7.1.6 (OBJ_aaControls) */, + 290 /* 1.3.6.1.5.5.7.1.7 (OBJ_sbgp_ipAddrBlock) */, + 291 /* 1.3.6.1.5.5.7.1.8 (OBJ_sbgp_autonomousSysNum) */, + 292 /* 1.3.6.1.5.5.7.1.9 (OBJ_sbgp_routerIdentifier) */, + 397 /* 1.3.6.1.5.5.7.1.10 (OBJ_ac_proxying) */, + 398 /* 1.3.6.1.5.5.7.1.11 (OBJ_sinfo_access) */, + 663 /* 1.3.6.1.5.5.7.1.14 (OBJ_proxyCertInfo) */, + 164 /* 1.3.6.1.5.5.7.2.1 (OBJ_id_qt_cps) */, + 165 /* 1.3.6.1.5.5.7.2.2 (OBJ_id_qt_unotice) */, + 293 /* 1.3.6.1.5.5.7.2.3 (OBJ_textNotice) */, + 129 /* 1.3.6.1.5.5.7.3.1 (OBJ_server_auth) */, + 130 /* 1.3.6.1.5.5.7.3.2 (OBJ_client_auth) */, + 131 /* 1.3.6.1.5.5.7.3.3 (OBJ_code_sign) */, + 132 /* 1.3.6.1.5.5.7.3.4 (OBJ_email_protect) */, + 294 /* 1.3.6.1.5.5.7.3.5 (OBJ_ipsecEndSystem) */, + 295 /* 1.3.6.1.5.5.7.3.6 (OBJ_ipsecTunnel) */, + 296 /* 1.3.6.1.5.5.7.3.7 (OBJ_ipsecUser) */, + 133 /* 1.3.6.1.5.5.7.3.8 (OBJ_time_stamp) */, + 180 /* 1.3.6.1.5.5.7.3.9 (OBJ_OCSP_sign) */, + 297 /* 1.3.6.1.5.5.7.3.10 (OBJ_dvcs) */, + 298 /* 1.3.6.1.5.5.7.4.1 (OBJ_id_it_caProtEncCert) */, + 299 /* 1.3.6.1.5.5.7.4.2 (OBJ_id_it_signKeyPairTypes) */, + 300 /* 1.3.6.1.5.5.7.4.3 (OBJ_id_it_encKeyPairTypes) */, + 301 /* 1.3.6.1.5.5.7.4.4 (OBJ_id_it_preferredSymmAlg) */, + 302 /* 1.3.6.1.5.5.7.4.5 (OBJ_id_it_caKeyUpdateInfo) */, + 303 /* 1.3.6.1.5.5.7.4.6 (OBJ_id_it_currentCRL) */, + 304 /* 1.3.6.1.5.5.7.4.7 (OBJ_id_it_unsupportedOIDs) */, + 305 /* 1.3.6.1.5.5.7.4.8 (OBJ_id_it_subscriptionRequest) */, + 306 /* 1.3.6.1.5.5.7.4.9 (OBJ_id_it_subscriptionResponse) */, + 307 /* 1.3.6.1.5.5.7.4.10 (OBJ_id_it_keyPairParamReq) */, + 308 /* 1.3.6.1.5.5.7.4.11 (OBJ_id_it_keyPairParamRep) */, + 309 /* 1.3.6.1.5.5.7.4.12 (OBJ_id_it_revPassphrase) */, + 310 /* 1.3.6.1.5.5.7.4.13 (OBJ_id_it_implicitConfirm) */, + 311 /* 1.3.6.1.5.5.7.4.14 (OBJ_id_it_confirmWaitTime) */, + 312 /* 1.3.6.1.5.5.7.4.15 (OBJ_id_it_origPKIMessage) */, + 784 /* 1.3.6.1.5.5.7.4.16 (OBJ_id_it_suppLangTags) */, + 313 /* 1.3.6.1.5.5.7.5.1 (OBJ_id_regCtrl) */, + 314 /* 1.3.6.1.5.5.7.5.2 (OBJ_id_regInfo) */, + 323 /* 1.3.6.1.5.5.7.6.1 (OBJ_id_alg_des40) */, + 324 /* 1.3.6.1.5.5.7.6.2 (OBJ_id_alg_noSignature) */, + 325 /* 1.3.6.1.5.5.7.6.3 (OBJ_id_alg_dh_sig_hmac_sha1) */, + 326 /* 1.3.6.1.5.5.7.6.4 (OBJ_id_alg_dh_pop) */, + 327 /* 1.3.6.1.5.5.7.7.1 (OBJ_id_cmc_statusInfo) */, + 328 /* 1.3.6.1.5.5.7.7.2 (OBJ_id_cmc_identification) */, + 329 /* 1.3.6.1.5.5.7.7.3 (OBJ_id_cmc_identityProof) */, + 330 /* 1.3.6.1.5.5.7.7.4 (OBJ_id_cmc_dataReturn) */, + 331 /* 1.3.6.1.5.5.7.7.5 (OBJ_id_cmc_transactionId) */, + 332 /* 1.3.6.1.5.5.7.7.6 (OBJ_id_cmc_senderNonce) */, + 333 /* 1.3.6.1.5.5.7.7.7 (OBJ_id_cmc_recipientNonce) */, + 334 /* 1.3.6.1.5.5.7.7.8 (OBJ_id_cmc_addExtensions) */, + 335 /* 1.3.6.1.5.5.7.7.9 (OBJ_id_cmc_encryptedPOP) */, + 336 /* 1.3.6.1.5.5.7.7.10 (OBJ_id_cmc_decryptedPOP) */, + 337 /* 1.3.6.1.5.5.7.7.11 (OBJ_id_cmc_lraPOPWitness) */, + 338 /* 1.3.6.1.5.5.7.7.15 (OBJ_id_cmc_getCert) */, + 339 /* 1.3.6.1.5.5.7.7.16 (OBJ_id_cmc_getCRL) */, + 340 /* 1.3.6.1.5.5.7.7.17 (OBJ_id_cmc_revokeRequest) */, + 341 /* 1.3.6.1.5.5.7.7.18 (OBJ_id_cmc_regInfo) */, + 342 /* 1.3.6.1.5.5.7.7.19 (OBJ_id_cmc_responseInfo) */, + 343 /* 1.3.6.1.5.5.7.7.21 (OBJ_id_cmc_queryPending) */, + 344 /* 1.3.6.1.5.5.7.7.22 (OBJ_id_cmc_popLinkRandom) */, + 345 /* 1.3.6.1.5.5.7.7.23 (OBJ_id_cmc_popLinkWitness) */, + 346 /* 1.3.6.1.5.5.7.7.24 (OBJ_id_cmc_confirmCertAcceptance) */, + 347 /* 1.3.6.1.5.5.7.8.1 (OBJ_id_on_personalData) */, + 858 /* 1.3.6.1.5.5.7.8.3 (OBJ_id_on_permanentIdentifier) */, + 348 /* 1.3.6.1.5.5.7.9.1 (OBJ_id_pda_dateOfBirth) */, + 349 /* 1.3.6.1.5.5.7.9.2 (OBJ_id_pda_placeOfBirth) */, + 351 /* 1.3.6.1.5.5.7.9.3 (OBJ_id_pda_gender) */, + 352 /* 1.3.6.1.5.5.7.9.4 (OBJ_id_pda_countryOfCitizenship) */, + 353 /* 1.3.6.1.5.5.7.9.5 (OBJ_id_pda_countryOfResidence) */, + 354 /* 1.3.6.1.5.5.7.10.1 (OBJ_id_aca_authenticationInfo) */, + 355 /* 1.3.6.1.5.5.7.10.2 (OBJ_id_aca_accessIdentity) */, + 356 /* 1.3.6.1.5.5.7.10.3 (OBJ_id_aca_chargingIdentity) */, + 357 /* 1.3.6.1.5.5.7.10.4 (OBJ_id_aca_group) */, + 358 /* 1.3.6.1.5.5.7.10.5 (OBJ_id_aca_role) */, + 399 /* 1.3.6.1.5.5.7.10.6 (OBJ_id_aca_encAttrs) */, + 359 /* 1.3.6.1.5.5.7.11.1 (OBJ_id_qcs_pkixQCSyntax_v1) */, + 360 /* 1.3.6.1.5.5.7.12.1 (OBJ_id_cct_crs) */, + 361 /* 1.3.6.1.5.5.7.12.2 (OBJ_id_cct_PKIData) */, + 362 /* 1.3.6.1.5.5.7.12.3 (OBJ_id_cct_PKIResponse) */, + 664 /* 1.3.6.1.5.5.7.21.0 (OBJ_id_ppl_anyLanguage) */, + 665 /* 1.3.6.1.5.5.7.21.1 (OBJ_id_ppl_inheritAll) */, + 667 /* 1.3.6.1.5.5.7.21.2 (OBJ_Independent) */, + 178 /* 1.3.6.1.5.5.7.48.1 (OBJ_ad_OCSP) */, + 179 /* 1.3.6.1.5.5.7.48.2 (OBJ_ad_ca_issuers) */, + 363 /* 1.3.6.1.5.5.7.48.3 (OBJ_ad_timeStamping) */, + 364 /* 1.3.6.1.5.5.7.48.4 (OBJ_ad_dvcs) */, + 785 /* 1.3.6.1.5.5.7.48.5 (OBJ_caRepository) */, + 780 /* 1.3.6.1.5.5.8.1.1 (OBJ_hmac_md5) */, + 781 /* 1.3.6.1.5.5.8.1.2 (OBJ_hmac_sha1) */, + 58 /* 2.16.840.1.113730.1 (OBJ_netscape_cert_extension) */, + 59 /* 2.16.840.1.113730.2 (OBJ_netscape_data_type) */, + 438 /* 0.9.2342.19200300.100.1 (OBJ_pilotAttributeType) */, + 439 /* 0.9.2342.19200300.100.3 (OBJ_pilotAttributeSyntax) */, + 440 /* 0.9.2342.19200300.100.4 (OBJ_pilotObjectClass) */, + 441 /* 0.9.2342.19200300.100.10 (OBJ_pilotGroups) */, + 108 /* 1.2.840.113533.7.66.10 (OBJ_cast5_cbc) */, + 112 /* 1.2.840.113533.7.66.12 (OBJ_pbeWithMD5AndCast5_CBC) */, + 782 /* 1.2.840.113533.7.66.13 (OBJ_id_PasswordBasedMAC) */, + 783 /* 1.2.840.113533.7.66.30 (OBJ_id_DHBasedMac) */, + 6 /* 1.2.840.113549.1.1.1 (OBJ_rsaEncryption) */, + 7 /* 1.2.840.113549.1.1.2 (OBJ_md2WithRSAEncryption) */, + 396 /* 1.2.840.113549.1.1.3 (OBJ_md4WithRSAEncryption) */, + 8 /* 1.2.840.113549.1.1.4 (OBJ_md5WithRSAEncryption) */, + 65 /* 1.2.840.113549.1.1.5 (OBJ_sha1WithRSAEncryption) */, + 644 /* 1.2.840.113549.1.1.6 (OBJ_rsaOAEPEncryptionSET) */, + 919 /* 1.2.840.113549.1.1.7 (OBJ_rsaesOaep) */, + 911 /* 1.2.840.113549.1.1.8 (OBJ_mgf1) */, + 935 /* 1.2.840.113549.1.1.9 (OBJ_pSpecified) */, + 912 /* 1.2.840.113549.1.1.10 (OBJ_rsassaPss) */, + 668 /* 1.2.840.113549.1.1.11 (OBJ_sha256WithRSAEncryption) */, + 669 /* 1.2.840.113549.1.1.12 (OBJ_sha384WithRSAEncryption) */, + 670 /* 1.2.840.113549.1.1.13 (OBJ_sha512WithRSAEncryption) */, + 671 /* 1.2.840.113549.1.1.14 (OBJ_sha224WithRSAEncryption) */, + 28 /* 1.2.840.113549.1.3.1 (OBJ_dhKeyAgreement) */, + 9 /* 1.2.840.113549.1.5.1 (OBJ_pbeWithMD2AndDES_CBC) */, + 10 /* 1.2.840.113549.1.5.3 (OBJ_pbeWithMD5AndDES_CBC) */, + 168 /* 1.2.840.113549.1.5.4 (OBJ_pbeWithMD2AndRC2_CBC) */, + 169 /* 1.2.840.113549.1.5.6 (OBJ_pbeWithMD5AndRC2_CBC) */, + 170 /* 1.2.840.113549.1.5.10 (OBJ_pbeWithSHA1AndDES_CBC) */, + 68 /* 1.2.840.113549.1.5.11 (OBJ_pbeWithSHA1AndRC2_CBC) */, + 69 /* 1.2.840.113549.1.5.12 (OBJ_id_pbkdf2) */, + 161 /* 1.2.840.113549.1.5.13 (OBJ_pbes2) */, + 162 /* 1.2.840.113549.1.5.14 (OBJ_pbmac1) */, + 21 /* 1.2.840.113549.1.7.1 (OBJ_pkcs7_data) */, + 22 /* 1.2.840.113549.1.7.2 (OBJ_pkcs7_signed) */, + 23 /* 1.2.840.113549.1.7.3 (OBJ_pkcs7_enveloped) */, + 24 /* 1.2.840.113549.1.7.4 (OBJ_pkcs7_signedAndEnveloped) */, + 25 /* 1.2.840.113549.1.7.5 (OBJ_pkcs7_digest) */, + 26 /* 1.2.840.113549.1.7.6 (OBJ_pkcs7_encrypted) */, + 48 /* 1.2.840.113549.1.9.1 (OBJ_pkcs9_emailAddress) */, + 49 /* 1.2.840.113549.1.9.2 (OBJ_pkcs9_unstructuredName) */, + 50 /* 1.2.840.113549.1.9.3 (OBJ_pkcs9_contentType) */, + 51 /* 1.2.840.113549.1.9.4 (OBJ_pkcs9_messageDigest) */, + 52 /* 1.2.840.113549.1.9.5 (OBJ_pkcs9_signingTime) */, + 53 /* 1.2.840.113549.1.9.6 (OBJ_pkcs9_countersignature) */, + 54 /* 1.2.840.113549.1.9.7 (OBJ_pkcs9_challengePassword) */, + 55 /* 1.2.840.113549.1.9.8 (OBJ_pkcs9_unstructuredAddress) */, + 56 /* 1.2.840.113549.1.9.9 (OBJ_pkcs9_extCertAttributes) */, + 172 /* 1.2.840.113549.1.9.14 (OBJ_ext_req) */, + 167 /* 1.2.840.113549.1.9.15 (OBJ_SMIMECapabilities) */, + 188 /* 1.2.840.113549.1.9.16 (OBJ_SMIME) */, + 156 /* 1.2.840.113549.1.9.20 (OBJ_friendlyName) */, + 157 /* 1.2.840.113549.1.9.21 (OBJ_localKeyID) */, + 681 /* 1.2.840.10045.1.2.3.1 (OBJ_X9_62_onBasis) */, + 682 /* 1.2.840.10045.1.2.3.2 (OBJ_X9_62_tpBasis) */, + 683 /* 1.2.840.10045.1.2.3.3 (OBJ_X9_62_ppBasis) */, + 417 /* 1.3.6.1.4.1.311.17.1 (OBJ_ms_csp_name) */, + 856 /* 1.3.6.1.4.1.311.17.2 (OBJ_LocalKeySet) */, + 390 /* 1.3.6.1.4.1.1466.344 (OBJ_dcObject) */, + 91 /* 1.3.6.1.4.1.3029.1.2 (OBJ_bf_cbc) */, + 315 /* 1.3.6.1.5.5.7.5.1.1 (OBJ_id_regCtrl_regToken) */, + 316 /* 1.3.6.1.5.5.7.5.1.2 (OBJ_id_regCtrl_authenticator) */, + 317 /* 1.3.6.1.5.5.7.5.1.3 (OBJ_id_regCtrl_pkiPublicationInfo) */, + 318 /* 1.3.6.1.5.5.7.5.1.4 (OBJ_id_regCtrl_pkiArchiveOptions) */, + 319 /* 1.3.6.1.5.5.7.5.1.5 (OBJ_id_regCtrl_oldCertID) */, + 320 /* 1.3.6.1.5.5.7.5.1.6 (OBJ_id_regCtrl_protocolEncrKey) */, + 321 /* 1.3.6.1.5.5.7.5.2.1 (OBJ_id_regInfo_utf8Pairs) */, + 322 /* 1.3.6.1.5.5.7.5.2.2 (OBJ_id_regInfo_certReq) */, + 365 /* 1.3.6.1.5.5.7.48.1.1 (OBJ_id_pkix_OCSP_basic) */, + 366 /* 1.3.6.1.5.5.7.48.1.2 (OBJ_id_pkix_OCSP_Nonce) */, + 367 /* 1.3.6.1.5.5.7.48.1.3 (OBJ_id_pkix_OCSP_CrlID) */, + 368 /* 1.3.6.1.5.5.7.48.1.4 (OBJ_id_pkix_OCSP_acceptableResponses) */, + 369 /* 1.3.6.1.5.5.7.48.1.5 (OBJ_id_pkix_OCSP_noCheck) */, + 370 /* 1.3.6.1.5.5.7.48.1.6 (OBJ_id_pkix_OCSP_archiveCutoff) */, + 371 /* 1.3.6.1.5.5.7.48.1.7 (OBJ_id_pkix_OCSP_serviceLocator) */, + 372 /* 1.3.6.1.5.5.7.48.1.8 (OBJ_id_pkix_OCSP_extendedStatus) */, + 373 /* 1.3.6.1.5.5.7.48.1.9 (OBJ_id_pkix_OCSP_valid) */, + 374 /* 1.3.6.1.5.5.7.48.1.10 (OBJ_id_pkix_OCSP_path) */, + 375 /* 1.3.6.1.5.5.7.48.1.11 (OBJ_id_pkix_OCSP_trustRoot) */, + 921 /* 1.3.36.3.3.2.8.1.1.1 (OBJ_brainpoolP160r1) */, + 922 /* 1.3.36.3.3.2.8.1.1.2 (OBJ_brainpoolP160t1) */, + 923 /* 1.3.36.3.3.2.8.1.1.3 (OBJ_brainpoolP192r1) */, + 924 /* 1.3.36.3.3.2.8.1.1.4 (OBJ_brainpoolP192t1) */, + 925 /* 1.3.36.3.3.2.8.1.1.5 (OBJ_brainpoolP224r1) */, + 926 /* 1.3.36.3.3.2.8.1.1.6 (OBJ_brainpoolP224t1) */, + 927 /* 1.3.36.3.3.2.8.1.1.7 (OBJ_brainpoolP256r1) */, + 928 /* 1.3.36.3.3.2.8.1.1.8 (OBJ_brainpoolP256t1) */, + 929 /* 1.3.36.3.3.2.8.1.1.9 (OBJ_brainpoolP320r1) */, + 930 /* 1.3.36.3.3.2.8.1.1.10 (OBJ_brainpoolP320t1) */, + 931 /* 1.3.36.3.3.2.8.1.1.11 (OBJ_brainpoolP384r1) */, + 932 /* 1.3.36.3.3.2.8.1.1.12 (OBJ_brainpoolP384t1) */, + 933 /* 1.3.36.3.3.2.8.1.1.13 (OBJ_brainpoolP512r1) */, + 934 /* 1.3.36.3.3.2.8.1.1.14 (OBJ_brainpoolP512t1) */, + 936 /* 1.3.133.16.840.63.0.2 (OBJ_dhSinglePass_stdDH_sha1kdf_scheme) */, + 941 /* 1.3.133.16.840.63.0.3 (OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme) */ + , + 418 /* 2.16.840.1.101.3.4.1.1 (OBJ_aes_128_ecb) */, + 419 /* 2.16.840.1.101.3.4.1.2 (OBJ_aes_128_cbc) */, + 420 /* 2.16.840.1.101.3.4.1.3 (OBJ_aes_128_ofb128) */, + 421 /* 2.16.840.1.101.3.4.1.4 (OBJ_aes_128_cfb128) */, + 788 /* 2.16.840.1.101.3.4.1.5 (OBJ_id_aes128_wrap) */, + 895 /* 2.16.840.1.101.3.4.1.6 (OBJ_aes_128_gcm) */, + 896 /* 2.16.840.1.101.3.4.1.7 (OBJ_aes_128_ccm) */, + 897 /* 2.16.840.1.101.3.4.1.8 (OBJ_id_aes128_wrap_pad) */, + 422 /* 2.16.840.1.101.3.4.1.21 (OBJ_aes_192_ecb) */, + 423 /* 2.16.840.1.101.3.4.1.22 (OBJ_aes_192_cbc) */, + 424 /* 2.16.840.1.101.3.4.1.23 (OBJ_aes_192_ofb128) */, + 425 /* 2.16.840.1.101.3.4.1.24 (OBJ_aes_192_cfb128) */, + 789 /* 2.16.840.1.101.3.4.1.25 (OBJ_id_aes192_wrap) */, + 898 /* 2.16.840.1.101.3.4.1.26 (OBJ_aes_192_gcm) */, + 899 /* 2.16.840.1.101.3.4.1.27 (OBJ_aes_192_ccm) */, + 900 /* 2.16.840.1.101.3.4.1.28 (OBJ_id_aes192_wrap_pad) */, + 426 /* 2.16.840.1.101.3.4.1.41 (OBJ_aes_256_ecb) */, + 427 /* 2.16.840.1.101.3.4.1.42 (OBJ_aes_256_cbc) */, + 428 /* 2.16.840.1.101.3.4.1.43 (OBJ_aes_256_ofb128) */, + 429 /* 2.16.840.1.101.3.4.1.44 (OBJ_aes_256_cfb128) */, + 790 /* 2.16.840.1.101.3.4.1.45 (OBJ_id_aes256_wrap) */, + 901 /* 2.16.840.1.101.3.4.1.46 (OBJ_aes_256_gcm) */, + 902 /* 2.16.840.1.101.3.4.1.47 (OBJ_aes_256_ccm) */, + 903 /* 2.16.840.1.101.3.4.1.48 (OBJ_id_aes256_wrap_pad) */, + 672 /* 2.16.840.1.101.3.4.2.1 (OBJ_sha256) */, + 673 /* 2.16.840.1.101.3.4.2.2 (OBJ_sha384) */, + 674 /* 2.16.840.1.101.3.4.2.3 (OBJ_sha512) */, + 675 /* 2.16.840.1.101.3.4.2.4 (OBJ_sha224) */, + 802 /* 2.16.840.1.101.3.4.3.1 (OBJ_dsa_with_SHA224) */, + 803 /* 2.16.840.1.101.3.4.3.2 (OBJ_dsa_with_SHA256) */, + 71 /* 2.16.840.1.113730.1.1 (OBJ_netscape_cert_type) */, + 72 /* 2.16.840.1.113730.1.2 (OBJ_netscape_base_url) */, + 73 /* 2.16.840.1.113730.1.3 (OBJ_netscape_revocation_url) */, + 74 /* 2.16.840.1.113730.1.4 (OBJ_netscape_ca_revocation_url) */, + 75 /* 2.16.840.1.113730.1.7 (OBJ_netscape_renewal_url) */, + 76 /* 2.16.840.1.113730.1.8 (OBJ_netscape_ca_policy_url) */, + 77 /* 2.16.840.1.113730.1.12 (OBJ_netscape_ssl_server_name) */, + 78 /* 2.16.840.1.113730.1.13 (OBJ_netscape_comment) */, + 79 /* 2.16.840.1.113730.2.5 (OBJ_netscape_cert_sequence) */, + 139 /* 2.16.840.1.113730.4.1 (OBJ_ns_sgc) */, + 458 /* 0.9.2342.19200300.100.1.1 (OBJ_userId) */, + 459 /* 0.9.2342.19200300.100.1.2 (OBJ_textEncodedORAddress) */, + 460 /* 0.9.2342.19200300.100.1.3 (OBJ_rfc822Mailbox) */, + 461 /* 0.9.2342.19200300.100.1.4 (OBJ_info) */, + 462 /* 0.9.2342.19200300.100.1.5 (OBJ_favouriteDrink) */, + 463 /* 0.9.2342.19200300.100.1.6 (OBJ_roomNumber) */, + 464 /* 0.9.2342.19200300.100.1.7 (OBJ_photo) */, + 465 /* 0.9.2342.19200300.100.1.8 (OBJ_userClass) */, + 466 /* 0.9.2342.19200300.100.1.9 (OBJ_host) */, + 467 /* 0.9.2342.19200300.100.1.10 (OBJ_manager) */, + 468 /* 0.9.2342.19200300.100.1.11 (OBJ_documentIdentifier) */, + 469 /* 0.9.2342.19200300.100.1.12 (OBJ_documentTitle) */, + 470 /* 0.9.2342.19200300.100.1.13 (OBJ_documentVersion) */, + 471 /* 0.9.2342.19200300.100.1.14 (OBJ_documentAuthor) */, + 472 /* 0.9.2342.19200300.100.1.15 (OBJ_documentLocation) */, + 473 /* 0.9.2342.19200300.100.1.20 (OBJ_homeTelephoneNumber) */, + 474 /* 0.9.2342.19200300.100.1.21 (OBJ_secretary) */, + 475 /* 0.9.2342.19200300.100.1.22 (OBJ_otherMailbox) */, + 476 /* 0.9.2342.19200300.100.1.23 (OBJ_lastModifiedTime) */, + 477 /* 0.9.2342.19200300.100.1.24 (OBJ_lastModifiedBy) */, + 391 /* 0.9.2342.19200300.100.1.25 (OBJ_domainComponent) */, + 478 /* 0.9.2342.19200300.100.1.26 (OBJ_aRecord) */, + 479 /* 0.9.2342.19200300.100.1.27 (OBJ_pilotAttributeType27) */, + 480 /* 0.9.2342.19200300.100.1.28 (OBJ_mXRecord) */, + 481 /* 0.9.2342.19200300.100.1.29 (OBJ_nSRecord) */, + 482 /* 0.9.2342.19200300.100.1.30 (OBJ_sOARecord) */, + 483 /* 0.9.2342.19200300.100.1.31 (OBJ_cNAMERecord) */, + 484 /* 0.9.2342.19200300.100.1.37 (OBJ_associatedDomain) */, + 485 /* 0.9.2342.19200300.100.1.38 (OBJ_associatedName) */, + 486 /* 0.9.2342.19200300.100.1.39 (OBJ_homePostalAddress) */, + 487 /* 0.9.2342.19200300.100.1.40 (OBJ_personalTitle) */, + 488 /* 0.9.2342.19200300.100.1.41 (OBJ_mobileTelephoneNumber) */, + 489 /* 0.9.2342.19200300.100.1.42 (OBJ_pagerTelephoneNumber) */, + 490 /* 0.9.2342.19200300.100.1.43 (OBJ_friendlyCountryName) */, + 491 /* 0.9.2342.19200300.100.1.45 (OBJ_organizationalStatus) */, + 492 /* 0.9.2342.19200300.100.1.46 (OBJ_janetMailbox) */, + 493 /* 0.9.2342.19200300.100.1.47 (OBJ_mailPreferenceOption) */, + 494 /* 0.9.2342.19200300.100.1.48 (OBJ_buildingName) */, + 495 /* 0.9.2342.19200300.100.1.49 (OBJ_dSAQuality) */, + 496 /* 0.9.2342.19200300.100.1.50 (OBJ_singleLevelQuality) */, + 497 /* 0.9.2342.19200300.100.1.51 (OBJ_subtreeMinimumQuality) */, + 498 /* 0.9.2342.19200300.100.1.52 (OBJ_subtreeMaximumQuality) */, + 499 /* 0.9.2342.19200300.100.1.53 (OBJ_personalSignature) */, + 500 /* 0.9.2342.19200300.100.1.54 (OBJ_dITRedirect) */, + 501 /* 0.9.2342.19200300.100.1.55 (OBJ_audio) */, + 502 /* 0.9.2342.19200300.100.1.56 (OBJ_documentPublisher) */, + 442 /* 0.9.2342.19200300.100.3.4 (OBJ_iA5StringSyntax) */, + 443 /* 0.9.2342.19200300.100.3.5 (OBJ_caseIgnoreIA5StringSyntax) */, + 444 /* 0.9.2342.19200300.100.4.3 (OBJ_pilotObject) */, + 445 /* 0.9.2342.19200300.100.4.4 (OBJ_pilotPerson) */, + 446 /* 0.9.2342.19200300.100.4.5 (OBJ_account) */, + 447 /* 0.9.2342.19200300.100.4.6 (OBJ_document) */, + 448 /* 0.9.2342.19200300.100.4.7 (OBJ_room) */, + 449 /* 0.9.2342.19200300.100.4.9 (OBJ_documentSeries) */, + 392 /* 0.9.2342.19200300.100.4.13 (OBJ_Domain) */, + 450 /* 0.9.2342.19200300.100.4.14 (OBJ_rFC822localPart) */, + 451 /* 0.9.2342.19200300.100.4.15 (OBJ_dNSDomain) */, + 452 /* 0.9.2342.19200300.100.4.17 (OBJ_domainRelatedObject) */, + 453 /* 0.9.2342.19200300.100.4.18 (OBJ_friendlyCountry) */, + 454 /* 0.9.2342.19200300.100.4.19 (OBJ_simpleSecurityObject) */, + 455 /* 0.9.2342.19200300.100.4.20 (OBJ_pilotOrganization) */, + 456 /* 0.9.2342.19200300.100.4.21 (OBJ_pilotDSA) */, + 457 /* 0.9.2342.19200300.100.4.22 (OBJ_qualityLabelledData) */, + 189 /* 1.2.840.113549.1.9.16.0 (OBJ_id_smime_mod) */, + 190 /* 1.2.840.113549.1.9.16.1 (OBJ_id_smime_ct) */, + 191 /* 1.2.840.113549.1.9.16.2 (OBJ_id_smime_aa) */, + 192 /* 1.2.840.113549.1.9.16.3 (OBJ_id_smime_alg) */, + 193 /* 1.2.840.113549.1.9.16.4 (OBJ_id_smime_cd) */, + 194 /* 1.2.840.113549.1.9.16.5 (OBJ_id_smime_spq) */, + 195 /* 1.2.840.113549.1.9.16.6 (OBJ_id_smime_cti) */, + 158 /* 1.2.840.113549.1.9.22.1 (OBJ_x509Certificate) */, + 159 /* 1.2.840.113549.1.9.22.2 (OBJ_sdsiCertificate) */, + 160 /* 1.2.840.113549.1.9.23.1 (OBJ_x509Crl) */, + 144 /* 1.2.840.113549.1.12.1.1 (OBJ_pbe_WithSHA1And128BitRC4) */, + 145 /* 1.2.840.113549.1.12.1.2 (OBJ_pbe_WithSHA1And40BitRC4) */, + 146 /* 1.2.840.113549.1.12.1.3 (OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC) */, + 147 /* 1.2.840.113549.1.12.1.4 (OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC) */, + 148 /* 1.2.840.113549.1.12.1.5 (OBJ_pbe_WithSHA1And128BitRC2_CBC) */, + 149 /* 1.2.840.113549.1.12.1.6 (OBJ_pbe_WithSHA1And40BitRC2_CBC) */, + 171 /* 1.3.6.1.4.1.311.2.1.14 (OBJ_ms_ext_req) */, + 134 /* 1.3.6.1.4.1.311.2.1.21 (OBJ_ms_code_ind) */, + 135 /* 1.3.6.1.4.1.311.2.1.22 (OBJ_ms_code_com) */, + 136 /* 1.3.6.1.4.1.311.10.3.1 (OBJ_ms_ctl_sign) */, + 137 /* 1.3.6.1.4.1.311.10.3.3 (OBJ_ms_sgc) */, + 138 /* 1.3.6.1.4.1.311.10.3.4 (OBJ_ms_efs) */, + 648 /* 1.3.6.1.4.1.311.20.2.2 (OBJ_ms_smartcard_login) */, + 649 /* 1.3.6.1.4.1.311.20.2.3 (OBJ_ms_upn) */, + 751 /* 1.2.392.200011.61.1.1.1.2 (OBJ_camellia_128_cbc) */, + 752 /* 1.2.392.200011.61.1.1.1.3 (OBJ_camellia_192_cbc) */, + 753 /* 1.2.392.200011.61.1.1.1.4 (OBJ_camellia_256_cbc) */, + 907 /* 1.2.392.200011.61.1.1.3.2 (OBJ_id_camellia128_wrap) */, + 908 /* 1.2.392.200011.61.1.1.3.3 (OBJ_id_camellia192_wrap) */, + 909 /* 1.2.392.200011.61.1.1.3.4 (OBJ_id_camellia256_wrap) */, + 196 /* 1.2.840.113549.1.9.16.0.1 (OBJ_id_smime_mod_cms) */, + 197 /* 1.2.840.113549.1.9.16.0.2 (OBJ_id_smime_mod_ess) */, + 198 /* 1.2.840.113549.1.9.16.0.3 (OBJ_id_smime_mod_oid) */, + 199 /* 1.2.840.113549.1.9.16.0.4 (OBJ_id_smime_mod_msg_v3) */, + 200 /* 1.2.840.113549.1.9.16.0.5 (OBJ_id_smime_mod_ets_eSignature_88) */, + 201 /* 1.2.840.113549.1.9.16.0.6 (OBJ_id_smime_mod_ets_eSignature_97) */, + 202 /* 1.2.840.113549.1.9.16.0.7 (OBJ_id_smime_mod_ets_eSigPolicy_88) */, + 203 /* 1.2.840.113549.1.9.16.0.8 (OBJ_id_smime_mod_ets_eSigPolicy_97) */, + 204 /* 1.2.840.113549.1.9.16.1.1 (OBJ_id_smime_ct_receipt) */, + 205 /* 1.2.840.113549.1.9.16.1.2 (OBJ_id_smime_ct_authData) */, + 206 /* 1.2.840.113549.1.9.16.1.3 (OBJ_id_smime_ct_publishCert) */, + 207 /* 1.2.840.113549.1.9.16.1.4 (OBJ_id_smime_ct_TSTInfo) */, + 208 /* 1.2.840.113549.1.9.16.1.5 (OBJ_id_smime_ct_TDTInfo) */, + 209 /* 1.2.840.113549.1.9.16.1.6 (OBJ_id_smime_ct_contentInfo) */, + 210 /* 1.2.840.113549.1.9.16.1.7 (OBJ_id_smime_ct_DVCSRequestData) */, + 211 /* 1.2.840.113549.1.9.16.1.8 (OBJ_id_smime_ct_DVCSResponseData) */, + 786 /* 1.2.840.113549.1.9.16.1.9 (OBJ_id_smime_ct_compressedData) */, + 787 /* 1.2.840.113549.1.9.16.1.27 (OBJ_id_ct_asciiTextWithCRLF) */, + 212 /* 1.2.840.113549.1.9.16.2.1 (OBJ_id_smime_aa_receiptRequest) */, + 213 /* 1.2.840.113549.1.9.16.2.2 (OBJ_id_smime_aa_securityLabel) */, + 214 /* 1.2.840.113549.1.9.16.2.3 (OBJ_id_smime_aa_mlExpandHistory) */, + 215 /* 1.2.840.113549.1.9.16.2.4 (OBJ_id_smime_aa_contentHint) */, + 216 /* 1.2.840.113549.1.9.16.2.5 (OBJ_id_smime_aa_msgSigDigest) */, + 217 /* 1.2.840.113549.1.9.16.2.6 (OBJ_id_smime_aa_encapContentType) */, + 218 /* 1.2.840.113549.1.9.16.2.7 (OBJ_id_smime_aa_contentIdentifier) */, + 219 /* 1.2.840.113549.1.9.16.2.8 (OBJ_id_smime_aa_macValue) */, + 220 /* 1.2.840.113549.1.9.16.2.9 (OBJ_id_smime_aa_equivalentLabels) */, + 221 /* 1.2.840.113549.1.9.16.2.10 (OBJ_id_smime_aa_contentReference) */, + 222 /* 1.2.840.113549.1.9.16.2.11 (OBJ_id_smime_aa_encrypKeyPref) */, + 223 /* 1.2.840.113549.1.9.16.2.12 (OBJ_id_smime_aa_signingCertificate) */, + 224 /* 1.2.840.113549.1.9.16.2.13 (OBJ_id_smime_aa_smimeEncryptCerts) */, + 225 /* 1.2.840.113549.1.9.16.2.14 (OBJ_id_smime_aa_timeStampToken) */, + 226 /* 1.2.840.113549.1.9.16.2.15 (OBJ_id_smime_aa_ets_sigPolicyId) */, + 227 /* 1.2.840.113549.1.9.16.2.16 (OBJ_id_smime_aa_ets_commitmentType) */, + 228 /* 1.2.840.113549.1.9.16.2.17 (OBJ_id_smime_aa_ets_signerLocation) */, + 229 /* 1.2.840.113549.1.9.16.2.18 (OBJ_id_smime_aa_ets_signerAttr) */, + 230 /* 1.2.840.113549.1.9.16.2.19 (OBJ_id_smime_aa_ets_otherSigCert) */, + 231 /* 1.2.840.113549.1.9.16.2.20 (OBJ_id_smime_aa_ets_contentTimestamp) */, + 232 /* 1.2.840.113549.1.9.16.2.21 (OBJ_id_smime_aa_ets_CertificateRefs) */, + 233 /* 1.2.840.113549.1.9.16.2.22 (OBJ_id_smime_aa_ets_RevocationRefs) */, + 234 /* 1.2.840.113549.1.9.16.2.23 (OBJ_id_smime_aa_ets_certValues) */, + 235 /* 1.2.840.113549.1.9.16.2.24 (OBJ_id_smime_aa_ets_revocationValues) */, + 236 /* 1.2.840.113549.1.9.16.2.25 (OBJ_id_smime_aa_ets_escTimeStamp) */, + 237 /* 1.2.840.113549.1.9.16.2.26 (OBJ_id_smime_aa_ets_certCRLTimestamp) */, + 238 /* 1.2.840.113549.1.9.16.2.27 (OBJ_id_smime_aa_ets_archiveTimeStamp) */, + 239 /* 1.2.840.113549.1.9.16.2.28 (OBJ_id_smime_aa_signatureType) */, + 240 /* 1.2.840.113549.1.9.16.2.29 (OBJ_id_smime_aa_dvcs_dvc) */, + 241 /* 1.2.840.113549.1.9.16.3.1 (OBJ_id_smime_alg_ESDHwith3DES) */, + 242 /* 1.2.840.113549.1.9.16.3.2 (OBJ_id_smime_alg_ESDHwithRC2) */, + 243 /* 1.2.840.113549.1.9.16.3.3 (OBJ_id_smime_alg_3DESwrap) */, + 244 /* 1.2.840.113549.1.9.16.3.4 (OBJ_id_smime_alg_RC2wrap) */, + 245 /* 1.2.840.113549.1.9.16.3.5 (OBJ_id_smime_alg_ESDH) */, + 246 /* 1.2.840.113549.1.9.16.3.6 (OBJ_id_smime_alg_CMS3DESwrap) */, + 247 /* 1.2.840.113549.1.9.16.3.7 (OBJ_id_smime_alg_CMSRC2wrap) */, + 125 /* 1.2.840.113549.1.9.16.3.8 (OBJ_zlib_compression) */, + 893 /* 1.2.840.113549.1.9.16.3.9 (OBJ_id_alg_PWRI_KEK) */, + 248 /* 1.2.840.113549.1.9.16.4.1 (OBJ_id_smime_cd_ldap) */, + 249 /* 1.2.840.113549.1.9.16.5.1 (OBJ_id_smime_spq_ets_sqt_uri) */, + 250 /* 1.2.840.113549.1.9.16.5.2 (OBJ_id_smime_spq_ets_sqt_unotice) */, + 251 /* 1.2.840.113549.1.9.16.6.1 (OBJ_id_smime_cti_ets_proofOfOrigin) */, + 252 /* 1.2.840.113549.1.9.16.6.2 (OBJ_id_smime_cti_ets_proofOfReceipt) */, + 253 /* 1.2.840.113549.1.9.16.6.3 (OBJ_id_smime_cti_ets_proofOfDelivery) */, + 254 /* 1.2.840.113549.1.9.16.6.4 (OBJ_id_smime_cti_ets_proofOfSender) */, + 255 /* 1.2.840.113549.1.9.16.6.5 (OBJ_id_smime_cti_ets_proofOfApproval) */, + 256 /* 1.2.840.113549.1.9.16.6.6 (OBJ_id_smime_cti_ets_proofOfCreation) */, + 150 /* 1.2.840.113549.1.12.10.1.1 (OBJ_keyBag) */, + 151 /* 1.2.840.113549.1.12.10.1.2 (OBJ_pkcs8ShroudedKeyBag) */, + 152 /* 1.2.840.113549.1.12.10.1.3 (OBJ_certBag) */, + 153 /* 1.2.840.113549.1.12.10.1.4 (OBJ_crlBag) */, + 154 /* 1.2.840.113549.1.12.10.1.5 (OBJ_secretBag) */, + 155 /* 1.2.840.113549.1.12.10.1.6 (OBJ_safeContentsBag) */, + 34 /* 1.3.6.1.4.1.188.7.1.1.2 (OBJ_idea_cbc) */, }; - diff --git a/src/crypto/obj/obj_dat.pl b/src/crypto/obj/obj_dat.pl deleted file mode 100644 index 036ded54..00000000 --- a/src/crypto/obj/obj_dat.pl +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/env perl - -# fixes bug in floating point emulation on sparc64 when -# this script produces off-by-one output on sparc64 -use integer; - -if (scalar @ARGV != 2) - { - print "Usage: perl obj_dat.pl ../../include/openssl/nid.h obj_dat.h\n"; - exit 1; - } - -sub obj_cmp - { - local(@a,@b,$_,$r); - - $A=$obj_len{$obj{$nid{$a}}}; - $B=$obj_len{$obj{$nid{$b}}}; - - $r=($A-$B); - return($r) if $r != 0; - - $A=$obj_der{$obj{$nid{$a}}}; - $B=$obj_der{$obj{$nid{$b}}}; - - return($A cmp $B); - } - -sub expand_obj - { - local(*v)=@_; - local($k,$d); - local($i); - - do { - $i=0; - foreach $k (keys %v) - { - if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/)) - { $i++; } - } - } while($i); - foreach $k (keys %v) - { - @a=split(/,/,$v{$k}); - $objn{$k}=$#a+1; - } - return(%objn); - } - -open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]"; -open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]"; - -while (<IN>) - { - next unless /^\#define\s+(\S+)\s+(.*)$/; - $v=$1; - $d=$2; - $d =~ s/^\"//; - $d =~ s/\"$//; - if ($v =~ /^SN_(.*)$/) - { - if(defined $snames{$d}) - { - print "WARNING: Duplicate short name \"$d\"\n"; - } - else - { $snames{$d} = "X"; } - $sn{$1}=$d; - } - elsif ($v =~ /^LN_(.*)$/) - { - if(defined $lnames{$d}) - { - print "WARNING: Duplicate long name \"$d\"\n"; - } - else - { $lnames{$d} = "X"; } - $ln{$1}=$d; - } - elsif ($v =~ /^NID_(.*)$/) - { $nid{$d}=$1; } - elsif ($v =~ /^OBJ_(.*)$/) - { - $obj{$1}=$v; - $objd{$v}=$d; - } - } -close IN; - -%ob=&expand_obj(*objd); - -@a=sort { $a <=> $b } keys %nid; -$n=$a[$#a]+1; - -@lvalues=(); -$lvalues=0; - -for ($i=0; $i<$n; $i++) - { - if (!defined($nid{$i})) - { - push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n"); - } - else - { - $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL"; - $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL"; - - if ($sn eq "NULL") { - $sn=$ln; - $sn{$nid{$i}} = $ln; - } - - if ($ln eq "NULL") { - $ln=$sn; - $ln{$nid{$i}} = $sn; - } - - $out ="{"; - $out.="\"$sn\""; - $out.=","."\"$ln\""; - $out.=",NID_$nid{$i},"; - if (defined($obj{$nid{$i}}) && $objd{$obj{$nid{$i}}} =~ /,/) - { - $v=$objd{$obj{$nid{$i}}}; - $v =~ s/L//g; - $v =~ s/,/ /g; - $r=&der_it($v); - $z=""; - $length=0; - foreach (unpack("C*",$r)) - { - $z.=sprintf("0x%02X,",$_); - $length++; - } - $obj_der{$obj{$nid{$i}}}=$z; - $obj_len{$obj{$nid{$i}}}=$length; - - push(@lvalues,sprintf("%-45s/* [%3d] %s */\n", - $z,$lvalues,$obj{$nid{$i}})); - $out.="$length,&(lvalues[$lvalues]),0"; - $lvalues+=$length; - } - else - { - $out.="0,NULL,0"; - } - $out.="},\n"; - push(@out,$out); - } - } - -@a=grep(defined($sn{$nid{$_}}),0 .. $n); -foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) - { - push(@sn,sprintf("%2d,\t/* \"$sn{$nid{$_}}\" */\n",$_)); - } - -@a=grep(defined($ln{$nid{$_}}),0 .. $n); -foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) - { - push(@ln,sprintf("%2d,\t/* \"$ln{$nid{$_}}\" */\n",$_)); - } - -@a=grep(defined($obj{$nid{$_}}) && $objd{$obj{$nid{$_}}} =~ /,/,0 .. $n); -foreach (sort obj_cmp @a) - { - $m=$obj{$nid{$_}}; - $v=$objd{$m}; - $v =~ s/L//g; - $v =~ s/,/ /g; - push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v)); - } - -print OUT <<'EOF'; -/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the - * following command: - * perl obj_dat.pl ../../include/openssl/nid.h obj_dat.h */ - -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -EOF - -printf OUT "#define NUM_NID %d\n",$n; -printf OUT "#define NUM_SN %d\n",$#sn+1; -printf OUT "#define NUM_LN %d\n",$#ln+1; -printf OUT "#define NUM_OBJ %d\n\n",$#ob+1; - -printf OUT "static const unsigned char lvalues[%d]={\n",$lvalues+1; -print OUT @lvalues; -print OUT "};\n\n"; - -printf OUT "static const ASN1_OBJECT kObjects[NUM_NID]={\n"; -foreach (@out) - { - if (length($_) > 75) - { - $out=""; - foreach (split(/,/)) - { - $t=$out.$_.","; - if (length($t) > 70) - { - print OUT "$out\n"; - $t="\t$_,"; - } - $out=$t; - } - chop $out; - print OUT "$out"; - } - else - { print OUT $_; } - } -print OUT "};\n\n"; - -printf OUT "static const unsigned int kNIDsInShortNameOrder[NUM_SN]={\n"; -print OUT @sn; -print OUT "};\n\n"; - -printf OUT "static const unsigned int kNIDsInLongNameOrder[NUM_LN]={\n"; -print OUT @ln; -print OUT "};\n\n"; - -printf OUT "static const unsigned int kNIDsInOIDOrder[NUM_OBJ]={\n"; -print OUT @ob; -print OUT "};\n\n"; - -close OUT; - -sub der_it - { - local($v)=@_; - local(@a,$i,$ret,@r); - - @a=split(/\s+/,$v); - $ret.=pack("C*",$a[0]*40+$a[1]); - shift @a; - shift @a; - foreach (@a) - { - @r=(); - $t=0; - while ($_ >= 128) - { - $x=$_%128; - $_/=128; - push(@r,((($t++)?0x80:0)|$x)); - } - push(@r,((($t++)?0x80:0)|$_)); - $ret.=pack("C*",reverse(@r)); - } - return($ret); - } diff --git a/src/crypto/obj/obj_mac.num b/src/crypto/obj/obj_mac.num index 074657ae..ef19a6d2 100644 --- a/src/crypto/obj/obj_mac.num +++ b/src/crypto/obj/obj_mac.num @@ -100,7 +100,6 @@ rc2_40_cbc 98 givenName 99 surname 100 initials 101 -uniqueIdentifier 102 crl_distribution_points 103 md5WithRSA 104 serialNumber 105 @@ -121,7 +120,6 @@ rc5_cbc 120 rc5_ecb 121 rc5_cfb64 122 rc5_ofb64 123 -rle_compression 124 zlib_compression 125 ext_key_usage 126 id_pkix 127 @@ -347,7 +345,6 @@ id_cmc_confirmCertAcceptance 346 id_on_personalData 347 id_pda_dateOfBirth 348 id_pda_placeOfBirth 349 -id_pda_pseudonym 350 id_pda_gender 351 id_pda_countryOfCitizenship 352 id_pda_countryOfResidence 353 @@ -390,7 +387,6 @@ Enterprises 389 dcObject 390 domainComponent 391 Domain 392 -joint_iso_ccitt 393 selected_attribute_types 394 clearance 395 md4WithRSAEncryption 396 @@ -401,7 +397,6 @@ role 400 policy_constraints 401 target_information 402 no_rev_avail 403 -ccitt 404 ansi_X9_62 405 X9_62_prime_field 406 X9_62_characteristic_two_field 407 @@ -508,7 +503,6 @@ id_hex_partial_message 507 id_hex_multipart_message 508 generationQualifier 509 pseudonym 510 -InternationalRA 511 id_set 512 set_ctype 513 set_msgExt 514 @@ -769,10 +763,7 @@ camellia_256_ofb128 768 subject_directory_attributes 769 issuing_distribution_point 770 certificate_issuer 771 -korea 772 kisa 773 -kftc 774 -npki_alg 775 seed_ecb 776 seed_cbc 777 seed_ofb128 778 diff --git a/src/crypto/obj/obj_test.cc b/src/crypto/obj/obj_test.cc index 4813b050..6c9dc3fb 100644 --- a/src/crypto/obj/obj_test.cc +++ b/src/crypto/obj/obj_test.cc @@ -20,6 +20,8 @@ #include <openssl/crypto.h> #include <openssl/obj.h> +#include "../internal.h" + static bool TestBasic() { static const int kNID = NID_sha256WithRSAEncryption; @@ -97,7 +99,7 @@ static bool TestSignatureAlgorithms() { static bool ExpectObj2Txt(const uint8_t *der, size_t der_len, bool always_return_oid, const char *expected) { ASN1_OBJECT obj; - memset(&obj, 0, sizeof(obj)); + OPENSSL_memset(&obj, 0, sizeof(obj)); obj.data = der; obj.length = static_cast<int>(der_len); @@ -112,7 +114,7 @@ static bool ExpectObj2Txt(const uint8_t *der, size_t der_len, } char short_buf[1]; - memset(short_buf, 0xff, sizeof(short_buf)); + OPENSSL_memset(short_buf, 0xff, sizeof(short_buf)); len = OBJ_obj2txt(short_buf, sizeof(short_buf), &obj, always_return_oid); if (len != expected_len) { fprintf(stderr, @@ -121,7 +123,7 @@ static bool ExpectObj2Txt(const uint8_t *der, size_t der_len, return false; } - if (memchr(short_buf, '\0', sizeof(short_buf)) == nullptr) { + if (OPENSSL_memchr(short_buf, '\0', sizeof(short_buf)) == nullptr) { fprintf(stderr, "OBJ_obj2txt of %s with out_len = 1 did not NUL-terminate the " "output.\n", @@ -186,7 +188,7 @@ static bool TestObj2Txt() { } ASN1_OBJECT obj; - memset(&obj, 0, sizeof(obj)); + OPENSSL_memset(&obj, 0, sizeof(obj)); // kNonMinimalOID is kBasicConstraints with the final component non-minimally // encoded. diff --git a/src/crypto/obj/obj_xref.c b/src/crypto/obj/obj_xref.c index 70babea8..7b4ff12e 100644 --- a/src/crypto/obj/obj_xref.c +++ b/src/crypto/obj/obj_xref.c @@ -56,69 +56,67 @@ #include <openssl/obj.h> -#include <stdlib.h> - -#include "obj_xref.h" - - -static int nid_triple_cmp_by_sign_id(const void *in_a, const void *in_b) { - const nid_triple *a = in_a; - const nid_triple *b = in_b; - - return a->sign_id - b->sign_id; -} +#include "../internal.h" + + +typedef struct { + int sign_nid; + int digest_nid; + int pkey_nid; +} nid_triple; + +static const nid_triple kTriples[] = { + /* RSA PKCS#1. */ + {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, + {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, + {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, + {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, + {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, + {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, + {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, + /* DSA. */ + {NID_dsaWithSHA1, NID_sha1, NID_dsa}, + {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, + {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, + {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, + /* ECDSA. */ + {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, + /* For PSS the digest algorithm can vary and depends on the included + * AlgorithmIdentifier. The digest "undef" indicates the public key method + * should handle this explicitly. */ + {NID_rsassaPss, NID_undef, NID_rsaEncryption}, +}; int OBJ_find_sigid_algs(int sign_nid, int *out_digest_nid, int *out_pkey_nid) { - nid_triple key; - const nid_triple *triple; - - key.sign_id = sign_nid; - - triple = bsearch(&key, sigoid_srt, sizeof(sigoid_srt) / sizeof(nid_triple), - sizeof(nid_triple), nid_triple_cmp_by_sign_id); - - if (triple == NULL) { - return 0; - } - if (out_digest_nid) { - *out_digest_nid = triple->hash_id; - } - if (out_pkey_nid) { - *out_pkey_nid = triple->pkey_id; + for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTriples); i++) { + if (kTriples[i].sign_nid == sign_nid) { + if (out_digest_nid != NULL) { + *out_digest_nid = kTriples[i].digest_nid; + } + if (out_pkey_nid != NULL) { + *out_pkey_nid = kTriples[i].pkey_nid; + } + return 1; + } } - return 1; -} - -static int nid_triple_cmp_by_digest_and_hash(const void *in_a, - const void *in_b) { - const nid_triple *a = *((nid_triple**) in_a); - const nid_triple *b = *((nid_triple**) in_b); - - int ret = a->hash_id - b->hash_id; - if (ret) { - return ret; - } - return a->pkey_id - b->pkey_id; + return 0; } int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid, int pkey_nid) { - nid_triple key, *pkey; - const nid_triple **triple; - - key.hash_id = digest_nid; - key.pkey_id = pkey_nid; - pkey = &key; - - triple = bsearch(&pkey, sigoid_srt_xref, - sizeof(sigoid_srt_xref) / sizeof(nid_triple *), - sizeof(nid_triple *), nid_triple_cmp_by_digest_and_hash); - - if (triple == NULL) { - return 0; + for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTriples); i++) { + if (kTriples[i].digest_nid == digest_nid && + kTriples[i].pkey_nid == pkey_nid) { + if (out_sign_nid != NULL) { + *out_sign_nid = kTriples[i].sign_nid; + } + return 1; + } } - if (out_sign_nid) { - *out_sign_nid = (*triple)->sign_id; - } - return 1; + + return 0; } diff --git a/src/crypto/obj/obj_xref.h b/src/crypto/obj/obj_xref.h deleted file mode 100644 index b2082f55..00000000 --- a/src/crypto/obj/obj_xref.h +++ /dev/null @@ -1,96 +0,0 @@ -/* THIS FILE IS GENERATED FROM obj_xref.txt by obj_xref.pl via the - * following command: - * perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h */ - -typedef struct - { - int sign_id; - int hash_id; - int pkey_id; - } nid_triple; - -static const nid_triple sigoid_srt[] = - { - {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, - {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, - {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, - {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, - {NID_dsaWithSHA, NID_sha, NID_dsa}, - {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, - {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, - {NID_md5WithRSA, NID_md5, NID_rsa}, - {NID_dsaWithSHA1, NID_sha1, NID_dsa}, - {NID_sha1WithRSA, NID_sha1, NID_rsa}, - {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, - {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, - {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, - {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, - {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, - {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, - {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, - {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, - {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, - {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, - {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001}, - {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, - {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, - {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, - {NID_rsassaPss, NID_undef, NID_rsaEncryption}, - {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, - {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf}, - }; - -static const nid_triple * const sigoid_srt_xref[] = - { - &sigoid_srt[0], - &sigoid_srt[1], - &sigoid_srt[7], - &sigoid_srt[2], - &sigoid_srt[4], - &sigoid_srt[3], - &sigoid_srt[9], - &sigoid_srt[5], - &sigoid_srt[8], - &sigoid_srt[12], - &sigoid_srt[30], - &sigoid_srt[35], - &sigoid_srt[6], - &sigoid_srt[10], - &sigoid_srt[11], - &sigoid_srt[13], - &sigoid_srt[24], - &sigoid_srt[20], - &sigoid_srt[32], - &sigoid_srt[37], - &sigoid_srt[14], - &sigoid_srt[21], - &sigoid_srt[33], - &sigoid_srt[38], - &sigoid_srt[15], - &sigoid_srt[22], - &sigoid_srt[34], - &sigoid_srt[39], - &sigoid_srt[16], - &sigoid_srt[23], - &sigoid_srt[19], - &sigoid_srt[31], - &sigoid_srt[36], - &sigoid_srt[25], - &sigoid_srt[26], - &sigoid_srt[27], - &sigoid_srt[28], - }; - diff --git a/src/crypto/obj/obj_xref.pl b/src/crypto/obj/obj_xref.pl deleted file mode 100644 index 51dd68f4..00000000 --- a/src/crypto/obj/obj_xref.pl +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/env perl - -use strict; - -if (scalar @ARGV != 2) - { - print "Usage: perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h\n"; - exit 1; - } - -my %xref_tbl; -my %oid_tbl; - -my ($mac_file, $xref_file) = @ARGV; - -open(IN, $mac_file) || die "Can't open $mac_file"; - -# Read in OID nid values for a lookup table. - -while (<IN>) - { - chomp; - my ($name, $num) = /^(\S+)\s+(\S+)$/; - $oid_tbl{$name} = $num; - } -close IN; - -open(IN, $xref_file) || die "Can't open $xref_file"; - -my $ln = 1; - -while (<IN>) - { - chomp; - s/#.*$//; - next if (/^\S*$/); - my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/; - check_oid($xr); - check_oid($p1); - check_oid($p2); - $xref_tbl{$xr} = [$p1, $p2, $ln]; - } - -my @xrkeys = keys %xref_tbl; - -my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys; - -for(my $i = 0; $i <= $#srt1; $i++) - { - $xref_tbl{$srt1[$i]}[2] = $i; - } - -my @srt2 = sort - { - my$ap1 = $oid_tbl{$xref_tbl{$a}[0]}; - my$bp1 = $oid_tbl{$xref_tbl{$b}[0]}; - return $ap1 - $bp1 if ($ap1 != $bp1); - my$ap2 = $oid_tbl{$xref_tbl{$a}[1]}; - my$bp2 = $oid_tbl{$xref_tbl{$b}[1]}; - - return $ap2 - $bp2; - } @xrkeys; - -my $pname = $0; - -$pname =~ s|^.[^/]/||; - -print <<EOF; -/* THIS FILE IS GENERATED FROM obj_xref.txt by obj_xref.pl via the - * following command: - * perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h */ - -typedef struct - { - int sign_id; - int hash_id; - int pkey_id; - } nid_triple; - -static const nid_triple sigoid_srt[] = - { -EOF - -foreach (@srt1) - { - my $xr = $_; - my ($p1, $p2) = @{$xref_tbl{$_}}; - print "\t{NID_$xr, NID_$p1, NID_$p2},\n"; - } - -print "\t};"; -print <<EOF; - - -static const nid_triple * const sigoid_srt_xref[] = - { -EOF - -foreach (@srt2) - { - my ($p1, $p2, $x) = @{$xref_tbl{$_}}; - # If digest or signature algorithm is "undef" then the algorithm - # needs special handling and is excluded from the cross reference table. - next if $p1 eq "undef" || $p2 eq "undef"; - print "\t\&sigoid_srt\[$x\],\n"; - } - -print "\t};\n\n"; - -sub check_oid - { - my ($chk) = @_; - if (!exists $oid_tbl{$chk}) - { - die "Not Found \"$chk\"\n"; - } - } - diff --git a/src/crypto/obj/obj_xref.txt b/src/crypto/obj/obj_xref.txt deleted file mode 100644 index 19c94226..00000000 --- a/src/crypto/obj/obj_xref.txt +++ /dev/null @@ -1,58 +0,0 @@ -# OID cross reference table. -# Links signatures OIDs to their corresponding public key algorithms -# and digests. - -md2WithRSAEncryption md2 rsaEncryption -md5WithRSAEncryption md5 rsaEncryption -shaWithRSAEncryption sha rsaEncryption -sha1WithRSAEncryption sha1 rsaEncryption -md4WithRSAEncryption md4 rsaEncryption -sha256WithRSAEncryption sha256 rsaEncryption -sha384WithRSAEncryption sha384 rsaEncryption -sha512WithRSAEncryption sha512 rsaEncryption -sha224WithRSAEncryption sha224 rsaEncryption -mdc2WithRSA mdc2 rsaEncryption -ripemd160WithRSA ripemd160 rsaEncryption -# For PSS the digest algorithm can vary and depends on the included -# AlgorithmIdentifier. The digest "undef" indicates the public key -# method should handle this explicitly. -rsassaPss undef rsaEncryption - -# Alternative deprecated OIDs. By using the older "rsa" OID this -# type will be recognized by not normally used. - -md5WithRSA md5 rsa -sha1WithRSA sha1 rsa - -dsaWithSHA sha dsa -dsaWithSHA1 sha1 dsa - -dsaWithSHA1_2 sha1 dsa_2 - -ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey -ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey -ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey -ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey -ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey -ecdsa_with_Recommended undef X9_62_id_ecPublicKey -ecdsa_with_Specified undef X9_62_id_ecPublicKey - -dsa_with_SHA224 sha224 dsa -dsa_with_SHA256 sha256 dsa - -id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001 -id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94 -id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc -id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc -# ECDH KDFs and their corresponding message digests and schemes -dhSinglePass_stdDH_sha1kdf_scheme sha1 dh_std_kdf -dhSinglePass_stdDH_sha224kdf_scheme sha224 dh_std_kdf -dhSinglePass_stdDH_sha256kdf_scheme sha256 dh_std_kdf -dhSinglePass_stdDH_sha384kdf_scheme sha384 dh_std_kdf -dhSinglePass_stdDH_sha512kdf_scheme sha512 dh_std_kdf - -dhSinglePass_cofactorDH_sha1kdf_scheme sha1 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha224kdf_scheme sha224 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha256kdf_scheme sha256 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha384kdf_scheme sha384 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha512kdf_scheme sha512 dh_cofactor_kdf diff --git a/src/crypto/obj/objects.go b/src/crypto/obj/objects.go new file mode 100644 index 00000000..28887c05 --- /dev/null +++ b/src/crypto/obj/objects.go @@ -0,0 +1,732 @@ +// Copyright (c) 2016, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package main + +import ( + "bufio" + "bytes" + "errors" + "fmt" + "io/ioutil" + "os" + "os/exec" + "sort" + "strconv" + "strings" +) + +func sanitizeName(in string) string { + in = strings.Replace(in, "-", "_", -1) + in = strings.Replace(in, ".", "_", -1) + in = strings.Replace(in, " ", "_", -1) + return in +} + +type object struct { + name string + // shortName and longName are the short and long names, respectively. If + // one is missing, it takes the value of the other, but the + // corresponding SN_foo or LN_foo macro is not defined. + shortName, longName string + hasShortName, hasLongName bool + oid []int + encoded []byte +} + +type objects struct { + // byNID is the list of all objects, indexed by nid. + byNID []object + // nameToNID is a map from object name to nid. + nameToNID map[string]int +} + +func readNumbers(path string) (nameToNID map[string]int, numNIDs int, err error) { + in, err := os.Open(path) + if err != nil { + return nil, 0, err + } + defer in.Close() + + nameToNID = make(map[string]int) + nidsSeen := make(map[int]struct{}) + + // Reserve NID 0 for NID_undef. + numNIDs = 1 + nameToNID["undef"] = 0 + nidsSeen[0] = struct{}{} + + var lineNo int + scanner := bufio.NewScanner(in) + for scanner.Scan() { + line := scanner.Text() + lineNo++ + withLine := func(err error) error { + return fmt.Errorf("%s:%d: %s", path, lineNo, err) + } + + fields := strings.Fields(line) + if len(fields) == 0 { + // Skip blank lines. + continue + } + + // Each line is a name and a nid, separated by space. + if len(fields) != 2 { + return nil, 0, withLine(errors.New("syntax error")) + } + name := fields[0] + nid, err := strconv.Atoi(fields[1]) + if err != nil { + return nil, 0, withLine(err) + } + if nid < 0 { + return nil, 0, withLine(errors.New("invalid NID")) + } + + // NID_undef is implicitly defined. + if name == "undef" && nid == 0 { + continue + } + + // Forbid duplicates. + if _, ok := nameToNID[name]; ok { + return nil, 0, withLine(fmt.Errorf("duplicate name %q", name)) + } + if _, ok := nidsSeen[nid]; ok { + return nil, 0, withLine(fmt.Errorf("duplicate NID %d", nid)) + } + + nameToNID[name] = nid + nidsSeen[nid] = struct{}{} + + if nid >= numNIDs { + numNIDs = nid + 1 + } + } + if err := scanner.Err(); err != nil { + return nil, 0, fmt.Errorf("error reading %s: %s", path, err) + } + + return nameToNID, numNIDs, nil +} + +func parseOID(aliases map[string][]int, in []string) (oid []int, err error) { + if len(in) == 0 { + return + } + + // The first entry may be a reference to a previous alias. + if alias, ok := aliases[sanitizeName(in[0])]; ok { + in = in[1:] + oid = append(oid, alias...) + } + + for _, c := range in { + val, err := strconv.Atoi(c) + if err != nil { + return nil, err + } + if val < 0 { + return nil, fmt.Errorf("negative component") + } + oid = append(oid, val) + } + return +} + +func appendBase128(dst []byte, value int) []byte { + // Zero is encoded with one, not zero bytes. + if value == 0 { + return append(dst, 0) + } + + // Count how many bytes are needed. + var l int + for n := value; n != 0; n >>= 7 { + l++ + } + for ; l > 0; l-- { + b := byte(value>>uint(7*(l-1))) & 0x7f + if l > 1 { + b |= 0x80 + } + dst = append(dst, b) + } + return dst +} + +func encodeOID(oid []int) []byte { + if len(oid) < 2 { + return nil + } + + var der []byte + der = appendBase128(der, 40*oid[0]+oid[1]) + for _, value := range oid[2:] { + der = appendBase128(der, value) + } + return der +} + +func readObjects(numPath, objectsPath string) (*objects, error) { + nameToNID, numNIDs, err := readNumbers(numPath) + if err != nil { + return nil, err + } + + in, err := os.Open(objectsPath) + if err != nil { + return nil, err + } + defer in.Close() + + // Implicitly define NID_undef. + objs := &objects{ + byNID: make([]object, numNIDs), + nameToNID: make(map[string]int), + } + + objs.byNID[0] = object{ + name: "undef", + shortName: "UNDEF", + longName: "undefined", + hasShortName: true, + hasLongName: true, + } + objs.nameToNID["undef"] = 0 + + var module, nextName string + var lineNo int + longNamesSeen := make(map[string]struct{}) + shortNamesSeen := make(map[string]struct{}) + aliases := make(map[string][]int) + scanner := bufio.NewScanner(in) + for scanner.Scan() { + line := scanner.Text() + lineNo++ + withLine := func(err error) error { + return fmt.Errorf("%s:%d: %s", objectsPath, lineNo, err) + } + + // Remove comments. + idx := strings.IndexRune(line, '#') + if idx >= 0 { + line = line[:idx] + } + + // Skip empty lines. + line = strings.TrimSpace(line) + if len(line) == 0 { + continue + } + + if line[0] == '!' { + args := strings.Fields(line) + switch args[0] { + case "!module": + if len(args) != 2 { + return nil, withLine(errors.New("too many arguments")) + } + module = sanitizeName(args[1]) + "_" + case "!global": + module = "" + case "!Cname": + // !Cname directives override the name for the + // next object. + if len(args) != 2 { + return nil, withLine(errors.New("too many arguments")) + } + nextName = sanitizeName(args[1]) + case "!Alias": + // !Alias directives define an alias for an OID + // without emitting an object. + if len(nextName) != 0 { + return nil, withLine(errors.New("!Cname directives may not modify !Alias directives.")) + } + if len(args) < 3 { + return nil, withLine(errors.New("not enough arguments")) + } + aliasName := module + sanitizeName(args[1]) + oid, err := parseOID(aliases, args[2:]) + if err != nil { + return nil, withLine(err) + } + if _, ok := aliases[aliasName]; ok { + return nil, withLine(fmt.Errorf("duplicate name '%s'", aliasName)) + } + aliases[aliasName] = oid + default: + return nil, withLine(fmt.Errorf("unknown directive '%s'", args[0])) + } + continue + } + + fields := strings.Split(line, ":") + if len(fields) < 2 || len(fields) > 3 { + return nil, withLine(errors.New("invalid field count")) + } + + obj := object{name: nextName} + nextName = "" + + var err error + obj.oid, err = parseOID(aliases, strings.Fields(fields[0])) + if err != nil { + return nil, withLine(err) + } + obj.encoded = encodeOID(obj.oid) + + obj.shortName = strings.TrimSpace(fields[1]) + if len(fields) == 3 { + obj.longName = strings.TrimSpace(fields[2]) + } + + // Long and short names default to each other if missing. + if len(obj.shortName) == 0 { + obj.shortName = obj.longName + } else { + obj.hasShortName = true + } + if len(obj.longName) == 0 { + obj.longName = obj.shortName + } else { + obj.hasLongName = true + } + if len(obj.shortName) == 0 || len(obj.longName) == 0 { + return nil, withLine(errors.New("object with no name")) + } + + // If not already specified, prefer the long name if it has no + // spaces, otherwise the short name. + if len(obj.name) == 0 && strings.IndexRune(obj.longName, ' ') < 0 { + obj.name = sanitizeName(obj.longName) + } + if len(obj.name) == 0 { + obj.name = sanitizeName(obj.shortName) + } + obj.name = module + obj.name + + // Check for duplicate names. + if _, ok := aliases[obj.name]; ok { + return nil, withLine(fmt.Errorf("duplicate name '%s'", obj.name)) + } + if _, ok := shortNamesSeen[obj.shortName]; ok && len(obj.shortName) > 0 { + return nil, withLine(fmt.Errorf("duplicate short name '%s'", obj.shortName)) + } + if _, ok := longNamesSeen[obj.longName]; ok && len(obj.longName) > 0 { + return nil, withLine(fmt.Errorf("duplicate long name '%s'", obj.longName)) + } + + // Allocate a NID. + nid, ok := nameToNID[obj.name] + if !ok { + nid = len(objs.byNID) + objs.byNID = append(objs.byNID, object{}) + } + + objs.byNID[nid] = obj + objs.nameToNID[obj.name] = nid + + longNamesSeen[obj.longName] = struct{}{} + shortNamesSeen[obj.shortName] = struct{}{} + aliases[obj.name] = obj.oid + } + if err := scanner.Err(); err != nil { + return nil, err + } + + return objs, nil +} + +func writeNumbers(path string, objs *objects) error { + out, err := os.Create(path) + if err != nil { + return err + } + defer out.Close() + + for nid, obj := range objs.byNID { + if len(obj.name) == 0 { + continue + } + if _, err := fmt.Fprintf(out, "%s\t\t%d\n", obj.name, nid); err != nil { + return err + } + } + return nil +} + +func clangFormat(input string) (string, error) { + var b bytes.Buffer + cmd := exec.Command("clang-format") + cmd.Stdin = strings.NewReader(input) + cmd.Stdout = &b + cmd.Stderr = os.Stderr + if err := cmd.Run(); err != nil { + return "", err + } + return b.String(), nil +} + +func writeHeader(path string, objs *objects) error { + var b bytes.Buffer + fmt.Fprintf(&b, `/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `+"``"+`AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +/* This file is generated by crypto/obj/objects.go. */ + +#ifndef OPENSSL_HEADER_NID_H +#define OPENSSL_HEADER_NID_H + +#include <openssl/base.h> + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* The nid library provides numbered values for ASN.1 object identifiers and + * other symbols. These values are used by other libraries to identify + * cryptographic primitives. + * + * A separate objects library, obj.h, provides functions for converting between + * nids and object identifiers. However it depends on large internal tables with + * the encodings of every nid defined. Consumers concerned with binary size + * should instead embed the encodings of the few consumed OIDs and compare + * against those. + * + * These values should not be used outside of a single process; they are not + * stable identifiers. */ + + +`) + + for nid, obj := range objs.byNID { + if len(obj.name) == 0 { + continue + } + + if obj.hasShortName { + fmt.Fprintf(&b, "#define SN_%s \"%s\"\n", obj.name, obj.shortName) + } + if obj.hasLongName { + fmt.Fprintf(&b, "#define LN_%s \"%s\"\n", obj.name, obj.longName) + } + fmt.Fprintf(&b, "#define NID_%s %d\n", obj.name, nid) + + // Although NID_undef does not have an OID, OpenSSL emits + // OBJ_undef as if it were zero. + oid := obj.oid + if nid == 0 { + oid = []int{0} + } + if len(oid) != 0 { + var oidStr string + for _, val := range oid { + if len(oidStr) != 0 { + oidStr += "," + } + oidStr += fmt.Sprintf("%dL", val) + } + + fmt.Fprintf(&b, "#define OBJ_%s %s\n", obj.name, oidStr) + } + + fmt.Fprintf(&b, "\n") + } + + fmt.Fprintf(&b, ` +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_NID_H */ +`) + + formatted, err := clangFormat(b.String()) + if err != nil { + return err + } + + return ioutil.WriteFile(path, []byte(formatted), 0666) +} + +// TODO(davidben): Replace this with sort.Slice once Go 1.8 is sufficiently +// common. +type nidSorter struct { + nids []int + objs *objects + cmp func(a, b object) bool +} + +func (a nidSorter) obj(i int) object { return a.objs.byNID[a.nids[i]] } +func (a nidSorter) Len() int { return len(a.nids) } +func (a nidSorter) Swap(i, j int) { a.nids[i], a.nids[j] = a.nids[j], a.nids[i] } +func (a nidSorter) Less(i, j int) bool { return a.cmp(a.obj(i), a.obj(j)) } + +func sortNIDs(nids []int, objs *objects, cmp func(a, b object) bool) { + sort.Sort(&nidSorter{nids, objs, cmp}) +} + +func writeData(path string, objs *objects) error { + var b bytes.Buffer + fmt.Fprintf(&b, `/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `+"``"+`AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +/* This file is generated by crypto/obj/objects.go. */ + + +`) + + fmt.Fprintf(&b, "#define NUM_NID %d\n", len(objs.byNID)) + + // Emit each object's DER encoding, concatenated, and save the offsets. + fmt.Fprintf(&b, "\nstatic const uint8_t kObjectData[] = {\n") + offsets := make([]int, len(objs.byNID)) + var nextOffset int + for nid, obj := range objs.byNID { + if len(obj.name) == 0 || len(obj.encoded) == 0 { + offsets[nid] = -1 + continue + } + + offsets[nid] = nextOffset + nextOffset += len(obj.encoded) + fmt.Fprintf(&b, "/* NID_%s */\n", obj.name) + for _, val := range obj.encoded { + fmt.Fprintf(&b, "0x%02x, ", val) + } + fmt.Fprintf(&b, "\n") + } + fmt.Fprintf(&b, "};\n") + + // Emit an ASN1_OBJECT for each object. + fmt.Fprintf(&b, "\nstatic const ASN1_OBJECT kObjects[NUM_NID] = {\n") + for nid, obj := range objs.byNID { + if len(obj.name) == 0 { + fmt.Fprintf(&b, "{NULL, NULL, NID_undef, 0, NULL, 0},\n") + continue + } + + fmt.Fprintf(&b, "{\"%s\", \"%s\", NID_%s, ", obj.shortName, obj.longName, obj.name) + if offset := offsets[nid]; offset >= 0 { + fmt.Fprintf(&b, "%d, &kObjectData[%d], 0},\n", len(obj.encoded), offset) + } else { + fmt.Fprintf(&b, "0, NULL, 0},\n") + } + } + fmt.Fprintf(&b, "};\n") + + // Emit a list of NIDs sorted by short name. + var nids []int + for nid, obj := range objs.byNID { + if len(obj.name) == 0 || len(obj.shortName) == 0 { + continue + } + nids = append(nids, nid) + } + sortNIDs(nids, objs, func(a, b object) bool { return a.shortName < b.shortName }) + + fmt.Fprintf(&b, "\nstatic const unsigned kNIDsInShortNameOrder[] = {\n") + for _, nid := range nids { + fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].shortName) + } + fmt.Fprintf(&b, "};\n") + + // Emit a list of NIDs sorted by long name. + nids = nil + for nid, obj := range objs.byNID { + if len(obj.name) == 0 || len(obj.longName) == 0 { + continue + } + nids = append(nids, nid) + } + sortNIDs(nids, objs, func(a, b object) bool { return a.longName < b.longName }) + + fmt.Fprintf(&b, "\nstatic const unsigned kNIDsInLongNameOrder[] = {\n") + for _, nid := range nids { + fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].longName) + } + fmt.Fprintf(&b, "};\n") + + // Emit a list of NIDs sorted by OID. + nids = nil + for nid, obj := range objs.byNID { + if len(obj.name) == 0 || len(obj.encoded) == 0 { + continue + } + nids = append(nids, nid) + } + sortNIDs(nids, objs, func(a, b object) bool { + // This comparison must match the definition of |obj_cmp|. + if len(a.encoded) < len(b.encoded) { + return true + } + if len(a.encoded) > len(b.encoded) { + return false + } + return bytes.Compare(a.encoded, b.encoded) < 0 + }) + + fmt.Fprintf(&b, "\nstatic const unsigned kNIDsInOIDOrder[] = {\n") + for _, nid := range nids { + obj := objs.byNID[nid] + fmt.Fprintf(&b, "%d /* ", nid) + for i, c := range obj.oid { + if i > 0 { + fmt.Fprintf(&b, ".") + } + fmt.Fprintf(&b, "%d", c) + } + fmt.Fprintf(&b, " (OBJ_%s) */,\n", obj.name) + } + fmt.Fprintf(&b, "};\n") + + formatted, err := clangFormat(b.String()) + if err != nil { + return err + } + + return ioutil.WriteFile(path, []byte(formatted), 0666) +} + +func main() { + objs, err := readObjects("obj_mac.num", "objects.txt") + if err != nil { + fmt.Fprintf(os.Stderr, "Error reading objects: %s\n", err) + os.Exit(1) + } + + if err := writeNumbers("obj_mac.num", objs); err != nil { + fmt.Fprintf(os.Stderr, "Error writing numbers: %s\n", err) + os.Exit(1) + } + + if err := writeHeader("../../include/openssl/nid.h", objs); err != nil { + fmt.Fprintf(os.Stderr, "Error writing header: %s\n", err) + os.Exit(1) + } + + if err := writeData("obj_dat.h", objs); err != nil { + fmt.Fprintf(os.Stderr, "Error writing data: %s\n", err) + os.Exit(1) + } +} diff --git a/src/crypto/obj/objects.pl b/src/crypto/obj/objects.pl deleted file mode 100644 index 165429b4..00000000 --- a/src/crypto/obj/objects.pl +++ /dev/null @@ -1,255 +0,0 @@ -#!/usr/bin/env perl - -if (scalar @ARGV != 3) - { - print "Usage: perl objects.pl objects.txt obj_mac.num ../../include/openssl/nid.h\n"; - exit 1; - } - -open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]"; -$max_nid=0; -$o=0; -while(<NUMIN>) - { - chop; - $o++; - s/#.*$//; - next if /^\s*$/; - $_ = 'X'.$_; - ($Cname,$mynum) = split; - $Cname =~ s/^X//; - if (defined($nidn{$mynum})) - { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; } - if (defined($nid{$Cname})) - { die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; } - $nid{$Cname} = $mynum; - $nidn{$mynum} = $Cname; - $order{$mynum} = $o; - $max_nid = $mynum if $mynum > $max_nid; - } -close NUMIN; - -open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]"; -$Cname=""; -$o=0; -while (<IN>) - { - chop; - $o++; - if (/^!module\s+(.*)$/) - { - $module = $1."-"; - $module =~ s/\./_/g; - $module =~ s/-/_/g; - } - if (/^!global$/) - { $module = ""; } - if (/^!Cname\s+(.*)$/) - { $Cname = $1; } - if (/^!Alias\s+(.+?)\s+(.*)$/) - { - $Cname = $module.$1; - $myoid = $2; - $myoid = &process_oid($myoid); - $Cname =~ s/-/_/g; - $ordern{$o} = $Cname; - $order{$Cname} = $o; - $obj{$Cname} = $myoid; - $_ = ""; - $Cname = ""; - } - s/!.*$//; - s/#.*$//; - next if /^\s*$/; - ($myoid,$mysn,$myln) = split ':'; - $mysn =~ s/^\s*//; - $mysn =~ s/\s*$//; - $myln =~ s/^\s*//; - $myln =~ s/\s*$//; - $myoid =~ s/^\s*//; - $myoid =~ s/\s*$//; - if ($myoid ne "") - { - $myoid = &process_oid($myoid); - } - - if ($Cname eq "" && !($myln =~ / /)) - { - $Cname = $myln; - $Cname =~ s/\./_/g; - $Cname =~ s/-/_/g; - if ($Cname ne "" && defined($ln{$module.$Cname})) - { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; } - } - if ($Cname eq "") - { - $Cname = $mysn; - $Cname =~ s/-/_/g; - if ($Cname ne "" && defined($sn{$module.$Cname})) - { die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; } - } - if ($Cname eq "") - { - $Cname = $myln; - $Cname =~ s/-/_/g; - $Cname =~ s/\./_/g; - $Cname =~ s/ /_/g; - if ($Cname ne "" && defined($ln{$module.$Cname})) - { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; } - } - $Cname =~ s/\./_/g; - $Cname =~ s/-/_/g; - $Cname = $module.$Cname; - $ordern{$o} = $Cname; - $order{$Cname} = $o; - $sn{$Cname} = $mysn; - $ln{$Cname} = $myln; - $obj{$Cname} = $myoid; - if (!defined($nid{$Cname})) - { - $max_nid++; - $nid{$Cname} = $max_nid; - $nidn{$max_nid} = $Cname; -print STDERR "Added OID $Cname\n"; - } - $Cname=""; - } -close IN; - -open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]"; -foreach (sort { $a <=> $b } keys %nidn) - { - print NUMOUT $nidn{$_},"\t\t",$_,"\n"; - } -close NUMOUT; - -open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; -print OUT <<'EOF'; -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num ../../include/openssl/nid.h */ - -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef OPENSSL_HEADER_NID_H -#define OPENSSL_HEADER_NID_H - - -/* The nid library provides numbered values for ASN.1 object identifiers and - * other symbols. These values are used by other libraries to identify - * cryptographic primitives. - * - * A separate objects library, obj.h, provides functions for converting between - * nids and object identifiers. However it depends on large internal tables with - * the encodings of every nid defind. Consumers concerned with binary size - * should instead embed the encodings of the few consumed OIDs and compare - * against those. - * - * These values should not be used outside of a single process; they are not - * stable identifiers. */ - - -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L - -EOF - -foreach (sort { $a <=> $b } keys %ordern) - { - $Cname=$ordern{$_}; - print OUT "#define SN_",$Cname," \"",$sn{$Cname},"\"\n" if $sn{$Cname} ne ""; - print OUT "#define LN_",$Cname," \"",$ln{$Cname},"\"\n" if $ln{$Cname} ne ""; - print OUT "#define NID_",$Cname," ",$nid{$Cname},"\n" if $nid{$Cname} ne ""; - print OUT "#define OBJ_",$Cname," ",$obj{$Cname},"\n" if $obj{$Cname} ne ""; - print OUT "\n"; - } - -print OUT "\n#endif /* OPENSSL_HEADER_NID_H */\n"; - -close OUT; - -sub process_oid - { - local($oid)=@_; - local(@a,$oid_pref); - - @a = split(/\s+/,$myoid); - $pref_oid = ""; - $pref_sep = ""; - if (!($a[0] =~ /^[0-9]+$/)) - { - $a[0] =~ s/-/_/g; - if (!defined($obj{$a[0]})) - { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; } - $pref_oid = "OBJ_" . $a[0]; - $pref_sep = ","; - shift @a; - } - $oids = join('L,',@a) . "L"; - if ($oids ne "L") - { - $oids = $pref_oid . $pref_sep . $oids; - } - else - { - $oids = $pref_oid; - } - return($oids); - } diff --git a/src/crypto/pem/pem_lib.c b/src/crypto/pem/pem_lib.c index e53abf86..8b7932e4 100644 --- a/src/crypto/pem/pem_lib.c +++ b/src/crypto/pem/pem_lib.c @@ -71,6 +71,9 @@ #include <openssl/rand.h> #include <openssl/x509.h> +#include "../internal.h" + + #define MIN_LENGTH 4 static int load_iv(char **fromp, unsigned char *to, int num); @@ -638,7 +641,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } - memcpy(nameB->data, &(buf[11]), i - 6); + OPENSSL_memcpy(nameB->data, &(buf[11]), i - 6); nameB->data[i - 6] = '\0'; break; } @@ -669,7 +672,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, nohead = 1; break; } - memcpy(&(headerB->data[hl]), buf, i); + OPENSSL_memcpy(&(headerB->data[hl]), buf, i); headerB->data[hl + i] = '\0'; hl += i; } @@ -701,7 +704,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } - memcpy(&(dataB->data[bl]), buf, i); + OPENSSL_memcpy(&(dataB->data[bl]), buf, i); dataB->data[bl + i] = '\0'; bl += i; if (end) { diff --git a/src/crypto/pkcs8/p5_pbe.c b/src/crypto/pkcs8/p5_pbe.c index 8e56d41b..eee2e00d 100644 --- a/src/crypto/pkcs8/p5_pbe.c +++ b/src/crypto/pkcs8/p5_pbe.c @@ -62,6 +62,7 @@ #include <openssl/rand.h> #include <openssl/x509.h> +#include "../internal.h" #include "internal.h" @@ -106,7 +107,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, } sstr = ASN1_STRING_data(pbe->salt); if (salt) - memcpy(sstr, salt, saltlen); + OPENSSL_memcpy(sstr, salt, saltlen); else if (!RAND_bytes(sstr, saltlen)) goto err; diff --git a/src/crypto/pkcs8/p5_pbev2.c b/src/crypto/pkcs8/p5_pbev2.c index 050a4d6b..c16b83f7 100644 --- a/src/crypto/pkcs8/p5_pbev2.c +++ b/src/crypto/pkcs8/p5_pbev2.c @@ -67,6 +67,7 @@ #include <openssl/x509.h> #include "internal.h" +#include "../internal.h" /* PKCS#5 v2.0 password based encryption structures */ @@ -144,7 +145,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, if (EVP_CIPHER_iv_length(cipher)) { if (aiv) - memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); + OPENSSL_memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher))) goto err; } @@ -246,7 +247,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, osalt->length = saltlen; if (salt) - memcpy (osalt->data, salt, saltlen); + OPENSSL_memcpy (osalt->data, salt, saltlen); else if (!RAND_bytes(osalt->data, saltlen)) goto merr; diff --git a/src/crypto/pkcs8/pkcs8.c b/src/crypto/pkcs8/pkcs8.c index 7b347053..e965bc9e 100644 --- a/src/crypto/pkcs8/pkcs8.c +++ b/src/crypto/pkcs8/pkcs8.c @@ -124,7 +124,7 @@ static int pkcs12_key_gen_raw(const uint8_t *pass_raw, size_t pass_raw_len, /* 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies * of ID. */ uint8_t D[EVP_MAX_MD_BLOCK_SIZE]; - memset(D, id, block_size); + OPENSSL_memset(D, id, block_size); /* 2. Concatenate copies of the salt together to create a string S of length * v(ceiling(s/v)) bits (the final copy of the salt may be truncated to @@ -186,7 +186,7 @@ static int pkcs12_key_gen_raw(const uint8_t *pass_raw, size_t pass_raw_len, } size_t todo = out_len < A_len ? out_len : A_len; - memcpy(out, A, todo); + OPENSSL_memcpy(out, A, todo); out += todo; out_len -= todo; if (out_len == 0) { @@ -911,7 +911,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, } *out_key = NULL; - memset(&ctx, 0, sizeof(ctx)); + OPENSSL_memset(&ctx, 0, sizeof(ctx)); /* See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section * four. */ @@ -1068,7 +1068,7 @@ PKCS12* d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) return NULL; } - memcpy(p12->ber_bytes, *ber_bytes, ber_len); + OPENSSL_memcpy(p12->ber_bytes, *ber_bytes, ber_len); p12->ber_len = ber_len; *ber_bytes += ber_len; @@ -1193,7 +1193,7 @@ int PKCS12_verify_mac(const PKCS12 *p12, const char *password, } } else if (password_len != -1 && (password[password_len] != 0 || - memchr(password, 0, password_len) != NULL)) { + OPENSSL_memchr(password, 0, password_len) != NULL)) { return 0; } diff --git a/src/crypto/poly1305/poly1305.c b/src/crypto/poly1305/poly1305.c index 4c5d11f1..77e8046c 100644 --- a/src/crypto/poly1305/poly1305.c +++ b/src/crypto/poly1305/poly1305.c @@ -23,6 +23,7 @@ #include <openssl/cpu.h> #include "internal.h" +#include "../internal.h" #if defined(OPENSSL_WINDOWS) || !defined(OPENSSL_X86_64) @@ -30,11 +31,13 @@ /* We can assume little-endian. */ static uint32_t U8TO32_LE(const uint8_t *m) { uint32_t r; - memcpy(&r, m, sizeof(r)); + OPENSSL_memcpy(&r, m, sizeof(r)); return r; } -static void U32TO8_LE(uint8_t *m, uint32_t v) { memcpy(m, &v, sizeof(v)); } +static void U32TO8_LE(uint8_t *m, uint32_t v) { + OPENSSL_memcpy(m, &v, sizeof(v)); +} static uint64_t mul32x32_64(uint32_t a, uint32_t b) { return (uint64_t)a * b; } @@ -192,7 +195,7 @@ void CRYPTO_poly1305_init(poly1305_state *statep, const uint8_t key[32]) { state->h4 = 0; state->buf_used = 0; - memcpy(state->key, key + 16, sizeof(state->key)); + OPENSSL_memcpy(state->key, key + 16, sizeof(state->key)); } void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in, diff --git a/src/crypto/poly1305/poly1305_arm.c b/src/crypto/poly1305/poly1305_arm.c index de31d6b2..444413b8 100644 --- a/src/crypto/poly1305/poly1305_arm.c +++ b/src/crypto/poly1305/poly1305_arm.c @@ -129,7 +129,7 @@ static void fe1305x2_tobytearray(uint8_t *r, fe1305x2 *x) { * fe1305x2_frombytearray. */ static uint32_t load32(uint8_t *t) { uint32_t tmp; - memcpy(&tmp, t, sizeof(tmp)); + OPENSSL_memcpy(&tmp, t, sizeof(tmp)); return tmp; } @@ -203,7 +203,7 @@ void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { addmulmod(precomp, r, r, &zero); /* precompute r^2 */ addmulmod(precomp + 1, precomp, precomp, &zero); /* precompute r^4 */ - memcpy(st->key, key + 16, 16); + OPENSSL_memcpy(st->key, key + 16, 16); st->buf_used = 0; } diff --git a/src/crypto/pool/pool.c b/src/crypto/pool/pool.c index ca058fc2..44d10af6 100644 --- a/src/crypto/pool/pool.c +++ b/src/crypto/pool/pool.c @@ -34,7 +34,7 @@ static int CRYPTO_BUFFER_cmp(const CRYPTO_BUFFER *a, const CRYPTO_BUFFER *b) { if (a->len != b->len) { return 1; } - return memcmp(a->data, b->data, a->len); + return OPENSSL_memcmp(a->data, b->data, a->len); } CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) { @@ -43,7 +43,7 @@ CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) { return NULL; } - memset(pool, 0, sizeof(CRYPTO_BUFFER_POOL)); + OPENSSL_memset(pool, 0, sizeof(CRYPTO_BUFFER_POOL)); pool->bufs = lh_CRYPTO_BUFFER_new(CRYPTO_BUFFER_hash, CRYPTO_BUFFER_cmp); if (pool->bufs == NULL) { OPENSSL_free(pool); @@ -95,7 +95,7 @@ CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len, if (buf == NULL) { return NULL; } - memset(buf, 0, sizeof(CRYPTO_BUFFER)); + OPENSSL_memset(buf, 0, sizeof(CRYPTO_BUFFER)); buf->data = BUF_memdup(data, len); if (len != 0 && buf->data == NULL) { diff --git a/src/crypto/pool/pool_test.cc b/src/crypto/pool/pool_test.cc index 0b5338f4..72b8ce0a 100644 --- a/src/crypto/pool/pool_test.cc +++ b/src/crypto/pool/pool_test.cc @@ -17,6 +17,8 @@ #include <openssl/pool.h> +#include "../internal.h" + static bool TestUnpooled() { static const uint8_t kData[4] = {1, 2, 3, 4}; @@ -27,7 +29,8 @@ static bool TestUnpooled() { } if (CRYPTO_BUFFER_len(buf.get()) != sizeof(kData) || - memcmp(kData, CRYPTO_BUFFER_data(buf.get()), sizeof(kData)) != 0) { + OPENSSL_memcmp(kData, CRYPTO_BUFFER_data(buf.get()), sizeof(kData)) != + 0) { fprintf(stderr, "CRYPTO_BUFFER corrupted data.\n"); return false; } diff --git a/src/crypto/rand/deterministic.c b/src/crypto/rand/deterministic.c index c0a347c0..d96a5053 100644 --- a/src/crypto/rand/deterministic.c +++ b/src/crypto/rand/deterministic.c @@ -21,6 +21,7 @@ #include <openssl/chacha.h> #include "internal.h" +#include "../internal.h" /* g_num_calls is the number of calls to |CRYPTO_sysrand| that have occured. @@ -36,10 +37,10 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) { static const uint8_t kZeroKey[32]; uint8_t nonce[12]; - memset(nonce, 0, sizeof(nonce)); - memcpy(nonce, &g_num_calls, sizeof(g_num_calls)); + OPENSSL_memset(nonce, 0, sizeof(nonce)); + OPENSSL_memcpy(nonce, &g_num_calls, sizeof(g_num_calls)); - memset(out, 0, requested); + OPENSSL_memset(out, 0, requested); CRYPTO_chacha_20(out, out, requested, kZeroKey, nonce, 0); g_num_calls++; } diff --git a/src/crypto/rand/rand.c b/src/crypto/rand/rand.c index ec78a2e2..51da6ba2 100644 --- a/src/crypto/rand/rand.c +++ b/src/crypto/rand/rand.c @@ -101,7 +101,7 @@ static int hwrand(uint8_t *buf, size_t len) { if (!CRYPTO_rdrand(rand_buf)) { return 0; } - memcpy(buf + len_multiple8, rand_buf, len); + OPENSSL_memcpy(buf + len_multiple8, rand_buf, len); } return 1; @@ -138,7 +138,7 @@ int RAND_bytes(uint8_t *buf, size_t len) { return 1; } - memset(state->partial_block, 0, sizeof(state->partial_block)); + OPENSSL_memset(state->partial_block, 0, sizeof(state->partial_block)); state->calls_used = kMaxCallsPerRefresh; } @@ -161,8 +161,8 @@ int RAND_bytes(uint8_t *buf, size_t len) { todo = kMaxBytesPerCall; } uint8_t nonce[12]; - memset(nonce, 0, 4); - memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used)); + OPENSSL_memset(nonce, 0, 4); + OPENSSL_memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used)); CRYPTO_chacha_20(buf, buf, todo, state->key, nonce, 0); buf += todo; remaining -= todo; @@ -171,8 +171,8 @@ int RAND_bytes(uint8_t *buf, size_t len) { } else { if (sizeof(state->partial_block) - state->partial_block_used < len) { uint8_t nonce[12]; - memset(nonce, 0, 4); - memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used)); + OPENSSL_memset(nonce, 0, 4); + OPENSSL_memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used)); CRYPTO_chacha_20(state->partial_block, state->partial_block, sizeof(state->partial_block), state->key, nonce, 0); state->partial_block_used = 0; diff --git a/src/crypto/rand/urandom.c b/src/crypto/rand/urandom.c index 17d194c5..22332033 100644 --- a/src/crypto/rand/urandom.c +++ b/src/crypto/rand/urandom.c @@ -207,12 +207,12 @@ void RAND_enable_fork_unsafe_buffering(int fd) { abort(); // Already initialized } - if (urandom_fd == kHaveGetrandom) { - if (fd >= 0) { + if (fd >= 0) { + if (urandom_fd == kHaveGetrandom) { close(fd); + } else if (urandom_fd != fd) { + abort(); // Already initialized. } - } else if (urandom_fd != fd) { - abort(); // Already initialized. } } @@ -237,18 +237,35 @@ static struct rand_buffer *get_thread_local_buffer(void) { return buf; } +#if defined(USE_SYS_getrandom) && defined(__has_feature) +#if __has_feature(memory_sanitizer) +void __msan_unpoison(void *, size_t); +#endif +#endif + /* fill_with_entropy writes |len| bytes of entropy into |out|. It returns one * on success and zero on error. */ static char fill_with_entropy(uint8_t *out, size_t len) { - ssize_t r; - while (len > 0) { + ssize_t r; + if (urandom_fd == kHaveGetrandom) { #if defined(USE_SYS_getrandom) do { r = syscall(SYS_getrandom, out, len, 0 /* no flags */); } while (r == -1 && errno == EINTR); -#else + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) + if (r > 0) { + /* MSAN doesn't recognise |syscall| and thus doesn't notice that we + * have initialised the output buffer. */ + __msan_unpoison(out, r); + } +#endif /* memory_sanitizer */ +#endif /*__has_feature */ + +#else /* USE_SYS_getrandom */ abort(); #endif } else { @@ -274,7 +291,7 @@ static void read_from_buffer(struct rand_buffer *buf, size_t remaining = BUF_SIZE - buf->used; while (requested > remaining) { - memcpy(out, &buf->rand[buf->used], remaining); + OPENSSL_memcpy(out, &buf->rand[buf->used], remaining); buf->used += remaining; out += remaining; requested -= remaining; @@ -287,7 +304,7 @@ static void read_from_buffer(struct rand_buffer *buf, remaining = BUF_SIZE; } - memcpy(out, &buf->rand[buf->used], requested); + OPENSSL_memcpy(out, &buf->rand[buf->used], requested); buf->used += requested; } diff --git a/src/crypto/refcount_test.c b/src/crypto/refcount_test.cc index 97bfbd6f..97bfbd6f 100644 --- a/src/crypto/refcount_test.c +++ b/src/crypto/refcount_test.cc diff --git a/src/crypto/rsa/blinding.c b/src/crypto/rsa/blinding.c index 0a485ee9..693dced3 100644 --- a/src/crypto/rsa/blinding.c +++ b/src/crypto/rsa/blinding.c @@ -115,6 +115,7 @@ #include <openssl/err.h> #include "internal.h" +#include "../internal.h" #define BN_BLINDING_COUNTER 32 @@ -134,7 +135,7 @@ BN_BLINDING *BN_BLINDING_new(void) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(BN_BLINDING)); + OPENSSL_memset(ret, 0, sizeof(BN_BLINDING)); ret->A = BN_new(); if (ret->A == NULL) { diff --git a/src/crypto/rsa/padding.c b/src/crypto/rsa/padding.c index 987349b9..3ed19adc 100644 --- a/src/crypto/rsa/padding.c +++ b/src/crypto/rsa/padding.c @@ -92,10 +92,10 @@ int RSA_padding_add_PKCS1_type_1(uint8_t *to, unsigned to_len, /* pad out with 0xff data */ j = to_len - 3 - from_len; - memset(p, 0xff, j); + OPENSSL_memset(p, 0xff, j); p += j; *(p++) = 0; - memcpy(p, from, from_len); + OPENSSL_memcpy(p, from, from_len); return 1; } @@ -146,7 +146,7 @@ int RSA_padding_check_PKCS1_type_1(uint8_t *to, unsigned to_len, OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); return -1; } - memcpy(to, p, j); + OPENSSL_memcpy(to, p, j); return j; } @@ -188,7 +188,7 @@ int RSA_padding_add_PKCS1_type_2(uint8_t *to, unsigned to_len, *(p++) = 0; - memcpy(p, from, from_len); + OPENSSL_memcpy(p, from, from_len); return 1; } @@ -254,7 +254,7 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *to, unsigned to_len, return -1; } - memcpy(to, &from[zero_index], msg_len); + OPENSSL_memcpy(to, &from[zero_index], msg_len); return (int)msg_len; } @@ -270,7 +270,7 @@ int RSA_padding_add_none(uint8_t *to, unsigned to_len, const uint8_t *from, return 0; } - memcpy(to, from, from_len); + OPENSSL_memcpy(to, from, from_len); return 1; } @@ -305,7 +305,7 @@ static int PKCS1_MGF1(uint8_t *out, size_t len, const uint8_t *seed, if (!EVP_DigestFinal_ex(&ctx, digest, NULL)) { goto err; } - memcpy(out, digest, len); + OPENSSL_memcpy(out, digest, len); len = 0; } } @@ -358,9 +358,9 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, unsigned to_len, if (!EVP_Digest(param, param_len, db, NULL, md, NULL)) { return 0; } - memset(db + mdlen, 0, emlen - from_len - 2 * mdlen - 1); + OPENSSL_memset(db + mdlen, 0, emlen - from_len - 2 * mdlen - 1); db[emlen - from_len - mdlen - 1] = 0x01; - memcpy(db + emlen - from_len - mdlen, from, from_len); + OPENSSL_memcpy(db + emlen - from_len - mdlen, from, from_len); if (!RAND_bytes(seed, mdlen)) { return 0; } @@ -471,7 +471,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned to_len, OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); mlen = -1; } else { - memcpy(to, db + one_index, mlen); + OPENSSL_memcpy(to, db + one_index, mlen); } OPENSSL_free(db); @@ -579,7 +579,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) { goto err; } - if (memcmp(H_, H, hLen)) { + if (OPENSSL_memcmp(H_, H, hLen)) { OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_SIGNATURE); ret = 0; } else { diff --git a/src/crypto/rsa/rsa.c b/src/crypto/rsa/rsa.c index 17f0a8a5..731293f8 100644 --- a/src/crypto/rsa/rsa.c +++ b/src/crypto/rsa/rsa.c @@ -82,7 +82,7 @@ RSA *RSA_new_method(const ENGINE *engine) { return NULL; } - memset(rsa, 0, sizeof(RSA)); + OPENSSL_memset(rsa, 0, sizeof(RSA)); if (engine) { rsa->meth = ENGINE_get_RSA_method(engine); @@ -446,8 +446,8 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, return 0; } - memcpy(signed_msg, prefix, prefix_len); - memcpy(signed_msg + prefix_len, msg, msg_len); + OPENSSL_memcpy(signed_msg, prefix, prefix_len); + OPENSSL_memcpy(signed_msg + prefix_len, msg, msg_len); *out_msg = signed_msg; *out_msg_len = signed_msg_len; @@ -532,7 +532,7 @@ int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len, goto out; } - if (len != signed_msg_len || memcmp(buf, signed_msg, len) != 0) { + if (len != signed_msg_len || OPENSSL_memcmp(buf, signed_msg, len) != 0) { OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_SIGNATURE); goto out; } diff --git a/src/crypto/rsa/rsa_asn1.c b/src/crypto/rsa/rsa_asn1.c index 509f1aa4..88b1dfb3 100644 --- a/src/crypto/rsa/rsa_asn1.c +++ b/src/crypto/rsa/rsa_asn1.c @@ -66,6 +66,7 @@ #include "internal.h" #include "../bytestring/internal.h" +#include "../internal.h" static int parse_integer_buggy(CBS *cbs, BIGNUM **out, int buggy) { @@ -183,7 +184,7 @@ static RSA_additional_prime *rsa_parse_additional_prime(CBS *cbs) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return 0; } - memset(ret, 0, sizeof(RSA_additional_prime)); + OPENSSL_memset(ret, 0, sizeof(RSA_additional_prime)); CBS child; if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || @@ -280,6 +281,11 @@ RSA *RSA_parse_private_key(CBS *cbs) { goto err; } + if (!RSA_check_key(ret)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS); + goto err; + } + BN_CTX_free(ctx); BN_free(product_of_primes_so_far); return ret; diff --git a/src/crypto/rsa/rsa_impl.c b/src/crypto/rsa/rsa_impl.c index fb7a3686..3834be5a 100644 --- a/src/crypto/rsa/rsa_impl.c +++ b/src/crypto/rsa/rsa_impl.c @@ -65,6 +65,7 @@ #include <openssl/thread.h> #include "internal.h" +#include "../bn/internal.h" #include "../internal.h" @@ -263,7 +264,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, if (new_blindings == NULL) { goto err1; } - memcpy(new_blindings, rsa->blindings, + OPENSSL_memcpy(new_blindings, rsa->blindings, sizeof(BN_BLINDING *) * rsa->num_blindings); new_blindings[rsa->num_blindings] = ret; @@ -271,7 +272,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, if (new_blindings_inuse == NULL) { goto err2; } - memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings); + OPENSSL_memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings); new_blindings_inuse[rsa->num_blindings] = 1; *index_used = rsa->num_blindings; @@ -590,17 +591,9 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, if (!mod_exp(result, f, rsa, ctx)) { goto err; } - } else { - BIGNUM local_d; - BIGNUM *d = NULL; - - BN_init(&local_d); - d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - - if (!BN_mod_exp_mont_consttime(result, f, d, rsa->n, ctx, rsa->mont_n)) { - goto err; - } + } else if (!BN_mod_exp_mont_consttime(result, f, rsa->d, rsa->n, ctx, + rsa->mont_n)) { + goto err; } /* Verify the result to protect against fault attacks as described in the @@ -658,8 +651,6 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { assert(rsa->iqmp != NULL); BIGNUM *r1, *m1, *vrfy; - BIGNUM local_dmp1, local_dmq1, local_c, local_r1; - BIGNUM *dmp1, *dmq1, *c, *pr1; int ret = 0; size_t i, num_additional_primes = 0; @@ -677,23 +668,9 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { goto err; } - { - BIGNUM local_p, local_q; - BIGNUM *p = NULL, *q = NULL; - - /* Make sure BN_mod in Montgomery initialization uses BN_FLG_CONSTTIME. */ - BN_init(&local_p); - p = &local_p; - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - - BN_init(&local_q); - q = &local_q; - BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); - - if (!BN_MONT_CTX_set_locked(&rsa->mont_p, &rsa->lock, p, ctx) || - !BN_MONT_CTX_set_locked(&rsa->mont_q, &rsa->lock, q, ctx)) { - goto err; - } + if (!BN_MONT_CTX_set_locked(&rsa->mont_p, &rsa->lock, rsa->p, ctx) || + !BN_MONT_CTX_set_locked(&rsa->mont_q, &rsa->lock, rsa->q, ctx)) { + goto err; } if (!BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx)) { @@ -701,30 +678,22 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { } /* compute I mod q */ - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->q, ctx)) { + if (!BN_mod(r1, I, rsa->q, ctx)) { goto err; } /* compute r1^dmq1 mod q */ - dmq1 = &local_dmq1; - BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); - if (!BN_mod_exp_mont_consttime(m1, r1, dmq1, rsa->q, ctx, rsa->mont_q)) { + if (!BN_mod_exp_mont_consttime(m1, r1, rsa->dmq1, rsa->q, ctx, rsa->mont_q)) { goto err; } /* compute I mod p */ - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->p, ctx)) { + if (!BN_mod(r1, I, rsa->p, ctx)) { goto err; } /* compute r1^dmp1 mod p */ - dmp1 = &local_dmp1; - BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); - if (!BN_mod_exp_mont_consttime(r0, r1, dmp1, rsa->p, ctx, rsa->mont_p)) { + if (!BN_mod_exp_mont_consttime(r0, r1, rsa->dmp1, rsa->p, ctx, rsa->mont_p)) { goto err; } @@ -743,11 +712,7 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { goto err; } - /* Turn BN_FLG_CONSTTIME flag on before division operation */ - pr1 = &local_r1; - BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); - - if (!BN_mod(r0, pr1, rsa->p, ctx)) { + if (!BN_mod(r0, r1, rsa->p, ctx)) { goto err; } @@ -771,30 +736,23 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { for (i = 0; i < num_additional_primes; i++) { /* multi-prime RSA. */ - BIGNUM local_exp, local_prime; - BIGNUM *exp = &local_exp, *prime = &local_prime; RSA_additional_prime *ap = sk_RSA_additional_prime_value(rsa->additional_primes, i); - BN_with_flags(exp, ap->exp, BN_FLG_CONSTTIME); - BN_with_flags(prime, ap->prime, BN_FLG_CONSTTIME); - /* c will already point to a BIGNUM with the correct flags. */ - if (!BN_mod(r1, c, prime, ctx)) { + if (!BN_mod(r1, I, ap->prime, ctx)) { goto err; } - if (!BN_MONT_CTX_set_locked(&ap->mont, &rsa->lock, prime, ctx) || - !BN_mod_exp_mont_consttime(m1, r1, exp, prime, ctx, ap->mont)) { + if (!BN_MONT_CTX_set_locked(&ap->mont, &rsa->lock, ap->prime, ctx) || + !BN_mod_exp_mont_consttime(m1, r1, ap->exp, ap->prime, ctx, ap->mont)) { goto err; } - BN_set_flags(m1, BN_FLG_CONSTTIME); - if (!BN_sub(m1, m1, r0) || !BN_mul(m1, m1, ap->coeff, ctx) || - !BN_mod(m1, m1, prime, ctx) || - (BN_is_negative(m1) && !BN_add(m1, m1, prime)) || + !BN_mod(m1, m1, ap->prime, ctx) || + (BN_is_negative(m1) && !BN_add(m1, m1, ap->prime)) || !BN_mul(m1, m1, ap->r, ctx) || !BN_add(r0, r0, m1)) { goto err; @@ -811,8 +769,8 @@ err: int rsa_default_multi_prime_keygen(RSA *rsa, int bits, int num_primes, BIGNUM *e_value, BN_GENCB *cb) { BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; - BIGNUM local_r0, local_d, local_p; - BIGNUM *pr0, *d, *p; + BIGNUM local_r0, local_p; + BIGNUM *pr0, *p; int prime_bits, ok = -1, n = 0, i, j; BN_CTX *ctx = NULL; STACK_OF(RSA_additional_prime) *additional_primes = NULL; @@ -848,7 +806,7 @@ int rsa_default_multi_prime_keygen(RSA *rsa, int bits, int num_primes, if (ap == NULL) { goto err; } - memset(ap, 0, sizeof(RSA_additional_prime)); + OPENSSL_memset(ap, 0, sizeof(RSA_additional_prime)); ap->prime = BN_new(); ap->exp = BN_new(); ap->coeff = BN_new(); @@ -1047,25 +1005,24 @@ int rsa_default_multi_prime_keygen(RSA *rsa, int bits, int num_primes, goto err; /* d */ } - /* set up d for correct BN_FLG_CONSTTIME flag */ - d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - /* calculate d mod (p-1) */ - if (!BN_mod(rsa->dmp1, d, r1, ctx)) { + if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) { goto err; } /* calculate d mod (q-1) */ - if (!BN_mod(rsa->dmq1, d, r2, ctx)) { + if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) { goto err; } - /* calculate inverse of q mod p */ + /* Calculate inverse of q mod p. Note that although RSA key generation is far + * from constant-time, |bn_mod_inverse_secret_prime| uses the same modular + * exponentation logic as in RSA private key operations and, if the RSAZ-1024 + * code is enabled, will be optimized for common RSA prime sizes. */ p = &local_p; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - - if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) { + if (!BN_MONT_CTX_set_locked(&rsa->mont_p, &rsa->lock, rsa->p, ctx) || + !bn_mod_inverse_secret_prime(rsa->iqmp, rsa->q, p, ctx, rsa->mont_p)) { goto err; } @@ -1074,15 +1031,24 @@ int rsa_default_multi_prime_keygen(RSA *rsa, int bits, int num_primes, sk_RSA_additional_prime_value(additional_primes, i - 2); if (!BN_sub(ap->exp, ap->prime, BN_value_one()) || !BN_mod(ap->exp, rsa->d, ap->exp, ctx) || - !BN_mod_inverse(ap->coeff, ap->r, ap->prime, ctx)) { + !BN_MONT_CTX_set_locked(&ap->mont, &rsa->lock, ap->prime, ctx) || + !bn_mod_inverse_secret_prime(ap->coeff, ap->r, ap->prime, ctx, + ap->mont)) { goto err; } } - ok = 1; rsa->additional_primes = additional_primes; additional_primes = NULL; + /* The key generation process is complex and thus error-prone. It could be + * disastrous to generate and then use a bad key so double-check that the key + * makes sense. */ + ok = RSA_check_key(rsa); + if (!ok) { + OPENSSL_PUT_ERROR(RSA, RSA_R_INTERNAL_ERROR); + } + err: if (ok == -1) { OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); diff --git a/src/crypto/rsa/rsa_test.cc b/src/crypto/rsa/rsa_test.cc index 8c4a7871..306df7e3 100644 --- a/src/crypto/rsa/rsa_test.cc +++ b/src/crypto/rsa/rsa_test.cc @@ -65,6 +65,8 @@ #include <openssl/err.h> #include <openssl/nid.h> +#include "../internal.h" + // kPlaintext is a sample plaintext. static const uint8_t kPlaintext[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; @@ -549,7 +551,7 @@ static bool TestRSA(const uint8_t *der, size_t der_len, if (!RSA_decrypt(key.get(), &plaintext_len, plaintext, sizeof(plaintext), ciphertext, ciphertext_len, RSA_PKCS1_PADDING) || plaintext_len != kPlaintextLen || - memcmp(plaintext, kPlaintext, plaintext_len) != 0) { + OPENSSL_memcmp(plaintext, kPlaintext, plaintext_len) != 0) { fprintf(stderr, "PKCS#1 v1.5 decryption failed!\n"); return false; } @@ -566,7 +568,7 @@ static bool TestRSA(const uint8_t *der, size_t der_len, if (!RSA_decrypt(key.get(), &plaintext_len, plaintext, sizeof(plaintext), ciphertext, ciphertext_len, RSA_PKCS1_OAEP_PADDING) || plaintext_len != kPlaintextLen || - memcmp(plaintext, kPlaintext, plaintext_len) != 0) { + OPENSSL_memcmp(plaintext, kPlaintext, plaintext_len) != 0) { fprintf(stderr, "OAEP decryption (encrypted data) failed!\n"); return false; } @@ -577,13 +579,13 @@ static bool TestRSA(const uint8_t *der, size_t der_len, oaep_ciphertext, oaep_ciphertext_len, RSA_PKCS1_OAEP_PADDING) || plaintext_len != kPlaintextLen || - memcmp(plaintext, kPlaintext, plaintext_len) != 0) { + OPENSSL_memcmp(plaintext, kPlaintext, plaintext_len) != 0) { fprintf(stderr, "OAEP decryption (test vector data) failed!\n"); return false; } // Try decrypting corrupted ciphertexts. - memcpy(ciphertext, oaep_ciphertext, oaep_ciphertext_len); + OPENSSL_memcpy(ciphertext, oaep_ciphertext, oaep_ciphertext_len); for (size_t i = 0; i < oaep_ciphertext_len; i++) { ciphertext[i] ^= 1; if (RSA_decrypt(key.get(), &plaintext_len, plaintext, sizeof(plaintext), @@ -628,7 +630,7 @@ static bool TestMultiPrimeKey(int nprimes, const uint8_t *der, size_t der_size, if (!RSA_decrypt(rsa.get(), &out_len, out, sizeof(out), enc, enc_size, RSA_PKCS1_PADDING) || out_len != 11 || - memcmp(out, "hello world", 11) != 0) { + OPENSSL_memcmp(out, "hello world", 11) != 0) { fprintf(stderr, "%d-prime key failed to decrypt.\n", nprimes); ERR_print_errors_fp(stderr); return false; @@ -655,7 +657,7 @@ static bool TestMultiPrimeKeygen() { !RSA_decrypt(rsa.get(), &decrypted_len, decrypted, sizeof(decrypted), encrypted, encrypted_len, RSA_PKCS1_PADDING) || decrypted_len != sizeof(kMessage) || - memcmp(decrypted, kMessage, sizeof(kMessage)) != 0) { + OPENSSL_memcmp(decrypted, kMessage, sizeof(kMessage)) != 0) { ERR_print_errors_fp(stderr); return false; } @@ -688,6 +690,19 @@ static bool TestBadKey() { return false; } + uint8_t *der; + size_t der_len; + if (!RSA_private_key_to_bytes(&der, &der_len, key.get())) { + fprintf(stderr, "RSA_private_key_to_bytes failed to serialize bad key\n."); + return false; + } + bssl::UniquePtr<uint8_t> delete_der(der); + + key.reset(RSA_private_key_from_bytes(der, der_len)); + if (key) { + fprintf(stderr, "RSA_private_key_from_bytes accepted bad key\n."); + } + ERR_clear_error(); return true; } @@ -854,7 +869,8 @@ static bool TestASN1() { return false; } bssl::UniquePtr<uint8_t> delete_der(der); - if (der_len != sizeof(kKey1) - 1 || memcmp(der, kKey1, der_len) != 0) { + if (der_len != sizeof(kKey1) - 1 || + OPENSSL_memcmp(der, kKey1, der_len) != 0) { return false; } @@ -877,7 +893,7 @@ static bool TestASN1() { return false; } bssl::UniquePtr<uint8_t> delete_der2(der2); - if (der_len != der2_len || memcmp(der, der2, der_len) != 0) { + if (der_len != der2_len || OPENSSL_memcmp(der, der2, der_len) != 0) { return false; } diff --git a/src/crypto/sha/sha1.c b/src/crypto/sha/sha1.c index 12fb4571..7c727132 100644 --- a/src/crypto/sha/sha1.c +++ b/src/crypto/sha/sha1.c @@ -60,6 +60,8 @@ #include <openssl/mem.h> +#include "../internal.h" + #if !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ @@ -69,7 +71,7 @@ #endif int SHA1_Init(SHA_CTX *sha) { - memset(sha, 0, sizeof(SHA_CTX)); + OPENSSL_memset(sha, 0, sizeof(SHA_CTX)); sha->h[0] = 0x67452301UL; sha->h[1] = 0xefcdab89UL; sha->h[2] = 0x98badcfeUL; diff --git a/src/crypto/sha/sha256.c b/src/crypto/sha/sha256.c index 58f7c42c..fb950d75 100644 --- a/src/crypto/sha/sha256.c +++ b/src/crypto/sha/sha256.c @@ -60,6 +60,8 @@ #include <openssl/mem.h> +#include "../internal.h" + #if !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ @@ -68,7 +70,7 @@ #endif int SHA224_Init(SHA256_CTX *sha) { - memset(sha, 0, sizeof(SHA256_CTX)); + OPENSSL_memset(sha, 0, sizeof(SHA256_CTX)); sha->h[0] = 0xc1059ed8UL; sha->h[1] = 0x367cd507UL; sha->h[2] = 0x3070dd17UL; @@ -82,7 +84,7 @@ int SHA224_Init(SHA256_CTX *sha) { } int SHA256_Init(SHA256_CTX *sha) { - memset(sha, 0, sizeof(SHA256_CTX)); + OPENSSL_memset(sha, 0, sizeof(SHA256_CTX)); sha->h[0] = 0x6a09e667UL; sha->h[1] = 0xbb67ae85UL; sha->h[2] = 0x3c6ef372UL; diff --git a/src/crypto/sha/sha512.c b/src/crypto/sha/sha512.c index 355011f5..87611508 100644 --- a/src/crypto/sha/sha512.c +++ b/src/crypto/sha/sha512.c @@ -60,6 +60,8 @@ #include <openssl/mem.h> +#include "../internal.h" + /* IMPLEMENTATION NOTES. * @@ -167,7 +169,7 @@ int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len) { void SHA512_Transform(SHA512_CTX *c, const uint8_t *block) { #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA if ((size_t)block % sizeof(c->u.d[0]) != 0) { - memcpy(c->u.p, block, sizeof(c->u.p)); + OPENSSL_memcpy(c->u.p, block, sizeof(c->u.p)); block = c->u.p; } #endif @@ -196,11 +198,11 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { size_t n = sizeof(c->u) - c->num; if (len < n) { - memcpy(p + c->num, data, len); + OPENSSL_memcpy(p + c->num, data, len); c->num += (unsigned int)len; return 1; } else { - memcpy(p + c->num, data, n), c->num = 0; + OPENSSL_memcpy(p + c->num, data, n), c->num = 0; len -= n; data += n; sha512_block_data_order(c->h, (uint64_t *)p, 1); @@ -211,7 +213,7 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA if ((size_t)data % sizeof(c->u.d[0]) != 0) { while (len >= sizeof(c->u)) { - memcpy(p, data, sizeof(c->u)); + OPENSSL_memcpy(p, data, sizeof(c->u)); sha512_block_data_order(c->h, (uint64_t *)p, 1); len -= sizeof(c->u); data += sizeof(c->u); @@ -227,7 +229,7 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { } if (len != 0) { - memcpy(p, data, len); + OPENSSL_memcpy(p, data, len); c->num = (int)len; } @@ -241,12 +243,12 @@ int SHA512_Final(uint8_t *md, SHA512_CTX *sha) { p[n] = 0x80; /* There always is a room for one */ n++; if (n > (sizeof(sha->u) - 16)) { - memset(p + n, 0, sizeof(sha->u) - n); + OPENSSL_memset(p + n, 0, sizeof(sha->u) - n); n = 0; sha512_block_data_order(sha->h, (uint64_t *)p, 1); } - memset(p + n, 0, sizeof(sha->u) - 16 - n); + OPENSSL_memset(p + n, 0, sizeof(sha->u) - 16 - n); p[sizeof(sha->u) - 1] = (uint8_t)(sha->Nl); p[sizeof(sha->u) - 2] = (uint8_t)(sha->Nl >> 8); p[sizeof(sha->u) - 3] = (uint8_t)(sha->Nl >> 16); diff --git a/src/crypto/stack/stack.c b/src/crypto/stack/stack.c index 2d5744aa..f78209d5 100644 --- a/src/crypto/stack/stack.c +++ b/src/crypto/stack/stack.c @@ -60,6 +60,9 @@ #include <openssl/mem.h> +#include "../internal.h" + + /* kMinSize is the number of pointers that will be initially allocated in a new * stack. */ static const size_t kMinSize = 4; @@ -71,14 +74,14 @@ _STACK *sk_new(stack_cmp_func comp) { if (ret == NULL) { goto err; } - memset(ret, 0, sizeof(_STACK)); + OPENSSL_memset(ret, 0, sizeof(_STACK)); ret->data = OPENSSL_malloc(sizeof(void *) * kMinSize); if (ret->data == NULL) { goto err; } - memset(ret->data, 0, sizeof(void *) * kMinSize); + OPENSSL_memset(ret->data, 0, sizeof(void *) * kMinSize); ret->comp = comp; ret->num_alloc = kMinSize; @@ -103,7 +106,7 @@ void sk_zero(_STACK *sk) { if (sk == NULL || sk->num == 0) { return; } - memset(sk->data, 0, sizeof(void*) * sk->num); + OPENSSL_memset(sk->data, 0, sizeof(void*) * sk->num); sk->num = 0; sk->sorted = 0; } @@ -177,8 +180,8 @@ size_t sk_insert(_STACK *sk, void *p, size_t where) { if (where >= sk->num) { sk->data[sk->num] = p; } else { - memmove(&sk->data[where + 1], &sk->data[where], - sizeof(void *) * (sk->num - where)); + OPENSSL_memmove(&sk->data[where + 1], &sk->data[where], + sizeof(void *) * (sk->num - where)); sk->data[where] = p; } @@ -198,7 +201,7 @@ void *sk_delete(_STACK *sk, size_t where) { ret = sk->data[where]; if (where != sk->num - 1) { - memmove(&sk->data[where], &sk->data[where + 1], + OPENSSL_memmove(&sk->data[where], &sk->data[where + 1], sizeof(void *) * (sk->num - where - 1)); } @@ -308,7 +311,7 @@ _STACK *sk_dup(const _STACK *sk) { ret->data = s; ret->num = sk->num; - memcpy(ret->data, sk->data, sizeof(void *) * sk->num); + OPENSSL_memcpy(ret->data, sk->data, sizeof(void *) * sk->num); ret->sorted = sk->sorted; ret->num_alloc = sk->num_alloc; ret->comp = sk->comp; diff --git a/src/crypto/test/file_test.cc b/src/crypto/test/file_test.cc index d684aa09..715907e5 100644 --- a/src/crypto/test/file_test.cc +++ b/src/crypto/test/file_test.cc @@ -24,6 +24,8 @@ #include <openssl/err.h> +#include "../internal.h" + FileTest::FileTest(const char *path) { file_ = fopen(path, "r"); @@ -227,7 +229,7 @@ static std::string EncodeHex(const uint8_t *in, size_t in_len) { bool FileTest::ExpectBytesEqual(const uint8_t *expected, size_t expected_len, const uint8_t *actual, size_t actual_len) { if (expected_len == actual_len && - memcmp(expected, actual, expected_len) == 0) { + OPENSSL_memcmp(expected, actual, expected_len) == 0) { return true; } diff --git a/src/crypto/thread_pthread.c b/src/crypto/thread_pthread.c index 90ff861e..d9e87f2d 100644 --- a/src/crypto/thread_pthread.c +++ b/src/crypto/thread_pthread.c @@ -103,7 +103,7 @@ static void thread_local_destructor(void *arg) { if (pthread_mutex_lock(&g_destructors_lock) != 0) { return; } - memcpy(destructors, g_destructors, sizeof(destructors)); + OPENSSL_memcpy(destructors, g_destructors, sizeof(destructors)); pthread_mutex_unlock(&g_destructors_lock); unsigned i; @@ -154,7 +154,7 @@ int CRYPTO_set_thread_local(thread_local_data_t index, void *value, destructor(value); return 0; } - memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + OPENSSL_memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); if (pthread_setspecific(g_thread_local_key, pointers) != 0) { OPENSSL_free(pointers); destructor(value); diff --git a/src/crypto/thread_test.c b/src/crypto/thread_test.c index 12ca2ec0..c702ace2 100644 --- a/src/crypto/thread_test.c +++ b/src/crypto/thread_test.c @@ -30,7 +30,7 @@ typedef HANDLE thread_t; static DWORD WINAPI thread_run(LPVOID arg) { void (*thread_func)(void); /* VC really doesn't like casting between data and function pointers. */ - memcpy(&thread_func, &arg, sizeof(thread_func)); + OPENSSL_memcpy(&thread_func, &arg, sizeof(thread_func)); thread_func(); return 0; } @@ -38,7 +38,7 @@ static DWORD WINAPI thread_run(LPVOID arg) { static int run_thread(thread_t *out_thread, void (*thread_func)(void)) { void *arg; /* VC really doesn't like casting between data and function pointers. */ - memcpy(&arg, &thread_func, sizeof(arg)); + OPENSSL_memcpy(&arg, &thread_func, sizeof(arg)); *out_thread = CreateThread(NULL /* security attributes */, 0 /* default stack size */, thread_run, arg, @@ -86,7 +86,7 @@ static void once_init(void) { Sleep(1 /* milliseconds */); #else struct timespec req; - memset(&req, 0, sizeof(req)); + OPENSSL_memset(&req, 0, sizeof(req)); req.tv_nsec = 1000000; nanosleep(&req, NULL); #endif diff --git a/src/crypto/thread_win.c b/src/crypto/thread_win.c index 836cf0f2..62119b4e 100644 --- a/src/crypto/thread_win.c +++ b/src/crypto/thread_win.c @@ -122,7 +122,7 @@ static void NTAPI thread_local_destructor(PVOID module, DWORD reason, thread_local_destructor_t destructors[NUM_OPENSSL_THREAD_LOCALS]; EnterCriticalSection(&g_destructors_lock); - memcpy(destructors, g_destructors, sizeof(destructors)); + OPENSSL_memcpy(destructors, g_destructors, sizeof(destructors)); LeaveCriticalSection(&g_destructors_lock); unsigned i; @@ -218,7 +218,7 @@ int CRYPTO_set_thread_local(thread_local_data_t index, void *value, destructor(value); return 0; } - memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + OPENSSL_memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); if (TlsSetValue(g_thread_local_key, pointers) == 0) { OPENSSL_free(pointers); destructor(value); diff --git a/src/crypto/x509/a_verify.c b/src/crypto/x509/a_verify.c index 5a9adb65..0af4197c 100644 --- a/src/crypto/x509/a_verify.c +++ b/src/crypto/x509/a_verify.c @@ -119,7 +119,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, * we don't need to zero the 'ctx' because we just checked public * information */ - /* memset(&ctx,0,sizeof(ctx)); */ + /* OPENSSL_memset(&ctx,0,sizeof(ctx)); */ ret = 1; err: EVP_MD_CTX_cleanup(&ctx); diff --git a/src/crypto/x509/asn1_gen.c b/src/crypto/x509/asn1_gen.c index 03a0ab9f..c52a1ac0 100644 --- a/src/crypto/x509/asn1_gen.c +++ b/src/crypto/x509/asn1_gen.c @@ -261,7 +261,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) } /* Copy across original encoding */ - memcpy(p, cpy_start, cpy_len); + OPENSSL_memcpy(p, cpy_start, cpy_len); cp = new_der; diff --git a/src/crypto/x509/by_dir.c b/src/crypto/x509/by_dir.c index 434e5abe..e68ca5a3 100644 --- a/src/crypto/x509/by_dir.c +++ b/src/crypto/x509/by_dir.c @@ -433,7 +433,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, if (tmp != NULL) { ok = 1; ret->type = tmp->type; - memcpy(&ret->data, &tmp->data, sizeof(ret->data)); + OPENSSL_memcpy(&ret->data, &tmp->data, sizeof(ret->data)); /* * If we were going to up the reference count, we would need * to do it on a perl 'type' basis diff --git a/src/crypto/x509/pkcs7_test.c b/src/crypto/x509/pkcs7_test.c index bebcbd95..7bf4b81d 100644 --- a/src/crypto/x509/pkcs7_test.c +++ b/src/crypto/x509/pkcs7_test.c @@ -22,6 +22,7 @@ #include <openssl/stack.h> #include <openssl/x509.h> +#include "../internal.h" #include "../test/test_util.h" @@ -520,7 +521,7 @@ static int test_cert_reparse(const uint8_t *der_bytes, size_t der_len) { } if (result_len != result2_len || - memcmp(result_data, result2_data, result_len) != 0) { + OPENSSL_memcmp(result_data, result2_data, result_len) != 0) { fprintf(stderr, "Serialisation is not stable.\n"); return 0; } @@ -584,7 +585,7 @@ static int test_crl_reparse(const uint8_t *der_bytes, size_t der_len) { } if (result_len != result2_len || - memcmp(result_data, result2_data, result_len) != 0) { + OPENSSL_memcmp(result_data, result2_data, result_len) != 0) { fprintf(stderr, "Serialisation is not stable.\n"); return 0; } diff --git a/src/crypto/x509/x509_cmp.c b/src/crypto/x509/x509_cmp.c index 32862ebc..98236d9f 100644 --- a/src/crypto/x509/x509_cmp.c +++ b/src/crypto/x509/x509_cmp.c @@ -67,6 +67,9 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "../internal.h" + + int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { int i; @@ -125,7 +128,7 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) { - return memcmp(a->sha1_hash, b->sha1_hash, 20); + return OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, 20); } X509_NAME *X509_get_issuer_name(X509 *a) @@ -178,7 +181,7 @@ int X509_cmp(const X509 *a, const X509 *b) X509_check_purpose((X509 *)a, -1, 0); X509_check_purpose((X509 *)b, -1, 0); - rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); if (rv) return rv; /* Check for match against stored encoding too */ @@ -186,8 +189,8 @@ int X509_cmp(const X509 *a, const X509 *b) rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); if (rv) return rv; - return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, - a->cert_info->enc.len); + return OPENSSL_memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, + a->cert_info->enc.len); } return rv; } @@ -215,7 +218,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) if (ret) return ret; - return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); + return OPENSSL_memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); } diff --git a/src/crypto/x509/x509_lu.c b/src/crypto/x509/x509_lu.c index 7aee3bb1..9e459640 100644 --- a/src/crypto/x509/x509_lu.c +++ b/src/crypto/x509/x509_lu.c @@ -188,7 +188,7 @@ X509_STORE *X509_STORE_new(void) if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) return NULL; - memset(ret, 0, sizeof(*ret)); + OPENSSL_memset(ret, 0, sizeof(*ret)); CRYPTO_MUTEX_init(&ret->objs_lock); ret->objs = sk_X509_OBJECT_new(x509_object_cmp); if (ret->objs == NULL) @@ -396,6 +396,11 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) return ret; } +void X509_STORE_set0_additional_untrusted(X509_STORE *ctx, + STACK_OF(X509) *untrusted) { + ctx->additional_untrusted = untrusted; +} + int X509_OBJECT_up_ref_count(X509_OBJECT *a) { switch (a->type) { diff --git a/src/crypto/x509/x509_obj.c b/src/crypto/x509/x509_obj.c index a7f31e03..33eafc42 100644 --- a/src/crypto/x509/x509_obj.c +++ b/src/crypto/x509/x509_obj.c @@ -64,6 +64,9 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "../internal.h" + + /* * Limit to ensure we don't overflow: much greater than * anything enountered in practice. @@ -161,7 +164,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) } else p = &(buf[lold]); *(p++) = '/'; - memcpy(p, s, (unsigned int)l1); + OPENSSL_memcpy(p, s, (unsigned int)l1); p += l1; *(p++) = '='; diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc index 0c25754e..3629c13e 100644 --- a/src/crypto/x509/x509_test.cc +++ b/src/crypto/x509/x509_test.cc @@ -25,6 +25,8 @@ #include <openssl/pool.h> #include <openssl/x509.h> +#include "../internal.h" + static const char kCrossSigningRootPEM[] = "-----BEGIN CERTIFICATE-----\n" @@ -450,7 +452,8 @@ static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack( static int Verify(X509 *leaf, const std::vector<X509 *> &roots, const std::vector<X509 *> &intermediates, const std::vector<X509_CRL *> &crls, - unsigned long flags = 0) { + unsigned long flags, + bool use_additional_untrusted) { bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots)); bssl::UniquePtr<STACK_OF(X509)> intermediates_stack( CertsToStack(intermediates)); @@ -469,8 +472,14 @@ static int Verify(X509 *leaf, const std::vector<X509 *> &roots, return X509_V_ERR_UNSPECIFIED; } - if (!X509_STORE_CTX_init(ctx.get(), store.get(), leaf, - intermediates_stack.get())) { + if (use_additional_untrusted) { + X509_STORE_set0_additional_untrusted(store.get(), + intermediates_stack.get()); + } + + if (!X509_STORE_CTX_init( + ctx.get(), store.get(), leaf, + use_additional_untrusted ? nullptr : intermediates_stack.get())) { return X509_V_ERR_UNSPECIFIED; } @@ -496,6 +505,24 @@ static int Verify(X509 *leaf, const std::vector<X509 *> &roots, return X509_V_OK; } +static int Verify(X509 *leaf, const std::vector<X509 *> &roots, + const std::vector<X509 *> &intermediates, + const std::vector<X509_CRL *> &crls, + unsigned long flags = 0) { + const int r1 = Verify(leaf, roots, intermediates, crls, flags, false); + const int r2 = Verify(leaf, roots, intermediates, crls, flags, true); + + if (r1 != r2) { + fprintf(stderr, + "Verify with, and without, use_additional_untrusted gave different " + "results: %d vs %d.\n", + r1, r2); + return false; + } + + return r1; +} + static bool TestVerify() { bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM)); bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM)); @@ -814,7 +841,7 @@ static bool TestFromBufferTrailingData() { } std::unique_ptr<uint8_t[]> trailing_data(new uint8_t[data_len + 1]); - memcpy(trailing_data.get(), data.get(), data_len); + OPENSSL_memcpy(trailing_data.get(), data.get(), data_len); bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data( CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr)); @@ -927,7 +954,7 @@ static bool TestFromBufferReused() { return false; } if (i2d_len != static_cast<long>(data2_len) || - memcmp(data2.get(), i2d, i2d_len) != 0) { + OPENSSL_memcmp(data2.get(), i2d, i2d_len) != 0) { fprintf(stderr, "TestFromBufferReused: i2d gave wrong result.\n"); return false; } @@ -964,7 +991,7 @@ static bool TestFailedParseFromBuffer() { } std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]); - memcpy(data_with_trailing_byte.get(), data.get(), data_len); + OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len); data_with_trailing_byte[data_len] = 0; bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte( diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c index fa6a5c51..27b58f45 100644 --- a/src/crypto/x509/x509_vfy.c +++ b/src/crypto/x509/x509_vfy.c @@ -226,7 +226,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509_up_ref(ctx->cert); ctx->last_untrusted = 1; - /* We use a temporary STACK so we can chop and hack at it */ + /* We use a temporary STACK so we can chop and hack at it. + * sktmp = ctx->untrusted ++ ctx->ctx->additional_untrusted */ if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); @@ -234,6 +235,28 @@ int X509_verify_cert(X509_STORE_CTX *ctx) goto end; } + if (ctx->ctx->additional_untrusted != NULL) { + if (sktmp == NULL) { + sktmp = sk_X509_new_null(); + if (sktmp == NULL) { + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + } + + for (size_t k = 0; k < sk_X509_num(ctx->ctx->additional_untrusted); + k++) { + if (!sk_X509_push(sktmp, + sk_X509_value(ctx->ctx->additional_untrusted, + k))) { + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + } + } + num = sk_X509_num(ctx->chain); x = sk_X509_value(ctx->chain, num - 1); depth = param->depth; @@ -269,7 +292,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) } /* If we were passed a cert chain, use it first */ - if (ctx->untrusted != NULL) { + if (sktmp != NULL) { xtmp = find_issuer(ctx, sktmp, x); if (xtmp != NULL) { if (!sk_X509_push(ctx->chain, xtmp)) { @@ -1258,6 +1281,17 @@ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, return; } } + + for (i = 0; i < sk_X509_num(ctx->ctx->additional_untrusted); i++) { + crl_issuer = sk_X509_value(ctx->ctx->additional_untrusted, i); + if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) + continue; + if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { + *pissuer = crl_issuer; + *pcrl_score |= CRL_SCORE_AKID; + return; + } + } } /* @@ -1829,7 +1863,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; if (remaining < min_length || remaining > max_length) return 0; - memcpy(p, str, 10); + OPENSSL_memcpy(p, str, 10); p += 10; str += 10; remaining -= 10; @@ -1841,7 +1875,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; if (remaining < min_length || remaining > max_length) return 0; - memcpy(p, str, 12); + OPENSSL_memcpy(p, str, 12); p += 12; str += 12; remaining -= 12; @@ -2226,7 +2260,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ctx, 0, sizeof(X509_STORE_CTX)); + OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX)); return ctx; } @@ -2244,7 +2278,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, { int ret = 1; - memset(ctx, 0, sizeof(X509_STORE_CTX)); + OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX)); ctx->ctx = store; ctx->cert = x509; ctx->untrusted = chain; @@ -2337,7 +2371,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, X509_VERIFY_PARAM_free(ctx->param); } - memset(ctx, 0, sizeof(X509_STORE_CTX)); + OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX)); OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } @@ -2375,7 +2409,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) ctx->chain = NULL; } CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data)); - memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); + OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); } void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) diff --git a/src/crypto/x509/x509_vpm.c b/src/crypto/x509/x509_vpm.c index 924cfa7c..2317214c 100644 --- a/src/crypto/x509/x509_vpm.c +++ b/src/crypto/x509/x509_vpm.c @@ -65,6 +65,8 @@ #include <openssl/x509v3.h> #include "vpm_int.h" +#include "../internal.h" + /* X509_VERIFY_PARAM functions */ @@ -92,7 +94,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, * Refuse names with embedded NUL bytes. * XXX: Do we need to push an error onto the error stack? */ - if (name && memchr(name, '\0', namelen)) + if (name && OPENSSL_memchr(name, '\0', namelen)) return 0; if (mode == SET_HOST && id->hosts) { @@ -176,8 +178,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof(X509_VERIFY_PARAM)); - memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID)); + OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM)); + OPENSSL_memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID)); param->id = paramid; x509_verify_param_zero(param); return param; diff --git a/src/crypto/x509/x509name.c b/src/crypto/x509/x509name.c index 050e16a8..610de5f2 100644 --- a/src/crypto/x509/x509name.c +++ b/src/crypto/x509/x509name.c @@ -63,6 +63,9 @@ #include <openssl/stack.h> #include <openssl/x509.h> +#include "../internal.h" + + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) { const ASN1_OBJECT *obj; @@ -86,7 +89,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, i = (data->length > (len - 1)) ? (len - 1) : data->length; if (buf == NULL) return (data->length); - memcpy(buf, data->data, i); + OPENSSL_memcpy(buf, data->data, i); buf[i] = '\0'; return (i); } diff --git a/src/crypto/x509/x_name.c b/src/crypto/x509/x_name.c index 19f536c2..f97081dc 100644 --- a/src/crypto/x509/x_name.c +++ b/src/crypto/x509/x_name.c @@ -67,6 +67,8 @@ #include <openssl/x509.h> #include "../asn1/asn1_locl.h" +#include "../internal.h" + typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) @@ -233,7 +235,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, local_sk_X509_NAME_ENTRY_pop_free); goto err; } - memcpy(nm.x->bytes->data, q, p - q); + OPENSSL_memcpy(nm.x->bytes->data, q, p - q); /* Convert internal representation to X509_NAME structure */ for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { @@ -276,7 +278,7 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, } ret = a->bytes->length; if (out != NULL) { - memcpy(*out, a->bytes->data, ret); + OPENSSL_memcpy(*out, a->bytes->data, ret); *out += ret; } return ret; @@ -336,8 +338,8 @@ static int x509_name_encode(X509_NAME *a) * spaces collapsed, converted to lower case and the leading SEQUENCE header * removed. In future we could also normalize the UTF8 too. By doing this * comparison of Name structures can be rapidly perfomed by just using - * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name - * constraints of type dirName can also be checked with a simple memcmp(). + * OPENSSL_memcmp() of the canonical encoding. By omitting the leading SEQUENCE name + * constraints of type dirName can also be checked with a simple OPENSSL_memcmp(). */ static int x509_name_canon(X509_NAME *a) diff --git a/src/crypto/x509/x_pkey.c b/src/crypto/x509/x_pkey.c index fc445954..8231a24b 100644 --- a/src/crypto/x509/x_pkey.c +++ b/src/crypto/x509/x_pkey.c @@ -63,6 +63,9 @@ #include <openssl/mem.h> #include <openssl/thread.h> +#include "../internal.h" + + X509_PKEY *X509_PKEY_new(void) { X509_PKEY *ret = OPENSSL_malloc(sizeof(X509_PKEY)); @@ -70,7 +73,7 @@ X509_PKEY *X509_PKEY_new(void) OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } - memset(ret, 0, sizeof(X509_PKEY)); + OPENSSL_memset(ret, 0, sizeof(X509_PKEY)); ret->enc_algor = X509_ALGOR_new(); if (ret->enc_algor == NULL) diff --git a/src/crypto/x509v3/pcy_tree.c b/src/crypto/x509v3/pcy_tree.c index a13a4fa3..a588107b 100644 --- a/src/crypto/x509v3/pcy_tree.c +++ b/src/crypto/x509v3/pcy_tree.c @@ -66,6 +66,7 @@ #include <openssl/x509v3.h> #include "pcy_int.h" +#include "../internal.h" /* * Enable this to print out the complete policy tree at various point during @@ -238,7 +239,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, return 0; } - memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); + OPENSSL_memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); tree->nlevel = n; diff --git a/src/crypto/x509v3/v3_ia5.c b/src/crypto/x509v3/v3_ia5.c index 6fc6b59b..6b2056dc 100644 --- a/src/crypto/x509v3/v3_ia5.c +++ b/src/crypto/x509v3/v3_ia5.c @@ -67,6 +67,9 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "../internal.h" + + static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, @@ -92,7 +95,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } - memcpy(tmp, ia5->data, ia5->length); + OPENSSL_memcpy(tmp, ia5->data, ia5->length); tmp[ia5->length] = 0; return tmp; } diff --git a/src/crypto/x509v3/v3_ncons.c b/src/crypto/x509v3/v3_ncons.c index 368ad272..fc2843ef 100644 --- a/src/crypto/x509v3/v3_ncons.c +++ b/src/crypto/x509v3/v3_ncons.c @@ -65,6 +65,9 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "../internal.h" + + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -365,7 +368,7 @@ static int nc_dn(X509_NAME *nm, X509_NAME *base) return X509_V_ERR_OUT_OF_MEM; if (base->canon_enclen > nm->canon_enclen) return X509_V_ERR_PERMITTED_VIOLATION; - if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) + if (OPENSSL_memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; } diff --git a/src/crypto/x509v3/v3_pci.c b/src/crypto/x509v3/v3_pci.c index 220f65e1..68dca5e7 100644 --- a/src/crypto/x509v3/v3_pci.c +++ b/src/crypto/x509v3/v3_pci.c @@ -44,6 +44,9 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "../internal.h" + + static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, BIO *out, int indent); static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, @@ -133,7 +136,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length + val_len + 1); if (tmp_data) { (*policy)->data = tmp_data; - memcpy(&(*policy)->data[(*policy)->length], + OPENSSL_memcpy(&(*policy)->data[(*policy)->length], tmp_data2, val_len); (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; @@ -171,7 +174,7 @@ static int process_pci_value(CONF_VALUE *val, break; (*policy)->data = tmp_data; - memcpy(&(*policy)->data[(*policy)->length], buf, n); + OPENSSL_memcpy(&(*policy)->data[(*policy)->length], buf, n); (*policy)->length += n; (*policy)->data[(*policy)->length] = '\0'; } @@ -188,7 +191,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length + val_len + 1); if (tmp_data) { (*policy)->data = tmp_data; - memcpy(&(*policy)->data[(*policy)->length], + OPENSSL_memcpy(&(*policy)->data[(*policy)->length], val->value + 5, val_len); (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; diff --git a/src/crypto/x509v3/v3_utl.c b/src/crypto/x509v3/v3_utl.c index a238a20e..b6032740 100644 --- a/src/crypto/x509v3/v3_utl.c +++ b/src/crypto/x509v3/v3_utl.c @@ -71,6 +71,8 @@ #include <openssl/x509v3.h> #include "../conf/internal.h" +#include "../internal.h" + static char *strip_spaces(char *name); static int sk_strcmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b); @@ -690,7 +692,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, return 1; } -/* Compare using memcmp. */ +/* Compare using OPENSSL_memcmp. */ static int equal_case(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) @@ -698,7 +700,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len, skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); if (pattern_len != subject_len) return 0; - return !memcmp(pattern, subject, pattern_len); + return !OPENSSL_memcmp(pattern, subject, pattern_len); } /* @@ -909,7 +911,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, return 0; if (cmp_type == V_ASN1_IA5STRING) rv = equal(a->data, a->length, (unsigned char *)b, blen, flags); - else if (a->length == (int)blen && !memcmp(a->data, b, blen)) + else if (a->length == (int)blen && !OPENSSL_memcmp(a->data, b, blen)) rv = 1; if (rv > 0 && peername) *peername = BUF_strndup((char *)a->data, a->length); @@ -1014,7 +1016,7 @@ int X509_check_host(X509 *x, const char *chk, size_t chklen, { if (chk == NULL) return -2; - if (memchr(chk, '\0', chklen)) + if (OPENSSL_memchr(chk, '\0', chklen)) return -2; return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); } @@ -1024,7 +1026,7 @@ int X509_check_email(X509 *x, const char *chk, size_t chklen, { if (chk == NULL) return -2; - if (memchr(chk, '\0', chklen)) + if (OPENSSL_memchr(chk, '\0', chklen)) return -2; return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL); } @@ -1213,16 +1215,16 @@ static int ipv6_from_asc(unsigned char *v6, const char *in) if (v6stat.zero_pos >= 0) { /* Copy initial part */ - memcpy(v6, v6stat.tmp, v6stat.zero_pos); + OPENSSL_memcpy(v6, v6stat.tmp, v6stat.zero_pos); /* Zero middle */ - memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); + OPENSSL_memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); /* Copy final part */ if (v6stat.total != v6stat.zero_pos) - memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, - v6stat.tmp + v6stat.zero_pos, - v6stat.total - v6stat.zero_pos); + OPENSSL_memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); } else - memcpy(v6, v6stat.tmp, 16); + OPENSSL_memcpy(v6, v6stat.tmp, 16); return 1; } diff --git a/src/crypto/x509v3/v3name_test.c b/src/crypto/x509v3/v3name_test.c index dadf488f..959b924d 100644 --- a/src/crypto/x509v3/v3name_test.c +++ b/src/crypto/x509v3/v3name_test.c @@ -62,6 +62,9 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "../internal.h" + + static const char *const names[] = { "a", "b", ".", "*", "@", ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", @@ -334,7 +337,7 @@ static void run_cert(X509 *crt, const char *nameincert, size_t namelen = strlen(*pname); char *name = malloc(namelen); int match, ret; - memcpy(name, *pname, namelen); + OPENSSL_memcpy(name, *pname, namelen); ret = X509_check_host(crt, name, namelen, 0, NULL); match = -1; diff --git a/src/decrepit/bio/base64_bio.c b/src/decrepit/bio/base64_bio.c index 8415bfed..85f30ffc 100644 --- a/src/decrepit/bio/base64_bio.c +++ b/src/decrepit/bio/base64_bio.c @@ -65,6 +65,8 @@ #include <openssl/evp.h> #include <openssl/mem.h> +#include "../../crypto/internal.h" + #define B64_BLOCK_SIZE 1024 #define B64_BLOCK_SIZE2 768 @@ -94,7 +96,7 @@ static int b64_new(BIO *bio) { return 0; } - memset(ctx, 0, sizeof(*ctx)); + OPENSSL_memset(ctx, 0, sizeof(*ctx)); ctx->cont = 1; ctx->start = 1; @@ -147,7 +149,7 @@ static int b64_read(BIO *b, char *out, int outl) { i = outl; } assert(ctx->buf_off + i < (int)sizeof(ctx->buf)); - memcpy(out, &ctx->buf[ctx->buf_off], i); + OPENSSL_memcpy(out, &ctx->buf[ctx->buf_off], i); ret = i; out += i; outl -= i; @@ -274,7 +276,7 @@ static int b64_read(BIO *b, char *out, int outl) { } /* z is now number of output bytes and jj is the number consumed. */ if (jj != i) { - memmove(ctx->tmp, &ctx->tmp[jj], i - jj); + OPENSSL_memmove(ctx->tmp, &ctx->tmp[jj], i - jj); ctx->tmp_len = i - jj; } ctx->buf_len = 0; @@ -300,7 +302,7 @@ static int b64_read(BIO *b, char *out, int outl) { i = outl; } - memcpy(out, ctx->buf, i); + OPENSSL_memcpy(out, ctx->buf, i); ret += i; ctx->buf_off = i; if (ctx->buf_off == ctx->buf_len) { @@ -367,7 +369,7 @@ static int b64_write(BIO *b, const char *in, int inl) { if (n > inl) { n = inl; } - memcpy(&(ctx->tmp[ctx->tmp_len]), in, n); + OPENSSL_memcpy(&(ctx->tmp[ctx->tmp_len]), in, n); ctx->tmp_len += n; ret += n; if (ctx->tmp_len < 3) { @@ -383,7 +385,7 @@ static int b64_write(BIO *b, const char *in, int inl) { ctx->tmp_len = 0; } else { if (n < 3) { - memcpy(ctx->tmp, in, n); + OPENSSL_memcpy(ctx->tmp, in, n); ctx->tmp_len = n; ret += n; break; diff --git a/src/decrepit/blowfish/blowfish.c b/src/decrepit/blowfish/blowfish.c index e277f344..04b7368f 100644 --- a/src/decrepit/blowfish/blowfish.c +++ b/src/decrepit/blowfish/blowfish.c @@ -58,6 +58,7 @@ #include <string.h> +#include "../../crypto/internal.h" #include "../macros.h" @@ -441,7 +442,7 @@ void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) { uint32_t *p, ri, in[2]; const uint8_t *d, *end; - memcpy(key, &bf_init, sizeof(BF_KEY)); + OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY)); p = key->P; if (len > ((BF_ROUNDS + 2) * 4)) diff --git a/src/decrepit/des/cfb64ede.c b/src/decrepit/des/cfb64ede.c index f7e81d45..3099127c 100644 --- a/src/decrepit/des/cfb64ede.c +++ b/src/decrepit/des/cfb64ede.c @@ -58,7 +58,8 @@ #include <openssl/des.h> -#include "../crypto/des/internal.h" +#include "../../crypto/des/internal.h" +#include "../../crypto/internal.h" /* The input and output encrypted as though 64bit cfb mode is being used. The @@ -174,7 +175,7 @@ void DES_ede3_cfb_encrypt(const uint8_t *in, uint8_t *out, int numbits, l2c(d0, iv); l2c(d1, iv); /* shift ovec left most of the bits... */ - memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); + OPENSSL_memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); /* now the remaining bits */ if (num % 8 != 0) { for (i = 0; i < 8; ++i) { @@ -210,7 +211,7 @@ void DES_ede3_cfb_encrypt(const uint8_t *in, uint8_t *out, int numbits, l2c(d0, iv); l2c(d1, iv); /* shift ovec left most of the bits... */ - memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); + OPENSSL_memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); /* now the remaining bits */ if (num % 8 != 0) { for (i = 0; i < 8; ++i) { diff --git a/src/decrepit/obj/obj_decrepit.c b/src/decrepit/obj/obj_decrepit.c index 8ea2e0aa..65b2b132 100644 --- a/src/decrepit/obj/obj_decrepit.c +++ b/src/decrepit/obj/obj_decrepit.c @@ -19,6 +19,8 @@ #include <openssl/evp.h> +#include "../../crypto/internal.h" + struct wrapped_callback { void (*callback)(const OBJ_NAME *, void *arg); @@ -30,7 +32,7 @@ static void cipher_callback(const EVP_CIPHER *cipher, const char *name, const struct wrapped_callback *wrapped = (struct wrapped_callback *)arg; OBJ_NAME obj_name; - memset(&obj_name, 0, sizeof(obj_name)); + OPENSSL_memset(&obj_name, 0, sizeof(obj_name)); obj_name.type = OBJ_NAME_TYPE_CIPHER_METH; obj_name.name = name; obj_name.data = (const char *)cipher; @@ -43,7 +45,7 @@ static void md_callback(const EVP_MD *md, const char *name, const char *unused, const struct wrapped_callback *wrapped = (struct wrapped_callback*) arg; OBJ_NAME obj_name; - memset(&obj_name, 0, sizeof(obj_name)); + OPENSSL_memset(&obj_name, 0, sizeof(obj_name)); obj_name.type = OBJ_NAME_TYPE_MD_METH; obj_name.name = name; obj_name.data = (const char *)md; diff --git a/src/decrepit/ripemd/ripemd.c b/src/decrepit/ripemd/ripemd.c index ce47c28e..ab9bc32d 100644 --- a/src/decrepit/ripemd/ripemd.c +++ b/src/decrepit/ripemd/ripemd.c @@ -62,7 +62,7 @@ int RIPEMD160_Init(RIPEMD160_CTX *ctx) { - memset(ctx, 0, sizeof(*ctx)); + OPENSSL_memset(ctx, 0, sizeof(*ctx)); ctx->h[0] = RIPEMD160_A; ctx->h[1] = RIPEMD160_B; ctx->h[2] = RIPEMD160_C; diff --git a/src/decrepit/ripemd/ripemd_test.cc b/src/decrepit/ripemd/ripemd_test.cc index ebcabdfb..e39c8938 100644 --- a/src/decrepit/ripemd/ripemd_test.cc +++ b/src/decrepit/ripemd/ripemd_test.cc @@ -19,6 +19,7 @@ #include <stdio.h> #include <string.h> +#include "../../crypto/internal.h" #include "../../crypto/test/test_util.h" @@ -85,7 +86,7 @@ int main(void) { RIPEMD160_Final(digest, &ctx); } - if (memcmp(digest, test.expected, sizeof(digest)) != 0) { + if (OPENSSL_memcmp(digest, test.expected, sizeof(digest)) != 0) { fprintf(stderr, "#%u: bad result with stride %u: ", test_num, static_cast<unsigned>(stride)); hexdump(stderr, "", digest, sizeof(digest)); @@ -96,7 +97,7 @@ int main(void) { static const size_t kLargeBufSize = 1000000; std::unique_ptr<uint8_t[]> buf(new uint8_t[kLargeBufSize]); - memset(buf.get(), 'a', kLargeBufSize); + OPENSSL_memset(buf.get(), 'a', kLargeBufSize); uint8_t digest[RIPEMD160_DIGEST_LENGTH]; RIPEMD160(buf.get(), kLargeBufSize, digest); @@ -104,7 +105,7 @@ int main(void) { 0x52, 0x78, 0x32, 0x43, 0xc1, 0x69, 0x7b, 0xdb, 0xe1, 0x6d, 0x37, 0xf9, 0x7f, 0x68, 0xf0, 0x83, 0x25, 0xdc, 0x15, 0x28}; - if (memcmp(digest, kMillionADigest, sizeof(digest)) != 0) { + if (OPENSSL_memcmp(digest, kMillionADigest, sizeof(digest)) != 0) { fprintf(stderr, "Digest incorrect for “million a's” test: "); hexdump(stderr, "", digest, sizeof(digest)); ok = 0; diff --git a/src/decrepit/xts/xts.c b/src/decrepit/xts/xts.c index 10a696de..2811445d 100644 --- a/src/decrepit/xts/xts.c +++ b/src/decrepit/xts/xts.c @@ -73,7 +73,7 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, if (len < 16) return 0; - memcpy(tweak.c, iv, 16); + OPENSSL_memcpy(tweak.c, iv, 16); (*ctx->block2)(tweak.c, tweak.c, ctx->key2); @@ -81,7 +81,7 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, while (len >= 16) { #if STRICT_ALIGNMENT - memcpy(scratch.c, inp, 16); + OPENSSL_memcpy(scratch.c, inp, 16); scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; #else @@ -92,7 +92,7 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, #if STRICT_ALIGNMENT scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; - memcpy(out, scratch.c, 16); + OPENSSL_memcpy(out, scratch.c, 16); #else ((uint64_t *)out)[0] = scratch.u[0] ^= tweak.u[0]; ((uint64_t *)out)[1] = scratch.u[1] ^= tweak.u[1]; @@ -121,7 +121,7 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, (*ctx->block1)(scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; - memcpy(out - 16, scratch.c, 16); + OPENSSL_memcpy(out - 16, scratch.c, 16); } else { union { uint64_t u[2]; @@ -135,7 +135,7 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, tweak1.u[0] = (tweak.u[0] << 1) ^ res; tweak1.u[1] = (tweak.u[1] << 1) | carry; #if STRICT_ALIGNMENT - memcpy(scratch.c, inp, 16); + OPENSSL_memcpy(scratch.c, inp, 16); scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; #else @@ -157,7 +157,7 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, #if STRICT_ALIGNMENT scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; - memcpy(out, scratch.c, 16); + OPENSSL_memcpy(out, scratch.c, 16); #else ((uint64_t *)out)[0] = scratch.u[0] ^ tweak.u[0]; ((uint64_t *)out)[1] = scratch.u[1] ^ tweak.u[1]; @@ -200,7 +200,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, if (iv) { xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); + OPENSSL_memcpy(ctx->iv, iv, 16); } return 1; diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index 8deb278f..18beba4e 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -253,6 +253,18 @@ OPENSSL_EXPORT BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret); * number of bytes written. */ OPENSSL_EXPORT size_t BN_bn2bin(const BIGNUM *in, uint8_t *out); +/* BN_le2bn sets |*ret| to the value of |len| bytes from |in|, interpreted as + * a little-endian number, and returns |ret|. If |ret| is NULL then a fresh + * |BIGNUM| is allocated and returned. It returns NULL on allocation + * failure. */ +OPENSSL_EXPORT BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret); + +/* BN_bn2le_padded serialises the absolute value of |in| to |out| as a + * little-endian integer, which must have |len| of space available, padding + * out the remainder of out with zeros. If |len| is smaller than |BN_num_bytes|, + * the function fails and returns 0. Otherwise, it returns 1. */ +OPENSSL_EXPORT int BN_bn2le_padded(uint8_t *out, size_t len, const BIGNUM *in); + /* BN_bn2bin_padded serialises the absolute value of |in| to |out| as a * big-endian integer. The integer is padded with leading zeros up to size * |len|. If |len| is smaller than |BN_num_bytes|, the function fails and @@ -306,6 +318,11 @@ OPENSSL_EXPORT int BN_print_fp(FILE *fp, const BIGNUM *a); * will be returned. */ OPENSSL_EXPORT BN_ULONG BN_get_word(const BIGNUM *bn); +/* BN_get_u64 sets |*out| to the absolute value of |bn| as a |uint64_t| and + * returns one. If |bn| is too large to be represented as a |uint64_t|, it + * returns zero. */ +OPENSSL_EXPORT int BN_get_u64(const BIGNUM *bn, uint64_t *out); + /* ASN.1 functions. */ @@ -913,9 +930,9 @@ OPENSSL_EXPORT unsigned BN_num_bits_word(BN_ULONG l); #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 -/* avoid leaking exponent information through timing, BN_mod_exp_mont() will - * call BN_mod_exp_mont_consttime, BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. */ +/* Avoid leaking exponent information through timing. |BN_mod_exp_mont| will + * call |BN_mod_exp_mont_consttime| and |BN_mod_inverse| will call + * |BN_mod_inverse_no_branch|. */ #define BN_FLG_CONSTTIME 0x04 diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 58b388aa..e8deb109 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -577,7 +577,10 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, /* EVP_PKEY_CTX_set_rsa_pss_saltlen sets the length of the salt in a PSS-padded * signature. A value of -1 cause the salt to be the same length as the digest * in the signature. A value of -2 causes the salt to be the maximum length - * that will fit. Otherwise the value gives the size of the salt in bytes. + * that will fit when signing and recovered from the signature when verifying. + * Otherwise the value gives the size of the salt in bytes. + * + * If unsure, use -1. * * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, diff --git a/src/include/openssl/lhash.h b/src/include/openssl/lhash.h index 130ffb1f..b95d4f21 100644 --- a/src/include/openssl/lhash.h +++ b/src/include/openssl/lhash.h @@ -144,9 +144,7 @@ typedef struct lhash_st { lhash_hash_func hash; } _LHASH; -/* lh_new returns a new, empty hash table or NULL on error. If |comp| is NULL, - * |strcmp| will be used. If |hash| is NULL, a generic hash function will be - * used. */ +/* lh_new returns a new, empty hash table or NULL on error. */ OPENSSL_EXPORT _LHASH *lh_new(lhash_hash_func hash, lhash_cmp_func comp); /* lh_free frees the hash table itself but none of the elements. See diff --git a/src/include/openssl/nid.h b/src/include/openssl/nid.h index d51a67c3..4270dc1b 100644 --- a/src/include/openssl/nid.h +++ b/src/include/openssl/nid.h @@ -1,28 +1,24 @@ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num ../../include/openssl/nid.h */ - /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -37,10 +33,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -52,16 +48,22 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ + * [including the GNU Public Licence.] */ + +/* This file is generated by crypto/obj/objects.go. */ #ifndef OPENSSL_HEADER_NID_H #define OPENSSL_HEADER_NID_H +#include <openssl/base.h> + +#if defined(__cplusplus) +extern "C" { +#endif /* The nid library provides numbered values for ASN.1 object identifiers and * other symbols. These values are used by other libraries to identify @@ -69,467 +71,509 @@ * * A separate objects library, obj.h, provides functions for converting between * nids and object identifiers. However it depends on large internal tables with - * the encodings of every nid defind. Consumers concerned with binary size + * the encodings of every nid defined. Consumers concerned with binary size * should instead embed the encodings of the few consumed OIDs and compare * against those. * * These values should not be used outside of a single process; they are not * stable identifiers. */ - #define SN_undef "UNDEF" #define LN_undef "undefined" #define NID_undef 0 #define OBJ_undef 0L -#define SN_itu_t "ITU-T" -#define LN_itu_t "itu-t" -#define NID_itu_t 645 -#define OBJ_itu_t 0L - -#define NID_ccitt 404 -#define OBJ_ccitt OBJ_itu_t - -#define SN_iso "ISO" -#define LN_iso "iso" -#define NID_iso 181 -#define OBJ_iso 1L - -#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" -#define LN_joint_iso_itu_t "joint-iso-itu-t" -#define NID_joint_iso_itu_t 646 -#define OBJ_joint_iso_itu_t 2L - -#define NID_joint_iso_ccitt 393 -#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t - -#define SN_member_body "member-body" -#define LN_member_body "ISO Member Body" -#define NID_member_body 182 -#define OBJ_member_body OBJ_iso,2L - -#define SN_identified_organization "identified-organization" -#define NID_identified_organization 676 -#define OBJ_identified_organization OBJ_iso,3L +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi 1L, 2L, 840L, 113549L -#define SN_hmac_md5 "HMAC-MD5" -#define LN_hmac_md5 "hmac-md5" -#define NID_hmac_md5 780 -#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs 1L, 2L, 840L, 113549L, 1L -#define SN_hmac_sha1 "HMAC-SHA1" -#define LN_hmac_sha1 "hmac-sha1" -#define NID_hmac_sha1 781 -#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 1L, 2L, 840L, 113549L, 2L, 2L -#define SN_certicom_arc "certicom-arc" -#define NID_certicom_arc 677 -#define OBJ_certicom_arc OBJ_identified_organization,132L +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 1L, 2L, 840L, 113549L, 2L, 5L -#define SN_international_organizations "international-organizations" -#define LN_international_organizations "International Organizations" -#define NID_international_organizations 647 -#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 1L, 2L, 840L, 113549L, 3L, 4L -#define SN_wap "wap" -#define NID_wap 678 -#define OBJ_wap OBJ_international_organizations,43L +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 1L -#define SN_wap_wsg "wap-wsg" -#define NID_wap_wsg 679 -#define OBJ_wap_wsg OBJ_wap,1L +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 2L -#define SN_selected_attribute_types "selected-attribute-types" -#define LN_selected_attribute_types "Selected Attribute Types" -#define NID_selected_attribute_types 394 -#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 4L -#define SN_clearance "clearance" -#define NID_clearance 395 -#define OBJ_clearance OBJ_selected_attribute_types,55L +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 1L -#define SN_ISO_US "ISO-US" -#define LN_ISO_US "ISO US Member Body" -#define NID_ISO_US 183 -#define OBJ_ISO_US OBJ_member_body,840L +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 3L -#define SN_X9_57 "X9-57" -#define LN_X9_57 "X9.57" -#define NID_X9_57 184 -#define OBJ_X9_57 OBJ_ISO_US,10040L +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L, 5L -#define SN_X9cm "X9cm" -#define LN_X9cm "X9.57 CM ?" -#define NID_X9cm 185 -#define OBJ_X9cm OBJ_X9_57,4L +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 2L, 5L, 4L -#define SN_dsa "DSA" -#define LN_dsa "dsaEncryption" -#define NID_dsa 116 -#define OBJ_dsa OBJ_X9cm,1L +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName 2L, 5L, 4L, 3L -#define SN_dsaWithSHA1 "DSA-SHA1" -#define LN_dsaWithSHA1 "dsaWithSHA1" -#define NID_dsaWithSHA1 113 -#define OBJ_dsaWithSHA1 OBJ_X9cm,3L +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName 2L, 5L, 4L, 6L -#define SN_ansi_X9_62 "ansi-X9-62" -#define LN_ansi_X9_62 "ANSI X9.62" -#define NID_ansi_X9_62 405 -#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName 2L, 5L, 4L, 7L -#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName 2L, 5L, 4L, 8L -#define SN_X9_62_prime_field "prime-field" -#define NID_X9_62_prime_field 406 -#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName 2L, 5L, 4L, 10L -#define SN_X9_62_characteristic_two_field "characteristic-two-field" -#define NID_X9_62_characteristic_two_field 407 -#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName 2L, 5L, 4L, 11L -#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" -#define NID_X9_62_id_characteristic_two_basis 680 -#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa 2L, 5L, 8L, 1L, 1L -#define SN_X9_62_onBasis "onBasis" -#define NID_X9_62_onBasis 681 -#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 1L, 2L, 840L, 113549L, 1L, 7L -#define SN_X9_62_tpBasis "tpBasis" -#define NID_X9_62_tpBasis 682 -#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data 1L, 2L, 840L, 113549L, 1L, 7L, 1L -#define SN_X9_62_ppBasis "ppBasis" -#define NID_X9_62_ppBasis 683 -#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed 1L, 2L, 840L, 113549L, 1L, 7L, 2L -#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped 1L, 2L, 840L, 113549L, 1L, 7L, 3L -#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" -#define NID_X9_62_id_ecPublicKey 408 -#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped 1L, 2L, 840L, 113549L, 1L, 7L, 4L -#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest 1L, 2L, 840L, 113549L, 1L, 7L, 5L -#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted 1L, 2L, 840L, 113549L, 1L, 7L, 6L -#define SN_X9_62_c2pnb163v1 "c2pnb163v1" -#define NID_X9_62_c2pnb163v1 684 -#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 1L, 2L, 840L, 113549L, 1L, 3L -#define SN_X9_62_c2pnb163v2 "c2pnb163v2" -#define NID_X9_62_c2pnb163v2 685 -#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement 1L, 2L, 840L, 113549L, 1L, 3L, 1L -#define SN_X9_62_c2pnb163v3 "c2pnb163v3" -#define NID_X9_62_c2pnb163v3 686 -#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb 1L, 3L, 14L, 3L, 2L, 6L -#define SN_X9_62_c2pnb176v1 "c2pnb176v1" -#define NID_X9_62_c2pnb176v1 687 -#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 1L, 3L, 14L, 3L, 2L, 9L -#define SN_X9_62_c2tnb191v1 "c2tnb191v1" -#define NID_X9_62_c2tnb191v1 688 -#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc 1L, 3L, 14L, 3L, 2L, 7L -#define SN_X9_62_c2tnb191v2 "c2tnb191v2" -#define NID_X9_62_c2tnb191v2 689 -#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb 1L, 3L, 14L, 3L, 2L, 17L -#define SN_X9_62_c2tnb191v3 "c2tnb191v3" -#define NID_X9_62_c2tnb191v3 690 -#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 -#define SN_X9_62_c2onb191v4 "c2onb191v4" -#define NID_X9_62_c2onb191v4 691 -#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L, 3L, 6L, 1L, 4L, 1L, 188L, 7L, 1L, 1L, 2L -#define SN_X9_62_c2onb191v5 "c2onb191v5" -#define NID_X9_62_c2onb191v5 692 -#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 -#define SN_X9_62_c2pnb208w1 "c2pnb208w1" -#define NID_X9_62_c2pnb208w1 693 -#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 -#define SN_X9_62_c2tnb239v1 "c2tnb239v1" -#define NID_X9_62_c2tnb239v1 694 -#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc 1L, 2L, 840L, 113549L, 3L, 2L -#define SN_X9_62_c2tnb239v2 "c2tnb239v2" -#define NID_X9_62_c2tnb239v2 695 -#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 -#define SN_X9_62_c2tnb239v3 "c2tnb239v3" -#define NID_X9_62_c2tnb239v3 696 -#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 -#define SN_X9_62_c2onb239v4 "c2onb239v4" -#define NID_X9_62_c2onb239v4 697 -#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 -#define SN_X9_62_c2onb239v5 "c2onb239v5" -#define NID_X9_62_c2onb239v5 698 -#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha 1L, 3L, 14L, 3L, 2L, 18L -#define SN_X9_62_c2pnb272w1 "c2pnb272w1" -#define NID_X9_62_c2pnb272w1 699 -#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption 1L, 3L, 14L, 3L, 2L, 15L -#define SN_X9_62_c2pnb304w1 "c2pnb304w1" -#define NID_X9_62_c2pnb304w1 700 -#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 -#define SN_X9_62_c2tnb359v1 "c2tnb359v1" -#define NID_X9_62_c2tnb359v1 701 -#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc 1L, 2L, 840L, 113549L, 3L, 7L -#define SN_X9_62_c2pnb368w1 "c2pnb368w1" -#define NID_X9_62_c2pnb368w1 702 -#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 1L, 3L, 14L, 3L, 2L, 8L -#define SN_X9_62_c2tnb431r1 "c2tnb431r1" -#define NID_X9_62_c2tnb431r1 703 -#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 -#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 1L, 2L, 840L, 113549L, 1L, 9L -#define SN_X9_62_prime192v1 "prime192v1" -#define NID_X9_62_prime192v1 409 -#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress 1L, 2L, 840L, 113549L, 1L, 9L, 1L -#define SN_X9_62_prime192v2 "prime192v2" -#define NID_X9_62_prime192v2 410 -#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName 1L, 2L, 840L, 113549L, 1L, 9L, 2L -#define SN_X9_62_prime192v3 "prime192v3" -#define NID_X9_62_prime192v3 411 -#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType 1L, 2L, 840L, 113549L, 1L, 9L, 3L -#define SN_X9_62_prime239v1 "prime239v1" -#define NID_X9_62_prime239v1 412 -#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest 1L, 2L, 840L, 113549L, 1L, 9L, 4L -#define SN_X9_62_prime239v2 "prime239v2" -#define NID_X9_62_prime239v2 413 -#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime 1L, 2L, 840L, 113549L, 1L, 9L, 5L -#define SN_X9_62_prime239v3 "prime239v3" -#define NID_X9_62_prime239v3 414 -#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature 1L, 2L, 840L, 113549L, 1L, 9L, 6L -#define SN_X9_62_prime256v1 "prime256v1" -#define NID_X9_62_prime256v1 415 -#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword 1L, 2L, 840L, 113549L, 1L, 9L, 7L -#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress 1L, 2L, 840L, 113549L, 1L, 9L, 8L -#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" -#define NID_ecdsa_with_SHA1 416 -#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes 1L, 2L, 840L, 113549L, 1L, 9L, 9L -#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" -#define NID_ecdsa_with_Recommended 791 -#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L, 16L, 840L, 1L, 113730L -#define SN_ecdsa_with_Specified "ecdsa-with-Specified" -#define NID_ecdsa_with_Specified 792 -#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension 2L, 16L, 840L, 1L, 113730L, 1L -#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" -#define NID_ecdsa_with_SHA224 793 -#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type 2L, 16L, 840L, 1L, 113730L, 2L -#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" -#define NID_ecdsa_with_SHA256 794 -#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 -#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" -#define NID_ecdsa_with_SHA384 795 -#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 -#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" -#define NID_ecdsa_with_SHA512 796 -#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 -#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 -#define SN_secp112r1 "secp112r1" -#define NID_secp112r1 704 -#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 1L, 3L, 14L, 3L, 2L, 26L -#define SN_secp112r2 "secp112r2" -#define NID_secp112r2 705 -#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 5L -#define SN_secp128r1 "secp128r1" -#define NID_secp128r1 706 -#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA 1L, 3L, 14L, 3L, 2L, 13L -#define SN_secp128r2 "secp128r2" -#define NID_secp128r2 707 -#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 1L, 3L, 14L, 3L, 2L, 12L -#define SN_secp160k1 "secp160k1" -#define NID_secp160k1 708 -#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 11L -#define SN_secp160r1 "secp160r1" -#define NID_secp160r1 709 -#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 1L, 2L, 840L, 113549L, 1L, 5L, 12L -#define SN_secp160r2 "secp160r2" -#define NID_secp160r2 710 -#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 1L, 3L, 14L, 3L, 2L, 27L -#define SN_secp192k1 "secp192k1" -#define NID_secp192k1 711 -#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type 2L, 16L, 840L, 1L, 113730L, 1L, 1L -#define SN_secp224k1 "secp224k1" -#define NID_secp224k1 712 -#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url 2L, 16L, 840L, 1L, 113730L, 1L, 2L -#define SN_secp224r1 "secp224r1" -#define NID_secp224r1 713 -#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url 2L, 16L, 840L, 1L, 113730L, 1L, 3L -#define SN_secp256k1 "secp256k1" -#define NID_secp256k1 714 -#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url 2L, 16L, 840L, 1L, 113730L, 1L, 4L -#define SN_secp384r1 "secp384r1" -#define NID_secp384r1 715 -#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url 2L, 16L, 840L, 1L, 113730L, 1L, 7L -#define SN_secp521r1 "secp521r1" -#define NID_secp521r1 716 -#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url 2L, 16L, 840L, 1L, 113730L, 1L, 8L -#define SN_sect113r1 "sect113r1" -#define NID_sect113r1 717 -#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name 2L, 16L, 840L, 1L, 113730L, 1L, 12L -#define SN_sect113r2 "sect113r2" -#define NID_sect113r2 718 -#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment 2L, 16L, 840L, 1L, 113730L, 1L, 13L -#define SN_sect131r1 "sect131r1" -#define NID_sect131r1 719 -#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence 2L, 16L, 840L, 1L, 113730L, 2L, 5L -#define SN_sect131r2 "sect131r2" -#define NID_sect131r2 720 -#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 -#define SN_sect163k1 "sect163k1" -#define NID_sect163k1 721 -#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce 2L, 5L, 29L -#define SN_sect163r1 "sect163r1" -#define NID_sect163r1 722 -#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier 2L, 5L, 29L, 14L -#define SN_sect163r2 "sect163r2" -#define NID_sect163r2 723 -#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage 2L, 5L, 29L, 15L -#define SN_sect193r1 "sect193r1" -#define NID_sect193r1 724 -#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period 2L, 5L, 29L, 16L -#define SN_sect193r2 "sect193r2" -#define NID_sect193r2 725 -#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name 2L, 5L, 29L, 17L -#define SN_sect233k1 "sect233k1" -#define NID_sect233k1 726 -#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name 2L, 5L, 29L, 18L -#define SN_sect233r1 "sect233r1" -#define NID_sect233r1 727 -#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints 2L, 5L, 29L, 19L -#define SN_sect239k1 "sect239k1" -#define NID_sect239k1 728 -#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number 2L, 5L, 29L, 20L -#define SN_sect283k1 "sect283k1" -#define NID_sect283k1 729 -#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies 2L, 5L, 29L, 32L -#define SN_sect283r1 "sect283r1" -#define NID_sect283r1 730 -#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier 2L, 5L, 29L, 35L -#define SN_sect409k1 "sect409k1" -#define NID_sect409k1 731 -#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L, 3L, 6L, 1L, 4L, 1L, 3029L, 1L, 2L -#define SN_sect409r1 "sect409r1" -#define NID_sect409r1 732 -#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 -#define SN_sect571k1 "sect571k1" -#define NID_sect571k1 733 -#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 -#define SN_sect571r1 "sect571r1" -#define NID_sect571r1 734 -#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 -#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 2L, 5L, 8L, 3L, 101L -#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" -#define NID_wap_wsg_idm_ecid_wtls1 735 -#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA 2L, 5L, 8L, 3L, 100L -#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" -#define NID_wap_wsg_idm_ecid_wtls3 736 -#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 -#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" -#define NID_wap_wsg_idm_ecid_wtls4 737 -#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 -#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" -#define NID_wap_wsg_idm_ecid_wtls5 738 -#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName 2L, 5L, 4L, 42L -#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" -#define NID_wap_wsg_idm_ecid_wtls6 739 -#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname 2L, 5L, 4L, 4L -#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" -#define NID_wap_wsg_idm_ecid_wtls7 740 -#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials 2L, 5L, 4L, 43L -#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" -#define NID_wap_wsg_idm_ecid_wtls8 741 -#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points 2L, 5L, 29L, 31L -#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" -#define NID_wap_wsg_idm_ecid_wtls9 742 -#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA 1L, 3L, 14L, 3L, 2L, 3L -#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" -#define NID_wap_wsg_idm_ecid_wtls10 743 -#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber 2L, 5L, 4L, 5L -#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" -#define NID_wap_wsg_idm_ecid_wtls11 744 -#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title 2L, 5L, 4L, 12L -#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" -#define NID_wap_wsg_idm_ecid_wtls12 745 -#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L +#define LN_description "description" +#define NID_description 107 +#define OBJ_description 2L, 5L, 4L, 13L #define SN_cast5_cbc "CAST5-CBC" #define LN_cast5_cbc "cast5-cbc" #define NID_cast5_cbc 108 -#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L +#define OBJ_cast5_cbc 1L, 2L, 840L, 113533L, 7L, 66L, 10L #define SN_cast5_ecb "CAST5-ECB" #define LN_cast5_ecb "cast5-ecb" @@ -545,3128 +589,2717 @@ #define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" #define NID_pbeWithMD5AndCast5_CBC 112 -#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L +#define OBJ_pbeWithMD5AndCast5_CBC 1L, 2L, 840L, 113533L, 7L, 66L, 12L -#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" -#define LN_id_PasswordBasedMAC "password based MAC" -#define NID_id_PasswordBasedMAC 782 -#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 1L, 2L, 840L, 10040L, 4L, 3L -#define SN_id_DHBasedMac "id-DHBasedMac" -#define LN_id_DHBasedMac "Diffie-Hellman based MAC" -#define NID_id_DHBasedMac 783 -#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 -#define SN_rsadsi "rsadsi" -#define LN_rsadsi "RSA Data Security, Inc." -#define NID_rsadsi 1 -#define OBJ_rsadsi OBJ_ISO_US,113549L +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA 1L, 3L, 14L, 3L, 2L, 29L -#define SN_pkcs "pkcs" -#define LN_pkcs "RSA Data Security, Inc. PKCS" -#define NID_pkcs 2 -#define OBJ_pkcs OBJ_rsadsi,1L +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa 1L, 2L, 840L, 10040L, 4L, 1L -#define SN_pkcs1 "pkcs1" -#define NID_pkcs1 186 -#define OBJ_pkcs1 OBJ_pkcs,1L +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L, 3L, 36L, 3L, 2L, 1L -#define LN_rsaEncryption "rsaEncryption" -#define NID_rsaEncryption 6 -#define OBJ_rsaEncryption OBJ_pkcs1,1L +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L, 3L, 36L, 3L, 3L, 1L, 2L -#define SN_md2WithRSAEncryption "RSA-MD2" -#define LN_md2WithRSAEncryption "md2WithRSAEncryption" -#define NID_md2WithRSAEncryption 7 -#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc 1L, 2L, 840L, 113549L, 3L, 8L -#define SN_md4WithRSAEncryption "RSA-MD4" -#define LN_md4WithRSAEncryption "md4WithRSAEncryption" -#define NID_md4WithRSAEncryption 396 -#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 -#define SN_md5WithRSAEncryption "RSA-MD5" -#define LN_md5WithRSAEncryption "md5WithRSAEncryption" -#define NID_md5WithRSAEncryption 8 -#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 -#define SN_sha1WithRSAEncryption "RSA-SHA1" -#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" -#define NID_sha1WithRSAEncryption 65 -#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 -#define SN_rsaesOaep "RSAES-OAEP" -#define LN_rsaesOaep "rsaesOaep" -#define NID_rsaesOaep 919 -#define OBJ_rsaesOaep OBJ_pkcs1,7L +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 8L -#define SN_mgf1 "MGF1" -#define LN_mgf1 "mgf1" -#define NID_mgf1 911 -#define OBJ_mgf1 OBJ_pkcs1,8L +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage 2L, 5L, 29L, 37L -#define SN_pSpecified "PSPECIFIED" -#define LN_pSpecified "pSpecified" -#define NID_pSpecified 935 -#define OBJ_pSpecified OBJ_pkcs1,9L +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L, 3L, 6L, 1L, 5L, 5L, 7L -#define SN_rsassaPss "RSASSA-PSS" -#define LN_rsassaPss "rsassaPss" -#define NID_rsassaPss 912 -#define OBJ_rsassaPss OBJ_pkcs1,10L +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L -#define SN_sha256WithRSAEncryption "RSA-SHA256" -#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" -#define NID_sha256WithRSAEncryption 668 -#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 1L -#define SN_sha384WithRSAEncryption "RSA-SHA384" -#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" -#define NID_sha384WithRSAEncryption 669 -#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 2L -#define SN_sha512WithRSAEncryption "RSA-SHA512" -#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" -#define NID_sha512WithRSAEncryption 670 -#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 3L -#define SN_sha224WithRSAEncryption "RSA-SHA224" -#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" -#define NID_sha224WithRSAEncryption 671 -#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 4L -#define SN_pkcs3 "pkcs3" -#define NID_pkcs3 27 -#define OBJ_pkcs3 OBJ_pkcs,3L +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 8L -#define LN_dhKeyAgreement "dhKeyAgreement" -#define NID_dhKeyAgreement 28 -#define OBJ_dhKeyAgreement OBJ_pkcs3,1L +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L, 3L, 6L, 1L, 4L, 1L, 311L, 2L, 1L, 21L -#define SN_pkcs5 "pkcs5" -#define NID_pkcs5 187 -#define OBJ_pkcs5 OBJ_pkcs,5L +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L, 3L, 6L, 1L, 4L, 1L, 311L, 2L, 1L, 22L -#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" -#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" -#define NID_pbeWithMD2AndDES_CBC 9 -#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L, 3L, 6L, 1L, 4L, 1L, 311L, 10L, 3L, 1L -#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" -#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" -#define NID_pbeWithMD5AndDES_CBC 10 -#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L, 3L, 6L, 1L, 4L, 1L, 311L, 10L, 3L, 3L -#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" -#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" -#define NID_pbeWithMD2AndRC2_CBC 168 -#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L, 3L, 6L, 1L, 4L, 1L, 311L, 10L, 3L, 4L -#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" -#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" -#define NID_pbeWithMD5AndRC2_CBC 169 -#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc 2L, 16L, 840L, 1L, 113730L, 4L, 1L -#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" -#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" -#define NID_pbeWithSHA1AndDES_CBC 170 -#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl 2L, 5L, 29L, 27L -#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" -#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" -#define NID_pbeWithSHA1AndRC2_CBC 68 -#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason 2L, 5L, 29L, 21L -#define LN_id_pbkdf2 "PBKDF2" -#define NID_id_pbkdf2 69 -#define OBJ_id_pbkdf2 OBJ_pkcs5,12L +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date 2L, 5L, 29L, 24L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L, 3L, 101L, 1L, 4L, 1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC \ + 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC \ + 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 6L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName 1L, 2L, 840L, 113549L, 1L, 9L, 20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID 1L, 2L, 840L, 113549L, 1L, 9L, 21L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate 1L, 2L, 840L, 113549L, 1L, 9L, 22L, 1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate 1L, 2L, 840L, 113549L, 1L, 9L, 22L, 2L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl 1L, 2L, 840L, 113549L, 1L, 9L, 23L, 1L #define LN_pbes2 "PBES2" #define NID_pbes2 161 -#define OBJ_pbes2 OBJ_pkcs5,13L +#define OBJ_pbes2 1L, 2L, 840L, 113549L, 1L, 5L, 13L #define LN_pbmac1 "PBMAC1" #define NID_pbmac1 162 -#define OBJ_pbmac1 OBJ_pkcs5,14L +#define OBJ_pbmac1 1L, 2L, 840L, 113549L, 1L, 5L, 14L -#define SN_pkcs7 "pkcs7" -#define NID_pkcs7 20 -#define OBJ_pkcs7 OBJ_pkcs,7L +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 1L, 2L, 840L, 113549L, 2L, 7L -#define LN_pkcs7_data "pkcs7-data" -#define NID_pkcs7_data 21 -#define OBJ_pkcs7_data OBJ_pkcs7,1L +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L, 1L -#define LN_pkcs7_signed "pkcs7-signedData" -#define NID_pkcs7_signed 22 -#define OBJ_pkcs7_signed OBJ_pkcs7,2L +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L, 2L -#define LN_pkcs7_enveloped "pkcs7-envelopedData" -#define NID_pkcs7_enveloped 23 -#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 -#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" -#define NID_pkcs7_signedAndEnveloped 24 -#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities 1L, 2L, 840L, 113549L, 1L, 9L, 15L -#define LN_pkcs7_digest "pkcs7-digestData" -#define NID_pkcs7_digest 25 -#define OBJ_pkcs7_digest OBJ_pkcs7,5L +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 4L -#define LN_pkcs7_encrypted "pkcs7-encryptedData" -#define NID_pkcs7_encrypted 26 -#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 6L -#define SN_pkcs9 "pkcs9" -#define NID_pkcs9 47 -#define OBJ_pkcs9 OBJ_pkcs,9L +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 10L -#define LN_pkcs9_emailAddress "emailAddress" -#define NID_pkcs9_emailAddress 48 -#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L, 3L, 6L, 1L, 4L, 1L, 311L, 2L, 1L, 14L -#define LN_pkcs9_unstructuredName "unstructuredName" -#define NID_pkcs9_unstructuredName 49 -#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req 1L, 2L, 840L, 113549L, 1L, 9L, 14L -#define LN_pkcs9_contentType "contentType" -#define NID_pkcs9_contentType 50 -#define OBJ_pkcs9_contentType OBJ_pkcs9,3L +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name 2L, 5L, 4L, 41L -#define LN_pkcs9_messageDigest "messageDigest" -#define NID_pkcs9_messageDigest 51 -#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier 2L, 5L, 4L, 46L -#define LN_pkcs9_signingTime "signingTime" -#define NID_pkcs9_signingTime 52 -#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L -#define LN_pkcs9_countersignature "countersignature" -#define NID_pkcs9_countersignature 53 -#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L -#define LN_pkcs9_challengePassword "challengePassword" -#define NID_pkcs9_challengePassword 54 -#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 1L -#define LN_pkcs9_unstructuredAddress "unstructuredAddress" -#define NID_pkcs9_unstructuredAddress 55 -#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L -#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" -#define NID_pkcs9_extCertAttributes 56 -#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 2L -#define SN_ext_req "extReq" -#define LN_ext_req "Extension Request" -#define NID_ext_req 172 -#define OBJ_ext_req OBJ_pkcs9,14L +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 9L -#define SN_SMIMECapabilities "SMIME-CAPS" -#define LN_SMIMECapabilities "S/MIME Capabilities" -#define NID_SMIMECapabilities 167 -#define OBJ_SMIMECapabilities OBJ_pkcs9,15L +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body 1L, 2L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US 1L, 2L, 840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 1L, 2L, 840L, 10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm 1L, 2L, 840L, 10040L, 4L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 1L, 2L, 840L, 113549L, 1L, 1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 1L, 2L, 840L, 113549L, 1L, 5L #define SN_SMIME "SMIME" #define LN_SMIME "S/MIME" #define NID_SMIME 188 -#define OBJ_SMIME OBJ_pkcs9,16L +#define OBJ_SMIME 1L, 2L, 840L, 113549L, 1L, 9L, 16L #define SN_id_smime_mod "id-smime-mod" #define NID_id_smime_mod 189 -#define OBJ_id_smime_mod OBJ_SMIME,0L +#define OBJ_id_smime_mod 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L #define SN_id_smime_ct "id-smime-ct" #define NID_id_smime_ct 190 -#define OBJ_id_smime_ct OBJ_SMIME,1L +#define OBJ_id_smime_ct 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L #define SN_id_smime_aa "id-smime-aa" #define NID_id_smime_aa 191 -#define OBJ_id_smime_aa OBJ_SMIME,2L +#define OBJ_id_smime_aa 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L #define SN_id_smime_alg "id-smime-alg" #define NID_id_smime_alg 192 -#define OBJ_id_smime_alg OBJ_SMIME,3L +#define OBJ_id_smime_alg 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L #define SN_id_smime_cd "id-smime-cd" #define NID_id_smime_cd 193 -#define OBJ_id_smime_cd OBJ_SMIME,4L +#define OBJ_id_smime_cd 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 4L #define SN_id_smime_spq "id-smime-spq" #define NID_id_smime_spq 194 -#define OBJ_id_smime_spq OBJ_SMIME,5L +#define OBJ_id_smime_spq 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 5L #define SN_id_smime_cti "id-smime-cti" #define NID_id_smime_cti 195 -#define OBJ_id_smime_cti OBJ_SMIME,6L +#define OBJ_id_smime_cti 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L #define SN_id_smime_mod_cms "id-smime-mod-cms" #define NID_id_smime_mod_cms 196 -#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L +#define OBJ_id_smime_mod_cms 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 1L #define SN_id_smime_mod_ess "id-smime-mod-ess" #define NID_id_smime_mod_ess 197 -#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L +#define OBJ_id_smime_mod_ess 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 2L #define SN_id_smime_mod_oid "id-smime-mod-oid" #define NID_id_smime_mod_oid 198 -#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L +#define OBJ_id_smime_mod_oid 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 3L #define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" #define NID_id_smime_mod_msg_v3 199 -#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L +#define OBJ_id_smime_mod_msg_v3 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 4L #define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" #define NID_id_smime_mod_ets_eSignature_88 200 -#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L +#define OBJ_id_smime_mod_ets_eSignature_88 \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 5L #define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" #define NID_id_smime_mod_ets_eSignature_97 201 -#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L +#define OBJ_id_smime_mod_ets_eSignature_97 \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 6L #define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" #define NID_id_smime_mod_ets_eSigPolicy_88 202 -#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L +#define OBJ_id_smime_mod_ets_eSigPolicy_88 \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 7L #define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" #define NID_id_smime_mod_ets_eSigPolicy_97 203 -#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L +#define OBJ_id_smime_mod_ets_eSigPolicy_97 \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 8L #define SN_id_smime_ct_receipt "id-smime-ct-receipt" #define NID_id_smime_ct_receipt 204 -#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L +#define OBJ_id_smime_ct_receipt 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 1L #define SN_id_smime_ct_authData "id-smime-ct-authData" #define NID_id_smime_ct_authData 205 -#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L +#define OBJ_id_smime_ct_authData 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 2L #define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" #define NID_id_smime_ct_publishCert 206 -#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L +#define OBJ_id_smime_ct_publishCert 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 3L #define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" #define NID_id_smime_ct_TSTInfo 207 -#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L +#define OBJ_id_smime_ct_TSTInfo 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 4L #define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" #define NID_id_smime_ct_TDTInfo 208 -#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L +#define OBJ_id_smime_ct_TDTInfo 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 5L #define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" #define NID_id_smime_ct_contentInfo 209 -#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L +#define OBJ_id_smime_ct_contentInfo 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 6L #define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" #define NID_id_smime_ct_DVCSRequestData 210 -#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L +#define OBJ_id_smime_ct_DVCSRequestData \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 7L #define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" #define NID_id_smime_ct_DVCSResponseData 211 -#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L - -#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" -#define NID_id_smime_ct_compressedData 786 -#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L - -#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" -#define NID_id_ct_asciiTextWithCRLF 787 -#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L +#define OBJ_id_smime_ct_DVCSResponseData \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 8L #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 -#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L +#define OBJ_id_smime_aa_receiptRequest \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 1L #define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" #define NID_id_smime_aa_securityLabel 213 -#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L +#define OBJ_id_smime_aa_securityLabel 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 2L #define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" #define NID_id_smime_aa_mlExpandHistory 214 -#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L +#define OBJ_id_smime_aa_mlExpandHistory \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 3L #define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" #define NID_id_smime_aa_contentHint 215 -#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L +#define OBJ_id_smime_aa_contentHint 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 4L #define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" #define NID_id_smime_aa_msgSigDigest 216 -#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L +#define OBJ_id_smime_aa_msgSigDigest 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 5L #define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" #define NID_id_smime_aa_encapContentType 217 -#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L +#define OBJ_id_smime_aa_encapContentType \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 6L #define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" #define NID_id_smime_aa_contentIdentifier 218 -#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L +#define OBJ_id_smime_aa_contentIdentifier \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 7L #define SN_id_smime_aa_macValue "id-smime-aa-macValue" #define NID_id_smime_aa_macValue 219 -#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L +#define OBJ_id_smime_aa_macValue 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 8L #define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" #define NID_id_smime_aa_equivalentLabels 220 -#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L +#define OBJ_id_smime_aa_equivalentLabels \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 9L #define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" #define NID_id_smime_aa_contentReference 221 -#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L +#define OBJ_id_smime_aa_contentReference \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 10L #define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" #define NID_id_smime_aa_encrypKeyPref 222 -#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L +#define OBJ_id_smime_aa_encrypKeyPref \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 11L #define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" #define NID_id_smime_aa_signingCertificate 223 -#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L +#define OBJ_id_smime_aa_signingCertificate \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 12L #define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" #define NID_id_smime_aa_smimeEncryptCerts 224 -#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L +#define OBJ_id_smime_aa_smimeEncryptCerts \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 13L #define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" #define NID_id_smime_aa_timeStampToken 225 -#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L +#define OBJ_id_smime_aa_timeStampToken \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 14L #define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" #define NID_id_smime_aa_ets_sigPolicyId 226 -#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L +#define OBJ_id_smime_aa_ets_sigPolicyId \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 15L #define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" #define NID_id_smime_aa_ets_commitmentType 227 -#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L +#define OBJ_id_smime_aa_ets_commitmentType \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 16L #define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" #define NID_id_smime_aa_ets_signerLocation 228 -#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L +#define OBJ_id_smime_aa_ets_signerLocation \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 17L #define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" #define NID_id_smime_aa_ets_signerAttr 229 -#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L +#define OBJ_id_smime_aa_ets_signerAttr \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 18L #define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" #define NID_id_smime_aa_ets_otherSigCert 230 -#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L +#define OBJ_id_smime_aa_ets_otherSigCert \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 19L #define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" #define NID_id_smime_aa_ets_contentTimestamp 231 -#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L +#define OBJ_id_smime_aa_ets_contentTimestamp \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 20L #define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" #define NID_id_smime_aa_ets_CertificateRefs 232 -#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L +#define OBJ_id_smime_aa_ets_CertificateRefs \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 21L #define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" #define NID_id_smime_aa_ets_RevocationRefs 233 -#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L +#define OBJ_id_smime_aa_ets_RevocationRefs \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 22L #define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" #define NID_id_smime_aa_ets_certValues 234 -#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L +#define OBJ_id_smime_aa_ets_certValues \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 23L #define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" #define NID_id_smime_aa_ets_revocationValues 235 -#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L +#define OBJ_id_smime_aa_ets_revocationValues \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 24L #define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" #define NID_id_smime_aa_ets_escTimeStamp 236 -#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L +#define OBJ_id_smime_aa_ets_escTimeStamp \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 25L #define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" #define NID_id_smime_aa_ets_certCRLTimestamp 237 -#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L +#define OBJ_id_smime_aa_ets_certCRLTimestamp \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 26L #define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" #define NID_id_smime_aa_ets_archiveTimeStamp 238 -#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L +#define OBJ_id_smime_aa_ets_archiveTimeStamp \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 27L #define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" #define NID_id_smime_aa_signatureType 239 -#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L +#define OBJ_id_smime_aa_signatureType \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 28L #define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" #define NID_id_smime_aa_dvcs_dvc 240 -#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L +#define OBJ_id_smime_aa_dvcs_dvc 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 29L #define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" #define NID_id_smime_alg_ESDHwith3DES 241 -#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L +#define OBJ_id_smime_alg_ESDHwith3DES 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 1L #define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" #define NID_id_smime_alg_ESDHwithRC2 242 -#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L +#define OBJ_id_smime_alg_ESDHwithRC2 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 2L #define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" #define NID_id_smime_alg_3DESwrap 243 -#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L +#define OBJ_id_smime_alg_3DESwrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 3L #define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" #define NID_id_smime_alg_RC2wrap 244 -#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L +#define OBJ_id_smime_alg_RC2wrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 4L #define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" #define NID_id_smime_alg_ESDH 245 -#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L +#define OBJ_id_smime_alg_ESDH 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 5L #define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" #define NID_id_smime_alg_CMS3DESwrap 246 -#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L +#define OBJ_id_smime_alg_CMS3DESwrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 6L #define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" #define NID_id_smime_alg_CMSRC2wrap 247 -#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L - -#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" -#define NID_id_alg_PWRI_KEK 893 -#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L +#define OBJ_id_smime_alg_CMSRC2wrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 7L #define SN_id_smime_cd_ldap "id-smime-cd-ldap" #define NID_id_smime_cd_ldap 248 -#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L +#define OBJ_id_smime_cd_ldap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 4L, 1L #define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" #define NID_id_smime_spq_ets_sqt_uri 249 -#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L +#define OBJ_id_smime_spq_ets_sqt_uri 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 5L, 1L #define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" #define NID_id_smime_spq_ets_sqt_unotice 250 -#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L +#define OBJ_id_smime_spq_ets_sqt_unotice \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 5L, 2L #define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" #define NID_id_smime_cti_ets_proofOfOrigin 251 -#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L +#define OBJ_id_smime_cti_ets_proofOfOrigin \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 1L #define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" #define NID_id_smime_cti_ets_proofOfReceipt 252 -#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L +#define OBJ_id_smime_cti_ets_proofOfReceipt \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 2L #define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" #define NID_id_smime_cti_ets_proofOfDelivery 253 -#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L +#define OBJ_id_smime_cti_ets_proofOfDelivery \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 3L #define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" #define NID_id_smime_cti_ets_proofOfSender 254 -#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L +#define OBJ_id_smime_cti_ets_proofOfSender \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 4L #define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" #define NID_id_smime_cti_ets_proofOfApproval 255 -#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L +#define OBJ_id_smime_cti_ets_proofOfApproval \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 5L #define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" #define NID_id_smime_cti_ets_proofOfCreation 256 -#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L - -#define LN_friendlyName "friendlyName" -#define NID_friendlyName 156 -#define OBJ_friendlyName OBJ_pkcs9,20L - -#define LN_localKeyID "localKeyID" -#define NID_localKeyID 157 -#define OBJ_localKeyID OBJ_pkcs9,21L - -#define SN_ms_csp_name "CSPName" -#define LN_ms_csp_name "Microsoft CSP Name" -#define NID_ms_csp_name 417 -#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L - -#define SN_LocalKeySet "LocalKeySet" -#define LN_LocalKeySet "Microsoft Local Key set" -#define NID_LocalKeySet 856 -#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L - -#define OBJ_certTypes OBJ_pkcs9,22L - -#define LN_x509Certificate "x509Certificate" -#define NID_x509Certificate 158 -#define OBJ_x509Certificate OBJ_certTypes,1L - -#define LN_sdsiCertificate "sdsiCertificate" -#define NID_sdsiCertificate 159 -#define OBJ_sdsiCertificate OBJ_certTypes,2L - -#define OBJ_crlTypes OBJ_pkcs9,23L - -#define LN_x509Crl "x509Crl" -#define NID_x509Crl 160 -#define OBJ_x509Crl OBJ_crlTypes,1L - -#define OBJ_pkcs12 OBJ_pkcs,12L - -#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L - -#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" -#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" -#define NID_pbe_WithSHA1And128BitRC4 144 -#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L - -#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" -#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" -#define NID_pbe_WithSHA1And40BitRC4 145 -#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L - -#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" -#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" -#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 -#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L - -#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" -#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" -#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 -#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L - -#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" -#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" -#define NID_pbe_WithSHA1And128BitRC2_CBC 148 -#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L - -#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" -#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" -#define NID_pbe_WithSHA1And40BitRC2_CBC 149 -#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L - -#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L - -#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L - -#define LN_keyBag "keyBag" -#define NID_keyBag 150 -#define OBJ_keyBag OBJ_pkcs12_BagIds,1L - -#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" -#define NID_pkcs8ShroudedKeyBag 151 -#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L - -#define LN_certBag "certBag" -#define NID_certBag 152 -#define OBJ_certBag OBJ_pkcs12_BagIds,3L - -#define LN_crlBag "crlBag" -#define NID_crlBag 153 -#define OBJ_crlBag OBJ_pkcs12_BagIds,4L - -#define LN_secretBag "secretBag" -#define NID_secretBag 154 -#define OBJ_secretBag OBJ_pkcs12_BagIds,5L - -#define LN_safeContentsBag "safeContentsBag" -#define NID_safeContentsBag 155 -#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L - -#define SN_md2 "MD2" -#define LN_md2 "md2" -#define NID_md2 3 -#define OBJ_md2 OBJ_rsadsi,2L,2L +#define OBJ_id_smime_cti_ets_proofOfCreation \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 6L #define SN_md4 "MD4" #define LN_md4 "md4" #define NID_md4 257 -#define OBJ_md4 OBJ_rsadsi,2L,4L - -#define SN_md5 "MD5" -#define LN_md5 "md5" -#define NID_md5 4 -#define OBJ_md5 OBJ_rsadsi,2L,5L - -#define SN_md5_sha1 "MD5-SHA1" -#define LN_md5_sha1 "md5-sha1" -#define NID_md5_sha1 114 - -#define LN_hmacWithMD5 "hmacWithMD5" -#define NID_hmacWithMD5 797 -#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L - -#define LN_hmacWithSHA1 "hmacWithSHA1" -#define NID_hmacWithSHA1 163 -#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L - -#define LN_hmacWithSHA224 "hmacWithSHA224" -#define NID_hmacWithSHA224 798 -#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L - -#define LN_hmacWithSHA256 "hmacWithSHA256" -#define NID_hmacWithSHA256 799 -#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L - -#define LN_hmacWithSHA384 "hmacWithSHA384" -#define NID_hmacWithSHA384 800 -#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L - -#define LN_hmacWithSHA512 "hmacWithSHA512" -#define NID_hmacWithSHA512 801 -#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L - -#define SN_rc2_cbc "RC2-CBC" -#define LN_rc2_cbc "rc2-cbc" -#define NID_rc2_cbc 37 -#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L - -#define SN_rc2_ecb "RC2-ECB" -#define LN_rc2_ecb "rc2-ecb" -#define NID_rc2_ecb 38 - -#define SN_rc2_cfb64 "RC2-CFB" -#define LN_rc2_cfb64 "rc2-cfb" -#define NID_rc2_cfb64 39 - -#define SN_rc2_ofb64 "RC2-OFB" -#define LN_rc2_ofb64 "rc2-ofb" -#define NID_rc2_ofb64 40 - -#define SN_rc2_40_cbc "RC2-40-CBC" -#define LN_rc2_40_cbc "rc2-40-cbc" -#define NID_rc2_40_cbc 98 - -#define SN_rc2_64_cbc "RC2-64-CBC" -#define LN_rc2_64_cbc "rc2-64-cbc" -#define NID_rc2_64_cbc 166 - -#define SN_rc4 "RC4" -#define LN_rc4 "rc4" -#define NID_rc4 5 -#define OBJ_rc4 OBJ_rsadsi,3L,4L - -#define SN_rc4_40 "RC4-40" -#define LN_rc4_40 "rc4-40" -#define NID_rc4_40 97 - -#define SN_des_ede3_cbc "DES-EDE3-CBC" -#define LN_des_ede3_cbc "des-ede3-cbc" -#define NID_des_ede3_cbc 44 -#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L - -#define SN_rc5_cbc "RC5-CBC" -#define LN_rc5_cbc "rc5-cbc" -#define NID_rc5_cbc 120 -#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L - -#define SN_rc5_ecb "RC5-ECB" -#define LN_rc5_ecb "rc5-ecb" -#define NID_rc5_ecb 121 - -#define SN_rc5_cfb64 "RC5-CFB" -#define LN_rc5_cfb64 "rc5-cfb" -#define NID_rc5_cfb64 122 - -#define SN_rc5_ofb64 "RC5-OFB" -#define LN_rc5_ofb64 "rc5-ofb" -#define NID_rc5_ofb64 123 - -#define SN_ms_ext_req "msExtReq" -#define LN_ms_ext_req "Microsoft Extension Request" -#define NID_ms_ext_req 171 -#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L - -#define SN_ms_code_ind "msCodeInd" -#define LN_ms_code_ind "Microsoft Individual Code Signing" -#define NID_ms_code_ind 134 -#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L - -#define SN_ms_code_com "msCodeCom" -#define LN_ms_code_com "Microsoft Commercial Code Signing" -#define NID_ms_code_com 135 -#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L - -#define SN_ms_ctl_sign "msCTLSign" -#define LN_ms_ctl_sign "Microsoft Trust List Signing" -#define NID_ms_ctl_sign 136 -#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L - -#define SN_ms_sgc "msSGC" -#define LN_ms_sgc "Microsoft Server Gated Crypto" -#define NID_ms_sgc 137 -#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L - -#define SN_ms_efs "msEFS" -#define LN_ms_efs "Microsoft Encrypted File System" -#define NID_ms_efs 138 -#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L - -#define SN_ms_smartcard_login "msSmartcardLogin" -#define LN_ms_smartcard_login "Microsoft Smartcardlogin" -#define NID_ms_smartcard_login 648 -#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L - -#define SN_ms_upn "msUPN" -#define LN_ms_upn "Microsoft Universal Principal Name" -#define NID_ms_upn 649 -#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L - -#define SN_idea_cbc "IDEA-CBC" -#define LN_idea_cbc "idea-cbc" -#define NID_idea_cbc 34 -#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L - -#define SN_idea_ecb "IDEA-ECB" -#define LN_idea_ecb "idea-ecb" -#define NID_idea_ecb 36 - -#define SN_idea_cfb64 "IDEA-CFB" -#define LN_idea_cfb64 "idea-cfb" -#define NID_idea_cfb64 35 - -#define SN_idea_ofb64 "IDEA-OFB" -#define LN_idea_ofb64 "idea-ofb" -#define NID_idea_ofb64 46 - -#define SN_bf_cbc "BF-CBC" -#define LN_bf_cbc "bf-cbc" -#define NID_bf_cbc 91 -#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L - -#define SN_bf_ecb "BF-ECB" -#define LN_bf_ecb "bf-ecb" -#define NID_bf_ecb 92 - -#define SN_bf_cfb64 "BF-CFB" -#define LN_bf_cfb64 "bf-cfb" -#define NID_bf_cfb64 93 - -#define SN_bf_ofb64 "BF-OFB" -#define LN_bf_ofb64 "bf-ofb" -#define NID_bf_ofb64 94 - -#define SN_id_pkix "PKIX" -#define NID_id_pkix 127 -#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L +#define OBJ_md4 1L, 2L, 840L, 113549L, 2L, 4L #define SN_id_pkix_mod "id-pkix-mod" #define NID_id_pkix_mod 258 -#define OBJ_id_pkix_mod OBJ_id_pkix,0L - -#define SN_id_pe "id-pe" -#define NID_id_pe 175 -#define OBJ_id_pe OBJ_id_pkix,1L +#define OBJ_id_pkix_mod 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L #define SN_id_qt "id-qt" #define NID_id_qt 259 -#define OBJ_id_qt OBJ_id_pkix,2L - -#define SN_id_kp "id-kp" -#define NID_id_kp 128 -#define OBJ_id_kp OBJ_id_pkix,3L +#define OBJ_id_qt 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L #define SN_id_it "id-it" #define NID_id_it 260 -#define OBJ_id_it OBJ_id_pkix,4L +#define OBJ_id_it 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L #define SN_id_pkip "id-pkip" #define NID_id_pkip 261 -#define OBJ_id_pkip OBJ_id_pkix,5L +#define OBJ_id_pkip 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L #define SN_id_alg "id-alg" #define NID_id_alg 262 -#define OBJ_id_alg OBJ_id_pkix,6L +#define OBJ_id_alg 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L #define SN_id_cmc "id-cmc" #define NID_id_cmc 263 -#define OBJ_id_cmc OBJ_id_pkix,7L +#define OBJ_id_cmc 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L #define SN_id_on "id-on" #define NID_id_on 264 -#define OBJ_id_on OBJ_id_pkix,8L +#define OBJ_id_on 1L, 3L, 6L, 1L, 5L, 5L, 7L, 8L #define SN_id_pda "id-pda" #define NID_id_pda 265 -#define OBJ_id_pda OBJ_id_pkix,9L +#define OBJ_id_pda 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L #define SN_id_aca "id-aca" #define NID_id_aca 266 -#define OBJ_id_aca OBJ_id_pkix,10L +#define OBJ_id_aca 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L #define SN_id_qcs "id-qcs" #define NID_id_qcs 267 -#define OBJ_id_qcs OBJ_id_pkix,11L +#define OBJ_id_qcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 11L #define SN_id_cct "id-cct" #define NID_id_cct 268 -#define OBJ_id_cct OBJ_id_pkix,12L - -#define SN_id_ppl "id-ppl" -#define NID_id_ppl 662 -#define OBJ_id_ppl OBJ_id_pkix,21L - -#define SN_id_ad "id-ad" -#define NID_id_ad 176 -#define OBJ_id_ad OBJ_id_pkix,48L +#define OBJ_id_cct 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L #define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" #define NID_id_pkix1_explicit_88 269 -#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L +#define OBJ_id_pkix1_explicit_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 1L #define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" #define NID_id_pkix1_implicit_88 270 -#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L +#define OBJ_id_pkix1_implicit_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 2L #define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" #define NID_id_pkix1_explicit_93 271 -#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L +#define OBJ_id_pkix1_explicit_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 3L #define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" #define NID_id_pkix1_implicit_93 272 -#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L +#define OBJ_id_pkix1_implicit_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 4L #define SN_id_mod_crmf "id-mod-crmf" #define NID_id_mod_crmf 273 -#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L +#define OBJ_id_mod_crmf 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 5L #define SN_id_mod_cmc "id-mod-cmc" #define NID_id_mod_cmc 274 -#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L +#define OBJ_id_mod_cmc 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 6L #define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" #define NID_id_mod_kea_profile_88 275 -#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L +#define OBJ_id_mod_kea_profile_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 7L #define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" #define NID_id_mod_kea_profile_93 276 -#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L +#define OBJ_id_mod_kea_profile_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 8L #define SN_id_mod_cmp "id-mod-cmp" #define NID_id_mod_cmp 277 -#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L +#define OBJ_id_mod_cmp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 9L #define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" #define NID_id_mod_qualified_cert_88 278 -#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L +#define OBJ_id_mod_qualified_cert_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 10L #define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" #define NID_id_mod_qualified_cert_93 279 -#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L +#define OBJ_id_mod_qualified_cert_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 11L #define SN_id_mod_attribute_cert "id-mod-attribute-cert" #define NID_id_mod_attribute_cert 280 -#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L +#define OBJ_id_mod_attribute_cert 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 12L #define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" #define NID_id_mod_timestamp_protocol 281 -#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L +#define OBJ_id_mod_timestamp_protocol 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 13L #define SN_id_mod_ocsp "id-mod-ocsp" #define NID_id_mod_ocsp 282 -#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L +#define OBJ_id_mod_ocsp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 14L #define SN_id_mod_dvcs "id-mod-dvcs" #define NID_id_mod_dvcs 283 -#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L +#define OBJ_id_mod_dvcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 15L #define SN_id_mod_cmp2000 "id-mod-cmp2000" #define NID_id_mod_cmp2000 284 -#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L - -#define SN_info_access "authorityInfoAccess" -#define LN_info_access "Authority Information Access" -#define NID_info_access 177 -#define OBJ_info_access OBJ_id_pe,1L +#define OBJ_id_mod_cmp2000 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 16L #define SN_biometricInfo "biometricInfo" #define LN_biometricInfo "Biometric Info" #define NID_biometricInfo 285 -#define OBJ_biometricInfo OBJ_id_pe,2L +#define OBJ_biometricInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 2L #define SN_qcStatements "qcStatements" #define NID_qcStatements 286 -#define OBJ_qcStatements OBJ_id_pe,3L +#define OBJ_qcStatements 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 3L #define SN_ac_auditEntity "ac-auditEntity" #define NID_ac_auditEntity 287 -#define OBJ_ac_auditEntity OBJ_id_pe,4L +#define OBJ_ac_auditEntity 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 4L #define SN_ac_targeting "ac-targeting" #define NID_ac_targeting 288 -#define OBJ_ac_targeting OBJ_id_pe,5L +#define OBJ_ac_targeting 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 5L #define SN_aaControls "aaControls" #define NID_aaControls 289 -#define OBJ_aaControls OBJ_id_pe,6L +#define OBJ_aaControls 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 6L #define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" #define NID_sbgp_ipAddrBlock 290 -#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L +#define OBJ_sbgp_ipAddrBlock 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 7L #define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" #define NID_sbgp_autonomousSysNum 291 -#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L +#define OBJ_sbgp_autonomousSysNum 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 8L #define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" #define NID_sbgp_routerIdentifier 292 -#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L - -#define SN_ac_proxying "ac-proxying" -#define NID_ac_proxying 397 -#define OBJ_ac_proxying OBJ_id_pe,10L - -#define SN_sinfo_access "subjectInfoAccess" -#define LN_sinfo_access "Subject Information Access" -#define NID_sinfo_access 398 -#define OBJ_sinfo_access OBJ_id_pe,11L - -#define SN_proxyCertInfo "proxyCertInfo" -#define LN_proxyCertInfo "Proxy Certificate Information" -#define NID_proxyCertInfo 663 -#define OBJ_proxyCertInfo OBJ_id_pe,14L - -#define SN_id_qt_cps "id-qt-cps" -#define LN_id_qt_cps "Policy Qualifier CPS" -#define NID_id_qt_cps 164 -#define OBJ_id_qt_cps OBJ_id_qt,1L - -#define SN_id_qt_unotice "id-qt-unotice" -#define LN_id_qt_unotice "Policy Qualifier User Notice" -#define NID_id_qt_unotice 165 -#define OBJ_id_qt_unotice OBJ_id_qt,2L +#define OBJ_sbgp_routerIdentifier 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 9L #define SN_textNotice "textNotice" #define NID_textNotice 293 -#define OBJ_textNotice OBJ_id_qt,3L - -#define SN_server_auth "serverAuth" -#define LN_server_auth "TLS Web Server Authentication" -#define NID_server_auth 129 -#define OBJ_server_auth OBJ_id_kp,1L - -#define SN_client_auth "clientAuth" -#define LN_client_auth "TLS Web Client Authentication" -#define NID_client_auth 130 -#define OBJ_client_auth OBJ_id_kp,2L - -#define SN_code_sign "codeSigning" -#define LN_code_sign "Code Signing" -#define NID_code_sign 131 -#define OBJ_code_sign OBJ_id_kp,3L - -#define SN_email_protect "emailProtection" -#define LN_email_protect "E-mail Protection" -#define NID_email_protect 132 -#define OBJ_email_protect OBJ_id_kp,4L +#define OBJ_textNotice 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L, 3L #define SN_ipsecEndSystem "ipsecEndSystem" #define LN_ipsecEndSystem "IPSec End System" #define NID_ipsecEndSystem 294 -#define OBJ_ipsecEndSystem OBJ_id_kp,5L +#define OBJ_ipsecEndSystem 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 5L #define SN_ipsecTunnel "ipsecTunnel" #define LN_ipsecTunnel "IPSec Tunnel" #define NID_ipsecTunnel 295 -#define OBJ_ipsecTunnel OBJ_id_kp,6L +#define OBJ_ipsecTunnel 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 6L #define SN_ipsecUser "ipsecUser" #define LN_ipsecUser "IPSec User" #define NID_ipsecUser 296 -#define OBJ_ipsecUser OBJ_id_kp,7L - -#define SN_time_stamp "timeStamping" -#define LN_time_stamp "Time Stamping" -#define NID_time_stamp 133 -#define OBJ_time_stamp OBJ_id_kp,8L - -#define SN_OCSP_sign "OCSPSigning" -#define LN_OCSP_sign "OCSP Signing" -#define NID_OCSP_sign 180 -#define OBJ_OCSP_sign OBJ_id_kp,9L +#define OBJ_ipsecUser 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 7L #define SN_dvcs "DVCS" #define LN_dvcs "dvcs" #define NID_dvcs 297 -#define OBJ_dvcs OBJ_id_kp,10L +#define OBJ_dvcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 10L #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 -#define OBJ_id_it_caProtEncCert OBJ_id_it,1L +#define OBJ_id_it_caProtEncCert 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 1L #define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" #define NID_id_it_signKeyPairTypes 299 -#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L +#define OBJ_id_it_signKeyPairTypes 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 2L #define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" #define NID_id_it_encKeyPairTypes 300 -#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L +#define OBJ_id_it_encKeyPairTypes 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 3L #define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" #define NID_id_it_preferredSymmAlg 301 -#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L +#define OBJ_id_it_preferredSymmAlg 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 4L #define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" #define NID_id_it_caKeyUpdateInfo 302 -#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L +#define OBJ_id_it_caKeyUpdateInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 5L #define SN_id_it_currentCRL "id-it-currentCRL" #define NID_id_it_currentCRL 303 -#define OBJ_id_it_currentCRL OBJ_id_it,6L +#define OBJ_id_it_currentCRL 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 6L #define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" #define NID_id_it_unsupportedOIDs 304 -#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L +#define OBJ_id_it_unsupportedOIDs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 7L #define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" #define NID_id_it_subscriptionRequest 305 -#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L +#define OBJ_id_it_subscriptionRequest 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 8L #define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" #define NID_id_it_subscriptionResponse 306 -#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L +#define OBJ_id_it_subscriptionResponse 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 9L #define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" #define NID_id_it_keyPairParamReq 307 -#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L +#define OBJ_id_it_keyPairParamReq 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 10L #define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" #define NID_id_it_keyPairParamRep 308 -#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L +#define OBJ_id_it_keyPairParamRep 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 11L #define SN_id_it_revPassphrase "id-it-revPassphrase" #define NID_id_it_revPassphrase 309 -#define OBJ_id_it_revPassphrase OBJ_id_it,12L +#define OBJ_id_it_revPassphrase 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 12L #define SN_id_it_implicitConfirm "id-it-implicitConfirm" #define NID_id_it_implicitConfirm 310 -#define OBJ_id_it_implicitConfirm OBJ_id_it,13L +#define OBJ_id_it_implicitConfirm 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 13L #define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" #define NID_id_it_confirmWaitTime 311 -#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L +#define OBJ_id_it_confirmWaitTime 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 14L #define SN_id_it_origPKIMessage "id-it-origPKIMessage" #define NID_id_it_origPKIMessage 312 -#define OBJ_id_it_origPKIMessage OBJ_id_it,15L - -#define SN_id_it_suppLangTags "id-it-suppLangTags" -#define NID_id_it_suppLangTags 784 -#define OBJ_id_it_suppLangTags OBJ_id_it,16L +#define OBJ_id_it_origPKIMessage 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 15L #define SN_id_regCtrl "id-regCtrl" #define NID_id_regCtrl 313 -#define OBJ_id_regCtrl OBJ_id_pkip,1L +#define OBJ_id_regCtrl 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L #define SN_id_regInfo "id-regInfo" #define NID_id_regInfo 314 -#define OBJ_id_regInfo OBJ_id_pkip,2L +#define OBJ_id_regInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 2L #define SN_id_regCtrl_regToken "id-regCtrl-regToken" #define NID_id_regCtrl_regToken 315 -#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L +#define OBJ_id_regCtrl_regToken 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 1L #define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" #define NID_id_regCtrl_authenticator 316 -#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L +#define OBJ_id_regCtrl_authenticator 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 2L #define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" #define NID_id_regCtrl_pkiPublicationInfo 317 -#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L +#define OBJ_id_regCtrl_pkiPublicationInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 3L #define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" #define NID_id_regCtrl_pkiArchiveOptions 318 -#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L +#define OBJ_id_regCtrl_pkiArchiveOptions 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 4L #define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" #define NID_id_regCtrl_oldCertID 319 -#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L +#define OBJ_id_regCtrl_oldCertID 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 5L #define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" #define NID_id_regCtrl_protocolEncrKey 320 -#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L +#define OBJ_id_regCtrl_protocolEncrKey 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 6L #define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" #define NID_id_regInfo_utf8Pairs 321 -#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L +#define OBJ_id_regInfo_utf8Pairs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 2L, 1L #define SN_id_regInfo_certReq "id-regInfo-certReq" #define NID_id_regInfo_certReq 322 -#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L +#define OBJ_id_regInfo_certReq 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 2L, 2L #define SN_id_alg_des40 "id-alg-des40" #define NID_id_alg_des40 323 -#define OBJ_id_alg_des40 OBJ_id_alg,1L +#define OBJ_id_alg_des40 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 1L #define SN_id_alg_noSignature "id-alg-noSignature" #define NID_id_alg_noSignature 324 -#define OBJ_id_alg_noSignature OBJ_id_alg,2L +#define OBJ_id_alg_noSignature 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 2L #define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" #define NID_id_alg_dh_sig_hmac_sha1 325 -#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L +#define OBJ_id_alg_dh_sig_hmac_sha1 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 3L #define SN_id_alg_dh_pop "id-alg-dh-pop" #define NID_id_alg_dh_pop 326 -#define OBJ_id_alg_dh_pop OBJ_id_alg,4L +#define OBJ_id_alg_dh_pop 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 4L #define SN_id_cmc_statusInfo "id-cmc-statusInfo" #define NID_id_cmc_statusInfo 327 -#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L +#define OBJ_id_cmc_statusInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 1L #define SN_id_cmc_identification "id-cmc-identification" #define NID_id_cmc_identification 328 -#define OBJ_id_cmc_identification OBJ_id_cmc,2L +#define OBJ_id_cmc_identification 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 2L #define SN_id_cmc_identityProof "id-cmc-identityProof" #define NID_id_cmc_identityProof 329 -#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L +#define OBJ_id_cmc_identityProof 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 3L #define SN_id_cmc_dataReturn "id-cmc-dataReturn" #define NID_id_cmc_dataReturn 330 -#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L +#define OBJ_id_cmc_dataReturn 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 4L #define SN_id_cmc_transactionId "id-cmc-transactionId" #define NID_id_cmc_transactionId 331 -#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L +#define OBJ_id_cmc_transactionId 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 5L #define SN_id_cmc_senderNonce "id-cmc-senderNonce" #define NID_id_cmc_senderNonce 332 -#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L +#define OBJ_id_cmc_senderNonce 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 6L #define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" #define NID_id_cmc_recipientNonce 333 -#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L +#define OBJ_id_cmc_recipientNonce 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 7L #define SN_id_cmc_addExtensions "id-cmc-addExtensions" #define NID_id_cmc_addExtensions 334 -#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L +#define OBJ_id_cmc_addExtensions 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 8L #define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" #define NID_id_cmc_encryptedPOP 335 -#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L +#define OBJ_id_cmc_encryptedPOP 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 9L #define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" #define NID_id_cmc_decryptedPOP 336 -#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L +#define OBJ_id_cmc_decryptedPOP 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 10L #define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" #define NID_id_cmc_lraPOPWitness 337 -#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L +#define OBJ_id_cmc_lraPOPWitness 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 11L #define SN_id_cmc_getCert "id-cmc-getCert" #define NID_id_cmc_getCert 338 -#define OBJ_id_cmc_getCert OBJ_id_cmc,15L +#define OBJ_id_cmc_getCert 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 15L #define SN_id_cmc_getCRL "id-cmc-getCRL" #define NID_id_cmc_getCRL 339 -#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L +#define OBJ_id_cmc_getCRL 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 16L #define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" #define NID_id_cmc_revokeRequest 340 -#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L +#define OBJ_id_cmc_revokeRequest 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 17L #define SN_id_cmc_regInfo "id-cmc-regInfo" #define NID_id_cmc_regInfo 341 -#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L +#define OBJ_id_cmc_regInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 18L #define SN_id_cmc_responseInfo "id-cmc-responseInfo" #define NID_id_cmc_responseInfo 342 -#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L +#define OBJ_id_cmc_responseInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 19L #define SN_id_cmc_queryPending "id-cmc-queryPending" #define NID_id_cmc_queryPending 343 -#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L +#define OBJ_id_cmc_queryPending 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 21L #define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" #define NID_id_cmc_popLinkRandom 344 -#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L +#define OBJ_id_cmc_popLinkRandom 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 22L #define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" #define NID_id_cmc_popLinkWitness 345 -#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L +#define OBJ_id_cmc_popLinkWitness 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 23L #define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" #define NID_id_cmc_confirmCertAcceptance 346 -#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L +#define OBJ_id_cmc_confirmCertAcceptance 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 24L #define SN_id_on_personalData "id-on-personalData" #define NID_id_on_personalData 347 -#define OBJ_id_on_personalData OBJ_id_on,1L - -#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" -#define LN_id_on_permanentIdentifier "Permanent Identifier" -#define NID_id_on_permanentIdentifier 858 -#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L +#define OBJ_id_on_personalData 1L, 3L, 6L, 1L, 5L, 5L, 7L, 8L, 1L #define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" #define NID_id_pda_dateOfBirth 348 -#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L +#define OBJ_id_pda_dateOfBirth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 1L #define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" #define NID_id_pda_placeOfBirth 349 -#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L +#define OBJ_id_pda_placeOfBirth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 2L #define SN_id_pda_gender "id-pda-gender" #define NID_id_pda_gender 351 -#define OBJ_id_pda_gender OBJ_id_pda,3L +#define OBJ_id_pda_gender 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 3L #define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" #define NID_id_pda_countryOfCitizenship 352 -#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L +#define OBJ_id_pda_countryOfCitizenship 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 4L #define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" #define NID_id_pda_countryOfResidence 353 -#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L +#define OBJ_id_pda_countryOfResidence 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 5L #define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" #define NID_id_aca_authenticationInfo 354 -#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L +#define OBJ_id_aca_authenticationInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 1L #define SN_id_aca_accessIdentity "id-aca-accessIdentity" #define NID_id_aca_accessIdentity 355 -#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L +#define OBJ_id_aca_accessIdentity 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 2L #define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" #define NID_id_aca_chargingIdentity 356 -#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L +#define OBJ_id_aca_chargingIdentity 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 3L #define SN_id_aca_group "id-aca-group" #define NID_id_aca_group 357 -#define OBJ_id_aca_group OBJ_id_aca,4L +#define OBJ_id_aca_group 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 4L #define SN_id_aca_role "id-aca-role" #define NID_id_aca_role 358 -#define OBJ_id_aca_role OBJ_id_aca,5L - -#define SN_id_aca_encAttrs "id-aca-encAttrs" -#define NID_id_aca_encAttrs 399 -#define OBJ_id_aca_encAttrs OBJ_id_aca,6L +#define OBJ_id_aca_role 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 5L #define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" #define NID_id_qcs_pkixQCSyntax_v1 359 -#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L +#define OBJ_id_qcs_pkixQCSyntax_v1 1L, 3L, 6L, 1L, 5L, 5L, 7L, 11L, 1L #define SN_id_cct_crs "id-cct-crs" #define NID_id_cct_crs 360 -#define OBJ_id_cct_crs OBJ_id_cct,1L +#define OBJ_id_cct_crs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L, 1L #define SN_id_cct_PKIData "id-cct-PKIData" #define NID_id_cct_PKIData 361 -#define OBJ_id_cct_PKIData OBJ_id_cct,2L +#define OBJ_id_cct_PKIData 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L, 2L #define SN_id_cct_PKIResponse "id-cct-PKIResponse" #define NID_id_cct_PKIResponse 362 -#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L - -#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" -#define LN_id_ppl_anyLanguage "Any language" -#define NID_id_ppl_anyLanguage 664 -#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L - -#define SN_id_ppl_inheritAll "id-ppl-inheritAll" -#define LN_id_ppl_inheritAll "Inherit all" -#define NID_id_ppl_inheritAll 665 -#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L - -#define SN_Independent "id-ppl-independent" -#define LN_Independent "Independent" -#define NID_Independent 667 -#define OBJ_Independent OBJ_id_ppl,2L - -#define SN_ad_OCSP "OCSP" -#define LN_ad_OCSP "OCSP" -#define NID_ad_OCSP 178 -#define OBJ_ad_OCSP OBJ_id_ad,1L - -#define SN_ad_ca_issuers "caIssuers" -#define LN_ad_ca_issuers "CA Issuers" -#define NID_ad_ca_issuers 179 -#define OBJ_ad_ca_issuers OBJ_id_ad,2L +#define OBJ_id_cct_PKIResponse 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L, 3L #define SN_ad_timeStamping "ad_timestamping" #define LN_ad_timeStamping "AD Time Stamping" #define NID_ad_timeStamping 363 -#define OBJ_ad_timeStamping OBJ_id_ad,3L +#define OBJ_ad_timeStamping 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 3L #define SN_ad_dvcs "AD_DVCS" #define LN_ad_dvcs "ad dvcs" #define NID_ad_dvcs 364 -#define OBJ_ad_dvcs OBJ_id_ad,4L - -#define SN_caRepository "caRepository" -#define LN_caRepository "CA Repository" -#define NID_caRepository 785 -#define OBJ_caRepository OBJ_id_ad,5L - -#define OBJ_id_pkix_OCSP OBJ_ad_OCSP +#define OBJ_ad_dvcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 4L #define SN_id_pkix_OCSP_basic "basicOCSPResponse" #define LN_id_pkix_OCSP_basic "Basic OCSP Response" #define NID_id_pkix_OCSP_basic 365 -#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L +#define OBJ_id_pkix_OCSP_basic 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 1L #define SN_id_pkix_OCSP_Nonce "Nonce" #define LN_id_pkix_OCSP_Nonce "OCSP Nonce" #define NID_id_pkix_OCSP_Nonce 366 -#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L +#define OBJ_id_pkix_OCSP_Nonce 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 2L #define SN_id_pkix_OCSP_CrlID "CrlID" #define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" #define NID_id_pkix_OCSP_CrlID 367 -#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L +#define OBJ_id_pkix_OCSP_CrlID 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 3L #define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" #define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" #define NID_id_pkix_OCSP_acceptableResponses 368 -#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L +#define OBJ_id_pkix_OCSP_acceptableResponses \ + 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 4L #define SN_id_pkix_OCSP_noCheck "noCheck" #define LN_id_pkix_OCSP_noCheck "OCSP No Check" #define NID_id_pkix_OCSP_noCheck 369 -#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L +#define OBJ_id_pkix_OCSP_noCheck 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 5L #define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" #define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" #define NID_id_pkix_OCSP_archiveCutoff 370 -#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L +#define OBJ_id_pkix_OCSP_archiveCutoff 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 6L #define SN_id_pkix_OCSP_serviceLocator "serviceLocator" #define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" #define NID_id_pkix_OCSP_serviceLocator 371 -#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L +#define OBJ_id_pkix_OCSP_serviceLocator 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 7L #define SN_id_pkix_OCSP_extendedStatus "extendedStatus" #define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" #define NID_id_pkix_OCSP_extendedStatus 372 -#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L +#define OBJ_id_pkix_OCSP_extendedStatus 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 8L #define SN_id_pkix_OCSP_valid "valid" #define NID_id_pkix_OCSP_valid 373 -#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L +#define OBJ_id_pkix_OCSP_valid 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 9L #define SN_id_pkix_OCSP_path "path" #define NID_id_pkix_OCSP_path 374 -#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L +#define OBJ_id_pkix_OCSP_path 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 10L #define SN_id_pkix_OCSP_trustRoot "trustRoot" #define LN_id_pkix_OCSP_trustRoot "Trust Root" #define NID_id_pkix_OCSP_trustRoot 375 -#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L +#define OBJ_id_pkix_OCSP_trustRoot 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 11L #define SN_algorithm "algorithm" #define LN_algorithm "algorithm" #define NID_algorithm 376 -#define OBJ_algorithm 1L,3L,14L,3L,2L - -#define SN_md5WithRSA "RSA-NP-MD5" -#define LN_md5WithRSA "md5WithRSA" -#define NID_md5WithRSA 104 -#define OBJ_md5WithRSA OBJ_algorithm,3L - -#define SN_des_ecb "DES-ECB" -#define LN_des_ecb "des-ecb" -#define NID_des_ecb 29 -#define OBJ_des_ecb OBJ_algorithm,6L - -#define SN_des_cbc "DES-CBC" -#define LN_des_cbc "des-cbc" -#define NID_des_cbc 31 -#define OBJ_des_cbc OBJ_algorithm,7L - -#define SN_des_ofb64 "DES-OFB" -#define LN_des_ofb64 "des-ofb" -#define NID_des_ofb64 45 -#define OBJ_des_ofb64 OBJ_algorithm,8L - -#define SN_des_cfb64 "DES-CFB" -#define LN_des_cfb64 "des-cfb" -#define NID_des_cfb64 30 -#define OBJ_des_cfb64 OBJ_algorithm,9L +#define OBJ_algorithm 1L, 3L, 14L, 3L, 2L #define SN_rsaSignature "rsaSignature" #define NID_rsaSignature 377 -#define OBJ_rsaSignature OBJ_algorithm,11L - -#define SN_dsa_2 "DSA-old" -#define LN_dsa_2 "dsaEncryption-old" -#define NID_dsa_2 67 -#define OBJ_dsa_2 OBJ_algorithm,12L - -#define SN_dsaWithSHA "DSA-SHA" -#define LN_dsaWithSHA "dsaWithSHA" -#define NID_dsaWithSHA 66 -#define OBJ_dsaWithSHA OBJ_algorithm,13L - -#define SN_shaWithRSAEncryption "RSA-SHA" -#define LN_shaWithRSAEncryption "shaWithRSAEncryption" -#define NID_shaWithRSAEncryption 42 -#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L - -#define SN_des_ede_ecb "DES-EDE" -#define LN_des_ede_ecb "des-ede" -#define NID_des_ede_ecb 32 -#define OBJ_des_ede_ecb OBJ_algorithm,17L - -#define SN_des_ede3_ecb "DES-EDE3" -#define LN_des_ede3_ecb "des-ede3" -#define NID_des_ede3_ecb 33 - -#define SN_des_ede_cbc "DES-EDE-CBC" -#define LN_des_ede_cbc "des-ede-cbc" -#define NID_des_ede_cbc 43 - -#define SN_des_ede_cfb64 "DES-EDE-CFB" -#define LN_des_ede_cfb64 "des-ede-cfb" -#define NID_des_ede_cfb64 60 - -#define SN_des_ede3_cfb64 "DES-EDE3-CFB" -#define LN_des_ede3_cfb64 "des-ede3-cfb" -#define NID_des_ede3_cfb64 61 - -#define SN_des_ede_ofb64 "DES-EDE-OFB" -#define LN_des_ede_ofb64 "des-ede-ofb" -#define NID_des_ede_ofb64 62 - -#define SN_des_ede3_ofb64 "DES-EDE3-OFB" -#define LN_des_ede3_ofb64 "des-ede3-ofb" -#define NID_des_ede3_ofb64 63 - -#define SN_desx_cbc "DESX-CBC" -#define LN_desx_cbc "desx-cbc" -#define NID_desx_cbc 80 - -#define SN_sha "SHA" -#define LN_sha "sha" -#define NID_sha 41 -#define OBJ_sha OBJ_algorithm,18L - -#define SN_sha1 "SHA1" -#define LN_sha1 "sha1" -#define NID_sha1 64 -#define OBJ_sha1 OBJ_algorithm,26L - -#define SN_dsaWithSHA1_2 "DSA-SHA1-old" -#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" -#define NID_dsaWithSHA1_2 70 -#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L - -#define SN_sha1WithRSA "RSA-SHA1-2" -#define LN_sha1WithRSA "sha1WithRSA" -#define NID_sha1WithRSA 115 -#define OBJ_sha1WithRSA OBJ_algorithm,29L - -#define SN_ripemd160 "RIPEMD160" -#define LN_ripemd160 "ripemd160" -#define NID_ripemd160 117 -#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L - -#define SN_ripemd160WithRSA "RSA-RIPEMD160" -#define LN_ripemd160WithRSA "ripemd160WithRSA" -#define NID_ripemd160WithRSA 119 -#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L - -#define SN_sxnet "SXNetID" -#define LN_sxnet "Strong Extranet ID" -#define NID_sxnet 143 -#define OBJ_sxnet 1L,3L,101L,1L,4L,1L - -#define SN_X500 "X500" -#define LN_X500 "directory services (X.500)" -#define NID_X500 11 -#define OBJ_X500 2L,5L - -#define SN_X509 "X509" -#define NID_X509 12 -#define OBJ_X509 OBJ_X500,4L - -#define SN_commonName "CN" -#define LN_commonName "commonName" -#define NID_commonName 13 -#define OBJ_commonName OBJ_X509,3L - -#define SN_surname "SN" -#define LN_surname "surname" -#define NID_surname 100 -#define OBJ_surname OBJ_X509,4L - -#define LN_serialNumber "serialNumber" -#define NID_serialNumber 105 -#define OBJ_serialNumber OBJ_X509,5L - -#define SN_countryName "C" -#define LN_countryName "countryName" -#define NID_countryName 14 -#define OBJ_countryName OBJ_X509,6L - -#define SN_localityName "L" -#define LN_localityName "localityName" -#define NID_localityName 15 -#define OBJ_localityName OBJ_X509,7L - -#define SN_stateOrProvinceName "ST" -#define LN_stateOrProvinceName "stateOrProvinceName" -#define NID_stateOrProvinceName 16 -#define OBJ_stateOrProvinceName OBJ_X509,8L - -#define SN_streetAddress "street" -#define LN_streetAddress "streetAddress" -#define NID_streetAddress 660 -#define OBJ_streetAddress OBJ_X509,9L - -#define SN_organizationName "O" -#define LN_organizationName "organizationName" -#define NID_organizationName 17 -#define OBJ_organizationName OBJ_X509,10L - -#define SN_organizationalUnitName "OU" -#define LN_organizationalUnitName "organizationalUnitName" -#define NID_organizationalUnitName 18 -#define OBJ_organizationalUnitName OBJ_X509,11L - -#define SN_title "title" -#define LN_title "title" -#define NID_title 106 -#define OBJ_title OBJ_X509,12L - -#define LN_description "description" -#define NID_description 107 -#define OBJ_description OBJ_X509,13L - -#define LN_searchGuide "searchGuide" -#define NID_searchGuide 859 -#define OBJ_searchGuide OBJ_X509,14L - -#define LN_businessCategory "businessCategory" -#define NID_businessCategory 860 -#define OBJ_businessCategory OBJ_X509,15L - -#define LN_postalAddress "postalAddress" -#define NID_postalAddress 861 -#define OBJ_postalAddress OBJ_X509,16L - -#define LN_postalCode "postalCode" -#define NID_postalCode 661 -#define OBJ_postalCode OBJ_X509,17L - -#define LN_postOfficeBox "postOfficeBox" -#define NID_postOfficeBox 862 -#define OBJ_postOfficeBox OBJ_X509,18L - -#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" -#define NID_physicalDeliveryOfficeName 863 -#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L - -#define LN_telephoneNumber "telephoneNumber" -#define NID_telephoneNumber 864 -#define OBJ_telephoneNumber OBJ_X509,20L - -#define LN_telexNumber "telexNumber" -#define NID_telexNumber 865 -#define OBJ_telexNumber OBJ_X509,21L - -#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" -#define NID_teletexTerminalIdentifier 866 -#define OBJ_teletexTerminalIdentifier OBJ_X509,22L - -#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" -#define NID_facsimileTelephoneNumber 867 -#define OBJ_facsimileTelephoneNumber OBJ_X509,23L - -#define LN_x121Address "x121Address" -#define NID_x121Address 868 -#define OBJ_x121Address OBJ_X509,24L - -#define LN_internationaliSDNNumber "internationaliSDNNumber" -#define NID_internationaliSDNNumber 869 -#define OBJ_internationaliSDNNumber OBJ_X509,25L - -#define LN_registeredAddress "registeredAddress" -#define NID_registeredAddress 870 -#define OBJ_registeredAddress OBJ_X509,26L - -#define LN_destinationIndicator "destinationIndicator" -#define NID_destinationIndicator 871 -#define OBJ_destinationIndicator OBJ_X509,27L - -#define LN_preferredDeliveryMethod "preferredDeliveryMethod" -#define NID_preferredDeliveryMethod 872 -#define OBJ_preferredDeliveryMethod OBJ_X509,28L - -#define LN_presentationAddress "presentationAddress" -#define NID_presentationAddress 873 -#define OBJ_presentationAddress OBJ_X509,29L - -#define LN_supportedApplicationContext "supportedApplicationContext" -#define NID_supportedApplicationContext 874 -#define OBJ_supportedApplicationContext OBJ_X509,30L - -#define SN_member "member" -#define NID_member 875 -#define OBJ_member OBJ_X509,31L - -#define SN_owner "owner" -#define NID_owner 876 -#define OBJ_owner OBJ_X509,32L - -#define LN_roleOccupant "roleOccupant" -#define NID_roleOccupant 877 -#define OBJ_roleOccupant OBJ_X509,33L - -#define SN_seeAlso "seeAlso" -#define NID_seeAlso 878 -#define OBJ_seeAlso OBJ_X509,34L - -#define LN_userPassword "userPassword" -#define NID_userPassword 879 -#define OBJ_userPassword OBJ_X509,35L - -#define LN_userCertificate "userCertificate" -#define NID_userCertificate 880 -#define OBJ_userCertificate OBJ_X509,36L - -#define LN_cACertificate "cACertificate" -#define NID_cACertificate 881 -#define OBJ_cACertificate OBJ_X509,37L - -#define LN_authorityRevocationList "authorityRevocationList" -#define NID_authorityRevocationList 882 -#define OBJ_authorityRevocationList OBJ_X509,38L - -#define LN_certificateRevocationList "certificateRevocationList" -#define NID_certificateRevocationList 883 -#define OBJ_certificateRevocationList OBJ_X509,39L - -#define LN_crossCertificatePair "crossCertificatePair" -#define NID_crossCertificatePair 884 -#define OBJ_crossCertificatePair OBJ_X509,40L - -#define SN_name "name" -#define LN_name "name" -#define NID_name 173 -#define OBJ_name OBJ_X509,41L - -#define SN_givenName "GN" -#define LN_givenName "givenName" -#define NID_givenName 99 -#define OBJ_givenName OBJ_X509,42L - -#define SN_initials "initials" -#define LN_initials "initials" -#define NID_initials 101 -#define OBJ_initials OBJ_X509,43L - -#define LN_generationQualifier "generationQualifier" -#define NID_generationQualifier 509 -#define OBJ_generationQualifier OBJ_X509,44L - -#define LN_x500UniqueIdentifier "x500UniqueIdentifier" -#define NID_x500UniqueIdentifier 503 -#define OBJ_x500UniqueIdentifier OBJ_X509,45L - -#define SN_dnQualifier "dnQualifier" -#define LN_dnQualifier "dnQualifier" -#define NID_dnQualifier 174 -#define OBJ_dnQualifier OBJ_X509,46L - -#define LN_enhancedSearchGuide "enhancedSearchGuide" -#define NID_enhancedSearchGuide 885 -#define OBJ_enhancedSearchGuide OBJ_X509,47L - -#define LN_protocolInformation "protocolInformation" -#define NID_protocolInformation 886 -#define OBJ_protocolInformation OBJ_X509,48L - -#define LN_distinguishedName "distinguishedName" -#define NID_distinguishedName 887 -#define OBJ_distinguishedName OBJ_X509,49L - -#define LN_uniqueMember "uniqueMember" -#define NID_uniqueMember 888 -#define OBJ_uniqueMember OBJ_X509,50L - -#define LN_houseIdentifier "houseIdentifier" -#define NID_houseIdentifier 889 -#define OBJ_houseIdentifier OBJ_X509,51L - -#define LN_supportedAlgorithms "supportedAlgorithms" -#define NID_supportedAlgorithms 890 -#define OBJ_supportedAlgorithms OBJ_X509,52L - -#define LN_deltaRevocationList "deltaRevocationList" -#define NID_deltaRevocationList 891 -#define OBJ_deltaRevocationList OBJ_X509,53L - -#define SN_dmdName "dmdName" -#define NID_dmdName 892 -#define OBJ_dmdName OBJ_X509,54L - -#define LN_pseudonym "pseudonym" -#define NID_pseudonym 510 -#define OBJ_pseudonym OBJ_X509,65L - -#define SN_role "role" -#define LN_role "role" -#define NID_role 400 -#define OBJ_role OBJ_X509,72L +#define OBJ_rsaSignature 1L, 3L, 14L, 3L, 2L, 11L #define SN_X500algorithms "X500algorithms" #define LN_X500algorithms "directory services - algorithms" #define NID_X500algorithms 378 -#define OBJ_X500algorithms OBJ_X500,8L - -#define SN_rsa "RSA" -#define LN_rsa "rsa" -#define NID_rsa 19 -#define OBJ_rsa OBJ_X500algorithms,1L,1L - -#define SN_mdc2WithRSA "RSA-MDC2" -#define LN_mdc2WithRSA "mdc2WithRSA" -#define NID_mdc2WithRSA 96 -#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L - -#define SN_mdc2 "MDC2" -#define LN_mdc2 "mdc2" -#define NID_mdc2 95 -#define OBJ_mdc2 OBJ_X500algorithms,3L,101L - -#define SN_id_ce "id-ce" -#define NID_id_ce 81 -#define OBJ_id_ce OBJ_X500,29L - -#define SN_subject_directory_attributes "subjectDirectoryAttributes" -#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" -#define NID_subject_directory_attributes 769 -#define OBJ_subject_directory_attributes OBJ_id_ce,9L - -#define SN_subject_key_identifier "subjectKeyIdentifier" -#define LN_subject_key_identifier "X509v3 Subject Key Identifier" -#define NID_subject_key_identifier 82 -#define OBJ_subject_key_identifier OBJ_id_ce,14L - -#define SN_key_usage "keyUsage" -#define LN_key_usage "X509v3 Key Usage" -#define NID_key_usage 83 -#define OBJ_key_usage OBJ_id_ce,15L - -#define SN_private_key_usage_period "privateKeyUsagePeriod" -#define LN_private_key_usage_period "X509v3 Private Key Usage Period" -#define NID_private_key_usage_period 84 -#define OBJ_private_key_usage_period OBJ_id_ce,16L - -#define SN_subject_alt_name "subjectAltName" -#define LN_subject_alt_name "X509v3 Subject Alternative Name" -#define NID_subject_alt_name 85 -#define OBJ_subject_alt_name OBJ_id_ce,17L - -#define SN_issuer_alt_name "issuerAltName" -#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" -#define NID_issuer_alt_name 86 -#define OBJ_issuer_alt_name OBJ_id_ce,18L - -#define SN_basic_constraints "basicConstraints" -#define LN_basic_constraints "X509v3 Basic Constraints" -#define NID_basic_constraints 87 -#define OBJ_basic_constraints OBJ_id_ce,19L - -#define SN_crl_number "crlNumber" -#define LN_crl_number "X509v3 CRL Number" -#define NID_crl_number 88 -#define OBJ_crl_number OBJ_id_ce,20L - -#define SN_crl_reason "CRLReason" -#define LN_crl_reason "X509v3 CRL Reason Code" -#define NID_crl_reason 141 -#define OBJ_crl_reason OBJ_id_ce,21L - -#define SN_invalidity_date "invalidityDate" -#define LN_invalidity_date "Invalidity Date" -#define NID_invalidity_date 142 -#define OBJ_invalidity_date OBJ_id_ce,24L - -#define SN_delta_crl "deltaCRL" -#define LN_delta_crl "X509v3 Delta CRL Indicator" -#define NID_delta_crl 140 -#define OBJ_delta_crl OBJ_id_ce,27L - -#define SN_issuing_distribution_point "issuingDistributionPoint" -#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" -#define NID_issuing_distribution_point 770 -#define OBJ_issuing_distribution_point OBJ_id_ce,28L - -#define SN_certificate_issuer "certificateIssuer" -#define LN_certificate_issuer "X509v3 Certificate Issuer" -#define NID_certificate_issuer 771 -#define OBJ_certificate_issuer OBJ_id_ce,29L - -#define SN_name_constraints "nameConstraints" -#define LN_name_constraints "X509v3 Name Constraints" -#define NID_name_constraints 666 -#define OBJ_name_constraints OBJ_id_ce,30L - -#define SN_crl_distribution_points "crlDistributionPoints" -#define LN_crl_distribution_points "X509v3 CRL Distribution Points" -#define NID_crl_distribution_points 103 -#define OBJ_crl_distribution_points OBJ_id_ce,31L - -#define SN_certificate_policies "certificatePolicies" -#define LN_certificate_policies "X509v3 Certificate Policies" -#define NID_certificate_policies 89 -#define OBJ_certificate_policies OBJ_id_ce,32L - -#define SN_any_policy "anyPolicy" -#define LN_any_policy "X509v3 Any Policy" -#define NID_any_policy 746 -#define OBJ_any_policy OBJ_certificate_policies,0L - -#define SN_policy_mappings "policyMappings" -#define LN_policy_mappings "X509v3 Policy Mappings" -#define NID_policy_mappings 747 -#define OBJ_policy_mappings OBJ_id_ce,33L - -#define SN_authority_key_identifier "authorityKeyIdentifier" -#define LN_authority_key_identifier "X509v3 Authority Key Identifier" -#define NID_authority_key_identifier 90 -#define OBJ_authority_key_identifier OBJ_id_ce,35L - -#define SN_policy_constraints "policyConstraints" -#define LN_policy_constraints "X509v3 Policy Constraints" -#define NID_policy_constraints 401 -#define OBJ_policy_constraints OBJ_id_ce,36L - -#define SN_ext_key_usage "extendedKeyUsage" -#define LN_ext_key_usage "X509v3 Extended Key Usage" -#define NID_ext_key_usage 126 -#define OBJ_ext_key_usage OBJ_id_ce,37L - -#define SN_freshest_crl "freshestCRL" -#define LN_freshest_crl "X509v3 Freshest CRL" -#define NID_freshest_crl 857 -#define OBJ_freshest_crl OBJ_id_ce,46L - -#define SN_inhibit_any_policy "inhibitAnyPolicy" -#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" -#define NID_inhibit_any_policy 748 -#define OBJ_inhibit_any_policy OBJ_id_ce,54L - -#define SN_target_information "targetInformation" -#define LN_target_information "X509v3 AC Targeting" -#define NID_target_information 402 -#define OBJ_target_information OBJ_id_ce,55L - -#define SN_no_rev_avail "noRevAvail" -#define LN_no_rev_avail "X509v3 No Revocation Available" -#define NID_no_rev_avail 403 -#define OBJ_no_rev_avail OBJ_id_ce,56L - -#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" -#define LN_anyExtendedKeyUsage "Any Extended Key Usage" -#define NID_anyExtendedKeyUsage 910 -#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L - -#define SN_netscape "Netscape" -#define LN_netscape "Netscape Communications Corp." -#define NID_netscape 57 -#define OBJ_netscape 2L,16L,840L,1L,113730L - -#define SN_netscape_cert_extension "nsCertExt" -#define LN_netscape_cert_extension "Netscape Certificate Extension" -#define NID_netscape_cert_extension 58 -#define OBJ_netscape_cert_extension OBJ_netscape,1L - -#define SN_netscape_data_type "nsDataType" -#define LN_netscape_data_type "Netscape Data Type" -#define NID_netscape_data_type 59 -#define OBJ_netscape_data_type OBJ_netscape,2L - -#define SN_netscape_cert_type "nsCertType" -#define LN_netscape_cert_type "Netscape Cert Type" -#define NID_netscape_cert_type 71 -#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L - -#define SN_netscape_base_url "nsBaseUrl" -#define LN_netscape_base_url "Netscape Base Url" -#define NID_netscape_base_url 72 -#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L - -#define SN_netscape_revocation_url "nsRevocationUrl" -#define LN_netscape_revocation_url "Netscape Revocation Url" -#define NID_netscape_revocation_url 73 -#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L - -#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" -#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" -#define NID_netscape_ca_revocation_url 74 -#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L - -#define SN_netscape_renewal_url "nsRenewalUrl" -#define LN_netscape_renewal_url "Netscape Renewal Url" -#define NID_netscape_renewal_url 75 -#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L - -#define SN_netscape_ca_policy_url "nsCaPolicyUrl" -#define LN_netscape_ca_policy_url "Netscape CA Policy Url" -#define NID_netscape_ca_policy_url 76 -#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L - -#define SN_netscape_ssl_server_name "nsSslServerName" -#define LN_netscape_ssl_server_name "Netscape SSL Server Name" -#define NID_netscape_ssl_server_name 77 -#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L - -#define SN_netscape_comment "nsComment" -#define LN_netscape_comment "Netscape Comment" -#define NID_netscape_comment 78 -#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L - -#define SN_netscape_cert_sequence "nsCertSequence" -#define LN_netscape_cert_sequence "Netscape Certificate Sequence" -#define NID_netscape_cert_sequence 79 -#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L - -#define SN_ns_sgc "nsSGC" -#define LN_ns_sgc "Netscape Server Gated Crypto" -#define NID_ns_sgc 139 -#define OBJ_ns_sgc OBJ_netscape,4L,1L +#define OBJ_X500algorithms 2L, 5L, 8L #define SN_org "ORG" #define LN_org "org" #define NID_org 379 -#define OBJ_org OBJ_iso,3L +#define OBJ_org 1L, 3L #define SN_dod "DOD" #define LN_dod "dod" #define NID_dod 380 -#define OBJ_dod OBJ_org,6L +#define OBJ_dod 1L, 3L, 6L #define SN_iana "IANA" #define LN_iana "iana" #define NID_iana 381 -#define OBJ_iana OBJ_dod,1L - -#define OBJ_internet OBJ_iana +#define OBJ_iana 1L, 3L, 6L, 1L #define SN_Directory "directory" #define LN_Directory "Directory" #define NID_Directory 382 -#define OBJ_Directory OBJ_internet,1L +#define OBJ_Directory 1L, 3L, 6L, 1L, 1L #define SN_Management "mgmt" #define LN_Management "Management" #define NID_Management 383 -#define OBJ_Management OBJ_internet,2L +#define OBJ_Management 1L, 3L, 6L, 1L, 2L #define SN_Experimental "experimental" #define LN_Experimental "Experimental" #define NID_Experimental 384 -#define OBJ_Experimental OBJ_internet,3L +#define OBJ_Experimental 1L, 3L, 6L, 1L, 3L #define SN_Private "private" #define LN_Private "Private" #define NID_Private 385 -#define OBJ_Private OBJ_internet,4L +#define OBJ_Private 1L, 3L, 6L, 1L, 4L #define SN_Security "security" #define LN_Security "Security" #define NID_Security 386 -#define OBJ_Security OBJ_internet,5L +#define OBJ_Security 1L, 3L, 6L, 1L, 5L #define SN_SNMPv2 "snmpv2" #define LN_SNMPv2 "SNMPv2" #define NID_SNMPv2 387 -#define OBJ_SNMPv2 OBJ_internet,6L +#define OBJ_SNMPv2 1L, 3L, 6L, 1L, 6L #define LN_Mail "Mail" #define NID_Mail 388 -#define OBJ_Mail OBJ_internet,7L +#define OBJ_Mail 1L, 3L, 6L, 1L, 7L #define SN_Enterprises "enterprises" #define LN_Enterprises "Enterprises" #define NID_Enterprises 389 -#define OBJ_Enterprises OBJ_Private,1L +#define OBJ_Enterprises 1L, 3L, 6L, 1L, 4L, 1L #define SN_dcObject "dcobject" #define LN_dcObject "dcObject" #define NID_dcObject 390 -#define OBJ_dcObject OBJ_Enterprises,1466L,344L +#define OBJ_dcObject 1L, 3L, 6L, 1L, 4L, 1L, 1466L, 344L -#define SN_mime_mhs "mime-mhs" -#define LN_mime_mhs "MIME MHS" -#define NID_mime_mhs 504 -#define OBJ_mime_mhs OBJ_Mail,1L +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent 0L, 9L, 2342L, 19200300L, 100L, 1L, 25L -#define SN_mime_mhs_headings "mime-mhs-headings" -#define LN_mime_mhs_headings "mime-mhs-headings" -#define NID_mime_mhs_headings 505 -#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain 0L, 9L, 2342L, 19200300L, 100L, 4L, 13L -#define SN_mime_mhs_bodies "mime-mhs-bodies" -#define LN_mime_mhs_bodies "mime-mhs-bodies" -#define NID_mime_mhs_bodies 506 -#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types 2L, 5L, 1L, 5L -#define SN_id_hex_partial_message "id-hex-partial-message" -#define LN_id_hex_partial_message "id-hex-partial-message" -#define NID_id_hex_partial_message 507 -#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance 2L, 5L, 1L, 5L, 55L -#define SN_id_hex_multipart_message "id-hex-multipart-message" -#define LN_id_hex_multipart_message "id-hex-multipart-message" -#define NID_id_hex_multipart_message 508 -#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 3L -#define SN_zlib_compression "ZLIB" -#define LN_zlib_compression "zlib compression" -#define NID_zlib_compression 125 -#define OBJ_zlib_compression OBJ_id_smime_alg,8L +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 10L -#define OBJ_csor 2L,16L,840L,1L,101L,3L +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 11L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 6L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role 2L, 5L, 4L, 72L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints 2L, 5L, 29L, 36L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information 2L, 5L, 29L, 55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail 2L, 5L, 29L, 56L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 1L, 2L, 840L, 10045L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field 1L, 2L, 840L, 10045L, 1L, 1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field 1L, 2L, 840L, 10045L, 1L, 2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey 1L, 2L, 840L, 10045L, 2L, 1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 1L, 2L, 840L, 10045L, 3L, 1L, 1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 1L, 2L, 840L, 10045L, 3L, 1L, 2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 1L, 2L, 840L, 10045L, 3L, 1L, 3L -#define OBJ_nistAlgorithms OBJ_csor,4L +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 1L, 2L, 840L, 10045L, 3L, 1L, 4L -#define OBJ_aes OBJ_nistAlgorithms,1L +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 1L, 2L, 840L, 10045L, 3L, 1L, 5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 1L, 2L, 840L, 10045L, 3L, 1L, 6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 1L, 2L, 840L, 10045L, 3L, 1L, 7L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 1L, 2L, 840L, 10045L, 4L, 1L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L, 3L, 6L, 1L, 4L, 1L, 311L, 17L, 1L #define SN_aes_128_ecb "AES-128-ECB" #define LN_aes_128_ecb "aes-128-ecb" #define NID_aes_128_ecb 418 -#define OBJ_aes_128_ecb OBJ_aes,1L +#define OBJ_aes_128_ecb 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 1L #define SN_aes_128_cbc "AES-128-CBC" #define LN_aes_128_cbc "aes-128-cbc" #define NID_aes_128_cbc 419 -#define OBJ_aes_128_cbc OBJ_aes,2L +#define OBJ_aes_128_cbc 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 2L #define SN_aes_128_ofb128 "AES-128-OFB" #define LN_aes_128_ofb128 "aes-128-ofb" #define NID_aes_128_ofb128 420 -#define OBJ_aes_128_ofb128 OBJ_aes,3L +#define OBJ_aes_128_ofb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 3L #define SN_aes_128_cfb128 "AES-128-CFB" #define LN_aes_128_cfb128 "aes-128-cfb" #define NID_aes_128_cfb128 421 -#define OBJ_aes_128_cfb128 OBJ_aes,4L - -#define SN_id_aes128_wrap "id-aes128-wrap" -#define NID_id_aes128_wrap 788 -#define OBJ_id_aes128_wrap OBJ_aes,5L - -#define SN_aes_128_gcm "id-aes128-GCM" -#define LN_aes_128_gcm "aes-128-gcm" -#define NID_aes_128_gcm 895 -#define OBJ_aes_128_gcm OBJ_aes,6L - -#define SN_aes_128_ccm "id-aes128-CCM" -#define LN_aes_128_ccm "aes-128-ccm" -#define NID_aes_128_ccm 896 -#define OBJ_aes_128_ccm OBJ_aes,7L - -#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" -#define NID_id_aes128_wrap_pad 897 -#define OBJ_id_aes128_wrap_pad OBJ_aes,8L +#define OBJ_aes_128_cfb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 4L #define SN_aes_192_ecb "AES-192-ECB" #define LN_aes_192_ecb "aes-192-ecb" #define NID_aes_192_ecb 422 -#define OBJ_aes_192_ecb OBJ_aes,21L +#define OBJ_aes_192_ecb 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 21L #define SN_aes_192_cbc "AES-192-CBC" #define LN_aes_192_cbc "aes-192-cbc" #define NID_aes_192_cbc 423 -#define OBJ_aes_192_cbc OBJ_aes,22L +#define OBJ_aes_192_cbc 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 22L #define SN_aes_192_ofb128 "AES-192-OFB" #define LN_aes_192_ofb128 "aes-192-ofb" #define NID_aes_192_ofb128 424 -#define OBJ_aes_192_ofb128 OBJ_aes,23L +#define OBJ_aes_192_ofb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 23L #define SN_aes_192_cfb128 "AES-192-CFB" #define LN_aes_192_cfb128 "aes-192-cfb" #define NID_aes_192_cfb128 425 -#define OBJ_aes_192_cfb128 OBJ_aes,24L - -#define SN_id_aes192_wrap "id-aes192-wrap" -#define NID_id_aes192_wrap 789 -#define OBJ_id_aes192_wrap OBJ_aes,25L - -#define SN_aes_192_gcm "id-aes192-GCM" -#define LN_aes_192_gcm "aes-192-gcm" -#define NID_aes_192_gcm 898 -#define OBJ_aes_192_gcm OBJ_aes,26L - -#define SN_aes_192_ccm "id-aes192-CCM" -#define LN_aes_192_ccm "aes-192-ccm" -#define NID_aes_192_ccm 899 -#define OBJ_aes_192_ccm OBJ_aes,27L - -#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" -#define NID_id_aes192_wrap_pad 900 -#define OBJ_id_aes192_wrap_pad OBJ_aes,28L +#define OBJ_aes_192_cfb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 24L #define SN_aes_256_ecb "AES-256-ECB" #define LN_aes_256_ecb "aes-256-ecb" #define NID_aes_256_ecb 426 -#define OBJ_aes_256_ecb OBJ_aes,41L +#define OBJ_aes_256_ecb 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 41L #define SN_aes_256_cbc "AES-256-CBC" #define LN_aes_256_cbc "aes-256-cbc" #define NID_aes_256_cbc 427 -#define OBJ_aes_256_cbc OBJ_aes,42L +#define OBJ_aes_256_cbc 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 42L #define SN_aes_256_ofb128 "AES-256-OFB" #define LN_aes_256_ofb128 "aes-256-ofb" #define NID_aes_256_ofb128 428 -#define OBJ_aes_256_ofb128 OBJ_aes,43L +#define OBJ_aes_256_ofb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 43L #define SN_aes_256_cfb128 "AES-256-CFB" #define LN_aes_256_cfb128 "aes-256-cfb" #define NID_aes_256_cfb128 429 -#define OBJ_aes_256_cfb128 OBJ_aes,44L - -#define SN_id_aes256_wrap "id-aes256-wrap" -#define NID_id_aes256_wrap 790 -#define OBJ_id_aes256_wrap OBJ_aes,45L - -#define SN_aes_256_gcm "id-aes256-GCM" -#define LN_aes_256_gcm "aes-256-gcm" -#define NID_aes_256_gcm 901 -#define OBJ_aes_256_gcm OBJ_aes,46L - -#define SN_aes_256_ccm "id-aes256-CCM" -#define LN_aes_256_ccm "aes-256-ccm" -#define NID_aes_256_ccm 902 -#define OBJ_aes_256_ccm OBJ_aes,47L - -#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" -#define NID_id_aes256_wrap_pad 903 -#define OBJ_id_aes256_wrap_pad OBJ_aes,48L - -#define SN_aes_128_cfb1 "AES-128-CFB1" -#define LN_aes_128_cfb1 "aes-128-cfb1" -#define NID_aes_128_cfb1 650 - -#define SN_aes_192_cfb1 "AES-192-CFB1" -#define LN_aes_192_cfb1 "aes-192-cfb1" -#define NID_aes_192_cfb1 651 - -#define SN_aes_256_cfb1 "AES-256-CFB1" -#define LN_aes_256_cfb1 "aes-256-cfb1" -#define NID_aes_256_cfb1 652 - -#define SN_aes_128_cfb8 "AES-128-CFB8" -#define LN_aes_128_cfb8 "aes-128-cfb8" -#define NID_aes_128_cfb8 653 - -#define SN_aes_192_cfb8 "AES-192-CFB8" -#define LN_aes_192_cfb8 "aes-192-cfb8" -#define NID_aes_192_cfb8 654 - -#define SN_aes_256_cfb8 "AES-256-CFB8" -#define LN_aes_256_cfb8 "aes-256-cfb8" -#define NID_aes_256_cfb8 655 - -#define SN_aes_128_ctr "AES-128-CTR" -#define LN_aes_128_ctr "aes-128-ctr" -#define NID_aes_128_ctr 904 - -#define SN_aes_192_ctr "AES-192-CTR" -#define LN_aes_192_ctr "aes-192-ctr" -#define NID_aes_192_ctr 905 - -#define SN_aes_256_ctr "AES-256-CTR" -#define LN_aes_256_ctr "aes-256-ctr" -#define NID_aes_256_ctr 906 - -#define SN_aes_128_xts "AES-128-XTS" -#define LN_aes_128_xts "aes-128-xts" -#define NID_aes_128_xts 913 - -#define SN_aes_256_xts "AES-256-XTS" -#define LN_aes_256_xts "aes-256-xts" -#define NID_aes_256_xts 914 - -#define SN_des_cfb1 "DES-CFB1" -#define LN_des_cfb1 "des-cfb1" -#define NID_des_cfb1 656 - -#define SN_des_cfb8 "DES-CFB8" -#define LN_des_cfb8 "des-cfb8" -#define NID_des_cfb8 657 - -#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" -#define LN_des_ede3_cfb1 "des-ede3-cfb1" -#define NID_des_ede3_cfb1 658 - -#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" -#define LN_des_ede3_cfb8 "des-ede3-cfb8" -#define NID_des_ede3_cfb8 659 - -#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L - -#define SN_sha256 "SHA256" -#define LN_sha256 "sha256" -#define NID_sha256 672 -#define OBJ_sha256 OBJ_nist_hashalgs,1L - -#define SN_sha384 "SHA384" -#define LN_sha384 "sha384" -#define NID_sha384 673 -#define OBJ_sha384 OBJ_nist_hashalgs,2L - -#define SN_sha512 "SHA512" -#define LN_sha512 "sha512" -#define NID_sha512 674 -#define OBJ_sha512 OBJ_nist_hashalgs,3L - -#define SN_sha224 "SHA224" -#define LN_sha224 "sha224" -#define NID_sha224 675 -#define OBJ_sha224 OBJ_nist_hashalgs,4L - -#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L - -#define SN_dsa_with_SHA224 "dsa_with_SHA224" -#define NID_dsa_with_SHA224 802 -#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L - -#define SN_dsa_with_SHA256 "dsa_with_SHA256" -#define NID_dsa_with_SHA256 803 -#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L +#define OBJ_aes_256_cfb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 44L #define SN_hold_instruction_code "holdInstructionCode" #define LN_hold_instruction_code "Hold Instruction Code" #define NID_hold_instruction_code 430 -#define OBJ_hold_instruction_code OBJ_id_ce,23L - -#define OBJ_holdInstruction OBJ_X9_57,2L +#define OBJ_hold_instruction_code 2L, 5L, 29L, 23L #define SN_hold_instruction_none "holdInstructionNone" #define LN_hold_instruction_none "Hold Instruction None" #define NID_hold_instruction_none 431 -#define OBJ_hold_instruction_none OBJ_holdInstruction,1L +#define OBJ_hold_instruction_none 1L, 2L, 840L, 10040L, 2L, 1L #define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" #define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" #define NID_hold_instruction_call_issuer 432 -#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L +#define OBJ_hold_instruction_call_issuer 1L, 2L, 840L, 10040L, 2L, 2L #define SN_hold_instruction_reject "holdInstructionReject" #define LN_hold_instruction_reject "Hold Instruction Reject" #define NID_hold_instruction_reject 433 -#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L +#define OBJ_hold_instruction_reject 1L, 2L, 840L, 10040L, 2L, 3L #define SN_data "data" #define NID_data 434 -#define OBJ_data OBJ_itu_t,9L +#define OBJ_data 0L, 9L #define SN_pss "pss" #define NID_pss 435 -#define OBJ_pss OBJ_data,2342L +#define OBJ_pss 0L, 9L, 2342L #define SN_ucl "ucl" #define NID_ucl 436 -#define OBJ_ucl OBJ_pss,19200300L +#define OBJ_ucl 0L, 9L, 2342L, 19200300L #define SN_pilot "pilot" #define NID_pilot 437 -#define OBJ_pilot OBJ_ucl,100L +#define OBJ_pilot 0L, 9L, 2342L, 19200300L, 100L #define LN_pilotAttributeType "pilotAttributeType" #define NID_pilotAttributeType 438 -#define OBJ_pilotAttributeType OBJ_pilot,1L +#define OBJ_pilotAttributeType 0L, 9L, 2342L, 19200300L, 100L, 1L #define LN_pilotAttributeSyntax "pilotAttributeSyntax" #define NID_pilotAttributeSyntax 439 -#define OBJ_pilotAttributeSyntax OBJ_pilot,3L +#define OBJ_pilotAttributeSyntax 0L, 9L, 2342L, 19200300L, 100L, 3L #define LN_pilotObjectClass "pilotObjectClass" #define NID_pilotObjectClass 440 -#define OBJ_pilotObjectClass OBJ_pilot,4L +#define OBJ_pilotObjectClass 0L, 9L, 2342L, 19200300L, 100L, 4L #define LN_pilotGroups "pilotGroups" #define NID_pilotGroups 441 -#define OBJ_pilotGroups OBJ_pilot,10L +#define OBJ_pilotGroups 0L, 9L, 2342L, 19200300L, 100L, 10L #define LN_iA5StringSyntax "iA5StringSyntax" #define NID_iA5StringSyntax 442 -#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L +#define OBJ_iA5StringSyntax 0L, 9L, 2342L, 19200300L, 100L, 3L, 4L #define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" #define NID_caseIgnoreIA5StringSyntax 443 -#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L +#define OBJ_caseIgnoreIA5StringSyntax 0L, 9L, 2342L, 19200300L, 100L, 3L, 5L #define LN_pilotObject "pilotObject" #define NID_pilotObject 444 -#define OBJ_pilotObject OBJ_pilotObjectClass,3L +#define OBJ_pilotObject 0L, 9L, 2342L, 19200300L, 100L, 4L, 3L #define LN_pilotPerson "pilotPerson" #define NID_pilotPerson 445 -#define OBJ_pilotPerson OBJ_pilotObjectClass,4L +#define OBJ_pilotPerson 0L, 9L, 2342L, 19200300L, 100L, 4L, 4L #define SN_account "account" #define NID_account 446 -#define OBJ_account OBJ_pilotObjectClass,5L +#define OBJ_account 0L, 9L, 2342L, 19200300L, 100L, 4L, 5L #define SN_document "document" #define NID_document 447 -#define OBJ_document OBJ_pilotObjectClass,6L +#define OBJ_document 0L, 9L, 2342L, 19200300L, 100L, 4L, 6L #define SN_room "room" #define NID_room 448 -#define OBJ_room OBJ_pilotObjectClass,7L +#define OBJ_room 0L, 9L, 2342L, 19200300L, 100L, 4L, 7L #define LN_documentSeries "documentSeries" #define NID_documentSeries 449 -#define OBJ_documentSeries OBJ_pilotObjectClass,9L - -#define SN_Domain "domain" -#define LN_Domain "Domain" -#define NID_Domain 392 -#define OBJ_Domain OBJ_pilotObjectClass,13L +#define OBJ_documentSeries 0L, 9L, 2342L, 19200300L, 100L, 4L, 9L #define LN_rFC822localPart "rFC822localPart" #define NID_rFC822localPart 450 -#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L +#define OBJ_rFC822localPart 0L, 9L, 2342L, 19200300L, 100L, 4L, 14L #define LN_dNSDomain "dNSDomain" #define NID_dNSDomain 451 -#define OBJ_dNSDomain OBJ_pilotObjectClass,15L +#define OBJ_dNSDomain 0L, 9L, 2342L, 19200300L, 100L, 4L, 15L #define LN_domainRelatedObject "domainRelatedObject" #define NID_domainRelatedObject 452 -#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L +#define OBJ_domainRelatedObject 0L, 9L, 2342L, 19200300L, 100L, 4L, 17L #define LN_friendlyCountry "friendlyCountry" #define NID_friendlyCountry 453 -#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L +#define OBJ_friendlyCountry 0L, 9L, 2342L, 19200300L, 100L, 4L, 18L #define LN_simpleSecurityObject "simpleSecurityObject" #define NID_simpleSecurityObject 454 -#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L +#define OBJ_simpleSecurityObject 0L, 9L, 2342L, 19200300L, 100L, 4L, 19L #define LN_pilotOrganization "pilotOrganization" #define NID_pilotOrganization 455 -#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L +#define OBJ_pilotOrganization 0L, 9L, 2342L, 19200300L, 100L, 4L, 20L #define LN_pilotDSA "pilotDSA" #define NID_pilotDSA 456 -#define OBJ_pilotDSA OBJ_pilotObjectClass,21L +#define OBJ_pilotDSA 0L, 9L, 2342L, 19200300L, 100L, 4L, 21L #define LN_qualityLabelledData "qualityLabelledData" #define NID_qualityLabelledData 457 -#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L +#define OBJ_qualityLabelledData 0L, 9L, 2342L, 19200300L, 100L, 4L, 22L #define SN_userId "UID" #define LN_userId "userId" #define NID_userId 458 -#define OBJ_userId OBJ_pilotAttributeType,1L +#define OBJ_userId 0L, 9L, 2342L, 19200300L, 100L, 1L, 1L #define LN_textEncodedORAddress "textEncodedORAddress" #define NID_textEncodedORAddress 459 -#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L +#define OBJ_textEncodedORAddress 0L, 9L, 2342L, 19200300L, 100L, 1L, 2L #define SN_rfc822Mailbox "mail" #define LN_rfc822Mailbox "rfc822Mailbox" #define NID_rfc822Mailbox 460 -#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L +#define OBJ_rfc822Mailbox 0L, 9L, 2342L, 19200300L, 100L, 1L, 3L #define SN_info "info" #define NID_info 461 -#define OBJ_info OBJ_pilotAttributeType,4L +#define OBJ_info 0L, 9L, 2342L, 19200300L, 100L, 1L, 4L #define LN_favouriteDrink "favouriteDrink" #define NID_favouriteDrink 462 -#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L +#define OBJ_favouriteDrink 0L, 9L, 2342L, 19200300L, 100L, 1L, 5L #define LN_roomNumber "roomNumber" #define NID_roomNumber 463 -#define OBJ_roomNumber OBJ_pilotAttributeType,6L +#define OBJ_roomNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 6L #define SN_photo "photo" #define NID_photo 464 -#define OBJ_photo OBJ_pilotAttributeType,7L +#define OBJ_photo 0L, 9L, 2342L, 19200300L, 100L, 1L, 7L #define LN_userClass "userClass" #define NID_userClass 465 -#define OBJ_userClass OBJ_pilotAttributeType,8L +#define OBJ_userClass 0L, 9L, 2342L, 19200300L, 100L, 1L, 8L #define SN_host "host" #define NID_host 466 -#define OBJ_host OBJ_pilotAttributeType,9L +#define OBJ_host 0L, 9L, 2342L, 19200300L, 100L, 1L, 9L #define SN_manager "manager" #define NID_manager 467 -#define OBJ_manager OBJ_pilotAttributeType,10L +#define OBJ_manager 0L, 9L, 2342L, 19200300L, 100L, 1L, 10L #define LN_documentIdentifier "documentIdentifier" #define NID_documentIdentifier 468 -#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L +#define OBJ_documentIdentifier 0L, 9L, 2342L, 19200300L, 100L, 1L, 11L #define LN_documentTitle "documentTitle" #define NID_documentTitle 469 -#define OBJ_documentTitle OBJ_pilotAttributeType,12L +#define OBJ_documentTitle 0L, 9L, 2342L, 19200300L, 100L, 1L, 12L #define LN_documentVersion "documentVersion" #define NID_documentVersion 470 -#define OBJ_documentVersion OBJ_pilotAttributeType,13L +#define OBJ_documentVersion 0L, 9L, 2342L, 19200300L, 100L, 1L, 13L #define LN_documentAuthor "documentAuthor" #define NID_documentAuthor 471 -#define OBJ_documentAuthor OBJ_pilotAttributeType,14L +#define OBJ_documentAuthor 0L, 9L, 2342L, 19200300L, 100L, 1L, 14L #define LN_documentLocation "documentLocation" #define NID_documentLocation 472 -#define OBJ_documentLocation OBJ_pilotAttributeType,15L +#define OBJ_documentLocation 0L, 9L, 2342L, 19200300L, 100L, 1L, 15L #define LN_homeTelephoneNumber "homeTelephoneNumber" #define NID_homeTelephoneNumber 473 -#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L +#define OBJ_homeTelephoneNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 20L #define SN_secretary "secretary" #define NID_secretary 474 -#define OBJ_secretary OBJ_pilotAttributeType,21L +#define OBJ_secretary 0L, 9L, 2342L, 19200300L, 100L, 1L, 21L #define LN_otherMailbox "otherMailbox" #define NID_otherMailbox 475 -#define OBJ_otherMailbox OBJ_pilotAttributeType,22L +#define OBJ_otherMailbox 0L, 9L, 2342L, 19200300L, 100L, 1L, 22L #define LN_lastModifiedTime "lastModifiedTime" #define NID_lastModifiedTime 476 -#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L +#define OBJ_lastModifiedTime 0L, 9L, 2342L, 19200300L, 100L, 1L, 23L #define LN_lastModifiedBy "lastModifiedBy" #define NID_lastModifiedBy 477 -#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L - -#define SN_domainComponent "DC" -#define LN_domainComponent "domainComponent" -#define NID_domainComponent 391 -#define OBJ_domainComponent OBJ_pilotAttributeType,25L +#define OBJ_lastModifiedBy 0L, 9L, 2342L, 19200300L, 100L, 1L, 24L #define LN_aRecord "aRecord" #define NID_aRecord 478 -#define OBJ_aRecord OBJ_pilotAttributeType,26L +#define OBJ_aRecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 26L #define LN_pilotAttributeType27 "pilotAttributeType27" #define NID_pilotAttributeType27 479 -#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L +#define OBJ_pilotAttributeType27 0L, 9L, 2342L, 19200300L, 100L, 1L, 27L #define LN_mXRecord "mXRecord" #define NID_mXRecord 480 -#define OBJ_mXRecord OBJ_pilotAttributeType,28L +#define OBJ_mXRecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 28L #define LN_nSRecord "nSRecord" #define NID_nSRecord 481 -#define OBJ_nSRecord OBJ_pilotAttributeType,29L +#define OBJ_nSRecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 29L #define LN_sOARecord "sOARecord" #define NID_sOARecord 482 -#define OBJ_sOARecord OBJ_pilotAttributeType,30L +#define OBJ_sOARecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 30L #define LN_cNAMERecord "cNAMERecord" #define NID_cNAMERecord 483 -#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L +#define OBJ_cNAMERecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 31L #define LN_associatedDomain "associatedDomain" #define NID_associatedDomain 484 -#define OBJ_associatedDomain OBJ_pilotAttributeType,37L +#define OBJ_associatedDomain 0L, 9L, 2342L, 19200300L, 100L, 1L, 37L #define LN_associatedName "associatedName" #define NID_associatedName 485 -#define OBJ_associatedName OBJ_pilotAttributeType,38L +#define OBJ_associatedName 0L, 9L, 2342L, 19200300L, 100L, 1L, 38L #define LN_homePostalAddress "homePostalAddress" #define NID_homePostalAddress 486 -#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L +#define OBJ_homePostalAddress 0L, 9L, 2342L, 19200300L, 100L, 1L, 39L #define LN_personalTitle "personalTitle" #define NID_personalTitle 487 -#define OBJ_personalTitle OBJ_pilotAttributeType,40L +#define OBJ_personalTitle 0L, 9L, 2342L, 19200300L, 100L, 1L, 40L #define LN_mobileTelephoneNumber "mobileTelephoneNumber" #define NID_mobileTelephoneNumber 488 -#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L +#define OBJ_mobileTelephoneNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 41L #define LN_pagerTelephoneNumber "pagerTelephoneNumber" #define NID_pagerTelephoneNumber 489 -#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L +#define OBJ_pagerTelephoneNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 42L #define LN_friendlyCountryName "friendlyCountryName" #define NID_friendlyCountryName 490 -#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L +#define OBJ_friendlyCountryName 0L, 9L, 2342L, 19200300L, 100L, 1L, 43L #define LN_organizationalStatus "organizationalStatus" #define NID_organizationalStatus 491 -#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L +#define OBJ_organizationalStatus 0L, 9L, 2342L, 19200300L, 100L, 1L, 45L #define LN_janetMailbox "janetMailbox" #define NID_janetMailbox 492 -#define OBJ_janetMailbox OBJ_pilotAttributeType,46L +#define OBJ_janetMailbox 0L, 9L, 2342L, 19200300L, 100L, 1L, 46L #define LN_mailPreferenceOption "mailPreferenceOption" #define NID_mailPreferenceOption 493 -#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L +#define OBJ_mailPreferenceOption 0L, 9L, 2342L, 19200300L, 100L, 1L, 47L #define LN_buildingName "buildingName" #define NID_buildingName 494 -#define OBJ_buildingName OBJ_pilotAttributeType,48L +#define OBJ_buildingName 0L, 9L, 2342L, 19200300L, 100L, 1L, 48L #define LN_dSAQuality "dSAQuality" #define NID_dSAQuality 495 -#define OBJ_dSAQuality OBJ_pilotAttributeType,49L +#define OBJ_dSAQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 49L #define LN_singleLevelQuality "singleLevelQuality" #define NID_singleLevelQuality 496 -#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L +#define OBJ_singleLevelQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 50L #define LN_subtreeMinimumQuality "subtreeMinimumQuality" #define NID_subtreeMinimumQuality 497 -#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L +#define OBJ_subtreeMinimumQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 51L #define LN_subtreeMaximumQuality "subtreeMaximumQuality" #define NID_subtreeMaximumQuality 498 -#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L +#define OBJ_subtreeMaximumQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 52L #define LN_personalSignature "personalSignature" #define NID_personalSignature 499 -#define OBJ_personalSignature OBJ_pilotAttributeType,53L +#define OBJ_personalSignature 0L, 9L, 2342L, 19200300L, 100L, 1L, 53L #define LN_dITRedirect "dITRedirect" #define NID_dITRedirect 500 -#define OBJ_dITRedirect OBJ_pilotAttributeType,54L +#define OBJ_dITRedirect 0L, 9L, 2342L, 19200300L, 100L, 1L, 54L #define SN_audio "audio" #define NID_audio 501 -#define OBJ_audio OBJ_pilotAttributeType,55L +#define OBJ_audio 0L, 9L, 2342L, 19200300L, 100L, 1L, 55L #define LN_documentPublisher "documentPublisher" #define NID_documentPublisher 502 -#define OBJ_documentPublisher OBJ_pilotAttributeType,56L +#define OBJ_documentPublisher 0L, 9L, 2342L, 19200300L, 100L, 1L, 56L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier 2L, 5L, 4L, 45L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs 1L, 3L, 6L, 1L, 7L, 1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings 1L, 3L, 6L, 1L, 7L, 1L, 1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies 1L, 3L, 6L, 1L, 7L, 1L, 2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message 1L, 3L, 6L, 1L, 7L, 1L, 1L, 1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message 1L, 3L, 6L, 1L, 7L, 1L, 1L, 2L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier 2L, 5L, 4L, 44L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym 2L, 5L, 4L, 65L #define SN_id_set "id-set" #define LN_id_set "Secure Electronic Transactions" #define NID_id_set 512 -#define OBJ_id_set OBJ_international_organizations,42L +#define OBJ_id_set 2L, 23L, 42L #define SN_set_ctype "set-ctype" #define LN_set_ctype "content types" #define NID_set_ctype 513 -#define OBJ_set_ctype OBJ_id_set,0L +#define OBJ_set_ctype 2L, 23L, 42L, 0L #define SN_set_msgExt "set-msgExt" #define LN_set_msgExt "message extensions" #define NID_set_msgExt 514 -#define OBJ_set_msgExt OBJ_id_set,1L +#define OBJ_set_msgExt 2L, 23L, 42L, 1L #define SN_set_attr "set-attr" #define NID_set_attr 515 -#define OBJ_set_attr OBJ_id_set,3L +#define OBJ_set_attr 2L, 23L, 42L, 3L #define SN_set_policy "set-policy" #define NID_set_policy 516 -#define OBJ_set_policy OBJ_id_set,5L +#define OBJ_set_policy 2L, 23L, 42L, 5L #define SN_set_certExt "set-certExt" #define LN_set_certExt "certificate extensions" #define NID_set_certExt 517 -#define OBJ_set_certExt OBJ_id_set,7L +#define OBJ_set_certExt 2L, 23L, 42L, 7L #define SN_set_brand "set-brand" #define NID_set_brand 518 -#define OBJ_set_brand OBJ_id_set,8L +#define OBJ_set_brand 2L, 23L, 42L, 8L #define SN_setct_PANData "setct-PANData" #define NID_setct_PANData 519 -#define OBJ_setct_PANData OBJ_set_ctype,0L +#define OBJ_setct_PANData 2L, 23L, 42L, 0L, 0L #define SN_setct_PANToken "setct-PANToken" #define NID_setct_PANToken 520 -#define OBJ_setct_PANToken OBJ_set_ctype,1L +#define OBJ_setct_PANToken 2L, 23L, 42L, 0L, 1L #define SN_setct_PANOnly "setct-PANOnly" #define NID_setct_PANOnly 521 -#define OBJ_setct_PANOnly OBJ_set_ctype,2L +#define OBJ_setct_PANOnly 2L, 23L, 42L, 0L, 2L #define SN_setct_OIData "setct-OIData" #define NID_setct_OIData 522 -#define OBJ_setct_OIData OBJ_set_ctype,3L +#define OBJ_setct_OIData 2L, 23L, 42L, 0L, 3L #define SN_setct_PI "setct-PI" #define NID_setct_PI 523 -#define OBJ_setct_PI OBJ_set_ctype,4L +#define OBJ_setct_PI 2L, 23L, 42L, 0L, 4L #define SN_setct_PIData "setct-PIData" #define NID_setct_PIData 524 -#define OBJ_setct_PIData OBJ_set_ctype,5L +#define OBJ_setct_PIData 2L, 23L, 42L, 0L, 5L #define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" #define NID_setct_PIDataUnsigned 525 -#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L +#define OBJ_setct_PIDataUnsigned 2L, 23L, 42L, 0L, 6L #define SN_setct_HODInput "setct-HODInput" #define NID_setct_HODInput 526 -#define OBJ_setct_HODInput OBJ_set_ctype,7L +#define OBJ_setct_HODInput 2L, 23L, 42L, 0L, 7L #define SN_setct_AuthResBaggage "setct-AuthResBaggage" #define NID_setct_AuthResBaggage 527 -#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L +#define OBJ_setct_AuthResBaggage 2L, 23L, 42L, 0L, 8L #define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" #define NID_setct_AuthRevReqBaggage 528 -#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L +#define OBJ_setct_AuthRevReqBaggage 2L, 23L, 42L, 0L, 9L #define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" #define NID_setct_AuthRevResBaggage 529 -#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L +#define OBJ_setct_AuthRevResBaggage 2L, 23L, 42L, 0L, 10L #define SN_setct_CapTokenSeq "setct-CapTokenSeq" #define NID_setct_CapTokenSeq 530 -#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L +#define OBJ_setct_CapTokenSeq 2L, 23L, 42L, 0L, 11L #define SN_setct_PInitResData "setct-PInitResData" #define NID_setct_PInitResData 531 -#define OBJ_setct_PInitResData OBJ_set_ctype,12L +#define OBJ_setct_PInitResData 2L, 23L, 42L, 0L, 12L #define SN_setct_PI_TBS "setct-PI-TBS" #define NID_setct_PI_TBS 532 -#define OBJ_setct_PI_TBS OBJ_set_ctype,13L +#define OBJ_setct_PI_TBS 2L, 23L, 42L, 0L, 13L #define SN_setct_PResData "setct-PResData" #define NID_setct_PResData 533 -#define OBJ_setct_PResData OBJ_set_ctype,14L +#define OBJ_setct_PResData 2L, 23L, 42L, 0L, 14L #define SN_setct_AuthReqTBS "setct-AuthReqTBS" #define NID_setct_AuthReqTBS 534 -#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L +#define OBJ_setct_AuthReqTBS 2L, 23L, 42L, 0L, 16L #define SN_setct_AuthResTBS "setct-AuthResTBS" #define NID_setct_AuthResTBS 535 -#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L +#define OBJ_setct_AuthResTBS 2L, 23L, 42L, 0L, 17L #define SN_setct_AuthResTBSX "setct-AuthResTBSX" #define NID_setct_AuthResTBSX 536 -#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L +#define OBJ_setct_AuthResTBSX 2L, 23L, 42L, 0L, 18L #define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" #define NID_setct_AuthTokenTBS 537 -#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L +#define OBJ_setct_AuthTokenTBS 2L, 23L, 42L, 0L, 19L #define SN_setct_CapTokenData "setct-CapTokenData" #define NID_setct_CapTokenData 538 -#define OBJ_setct_CapTokenData OBJ_set_ctype,20L +#define OBJ_setct_CapTokenData 2L, 23L, 42L, 0L, 20L #define SN_setct_CapTokenTBS "setct-CapTokenTBS" #define NID_setct_CapTokenTBS 539 -#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L +#define OBJ_setct_CapTokenTBS 2L, 23L, 42L, 0L, 21L #define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" #define NID_setct_AcqCardCodeMsg 540 -#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L +#define OBJ_setct_AcqCardCodeMsg 2L, 23L, 42L, 0L, 22L #define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" #define NID_setct_AuthRevReqTBS 541 -#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L +#define OBJ_setct_AuthRevReqTBS 2L, 23L, 42L, 0L, 23L #define SN_setct_AuthRevResData "setct-AuthRevResData" #define NID_setct_AuthRevResData 542 -#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L +#define OBJ_setct_AuthRevResData 2L, 23L, 42L, 0L, 24L #define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" #define NID_setct_AuthRevResTBS 543 -#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L +#define OBJ_setct_AuthRevResTBS 2L, 23L, 42L, 0L, 25L #define SN_setct_CapReqTBS "setct-CapReqTBS" #define NID_setct_CapReqTBS 544 -#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L +#define OBJ_setct_CapReqTBS 2L, 23L, 42L, 0L, 26L #define SN_setct_CapReqTBSX "setct-CapReqTBSX" #define NID_setct_CapReqTBSX 545 -#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L +#define OBJ_setct_CapReqTBSX 2L, 23L, 42L, 0L, 27L #define SN_setct_CapResData "setct-CapResData" #define NID_setct_CapResData 546 -#define OBJ_setct_CapResData OBJ_set_ctype,28L +#define OBJ_setct_CapResData 2L, 23L, 42L, 0L, 28L #define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" #define NID_setct_CapRevReqTBS 547 -#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L +#define OBJ_setct_CapRevReqTBS 2L, 23L, 42L, 0L, 29L #define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" #define NID_setct_CapRevReqTBSX 548 -#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L +#define OBJ_setct_CapRevReqTBSX 2L, 23L, 42L, 0L, 30L #define SN_setct_CapRevResData "setct-CapRevResData" #define NID_setct_CapRevResData 549 -#define OBJ_setct_CapRevResData OBJ_set_ctype,31L +#define OBJ_setct_CapRevResData 2L, 23L, 42L, 0L, 31L #define SN_setct_CredReqTBS "setct-CredReqTBS" #define NID_setct_CredReqTBS 550 -#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L +#define OBJ_setct_CredReqTBS 2L, 23L, 42L, 0L, 32L #define SN_setct_CredReqTBSX "setct-CredReqTBSX" #define NID_setct_CredReqTBSX 551 -#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L +#define OBJ_setct_CredReqTBSX 2L, 23L, 42L, 0L, 33L #define SN_setct_CredResData "setct-CredResData" #define NID_setct_CredResData 552 -#define OBJ_setct_CredResData OBJ_set_ctype,34L +#define OBJ_setct_CredResData 2L, 23L, 42L, 0L, 34L #define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" #define NID_setct_CredRevReqTBS 553 -#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L +#define OBJ_setct_CredRevReqTBS 2L, 23L, 42L, 0L, 35L #define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" #define NID_setct_CredRevReqTBSX 554 -#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L +#define OBJ_setct_CredRevReqTBSX 2L, 23L, 42L, 0L, 36L #define SN_setct_CredRevResData "setct-CredRevResData" #define NID_setct_CredRevResData 555 -#define OBJ_setct_CredRevResData OBJ_set_ctype,37L +#define OBJ_setct_CredRevResData 2L, 23L, 42L, 0L, 37L #define SN_setct_PCertReqData "setct-PCertReqData" #define NID_setct_PCertReqData 556 -#define OBJ_setct_PCertReqData OBJ_set_ctype,38L +#define OBJ_setct_PCertReqData 2L, 23L, 42L, 0L, 38L #define SN_setct_PCertResTBS "setct-PCertResTBS" #define NID_setct_PCertResTBS 557 -#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L +#define OBJ_setct_PCertResTBS 2L, 23L, 42L, 0L, 39L #define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" #define NID_setct_BatchAdminReqData 558 -#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L +#define OBJ_setct_BatchAdminReqData 2L, 23L, 42L, 0L, 40L #define SN_setct_BatchAdminResData "setct-BatchAdminResData" #define NID_setct_BatchAdminResData 559 -#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L +#define OBJ_setct_BatchAdminResData 2L, 23L, 42L, 0L, 41L #define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" #define NID_setct_CardCInitResTBS 560 -#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L +#define OBJ_setct_CardCInitResTBS 2L, 23L, 42L, 0L, 42L #define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" #define NID_setct_MeAqCInitResTBS 561 -#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L +#define OBJ_setct_MeAqCInitResTBS 2L, 23L, 42L, 0L, 43L #define SN_setct_RegFormResTBS "setct-RegFormResTBS" #define NID_setct_RegFormResTBS 562 -#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L +#define OBJ_setct_RegFormResTBS 2L, 23L, 42L, 0L, 44L #define SN_setct_CertReqData "setct-CertReqData" #define NID_setct_CertReqData 563 -#define OBJ_setct_CertReqData OBJ_set_ctype,45L +#define OBJ_setct_CertReqData 2L, 23L, 42L, 0L, 45L #define SN_setct_CertReqTBS "setct-CertReqTBS" #define NID_setct_CertReqTBS 564 -#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L +#define OBJ_setct_CertReqTBS 2L, 23L, 42L, 0L, 46L #define SN_setct_CertResData "setct-CertResData" #define NID_setct_CertResData 565 -#define OBJ_setct_CertResData OBJ_set_ctype,47L +#define OBJ_setct_CertResData 2L, 23L, 42L, 0L, 47L #define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" #define NID_setct_CertInqReqTBS 566 -#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L +#define OBJ_setct_CertInqReqTBS 2L, 23L, 42L, 0L, 48L #define SN_setct_ErrorTBS "setct-ErrorTBS" #define NID_setct_ErrorTBS 567 -#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L +#define OBJ_setct_ErrorTBS 2L, 23L, 42L, 0L, 49L #define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" #define NID_setct_PIDualSignedTBE 568 -#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L +#define OBJ_setct_PIDualSignedTBE 2L, 23L, 42L, 0L, 50L #define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" #define NID_setct_PIUnsignedTBE 569 -#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L +#define OBJ_setct_PIUnsignedTBE 2L, 23L, 42L, 0L, 51L #define SN_setct_AuthReqTBE "setct-AuthReqTBE" #define NID_setct_AuthReqTBE 570 -#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L +#define OBJ_setct_AuthReqTBE 2L, 23L, 42L, 0L, 52L #define SN_setct_AuthResTBE "setct-AuthResTBE" #define NID_setct_AuthResTBE 571 -#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L +#define OBJ_setct_AuthResTBE 2L, 23L, 42L, 0L, 53L #define SN_setct_AuthResTBEX "setct-AuthResTBEX" #define NID_setct_AuthResTBEX 572 -#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L +#define OBJ_setct_AuthResTBEX 2L, 23L, 42L, 0L, 54L #define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" #define NID_setct_AuthTokenTBE 573 -#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L +#define OBJ_setct_AuthTokenTBE 2L, 23L, 42L, 0L, 55L #define SN_setct_CapTokenTBE "setct-CapTokenTBE" #define NID_setct_CapTokenTBE 574 -#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L +#define OBJ_setct_CapTokenTBE 2L, 23L, 42L, 0L, 56L #define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" #define NID_setct_CapTokenTBEX 575 -#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L +#define OBJ_setct_CapTokenTBEX 2L, 23L, 42L, 0L, 57L #define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" #define NID_setct_AcqCardCodeMsgTBE 576 -#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L +#define OBJ_setct_AcqCardCodeMsgTBE 2L, 23L, 42L, 0L, 58L #define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" #define NID_setct_AuthRevReqTBE 577 -#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L +#define OBJ_setct_AuthRevReqTBE 2L, 23L, 42L, 0L, 59L #define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" #define NID_setct_AuthRevResTBE 578 -#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L +#define OBJ_setct_AuthRevResTBE 2L, 23L, 42L, 0L, 60L #define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" #define NID_setct_AuthRevResTBEB 579 -#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L +#define OBJ_setct_AuthRevResTBEB 2L, 23L, 42L, 0L, 61L #define SN_setct_CapReqTBE "setct-CapReqTBE" #define NID_setct_CapReqTBE 580 -#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L +#define OBJ_setct_CapReqTBE 2L, 23L, 42L, 0L, 62L #define SN_setct_CapReqTBEX "setct-CapReqTBEX" #define NID_setct_CapReqTBEX 581 -#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L +#define OBJ_setct_CapReqTBEX 2L, 23L, 42L, 0L, 63L #define SN_setct_CapResTBE "setct-CapResTBE" #define NID_setct_CapResTBE 582 -#define OBJ_setct_CapResTBE OBJ_set_ctype,64L +#define OBJ_setct_CapResTBE 2L, 23L, 42L, 0L, 64L #define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" #define NID_setct_CapRevReqTBE 583 -#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L +#define OBJ_setct_CapRevReqTBE 2L, 23L, 42L, 0L, 65L #define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" #define NID_setct_CapRevReqTBEX 584 -#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L +#define OBJ_setct_CapRevReqTBEX 2L, 23L, 42L, 0L, 66L #define SN_setct_CapRevResTBE "setct-CapRevResTBE" #define NID_setct_CapRevResTBE 585 -#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L +#define OBJ_setct_CapRevResTBE 2L, 23L, 42L, 0L, 67L #define SN_setct_CredReqTBE "setct-CredReqTBE" #define NID_setct_CredReqTBE 586 -#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L +#define OBJ_setct_CredReqTBE 2L, 23L, 42L, 0L, 68L #define SN_setct_CredReqTBEX "setct-CredReqTBEX" #define NID_setct_CredReqTBEX 587 -#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L +#define OBJ_setct_CredReqTBEX 2L, 23L, 42L, 0L, 69L #define SN_setct_CredResTBE "setct-CredResTBE" #define NID_setct_CredResTBE 588 -#define OBJ_setct_CredResTBE OBJ_set_ctype,70L +#define OBJ_setct_CredResTBE 2L, 23L, 42L, 0L, 70L #define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" #define NID_setct_CredRevReqTBE 589 -#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L +#define OBJ_setct_CredRevReqTBE 2L, 23L, 42L, 0L, 71L #define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" #define NID_setct_CredRevReqTBEX 590 -#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L +#define OBJ_setct_CredRevReqTBEX 2L, 23L, 42L, 0L, 72L #define SN_setct_CredRevResTBE "setct-CredRevResTBE" #define NID_setct_CredRevResTBE 591 -#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L +#define OBJ_setct_CredRevResTBE 2L, 23L, 42L, 0L, 73L #define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" #define NID_setct_BatchAdminReqTBE 592 -#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L +#define OBJ_setct_BatchAdminReqTBE 2L, 23L, 42L, 0L, 74L #define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" #define NID_setct_BatchAdminResTBE 593 -#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L +#define OBJ_setct_BatchAdminResTBE 2L, 23L, 42L, 0L, 75L #define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" #define NID_setct_RegFormReqTBE 594 -#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L +#define OBJ_setct_RegFormReqTBE 2L, 23L, 42L, 0L, 76L #define SN_setct_CertReqTBE "setct-CertReqTBE" #define NID_setct_CertReqTBE 595 -#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L +#define OBJ_setct_CertReqTBE 2L, 23L, 42L, 0L, 77L #define SN_setct_CertReqTBEX "setct-CertReqTBEX" #define NID_setct_CertReqTBEX 596 -#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L +#define OBJ_setct_CertReqTBEX 2L, 23L, 42L, 0L, 78L #define SN_setct_CertResTBE "setct-CertResTBE" #define NID_setct_CertResTBE 597 -#define OBJ_setct_CertResTBE OBJ_set_ctype,79L +#define OBJ_setct_CertResTBE 2L, 23L, 42L, 0L, 79L #define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" #define NID_setct_CRLNotificationTBS 598 -#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L +#define OBJ_setct_CRLNotificationTBS 2L, 23L, 42L, 0L, 80L #define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" #define NID_setct_CRLNotificationResTBS 599 -#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L +#define OBJ_setct_CRLNotificationResTBS 2L, 23L, 42L, 0L, 81L #define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" #define NID_setct_BCIDistributionTBS 600 -#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L +#define OBJ_setct_BCIDistributionTBS 2L, 23L, 42L, 0L, 82L #define SN_setext_genCrypt "setext-genCrypt" #define LN_setext_genCrypt "generic cryptogram" #define NID_setext_genCrypt 601 -#define OBJ_setext_genCrypt OBJ_set_msgExt,1L +#define OBJ_setext_genCrypt 2L, 23L, 42L, 1L, 1L #define SN_setext_miAuth "setext-miAuth" #define LN_setext_miAuth "merchant initiated auth" #define NID_setext_miAuth 602 -#define OBJ_setext_miAuth OBJ_set_msgExt,3L +#define OBJ_setext_miAuth 2L, 23L, 42L, 1L, 3L #define SN_setext_pinSecure "setext-pinSecure" #define NID_setext_pinSecure 603 -#define OBJ_setext_pinSecure OBJ_set_msgExt,4L +#define OBJ_setext_pinSecure 2L, 23L, 42L, 1L, 4L #define SN_setext_pinAny "setext-pinAny" #define NID_setext_pinAny 604 -#define OBJ_setext_pinAny OBJ_set_msgExt,5L +#define OBJ_setext_pinAny 2L, 23L, 42L, 1L, 5L #define SN_setext_track2 "setext-track2" #define NID_setext_track2 605 -#define OBJ_setext_track2 OBJ_set_msgExt,7L +#define OBJ_setext_track2 2L, 23L, 42L, 1L, 7L #define SN_setext_cv "setext-cv" #define LN_setext_cv "additional verification" #define NID_setext_cv 606 -#define OBJ_setext_cv OBJ_set_msgExt,8L +#define OBJ_setext_cv 2L, 23L, 42L, 1L, 8L #define SN_set_policy_root "set-policy-root" #define NID_set_policy_root 607 -#define OBJ_set_policy_root OBJ_set_policy,0L +#define OBJ_set_policy_root 2L, 23L, 42L, 5L, 0L #define SN_setCext_hashedRoot "setCext-hashedRoot" #define NID_setCext_hashedRoot 608 -#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L +#define OBJ_setCext_hashedRoot 2L, 23L, 42L, 7L, 0L #define SN_setCext_certType "setCext-certType" #define NID_setCext_certType 609 -#define OBJ_setCext_certType OBJ_set_certExt,1L +#define OBJ_setCext_certType 2L, 23L, 42L, 7L, 1L #define SN_setCext_merchData "setCext-merchData" #define NID_setCext_merchData 610 -#define OBJ_setCext_merchData OBJ_set_certExt,2L +#define OBJ_setCext_merchData 2L, 23L, 42L, 7L, 2L #define SN_setCext_cCertRequired "setCext-cCertRequired" #define NID_setCext_cCertRequired 611 -#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L +#define OBJ_setCext_cCertRequired 2L, 23L, 42L, 7L, 3L #define SN_setCext_tunneling "setCext-tunneling" #define NID_setCext_tunneling 612 -#define OBJ_setCext_tunneling OBJ_set_certExt,4L +#define OBJ_setCext_tunneling 2L, 23L, 42L, 7L, 4L #define SN_setCext_setExt "setCext-setExt" #define NID_setCext_setExt 613 -#define OBJ_setCext_setExt OBJ_set_certExt,5L +#define OBJ_setCext_setExt 2L, 23L, 42L, 7L, 5L #define SN_setCext_setQualf "setCext-setQualf" #define NID_setCext_setQualf 614 -#define OBJ_setCext_setQualf OBJ_set_certExt,6L +#define OBJ_setCext_setQualf 2L, 23L, 42L, 7L, 6L #define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" #define NID_setCext_PGWYcapabilities 615 -#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L +#define OBJ_setCext_PGWYcapabilities 2L, 23L, 42L, 7L, 7L #define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" #define NID_setCext_TokenIdentifier 616 -#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L +#define OBJ_setCext_TokenIdentifier 2L, 23L, 42L, 7L, 8L #define SN_setCext_Track2Data "setCext-Track2Data" #define NID_setCext_Track2Data 617 -#define OBJ_setCext_Track2Data OBJ_set_certExt,9L +#define OBJ_setCext_Track2Data 2L, 23L, 42L, 7L, 9L #define SN_setCext_TokenType "setCext-TokenType" #define NID_setCext_TokenType 618 -#define OBJ_setCext_TokenType OBJ_set_certExt,10L +#define OBJ_setCext_TokenType 2L, 23L, 42L, 7L, 10L #define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" #define NID_setCext_IssuerCapabilities 619 -#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L +#define OBJ_setCext_IssuerCapabilities 2L, 23L, 42L, 7L, 11L #define SN_setAttr_Cert "setAttr-Cert" #define NID_setAttr_Cert 620 -#define OBJ_setAttr_Cert OBJ_set_attr,0L +#define OBJ_setAttr_Cert 2L, 23L, 42L, 3L, 0L #define SN_setAttr_PGWYcap "setAttr-PGWYcap" #define LN_setAttr_PGWYcap "payment gateway capabilities" #define NID_setAttr_PGWYcap 621 -#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L +#define OBJ_setAttr_PGWYcap 2L, 23L, 42L, 3L, 1L #define SN_setAttr_TokenType "setAttr-TokenType" #define NID_setAttr_TokenType 622 -#define OBJ_setAttr_TokenType OBJ_set_attr,2L +#define OBJ_setAttr_TokenType 2L, 23L, 42L, 3L, 2L #define SN_setAttr_IssCap "setAttr-IssCap" #define LN_setAttr_IssCap "issuer capabilities" #define NID_setAttr_IssCap 623 -#define OBJ_setAttr_IssCap OBJ_set_attr,3L +#define OBJ_setAttr_IssCap 2L, 23L, 42L, 3L, 3L #define SN_set_rootKeyThumb "set-rootKeyThumb" #define NID_set_rootKeyThumb 624 -#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L +#define OBJ_set_rootKeyThumb 2L, 23L, 42L, 3L, 0L, 0L #define SN_set_addPolicy "set-addPolicy" #define NID_set_addPolicy 625 -#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L +#define OBJ_set_addPolicy 2L, 23L, 42L, 3L, 0L, 1L #define SN_setAttr_Token_EMV "setAttr-Token-EMV" #define NID_setAttr_Token_EMV 626 -#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L +#define OBJ_setAttr_Token_EMV 2L, 23L, 42L, 3L, 2L, 1L #define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" #define NID_setAttr_Token_B0Prime 627 -#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L +#define OBJ_setAttr_Token_B0Prime 2L, 23L, 42L, 3L, 2L, 2L #define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" #define NID_setAttr_IssCap_CVM 628 -#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L +#define OBJ_setAttr_IssCap_CVM 2L, 23L, 42L, 3L, 3L, 3L #define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" #define NID_setAttr_IssCap_T2 629 -#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L +#define OBJ_setAttr_IssCap_T2 2L, 23L, 42L, 3L, 3L, 4L #define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" #define NID_setAttr_IssCap_Sig 630 -#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L +#define OBJ_setAttr_IssCap_Sig 2L, 23L, 42L, 3L, 3L, 5L #define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" #define LN_setAttr_GenCryptgrm "generate cryptogram" #define NID_setAttr_GenCryptgrm 631 -#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L +#define OBJ_setAttr_GenCryptgrm 2L, 23L, 42L, 3L, 3L, 3L, 1L #define SN_setAttr_T2Enc "setAttr-T2Enc" #define LN_setAttr_T2Enc "encrypted track 2" #define NID_setAttr_T2Enc 632 -#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L +#define OBJ_setAttr_T2Enc 2L, 23L, 42L, 3L, 3L, 4L, 1L #define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" #define LN_setAttr_T2cleartxt "cleartext track 2" #define NID_setAttr_T2cleartxt 633 -#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L +#define OBJ_setAttr_T2cleartxt 2L, 23L, 42L, 3L, 3L, 4L, 2L #define SN_setAttr_TokICCsig "setAttr-TokICCsig" #define LN_setAttr_TokICCsig "ICC or token signature" #define NID_setAttr_TokICCsig 634 -#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L +#define OBJ_setAttr_TokICCsig 2L, 23L, 42L, 3L, 3L, 5L, 1L #define SN_setAttr_SecDevSig "setAttr-SecDevSig" #define LN_setAttr_SecDevSig "secure device signature" #define NID_setAttr_SecDevSig 635 -#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L +#define OBJ_setAttr_SecDevSig 2L, 23L, 42L, 3L, 3L, 5L, 2L #define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" #define NID_set_brand_IATA_ATA 636 -#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L +#define OBJ_set_brand_IATA_ATA 2L, 23L, 42L, 8L, 1L #define SN_set_brand_Diners "set-brand-Diners" #define NID_set_brand_Diners 637 -#define OBJ_set_brand_Diners OBJ_set_brand,30L +#define OBJ_set_brand_Diners 2L, 23L, 42L, 8L, 30L #define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" #define NID_set_brand_AmericanExpress 638 -#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L +#define OBJ_set_brand_AmericanExpress 2L, 23L, 42L, 8L, 34L #define SN_set_brand_JCB "set-brand-JCB" #define NID_set_brand_JCB 639 -#define OBJ_set_brand_JCB OBJ_set_brand,35L +#define OBJ_set_brand_JCB 2L, 23L, 42L, 8L, 35L #define SN_set_brand_Visa "set-brand-Visa" #define NID_set_brand_Visa 640 -#define OBJ_set_brand_Visa OBJ_set_brand,4L +#define OBJ_set_brand_Visa 2L, 23L, 42L, 8L, 4L #define SN_set_brand_MasterCard "set-brand-MasterCard" #define NID_set_brand_MasterCard 641 -#define OBJ_set_brand_MasterCard OBJ_set_brand,5L +#define OBJ_set_brand_MasterCard 2L, 23L, 42L, 8L, 5L #define SN_set_brand_Novus "set-brand-Novus" #define NID_set_brand_Novus 642 -#define OBJ_set_brand_Novus OBJ_set_brand,6011L +#define OBJ_set_brand_Novus 2L, 23L, 42L, 8L, 6011L #define SN_des_cdmf "DES-CDMF" #define LN_des_cdmf "des-cdmf" #define NID_des_cdmf 643 -#define OBJ_des_cdmf OBJ_rsadsi,3L,10L +#define OBJ_des_cdmf 1L, 2L, 840L, 113549L, 3L, 10L #define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" #define NID_rsaOAEPEncryptionSET 644 -#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L +#define OBJ_rsaOAEPEncryptionSET 1L, 2L, 840L, 113549L, 1L, 1L, 6L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations 2L, 23L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L, 3L, 6L, 1L, 4L, 1L, 311L, 20L, 2L, 2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft Universal Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L, 3L, 6L, 1L, 4L, 1L, 311L, 20L, 2L, 3L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress 2L, 5L, 4L, 9L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode 2L, 5L, 4L, 17L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 14L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L, 0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L, 1L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints 2L, 5L, 29L, 30L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L, 2L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 14L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 4L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization 1L, 3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc 1L, 3L, 132L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap 2L, 23L, 43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg 2L, 23L, 43L, 1L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis 1L, 2L, 840L, 10045L, 1L, 2L, 3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis 1L, 2L, 840L, 10045L, 1L, 2L, 3L, 1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis 1L, 2L, 840L, 10045L, 1L, 2L, 3L, 2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis 1L, 2L, 840L, 10045L, 1L, 2L, 3L, 3L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 1L, 2L, 840L, 10045L, 3L, 0L, 1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 1L, 2L, 840L, 10045L, 3L, 0L, 2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 1L, 2L, 840L, 10045L, 3L, 0L, 3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 1L, 2L, 840L, 10045L, 3L, 0L, 4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 1L, 2L, 840L, 10045L, 3L, 0L, 5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 1L, 2L, 840L, 10045L, 3L, 0L, 6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 1L, 2L, 840L, 10045L, 3L, 0L, 7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 1L, 2L, 840L, 10045L, 3L, 0L, 8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 1L, 2L, 840L, 10045L, 3L, 0L, 9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 1L, 2L, 840L, 10045L, 3L, 0L, 10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 1L, 2L, 840L, 10045L, 3L, 0L, 11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 1L, 2L, 840L, 10045L, 3L, 0L, 12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 1L, 2L, 840L, 10045L, 3L, 0L, 13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 1L, 2L, 840L, 10045L, 3L, 0L, 14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 1L, 2L, 840L, 10045L, 3L, 0L, 15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 1L, 2L, 840L, 10045L, 3L, 0L, 16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 1L, 2L, 840L, 10045L, 3L, 0L, 17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 1L, 2L, 840L, 10045L, 3L, 0L, 18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 1L, 2L, 840L, 10045L, 3L, 0L, 19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 1L, 2L, 840L, 10045L, 3L, 0L, 20L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 1L, 3L, 132L, 0L, 6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 1L, 3L, 132L, 0L, 7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 1L, 3L, 132L, 0L, 28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 1L, 3L, 132L, 0L, 29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 1L, 3L, 132L, 0L, 9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 1L, 3L, 132L, 0L, 8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 1L, 3L, 132L, 0L, 30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 1L, 3L, 132L, 0L, 31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 1L, 3L, 132L, 0L, 32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 1L, 3L, 132L, 0L, 33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 1L, 3L, 132L, 0L, 10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 1L, 3L, 132L, 0L, 34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 1L, 3L, 132L, 0L, 35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 1L, 3L, 132L, 0L, 4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 1L, 3L, 132L, 0L, 5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 1L, 3L, 132L, 0L, 22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 1L, 3L, 132L, 0L, 23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 1L, 3L, 132L, 0L, 1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 1L, 3L, 132L, 0L, 2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 1L, 3L, 132L, 0L, 15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 1L, 3L, 132L, 0L, 24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 1L, 3L, 132L, 0L, 25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 1L, 3L, 132L, 0L, 26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 1L, 3L, 132L, 0L, 27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 1L, 3L, 132L, 0L, 3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 1L, 3L, 132L, 0L, 16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 1L, 3L, 132L, 0L, 17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 1L, 3L, 132L, 0L, 36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 1L, 3L, 132L, 0L, 37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 1L, 3L, 132L, 0L, 38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 1L, 3L, 132L, 0L, 39L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 2L, 23L, 43L, 1L, 4L, 1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 2L, 23L, 43L, 1L, 4L, 3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 2L, 23L, 43L, 1L, 4L, 4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 2L, 23L, 43L, 1L, 4L, 5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 2L, 23L, 43L, 1L, 4L, 6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 2L, 23L, 43L, 1L, 4L, 7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 2L, 23L, 43L, 1L, 4L, 8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 2L, 23L, 43L, 1L, 4L, 9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 2L, 23L, 43L, 1L, 4L, 10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 2L, 23L, 43L, 1L, 4L, 11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 2L, 23L, 43L, 1L, 4L, 12L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy 2L, 5L, 29L, 32L, 0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings 2L, 5L, 29L, 33L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy 2L, 5L, 29L, 54L #define SN_ipsec3 "Oakley-EC2N-3" #define LN_ipsec3 "ipsec3" @@ -3676,52 +3309,281 @@ #define LN_ipsec4 "ipsec4" #define NID_ipsec4 750 +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 1L, 2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 1L, 3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 1L, 4L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 1L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 21L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 41L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 4L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 24L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 44L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 3L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 23L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 43L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes 2L, 5L, 29L, 9L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point 2L, 5L, 29L, 28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer 2L, 5L, 29L, 29L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa 1L, 2L, 410L, 200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb 1L, 2L, 410L, 200004L, 1L, 3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc 1L, 2L, 410L, 200004L, 1L, 4L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 1L, 2L, 410L, 200004L, 1L, 6L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 1L, 2L, 410L, 200004L, 1L, 5L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 1L, 3L, 6L, 1L, 5L, 5L, 8L, 1L, 1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 1L, 3L, 6L, 1L, 5L, 5L, 8L, 1L, 2L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC 1L, 2L, 840L, 113533L, 7L, 66L, 13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac 1L, 2L, 840L, 113533L, 7L, 66L, 30L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 16L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 5L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData \ + 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 9L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 27L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 5L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 25L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 45L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended 1L, 2L, 840L, 10045L, 4L, 2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified 1L, 2L, 840L, 10045L, 4L, 3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 1L, 2L, 840L, 10045L, 4L, 3L, 1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 1L, 2L, 840L, 10045L, 4L, 3L, 2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 1L, 2L, 840L, 10045L, 4L, 3L, 3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 1L, 2L, 840L, 10045L, 4L, 3L, 4L + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 1L, 2L, 840L, 113549L, 2L, 6L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 1L, 2L, 840L, 113549L, 2L, 8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 1L, 2L, 840L, 113549L, 2L, 9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 1L, 2L, 840L, 113549L, 2L, 10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 1L, 2L, 840L, 113549L, 2L, 11L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L, 1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L, 2L + #define SN_whirlpool "whirlpool" #define NID_whirlpool 804 -#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L +#define OBJ_whirlpool 1L, 0L, 10118L, 3L, 0L, 55L #define SN_cryptopro "cryptopro" #define NID_cryptopro 805 -#define OBJ_cryptopro OBJ_member_body,643L,2L,2L +#define OBJ_cryptopro 1L, 2L, 643L, 2L, 2L #define SN_cryptocom "cryptocom" #define NID_cryptocom 806 -#define OBJ_cryptocom OBJ_member_body,643L,2L,9L +#define OBJ_cryptocom 1L, 2L, 643L, 2L, 9L -#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" -#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define SN_id_GostR3411_94_with_GostR3410_2001 \ + "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 \ + "GOST R 34.11-94 with GOST R 34.10-2001" #define NID_id_GostR3411_94_with_GostR3410_2001 807 -#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L +#define OBJ_id_GostR3411_94_with_GostR3410_2001 1L, 2L, 643L, 2L, 2L, 3L #define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" -#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define LN_id_GostR3411_94_with_GostR3410_94 \ + "GOST R 34.11-94 with GOST R 34.10-94" #define NID_id_GostR3411_94_with_GostR3410_94 808 -#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L +#define OBJ_id_GostR3411_94_with_GostR3410_94 1L, 2L, 643L, 2L, 2L, 4L #define SN_id_GostR3411_94 "md_gost94" #define LN_id_GostR3411_94 "GOST R 34.11-94" #define NID_id_GostR3411_94 809 -#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L +#define OBJ_id_GostR3411_94 1L, 2L, 643L, 2L, 2L, 9L #define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" #define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" #define NID_id_HMACGostR3411_94 810 -#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L +#define OBJ_id_HMACGostR3411_94 1L, 2L, 643L, 2L, 2L, 10L #define SN_id_GostR3410_2001 "gost2001" #define LN_id_GostR3410_2001 "GOST R 34.10-2001" #define NID_id_GostR3410_2001 811 -#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L +#define OBJ_id_GostR3410_2001 1L, 2L, 643L, 2L, 2L, 19L #define SN_id_GostR3410_94 "gost94" #define LN_id_GostR3410_94 "GOST R 34.10-94" #define NID_id_GostR3410_94 812 -#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L +#define OBJ_id_GostR3410_94 1L, 2L, 643L, 2L, 2L, 20L #define SN_id_Gost28147_89 "gost89" #define LN_id_Gost28147_89 "GOST 28147-89" #define NID_id_Gost28147_89 813 -#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L +#define OBJ_id_Gost28147_89 1L, 2L, 643L, 2L, 2L, 21L #define SN_gost89_cnt "gost89-cnt" #define NID_gost89_cnt 814 @@ -3729,306 +3591,460 @@ #define SN_id_Gost28147_89_MAC "gost-mac" #define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" #define NID_id_Gost28147_89_MAC 815 -#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L +#define OBJ_id_Gost28147_89_MAC 1L, 2L, 643L, 2L, 2L, 22L #define SN_id_GostR3411_94_prf "prf-gostr3411-94" #define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" #define NID_id_GostR3411_94_prf 816 -#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L +#define OBJ_id_GostR3411_94_prf 1L, 2L, 643L, 2L, 2L, 23L #define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" #define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" #define NID_id_GostR3410_2001DH 817 -#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L +#define OBJ_id_GostR3410_2001DH 1L, 2L, 643L, 2L, 2L, 98L #define SN_id_GostR3410_94DH "id-GostR3410-94DH" #define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" #define NID_id_GostR3410_94DH 818 -#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L +#define OBJ_id_GostR3410_94DH 1L, 2L, 643L, 2L, 2L, 99L -#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing \ + "id-Gost28147-89-CryptoPro-KeyMeshing" #define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 -#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1L, 2L, 643L, 2L, 2L, 14L, 1L #define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" #define NID_id_Gost28147_89_None_KeyMeshing 820 -#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L +#define OBJ_id_Gost28147_89_None_KeyMeshing 1L, 2L, 643L, 2L, 2L, 14L, 0L #define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" #define NID_id_GostR3411_94_TestParamSet 821 -#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L +#define OBJ_id_GostR3411_94_TestParamSet 1L, 2L, 643L, 2L, 2L, 30L, 0L #define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" #define NID_id_GostR3411_94_CryptoProParamSet 822 -#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L +#define OBJ_id_GostR3411_94_CryptoProParamSet 1L, 2L, 643L, 2L, 2L, 30L, 1L #define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" #define NID_id_Gost28147_89_TestParamSet 823 -#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L +#define OBJ_id_Gost28147_89_TestParamSet 1L, 2L, 643L, 2L, 2L, 31L, 0L -#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet \ + "id-Gost28147-89-CryptoPro-A-ParamSet" #define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 -#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 1L -#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet \ + "id-Gost28147-89-CryptoPro-B-ParamSet" #define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 -#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 2L -#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet \ + "id-Gost28147-89-CryptoPro-C-ParamSet" #define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 -#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 3L -#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet \ + "id-Gost28147-89-CryptoPro-D-ParamSet" #define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 -#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 4L -#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet \ + "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" #define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 -#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 31L, 5L -#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet \ + "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" #define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 -#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 31L, 6L -#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet \ + "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" #define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 -#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 31L, 7L #define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" #define NID_id_GostR3410_94_TestParamSet 831 -#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L +#define OBJ_id_GostR3410_94_TestParamSet 1L, 2L, 643L, 2L, 2L, 32L, 0L -#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet \ + "id-GostR3410-94-CryptoPro-A-ParamSet" #define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 -#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 2L -#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet \ + "id-GostR3410-94-CryptoPro-B-ParamSet" #define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 -#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 3L -#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet \ + "id-GostR3410-94-CryptoPro-C-ParamSet" #define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 -#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 4L -#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet \ + "id-GostR3410-94-CryptoPro-D-ParamSet" #define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 -#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 5L -#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet \ + "id-GostR3410-94-CryptoPro-XchA-ParamSet" #define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 -#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 33L, 1L -#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet \ + "id-GostR3410-94-CryptoPro-XchB-ParamSet" #define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 -#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 33L, 2L -#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet \ + "id-GostR3410-94-CryptoPro-XchC-ParamSet" #define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 -#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 33L, 3L #define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" #define NID_id_GostR3410_2001_TestParamSet 839 -#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L +#define OBJ_id_GostR3410_2001_TestParamSet 1L, 2L, 643L, 2L, 2L, 35L, 0L -#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet \ + "id-GostR3410-2001-CryptoPro-A-ParamSet" #define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 -#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1L, 2L, 643L, 2L, 2L, 35L, 1L -#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet \ + "id-GostR3410-2001-CryptoPro-B-ParamSet" #define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 -#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1L, 2L, 643L, 2L, 2L, 35L, 2L -#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet \ + "id-GostR3410-2001-CryptoPro-C-ParamSet" #define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 -#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1L, 2L, 643L, 2L, 2L, 35L, 3L -#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet \ + "id-GostR3410-2001-CryptoPro-XchA-ParamSet" #define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 -#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 36L, 0L -#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet \ + "id-GostR3410-2001-CryptoPro-XchB-ParamSet" #define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 -#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet \ + 1L, 2L, 643L, 2L, 2L, 36L, 1L #define SN_id_GostR3410_94_a "id-GostR3410-94-a" #define NID_id_GostR3410_94_a 845 -#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L +#define OBJ_id_GostR3410_94_a 1L, 2L, 643L, 2L, 2L, 20L, 1L #define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" #define NID_id_GostR3410_94_aBis 846 -#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L +#define OBJ_id_GostR3410_94_aBis 1L, 2L, 643L, 2L, 2L, 20L, 2L #define SN_id_GostR3410_94_b "id-GostR3410-94-b" #define NID_id_GostR3410_94_b 847 -#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L +#define OBJ_id_GostR3410_94_b 1L, 2L, 643L, 2L, 2L, 20L, 3L #define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" #define NID_id_GostR3410_94_bBis 848 -#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L +#define OBJ_id_GostR3410_94_bBis 1L, 2L, 643L, 2L, 2L, 20L, 4L #define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" #define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" #define NID_id_Gost28147_89_cc 849 -#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L +#define OBJ_id_Gost28147_89_cc 1L, 2L, 643L, 2L, 9L, 1L, 6L, 1L #define SN_id_GostR3410_94_cc "gost94cc" #define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" #define NID_id_GostR3410_94_cc 850 -#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L +#define OBJ_id_GostR3410_94_cc 1L, 2L, 643L, 2L, 9L, 1L, 5L, 3L #define SN_id_GostR3410_2001_cc "gost2001cc" #define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" #define NID_id_GostR3410_2001_cc 851 -#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L +#define OBJ_id_GostR3410_2001_cc 1L, 2L, 643L, 2L, 9L, 1L, 5L, 4L -#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" -#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define SN_id_GostR3411_94_with_GostR3410_94_cc \ + "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc \ + "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" #define NID_id_GostR3411_94_with_GostR3410_94_cc 852 -#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc \ + 1L, 2L, 643L, 2L, 9L, 1L, 3L, 3L -#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" -#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define SN_id_GostR3411_94_with_GostR3410_2001_cc \ + "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc \ + "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" #define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 -#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc \ + 1L, 2L, 643L, 2L, 9L, 1L, 3L, 4L #define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" -#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define LN_id_GostR3410_2001_ParamSet_cc \ + "GOST R 3410-2001 Parameter Set Cryptocom" #define NID_id_GostR3410_2001_ParamSet_cc 854 -#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L +#define OBJ_id_GostR3410_2001_ParamSet_cc 1L, 2L, 643L, 2L, 9L, 1L, 8L, 1L -#define SN_camellia_128_cbc "CAMELLIA-128-CBC" -#define LN_camellia_128_cbc "camellia-128-cbc" -#define NID_camellia_128_cbc 751 -#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 -#define SN_camellia_192_cbc "CAMELLIA-192-CBC" -#define LN_camellia_192_cbc "camellia-192-cbc" -#define NID_camellia_192_cbc 752 -#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L, 3L, 6L, 1L, 4L, 1L, 311L, 17L, 2L -#define SN_camellia_256_cbc "CAMELLIA-256-CBC" -#define LN_camellia_256_cbc "camellia-256-cbc" -#define NID_camellia_256_cbc 753 -#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl 2L, 5L, 29L, 46L -#define SN_id_camellia128_wrap "id-camellia128-wrap" -#define NID_id_camellia128_wrap 907 -#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier 1L, 3L, 6L, 1L, 5L, 5L, 7L, 8L, 3L -#define SN_id_camellia192_wrap "id-camellia192-wrap" -#define NID_id_camellia192_wrap 908 -#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide 2L, 5L, 4L, 14L -#define SN_id_camellia256_wrap "id-camellia256-wrap" -#define NID_id_camellia256_wrap 909 -#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory 2L, 5L, 4L, 15L -#define OBJ_ntt_ds 0L,3L,4401L,5L +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress 2L, 5L, 4L, 16L -#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox 2L, 5L, 4L, 18L -#define SN_camellia_128_ecb "CAMELLIA-128-ECB" -#define LN_camellia_128_ecb "camellia-128-ecb" -#define NID_camellia_128_ecb 754 -#define OBJ_camellia_128_ecb OBJ_camellia,1L +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName 2L, 5L, 4L, 19L -#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" -#define LN_camellia_128_ofb128 "camellia-128-ofb" -#define NID_camellia_128_ofb128 766 -#define OBJ_camellia_128_ofb128 OBJ_camellia,3L +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber 2L, 5L, 4L, 20L -#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" -#define LN_camellia_128_cfb128 "camellia-128-cfb" -#define NID_camellia_128_cfb128 757 -#define OBJ_camellia_128_cfb128 OBJ_camellia,4L +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber 2L, 5L, 4L, 21L -#define SN_camellia_192_ecb "CAMELLIA-192-ECB" -#define LN_camellia_192_ecb "camellia-192-ecb" -#define NID_camellia_192_ecb 755 -#define OBJ_camellia_192_ecb OBJ_camellia,21L +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier 2L, 5L, 4L, 22L -#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" -#define LN_camellia_192_ofb128 "camellia-192-ofb" -#define NID_camellia_192_ofb128 767 -#define OBJ_camellia_192_ofb128 OBJ_camellia,23L +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber 2L, 5L, 4L, 23L -#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" -#define LN_camellia_192_cfb128 "camellia-192-cfb" -#define NID_camellia_192_cfb128 758 -#define OBJ_camellia_192_cfb128 OBJ_camellia,24L +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address 2L, 5L, 4L, 24L -#define SN_camellia_256_ecb "CAMELLIA-256-ECB" -#define LN_camellia_256_ecb "camellia-256-ecb" -#define NID_camellia_256_ecb 756 -#define OBJ_camellia_256_ecb OBJ_camellia,41L +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber 2L, 5L, 4L, 25L -#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" -#define LN_camellia_256_ofb128 "camellia-256-ofb" -#define NID_camellia_256_ofb128 768 -#define OBJ_camellia_256_ofb128 OBJ_camellia,43L +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress 2L, 5L, 4L, 26L -#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" -#define LN_camellia_256_cfb128 "camellia-256-cfb" -#define NID_camellia_256_cfb128 759 -#define OBJ_camellia_256_cfb128 OBJ_camellia,44L +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator 2L, 5L, 4L, 27L -#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" -#define LN_camellia_128_cfb1 "camellia-128-cfb1" -#define NID_camellia_128_cfb1 760 +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod 2L, 5L, 4L, 28L -#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" -#define LN_camellia_192_cfb1 "camellia-192-cfb1" -#define NID_camellia_192_cfb1 761 +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress 2L, 5L, 4L, 29L -#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" -#define LN_camellia_256_cfb1 "camellia-256-cfb1" -#define NID_camellia_256_cfb1 762 +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext 2L, 5L, 4L, 30L -#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" -#define LN_camellia_128_cfb8 "camellia-128-cfb8" -#define NID_camellia_128_cfb8 763 +#define SN_member "member" +#define NID_member 875 +#define OBJ_member 2L, 5L, 4L, 31L -#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" -#define LN_camellia_192_cfb8 "camellia-192-cfb8" -#define NID_camellia_192_cfb8 764 +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner 2L, 5L, 4L, 32L -#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" -#define LN_camellia_256_cfb8 "camellia-256-cfb8" -#define NID_camellia_256_cfb8 765 +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant 2L, 5L, 4L, 33L -#define SN_kisa "KISA" -#define LN_kisa "kisa" -#define NID_kisa 773 -#define OBJ_kisa OBJ_member_body,410L,200004L +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso 2L, 5L, 4L, 34L -#define SN_seed_ecb "SEED-ECB" -#define LN_seed_ecb "seed-ecb" -#define NID_seed_ecb 776 -#define OBJ_seed_ecb OBJ_kisa,1L,3L +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword 2L, 5L, 4L, 35L -#define SN_seed_cbc "SEED-CBC" -#define LN_seed_cbc "seed-cbc" -#define NID_seed_cbc 777 -#define OBJ_seed_cbc OBJ_kisa,1L,4L +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate 2L, 5L, 4L, 36L -#define SN_seed_cfb128 "SEED-CFB" -#define LN_seed_cfb128 "seed-cfb" -#define NID_seed_cfb128 779 -#define OBJ_seed_cfb128 OBJ_kisa,1L,5L +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate 2L, 5L, 4L, 37L -#define SN_seed_ofb128 "SEED-OFB" -#define LN_seed_ofb128 "seed-ofb" -#define NID_seed_ofb128 778 -#define OBJ_seed_ofb128 OBJ_kisa,1L,6L +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList 2L, 5L, 4L, 38L -#define SN_hmac "HMAC" -#define LN_hmac "hmac" -#define NID_hmac 855 +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList 2L, 5L, 4L, 39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair 2L, 5L, 4L, 40L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide 2L, 5L, 4L, 47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation 2L, 5L, 4L, 48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName 2L, 5L, 4L, 49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember 2L, 5L, 4L, 50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier 2L, 5L, 4L, 51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms 2L, 5L, 4L, 52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList 2L, 5L, 4L, 53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName 2L, 5L, 4L, 54L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 9L #define SN_cmac "CMAC" #define LN_cmac "cmac" #define NID_cmac 894 +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 8L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 28L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 48L + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 3L, 2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 3L, 3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 3L, 4L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage 2L, 5L, 29L, 37L, 0L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 1L, 2L, 840L, 113549L, 1L, 1L, 8L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss 1L, 2L, 840L, 113549L, 1L, 1L, 10L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 + #define SN_rc4_hmac_md5 "RC4-HMAC-MD5" #define LN_rc4_hmac_md5 "rc4-hmac-md5" #define NID_rc4_hmac_md5 915 @@ -4045,110 +4061,127 @@ #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" #define NID_aes_256_cbc_hmac_sha1 918 +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep 1L, 2L, 840L, 113549L, 1L, 1L, 7L + #define SN_dhpublicnumber "dhpublicnumber" #define LN_dhpublicnumber "X9.42 DH" #define NID_dhpublicnumber 920 -#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L +#define OBJ_dhpublicnumber 1L, 2L, 840L, 10046L, 2L, 1L #define SN_brainpoolP160r1 "brainpoolP160r1" #define NID_brainpoolP160r1 921 -#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L +#define OBJ_brainpoolP160r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 1L #define SN_brainpoolP160t1 "brainpoolP160t1" #define NID_brainpoolP160t1 922 -#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L +#define OBJ_brainpoolP160t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 2L #define SN_brainpoolP192r1 "brainpoolP192r1" #define NID_brainpoolP192r1 923 -#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L +#define OBJ_brainpoolP192r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 3L #define SN_brainpoolP192t1 "brainpoolP192t1" #define NID_brainpoolP192t1 924 -#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L +#define OBJ_brainpoolP192t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 4L #define SN_brainpoolP224r1 "brainpoolP224r1" #define NID_brainpoolP224r1 925 -#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L +#define OBJ_brainpoolP224r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 5L #define SN_brainpoolP224t1 "brainpoolP224t1" #define NID_brainpoolP224t1 926 -#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L +#define OBJ_brainpoolP224t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 6L #define SN_brainpoolP256r1 "brainpoolP256r1" #define NID_brainpoolP256r1 927 -#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L +#define OBJ_brainpoolP256r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 7L #define SN_brainpoolP256t1 "brainpoolP256t1" #define NID_brainpoolP256t1 928 -#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L +#define OBJ_brainpoolP256t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 8L #define SN_brainpoolP320r1 "brainpoolP320r1" #define NID_brainpoolP320r1 929 -#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L +#define OBJ_brainpoolP320r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 9L #define SN_brainpoolP320t1 "brainpoolP320t1" #define NID_brainpoolP320t1 930 -#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L +#define OBJ_brainpoolP320t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 10L #define SN_brainpoolP384r1 "brainpoolP384r1" #define NID_brainpoolP384r1 931 -#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L +#define OBJ_brainpoolP384r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 11L #define SN_brainpoolP384t1 "brainpoolP384t1" #define NID_brainpoolP384t1 932 -#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L +#define OBJ_brainpoolP384t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 12L #define SN_brainpoolP512r1 "brainpoolP512r1" #define NID_brainpoolP512r1 933 -#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L +#define OBJ_brainpoolP512r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 13L #define SN_brainpoolP512t1 "brainpoolP512t1" #define NID_brainpoolP512t1 934 -#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L - -#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L +#define OBJ_brainpoolP512t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 14L -#define OBJ_secg_scheme OBJ_certicom_arc,1L +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified 1L, 2L, 840L, 113549L, 1L, 1L, 9L #define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" #define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 -#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme \ + 1L, 3L, 133L, 16L, 840L, 63L, 0L, 2L -#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define SN_dhSinglePass_stdDH_sha224kdf_scheme \ + "dhSinglePass-stdDH-sha224kdf-scheme" #define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 -#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1L, 3L, 132L, 1L, 11L, 0L -#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define SN_dhSinglePass_stdDH_sha256kdf_scheme \ + "dhSinglePass-stdDH-sha256kdf-scheme" #define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 -#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1L, 3L, 132L, 1L, 11L, 1L -#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define SN_dhSinglePass_stdDH_sha384kdf_scheme \ + "dhSinglePass-stdDH-sha384kdf-scheme" #define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 -#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1L, 3L, 132L, 1L, 11L, 2L -#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define SN_dhSinglePass_stdDH_sha512kdf_scheme \ + "dhSinglePass-stdDH-sha512kdf-scheme" #define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 -#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1L, 3L, 132L, 1L, 11L, 3L -#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme \ + "dhSinglePass-cofactorDH-sha1kdf-scheme" #define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 -#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme \ + 1L, 3L, 133L, 16L, 840L, 63L, 0L, 3L -#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme \ + "dhSinglePass-cofactorDH-sha224kdf-scheme" #define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 -#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1L, 3L, 132L, 1L, 14L, 0L -#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme \ + "dhSinglePass-cofactorDH-sha256kdf-scheme" #define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 -#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1L, 3L, 132L, 1L, 14L, 1L -#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme \ + "dhSinglePass-cofactorDH-sha384kdf-scheme" #define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 -#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1L, 3L, 132L, 1L, 14L, 2L -#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme \ + "dhSinglePass-cofactorDH-sha512kdf-scheme" #define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 -#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1L, 3L, 132L, 1L, 14L, 3L #define SN_dh_std_kdf "dh-std-kdf" #define NID_dh_std_kdf 946 @@ -4159,5 +4192,8 @@ #define SN_X25519 "X25519" #define NID_X25519 948 +#if defined(__cplusplus) +} /* extern C */ +#endif -#endif /* OPENSSL_HEADER_NID_H */ +#endif /* OPENSSL_HEADER_NID_H */ diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index 78d5b32c..19be3ba5 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -322,7 +322,9 @@ OPENSSL_EXPORT int RSA_recover_crt_params(RSA *rsa); * hash function for generating the mask. If NULL, |Hash| is used. The |sLen| * argument specifies the expected salt length in bytes. If |sLen| is -1 then * the salt length is the same as the hash length. If -2, then the salt length - * is maximal and is taken from the size of |EM|. + * is recovered and all values accepted. + * + * If unsure, use -1. * * It returns one on success or zero on error. */ OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index 2a76fe27..c230f8cf 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -1331,25 +1331,11 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, * |str| as a cipher string. It returns one on success and zero on failure. */ OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); -/* SSL_CTX_set_cipher_list_tls10 configures the TLS 1.0+ cipher list for |ctx|, - * evaluating |str| as a cipher string. It returns one on success and zero on - * failure. If set, servers will use this cipher suite list for TLS 1.0 or - * higher. */ -OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls10(SSL_CTX *ctx, const char *str); - -/* SSL_CTX_set_cipher_list_tls11 configures the TLS 1.1+ cipher list for |ctx|, - * evaluating |str| as a cipher string. It returns one on success and zero on - * failure. If set, servers will use this cipher suite list for TLS 1.1 or - * higher. */ -OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str); - /* SSL_set_cipher_list configures the cipher list for |ssl|, evaluating |str| as * a cipher string. It returns one on success and zero on failure. */ OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str); -/* SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. If - * |SSL_CTX_set_cipher_list_tls10| or |SSL_CTX_set_cipher_list_tls11| has been - * used, the corresponding list for the current version is returned. */ +/* SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. */ OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); @@ -2927,6 +2913,11 @@ OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); * peformed by |ssl|. This includes the pending renegotiation, if any. */ OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); +/* SSL_CTX_set_early_data_enabled sets whether early data is allowed to be used + * with resumptions using |ctx|. WARNING: This is experimental and may cause + * interop failures until fully implemented. */ +OPENSSL_EXPORT void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled); + /* SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer * certificate chain. */ #define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100) @@ -3163,6 +3154,11 @@ OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled); * record with |ssl|. */ OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl); +/* SSL_CTX_set_short_header_enabled configures whether a short record header in + * TLS 1.3 may be negotiated. This allows client and server to negotiate + * https://github.com/tlswg/tls13-spec/pull/762 for testing. */ +OPENSSL_EXPORT void SSL_CTX_set_short_header_enabled(SSL_CTX *ctx, int enabled); + /* Deprecated functions. */ @@ -3767,6 +3763,10 @@ struct ssl_session_st { uint32_t ticket_age_add; + /* ticket_max_early_data is the maximum amount of data allowed to be sent as + * early data. If zero, 0-RTT is disallowed. */ + uint32_t ticket_max_early_data; + /* extended_master_secret is true if the master secret in this session was * generated using EMS and thus isn't vulnerable to the Triple Handshake * attack. */ @@ -3839,21 +3839,6 @@ struct ssl_ctx_st { struct ssl_cipher_preference_list_st *cipher_list; - /* cipher_list_tls10 is the list of ciphers when TLS 1.0 or greater is in - * use. This only applies to server connections as, for clients, the version - * number is known at connect time and so the cipher list can be set then. If - * |cipher_list_tls11| is non-NULL then this applies only to TLS 1.0 - * connections. - * - * TODO(agl): this exists to assist in the death of SSLv3. It can hopefully - * be removed after that. */ - struct ssl_cipher_preference_list_st *cipher_list_tls10; - - /* cipher_list_tls11 is the list of ciphers when TLS 1.1 or greater is in - * use. This only applies to server connections as, for clients, the version - * number is known at connect time and so the cipher list can be set then. */ - struct ssl_cipher_preference_list_st *cipher_list_tls11; - X509_STORE *cert_store; LHASH_OF(SSL_SESSION) *sessions; /* Most session-ids that will be cached, default is @@ -4057,6 +4042,10 @@ struct ssl_ctx_st { * shutdown. */ unsigned quiet_shutdown:1; + /* If enable_early_data is non-zero, early data can be sent and accepted over + * new connections. */ + unsigned enable_early_data:1; + /* ocsp_stapling_enabled is only used by client connections and indicates * whether OCSP stapling will be requested. */ unsigned ocsp_stapling_enabled:1; @@ -4073,6 +4062,10 @@ struct ssl_ctx_st { * otherwise. */ unsigned grease_enabled:1; + /* short_header_enabled is one if a short record header in TLS 1.3 may + * be negotiated and zero otherwise. */ + unsigned short_header_enabled:1; + /* extra_certs is a dummy value included for compatibility. * TODO(agl): remove once node.js no longer references this. */ STACK_OF(X509)* extra_certs; diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 54c28005..7d9f2acb 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -213,6 +213,7 @@ extern "C" { #define TLSEXT_TYPE_supported_versions 43 #define TLSEXT_TYPE_cookie 44 #define TLSEXT_TYPE_psk_key_exchange_modes 45 +#define TLSEXT_TYPE_ticket_early_data_info 46 /* ExtensionType value from RFC5746 */ #define TLSEXT_TYPE_renegotiate 0xff01 @@ -226,6 +227,9 @@ extern "C" { /* This is not an IANA defined extension number */ #define TLSEXT_TYPE_channel_id 30032 +/* This is not an IANA defined extension number */ +#define TLSEXT_TYPE_short_header 27463 + /* status request value from RFC 3546 */ #define TLSEXT_STATUSTYPE_ocsp 1 diff --git a/src/include/openssl/x509_vfy.h b/src/include/openssl/x509_vfy.h index 1182bc28..f069cb2c 100644 --- a/src/include/openssl/x509_vfy.h +++ b/src/include/openssl/x509_vfy.h @@ -184,6 +184,7 @@ struct x509_store_st int cache; /* if true, stash any hits */ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ CRYPTO_MUTEX objs_lock; + STACK_OF(X509) *additional_untrusted; /* These are external lookup methods */ STACK_OF(X509_LOOKUP) *get_cert_methods; @@ -447,6 +448,11 @@ OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust); OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +/* X509_STORE_set0_additional_untrusted sets a stack of additional, untrusted + * certificates that are available for chain building. This function does not + * take ownership of the stack. */ +OPENSSL_EXPORT void X509_STORE_set0_additional_untrusted( + X509_STORE *ctx, STACK_OF(X509) *untrusted); OPENSSL_EXPORT void X509_STORE_set_verify_cb(X509_STORE *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); diff --git a/src/ssl/d1_both.c b/src/ssl/d1_both.c index f9bb8f49..d3e4a922 100644 --- a/src/ssl/d1_both.c +++ b/src/ssl/d1_both.c @@ -124,6 +124,7 @@ #include <openssl/rand.h> #include <openssl/x509.h> +#include "../crypto/internal.h" #include "internal.h" @@ -157,7 +158,7 @@ static hm_fragment *dtls1_hm_fragment_new(const struct hm_header_st *msg_hdr) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; } - memset(frag, 0, sizeof(hm_fragment)); + OPENSSL_memset(frag, 0, sizeof(hm_fragment)); frag->type = msg_hdr->type; frag->seq = msg_hdr->seq; frag->msg_len = msg_hdr->msg_len; @@ -195,7 +196,7 @@ static hm_fragment *dtls1_hm_fragment_new(const struct hm_header_st *msg_hdr) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } - memset(frag->reassembly, 0, bitmask_len); + OPENSSL_memset(frag->reassembly, 0, bitmask_len); } return frag; @@ -383,7 +384,7 @@ start: assert(msg_len > 0); /* Copy the body into the fragment. */ - memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off, CBS_data(&body), + OPENSSL_memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off, CBS_data(&body), CBS_len(&body)); dtls1_hm_fragment_mark(frag, frag_off, frag_off + frag_len); } @@ -489,7 +490,7 @@ int dtls_has_incoming_messages(const SSL *ssl) { int dtls1_parse_fragment(CBS *cbs, struct hm_header_st *out_hdr, CBS *out_body) { - memset(out_hdr, 0x00, sizeof(struct hm_header_st)); + OPENSSL_memset(out_hdr, 0x00, sizeof(struct hm_header_st)); if (!CBS_get_u8(cbs, &out_hdr->type) || !CBS_get_u24(cbs, &out_hdr->msg_len) || @@ -747,7 +748,7 @@ int dtls1_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg, /* Fix up the header. Copy the fragment length into the total message * length. */ - memcpy(*out_msg + 1, *out_msg + DTLS1_HM_HEADER_LENGTH - 3, 3); + OPENSSL_memcpy(*out_msg + 1, *out_msg + DTLS1_HM_HEADER_LENGTH - 3, 3); return 1; } diff --git a/src/ssl/d1_lib.c b/src/ssl/d1_lib.c index cafb4c26..258e9ab2 100644 --- a/src/ssl/d1_lib.c +++ b/src/ssl/d1_lib.c @@ -64,9 +64,11 @@ #include <openssl/mem.h> #include <openssl/nid.h> +#include "../crypto/internal.h" #include "internal.h" + /* DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire * before starting to decrease the MTU. */ #define DTLS1_MTU_TIMEOUTS 2 @@ -86,7 +88,7 @@ int dtls1_new(SSL *ssl) { ssl3_free(ssl); return 0; } - memset(d1, 0, sizeof *d1); + OPENSSL_memset(d1, 0, sizeof *d1); ssl->d1 = d1; @@ -154,12 +156,12 @@ int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out) { if (ssl->d1->next_timeout.tv_sec < timenow.tv_sec || (ssl->d1->next_timeout.tv_sec == timenow.tv_sec && ssl->d1->next_timeout.tv_usec <= timenow.tv_usec)) { - memset(out, 0, sizeof(struct timeval)); + OPENSSL_memset(out, 0, sizeof(struct timeval)); return 1; } /* Calculate time left until timer expires */ - memcpy(out, &ssl->d1->next_timeout, sizeof(struct timeval)); + OPENSSL_memcpy(out, &ssl->d1->next_timeout, sizeof(struct timeval)); out->tv_sec -= timenow.tv_sec; out->tv_usec -= timenow.tv_usec; if (out->tv_usec < 0) { @@ -170,7 +172,7 @@ int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out) { /* If remaining time is less than 15 ms, set it to 0 to prevent issues * because of small devergences with socket timeouts. */ if (out->tv_sec == 0 && out->tv_usec < 15000) { - memset(out, 0, sizeof(struct timeval)); + OPENSSL_memset(out, 0, sizeof(struct timeval)); } return 1; @@ -204,7 +206,7 @@ void dtls1_double_timeout(SSL *ssl) { void dtls1_stop_timer(SSL *ssl) { /* Reset everything */ ssl->d1->num_timeouts = 0; - memset(&ssl->d1->next_timeout, 0, sizeof(struct timeval)); + OPENSSL_memset(&ssl->d1->next_timeout, 0, sizeof(struct timeval)); ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms; BIO_ctrl(ssl->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &ssl->d1->next_timeout); @@ -234,9 +236,7 @@ int dtls1_check_timeout_num(SSL *ssl) { } int DTLSv1_handle_timeout(SSL *ssl) { - ssl->rwstate = SSL_NOTHING; - /* Functions which use SSL_get_error must clear the error queue on entry. */ - ERR_clear_error(); + ssl_reset_error_state(ssl); if (!SSL_is_dtls(ssl)) { return -1; diff --git a/src/ssl/d1_pkt.c b/src/ssl/d1_pkt.c index 155359cd..c6950d58 100644 --- a/src/ssl/d1_pkt.c +++ b/src/ssl/d1_pkt.c @@ -122,6 +122,7 @@ #include <openssl/err.h> #include <openssl/rand.h> +#include "../crypto/internal.h" #include "internal.h" @@ -265,7 +266,7 @@ again: len = rr->length; } - memcpy(buf, rr->data, len); + OPENSSL_memcpy(buf, rr->data, len); if (!peek) { /* TODO(davidben): Should the record be truncated instead? This is a * datagram transport. See https://crbug.com/boringssl/65. */ diff --git a/src/ssl/dtls_method.c b/src/ssl/dtls_method.c index 89b5491e..65766862 100644 --- a/src/ssl/dtls_method.c +++ b/src/ssl/dtls_method.c @@ -62,6 +62,7 @@ #include <openssl/buf.h> #include <openssl/err.h> +#include "../crypto/internal.h" #include "internal.h" @@ -112,8 +113,8 @@ static int dtls1_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { } ssl->d1->r_epoch++; - memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap)); - memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence)); + OPENSSL_memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap)); + OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence)); SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx); ssl->s3->aead_read_ctx = aead_ctx; @@ -122,9 +123,9 @@ static int dtls1_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { static int dtls1_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { ssl->d1->w_epoch++; - memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence, - sizeof(ssl->s3->write_sequence)); - memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence)); + OPENSSL_memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence, + sizeof(ssl->s3->write_sequence)); + OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence)); SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx); ssl->s3->aead_write_ctx = aead_ctx; diff --git a/src/ssl/dtls_record.c b/src/ssl/dtls_record.c index ffe4053e..e507f5c6 100644 --- a/src/ssl/dtls_record.c +++ b/src/ssl/dtls_record.c @@ -283,7 +283,7 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, out[3] = epoch >> 8; out[4] = epoch & 0xff; - memcpy(&out[5], &seq[2], 6); + OPENSSL_memcpy(&out[5], &seq[2], 6); size_t ciphertext_len; if (!SSL_AEAD_CTX_seal(aead, out + DTLS1_RT_HEADER_LENGTH, &ciphertext_len, diff --git a/src/ssl/handshake_client.c b/src/ssl/handshake_client.c index 8c218183..720c215a 100644 --- a/src/ssl/handshake_client.c +++ b/src/ssl/handshake_client.c @@ -167,6 +167,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "../crypto/internal.h" #include "internal.h" @@ -349,7 +350,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { case SSL3_ST_CW_CERT_VRFY_A: case SSL3_ST_CW_CERT_VRFY_B: case SSL3_ST_CW_CERT_VRFY_C: - if (hs->cert_request) { + if (hs->cert_request && ssl_has_certificate(ssl)) { ret = ssl3_send_cert_verify(hs); if (ret <= 0) { goto end; @@ -815,7 +816,7 @@ static int dtls1_get_hello_verify(SSL_HANDSHAKE *hs) { goto f_err; } - memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie)); + OPENSSL_memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie)); ssl->d1->cookie_len = CBS_len(&cookie); ssl->d1->send_cookie = 1; @@ -913,7 +914,7 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) { } /* Copy over the server random. */ - memcpy(ssl->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE); + OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE); /* TODO(davidben): Implement the TLS 1.1 and 1.2 downgrade sentinels once TLS * 1.3 is finalized and we are not implementing a draft version. */ @@ -932,7 +933,7 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) { } /* Note: session_id could be empty. */ ssl->s3->new_session->session_id_length = CBS_len(&session_id); - memcpy(ssl->s3->new_session->session_id, CBS_data(&session_id), + OPENSSL_memcpy(ssl->s3->new_session->session_id, CBS_data(&session_id), CBS_len(&session_id)); } @@ -1466,7 +1467,6 @@ static int ssl3_send_client_certificate(SSL_HANDSHAKE *hs) { } if (!ssl_has_certificate(ssl)) { - hs->cert_request = 0; /* Without a client certificate, the handshake buffer may be released. */ ssl3_free_handshake_buffer(ssl); @@ -1477,7 +1477,8 @@ static int ssl3_send_client_certificate(SSL_HANDSHAKE *hs) { } } - if (!ssl3_output_cert_chain(ssl)) { + if (!ssl_auto_chain_if_needed(ssl) || + !ssl3_output_cert_chain(ssl)) { return -1; } hs->state = SSL3_ST_CW_CERT_B; @@ -1515,7 +1516,7 @@ static int ssl3_send_client_key_exchange(SSL_HANDSHAKE *hs) { } char identity[PSK_MAX_IDENTITY_LEN + 1]; - memset(identity, 0, sizeof(identity)); + OPENSSL_memset(identity, 0, sizeof(identity)); psk_len = ssl->psk_client_callback(ssl, hs->peer_psk_identity_hint, identity, sizeof(identity), psk, sizeof(psk)); @@ -1616,7 +1617,7 @@ static int ssl3_send_client_key_exchange(SSL_HANDSHAKE *hs) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } - memset(pms, 0, pms_len); + OPENSSL_memset(pms, 0, pms_len); } else { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); diff --git a/src/ssl/handshake_server.c b/src/ssl/handshake_server.c index d41685e5..6ce49f57 100644 --- a/src/ssl/handshake_server.c +++ b/src/ssl/handshake_server.c @@ -881,12 +881,12 @@ static int ssl3_get_client_hello(SSL_HANDSHAKE *hs) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return -1; } - memcpy(ssl->s3->client_random, client_hello.random, - client_hello.random_len); + OPENSSL_memcpy(ssl->s3->client_random, client_hello.random, + client_hello.random_len); /* Only null compression is supported. */ - if (memchr(client_hello.compression_methods, 0, - client_hello.compression_methods_len) == NULL) { + if (OPENSSL_memchr(client_hello.compression_methods, 0, + client_hello.compression_methods_len) == NULL) { al = SSL_AD_ILLEGAL_PARAMETER; OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMPRESSION_SPECIFIED); goto f_err; @@ -916,6 +916,10 @@ static int ssl3_get_client_hello(SSL_HANDSHAKE *hs) { } } + if (!ssl_auto_chain_if_needed(ssl)) { + goto err; + } + /* Negotiate the cipher suite. This must be done after |cert_cb| so the * certificate is finalized. */ ssl->s3->tmp.new_cipher = @@ -1736,7 +1740,7 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } - memset(premaster_secret, 0, premaster_secret_len); + OPENSSL_memset(premaster_secret, 0, premaster_secret_len); } else { al = SSL_AD_HANDSHAKE_FAILURE; OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_TYPE); diff --git a/src/ssl/internal.h b/src/ssl/internal.h index 2688bc72..919f5aa2 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -779,6 +779,11 @@ int ssl_add_cert_to_cbb(CBB *cbb, X509 *x509); * empty certificate list. It returns one on success and zero on error. */ int ssl_add_cert_chain(SSL *ssl, CBB *cbb); +/* ssl_auto_chain_if_needed runs the deprecated auto-chaining logic if + * necessary. On success, it updates |ssl|'s certificate configuration as needed + * and returns one. Otherwise, it returns zero. */ +int ssl_auto_chain_if_needed(SSL *ssl); + /* ssl_cert_check_digital_signature_key_usage parses the DER-encoded, X.509 * certificate in |in| and returns one if doesn't specify a key usage or, if it * does, if it includes digitalSignature. Otherwise it pushes to the error @@ -833,10 +838,9 @@ int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, const uint8_t *traffic_secret, size_t traffic_secret_len); -/* tls13_set_handshake_traffic derives the handshake traffic secret and - * switches both read and write traffic to it. It returns one on success and - * zero on error. */ -int tls13_set_handshake_traffic(SSL_HANDSHAKE *hs); +/* tls13_derive_handshake_secrets derives the handshake traffic secret. It + * returns one on success and zero on error. */ +int tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs); /* tls13_rotate_traffic_key derives the next read or write traffic secret. It * returns one on success and zero on error. */ @@ -914,6 +918,8 @@ struct ssl_handshake_st { size_t hash_len; uint8_t secret[EVP_MAX_MD_SIZE]; + uint8_t client_handshake_secret[EVP_MAX_MD_SIZE]; + uint8_t server_handshake_secret[EVP_MAX_MD_SIZE]; uint8_t client_traffic_secret_0[EVP_MAX_MD_SIZE]; uint8_t server_traffic_secret_0[EVP_MAX_MD_SIZE]; @@ -1142,10 +1148,10 @@ typedef struct { * it. It writes the parsed extensions to pointers denoted by |ext_types|. On * success, it fills in the |out_present| and |out_data| fields and returns one. * Otherwise, it sets |*out_alert| to an alert to send and returns zero. Unknown - * extensions are rejected. */ + * extensions are rejected unless |ignore_unknown| is 1. */ int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, const SSL_EXTENSION_TYPE *ext_types, - size_t num_ext_types); + size_t num_ext_types, int ignore_unknown); /* SSLKEYLOGFILE functions. */ @@ -1482,6 +1488,10 @@ typedef struct ssl3_state_st { * handshake. */ unsigned tlsext_channel_id_valid:1; + /* short_header is one if https://github.com/tlswg/tls13-spec/pull/762 has + * been negotiated. */ + unsigned short_header:1; + uint8_t send_alert[2]; /* pending_message is the current outgoing handshake message. */ @@ -1936,6 +1946,9 @@ void ssl_set_client_disabled(SSL *ssl); void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock); +/* ssl_reset_error_state resets state for |SSL_get_error|. */ +void ssl_reset_error_state(SSL *ssl); + #if defined(__cplusplus) } /* extern C */ diff --git a/src/ssl/s3_both.c b/src/ssl/s3_both.c index 4800f920..492884f7 100644 --- a/src/ssl/s3_both.c +++ b/src/ssl/s3_both.c @@ -127,6 +127,7 @@ #include <openssl/sha.h> #include <openssl/x509.h> +#include "../crypto/internal.h" #include "internal.h" @@ -136,7 +137,7 @@ SSL_HANDSHAKE *ssl_handshake_new(SSL *ssl) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; } - memset(hs, 0, sizeof(SSL_HANDSHAKE)); + OPENSSL_memset(hs, 0, sizeof(SSL_HANDSHAKE)); hs->ssl = ssl; hs->wait = ssl_hs_ok; hs->state = SSL_ST_INIT; @@ -149,6 +150,10 @@ void ssl_handshake_free(SSL_HANDSHAKE *hs) { } OPENSSL_cleanse(hs->secret, sizeof(hs->secret)); + OPENSSL_cleanse(hs->client_handshake_secret, + sizeof(hs->client_handshake_secret)); + OPENSSL_cleanse(hs->server_handshake_secret, + sizeof(hs->server_handshake_secret)); OPENSSL_cleanse(hs->client_traffic_secret_0, sizeof(hs->client_traffic_secret_0)); OPENSSL_cleanse(hs->server_traffic_secret_0, @@ -291,10 +296,10 @@ int ssl3_send_finished(SSL_HANDSHAKE *hs, int a, int b) { } if (ssl->server) { - memcpy(ssl->s3->previous_server_finished, finished, finished_len); + OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len); ssl->s3->previous_server_finished_len = finished_len; } else { - memcpy(ssl->s3->previous_client_finished, finished, finished_len); + OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len); ssl->s3->previous_client_finished_len = finished_len; } } @@ -349,10 +354,10 @@ int ssl3_get_finished(SSL_HANDSHAKE *hs) { } if (ssl->server) { - memcpy(ssl->s3->previous_client_finished, finished, finished_len); + OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len); ssl->s3->previous_client_finished_len = finished_len; } else { - memcpy(ssl->s3->previous_server_finished, finished, finished_len); + OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len); ssl->s3->previous_server_finished_len = finished_len; } } @@ -517,9 +522,9 @@ static int read_v2_client_hello(SSL *ssl, int *out_is_v2_client_hello) { rand_len = SSL3_RANDOM_SIZE; } uint8_t random[SSL3_RANDOM_SIZE]; - memset(random, 0, SSL3_RANDOM_SIZE); - memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge), - rand_len); + OPENSSL_memset(random, 0, SSL3_RANDOM_SIZE); + OPENSSL_memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge), + rand_len); /* Write out an equivalent SSLv3 ClientHello. */ size_t max_v3_client_hello = SSL3_HM_HEADER_LENGTH + 2 /* version */ + @@ -775,7 +780,7 @@ int ssl_verify_alarm_type(long type) { int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, const SSL_EXTENSION_TYPE *ext_types, - size_t num_ext_types) { + size_t num_ext_types, int ignore_unknown) { /* Reset everything. */ for (size_t i = 0; i < num_ext_types; i++) { *ext_types[i].out_present = 0; @@ -802,6 +807,9 @@ int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, } if (ext_type == NULL) { + if (ignore_unknown) { + continue; + } OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; return 0; diff --git a/src/ssl/s3_enc.c b/src/ssl/s3_enc.c index 7cdc294b..bf82e086 100644 --- a/src/ssl/s3_enc.c +++ b/src/ssl/s3_enc.c @@ -144,8 +144,10 @@ #include <openssl/md5.h> #include <openssl/nid.h> +#include "../crypto/internal.h" #include "internal.h" + static int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len, const uint8_t *secret, size_t secret_len, const char *label, size_t label_len, const uint8_t *seed1, size_t seed1_len, @@ -194,7 +196,7 @@ static int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len, EVP_DigestUpdate(&md5, smd, SHA_DIGEST_LENGTH); if (i + MD5_DIGEST_LENGTH > out_len) { EVP_DigestFinal_ex(&md5, smd, NULL); - memcpy(out, smd, out_len - i); + OPENSSL_memcpy(out, smd, out_len - i); } else { EVP_DigestFinal_ex(&md5, out, NULL); } @@ -269,7 +271,8 @@ int ssl3_update_handshake_hash(SSL *ssl, const uint8_t *in, size_t in_len) { if (!BUF_MEM_grow(ssl->s3->handshake_buffer, new_len)) { return 0; } - memcpy(ssl->s3->handshake_buffer->data + new_len - in_len, in, in_len); + OPENSSL_memcpy(ssl->s3->handshake_buffer->data + new_len - in_len, in, + in_len); } if (EVP_MD_CTX_md(&ssl->s3->handshake_hash) != NULL) { diff --git a/src/ssl/s3_lib.c b/src/ssl/s3_lib.c index 859cb9be..70394182 100644 --- a/src/ssl/s3_lib.c +++ b/src/ssl/s3_lib.c @@ -159,6 +159,7 @@ #include <openssl/mem.h> #include <openssl/nid.h> +#include "../crypto/internal.h" #include "internal.h" @@ -169,7 +170,7 @@ int ssl3_new(SSL *ssl) { if (s3 == NULL) { return 0; } - memset(s3, 0, sizeof *s3); + OPENSSL_memset(s3, 0, sizeof *s3); s3->hs = ssl_handshake_new(ssl); if (s3->hs == NULL) { @@ -221,19 +222,7 @@ const struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences( return ssl->cipher_list; } - if (ssl->version >= TLS1_1_VERSION && ssl->ctx->cipher_list_tls11 != NULL) { - return ssl->ctx->cipher_list_tls11; - } - - if (ssl->version >= TLS1_VERSION && ssl->ctx->cipher_list_tls10 != NULL) { - return ssl->ctx->cipher_list_tls10; - } - - if (ssl->ctx->cipher_list != NULL) { - return ssl->ctx->cipher_list; - } - - return NULL; + return ssl->ctx->cipher_list; } /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c index e4116fb2..9bd9f1fd 100644 --- a/src/ssl/s3_pkt.c +++ b/src/ssl/s3_pkt.c @@ -118,6 +118,7 @@ #include <openssl/mem.h> #include <openssl/rand.h> +#include "../crypto/internal.h" #include "internal.h" @@ -319,7 +320,7 @@ static int consume_record(SSL *ssl, uint8_t *out, int len, int peek) { len = (int)rr->length; } - memcpy(out, rr->data, len); + OPENSSL_memcpy(out, rr->data, len); if (!peek) { rr->length -= len; rr->data += len; diff --git a/src/ssl/ssl_aead_ctx.c b/src/ssl/ssl_aead_ctx.c index b05df0b1..1b951505 100644 --- a/src/ssl/ssl_aead_ctx.c +++ b/src/ssl/ssl_aead_ctx.c @@ -22,6 +22,7 @@ #include <openssl/rand.h> #include <openssl/type_check.h> +#include "../crypto/internal.h" #include "internal.h" @@ -52,9 +53,10 @@ SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction, OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return 0; } - memcpy(merged_key, mac_key, mac_key_len); - memcpy(merged_key + mac_key_len, enc_key, enc_key_len); - memcpy(merged_key + mac_key_len + enc_key_len, fixed_iv, fixed_iv_len); + OPENSSL_memcpy(merged_key, mac_key, mac_key_len); + OPENSSL_memcpy(merged_key + mac_key_len, enc_key, enc_key_len); + OPENSSL_memcpy(merged_key + mac_key_len + enc_key_len, fixed_iv, + fixed_iv_len); enc_key = merged_key; enc_key_len += mac_key_len; enc_key_len += fixed_iv_len; @@ -65,7 +67,7 @@ SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction, OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; } - memset(aead_ctx, 0, sizeof(SSL_AEAD_CTX)); + OPENSSL_memset(aead_ctx, 0, sizeof(SSL_AEAD_CTX)); aead_ctx->cipher = cipher; if (!EVP_AEAD_CTX_init_with_direction( @@ -79,7 +81,7 @@ SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction, aead_ctx->variable_nonce_len = (uint8_t)EVP_AEAD_nonce_length(aead); if (mac_key_len == 0) { assert(fixed_iv_len <= sizeof(aead_ctx->fixed_nonce)); - memcpy(aead_ctx->fixed_nonce, fixed_iv, fixed_iv_len); + OPENSSL_memcpy(aead_ctx->fixed_nonce, fixed_iv, fixed_iv_len); aead_ctx->fixed_nonce_len = fixed_iv_len; if (cipher->algorithm_enc & SSL_CHACHA20POLY1305) { @@ -158,7 +160,7 @@ static size_t ssl_aead_ctx_get_ad(SSL_AEAD_CTX *aead, uint8_t out[13], return 0; } - memcpy(out, seqnum, 8); + OPENSSL_memcpy(out, seqnum, 8); size_t len = 8; out[len++] = type; if (!aead->omit_version_in_ad) { @@ -208,9 +210,9 @@ int SSL_AEAD_CTX_open(SSL_AEAD_CTX *aead, CBS *out, uint8_t type, /* Prepend the fixed nonce, or left-pad with zeros if XORing. */ if (aead->xor_fixed_nonce) { nonce_len = aead->fixed_nonce_len - aead->variable_nonce_len; - memset(nonce, 0, nonce_len); + OPENSSL_memset(nonce, 0, nonce_len); } else { - memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); + OPENSSL_memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); nonce_len += aead->fixed_nonce_len; } @@ -221,12 +223,12 @@ int SSL_AEAD_CTX_open(SSL_AEAD_CTX *aead, CBS *out, uint8_t type, OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_PACKET_LENGTH); return 0; } - memcpy(nonce + nonce_len, in, aead->variable_nonce_len); + OPENSSL_memcpy(nonce + nonce_len, in, aead->variable_nonce_len); in += aead->variable_nonce_len; in_len -= aead->variable_nonce_len; } else { assert(aead->variable_nonce_len == 8); - memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len); + OPENSSL_memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len); } nonce_len += aead->variable_nonce_len; @@ -262,7 +264,7 @@ int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len, OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); return 0; } - memmove(out, in, in_len); + OPENSSL_memmove(out, in, in_len); *out_len = in_len; return 1; } @@ -278,9 +280,9 @@ int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len, /* Prepend the fixed nonce, or left-pad with zeros if XORing. */ if (aead->xor_fixed_nonce) { nonce_len = aead->fixed_nonce_len - aead->variable_nonce_len; - memset(nonce, 0, nonce_len); + OPENSSL_memset(nonce, 0, nonce_len); } else { - memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); + OPENSSL_memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); nonce_len += aead->fixed_nonce_len; } @@ -294,7 +296,7 @@ int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len, /* When sending we use the sequence number as the variable part of the * nonce. */ assert(aead->variable_nonce_len == 8); - memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len); + OPENSSL_memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len); } nonce_len += aead->variable_nonce_len; @@ -310,7 +312,8 @@ int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len, OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT); return 0; } - memcpy(out, nonce + aead->fixed_nonce_len, aead->variable_nonce_len); + OPENSSL_memcpy(out, nonce + aead->fixed_nonce_len, + aead->variable_nonce_len); extra_len = aead->variable_nonce_len; out += aead->variable_nonce_len; max_out -= aead->variable_nonce_len; diff --git a/src/ssl/ssl_asn1.c b/src/ssl/ssl_asn1.c index 902b5801..c9dfdcc1 100644 --- a/src/ssl/ssl_asn1.c +++ b/src/ssl/ssl_asn1.c @@ -91,6 +91,7 @@ #include <openssl/mem.h> #include <openssl/x509.h> +#include "../crypto/internal.h" #include "internal.h" @@ -127,6 +128,7 @@ * ticketAgeAdd [21] OCTET STRING OPTIONAL, * isServer [22] BOOLEAN DEFAULT TRUE, * peerSignatureAlgorithm [23] INTEGER OPTIONAL, + * ticketMaxEarlyData [24] INTEGER OPTIONAL, * } * * Note: historically this serialization has included other optional @@ -179,6 +181,8 @@ static const int kIsServerTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 22; static const int kPeerSignatureAlgorithmTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 23; +static const int kTicketMaxEarlyDataTag = + CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 24; static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data, size_t *out_len, int for_ticket) { @@ -391,6 +395,13 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data, goto err; } + if (in->ticket_max_early_data != 0 && + (!CBB_add_asn1(&session, &child, kTicketMaxEarlyDataTag) || + !CBB_add_asn1_uint64(&child, in->ticket_max_early_data))) { + OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!CBB_finish(&cbb, out_data, out_len)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; @@ -443,7 +454,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp) { } if (pp) { - memcpy(*pp, out, len); + OPENSSL_memcpy(*pp, out, len); *pp += len; } OPENSSL_free(out); @@ -510,7 +521,7 @@ static int SSL_SESSION_parse_bounded_octet_string( OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); return 0; } - memcpy(out, CBS_data(&value), CBS_len(&value)); + OPENSSL_memcpy(out, CBS_data(&value), CBS_len(&value)); *out_len = (uint8_t)CBS_len(&value); return 1; } @@ -593,9 +604,9 @@ static SSL_SESSION *SSL_SESSION_parse(CBS *cbs) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); goto err; } - memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id)); + OPENSSL_memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id)); ret->session_id_length = CBS_len(&session_id); - memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key)); + OPENSSL_memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key)); ret->master_key_length = CBS_len(&master_key); CBS child; @@ -647,7 +658,8 @@ static SSL_SESSION *SSL_SESSION_parse(CBS *cbs) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); goto err; } - memcpy(ret->peer_sha256, CBS_data(&peer_sha256), sizeof(ret->peer_sha256)); + OPENSSL_memcpy(ret->peer_sha256, CBS_data(&peer_sha256), + sizeof(ret->peer_sha256)); ret->peer_sha256_valid = 1; } else { ret->peer_sha256_valid = 0; @@ -773,6 +785,8 @@ static SSL_SESSION *SSL_SESSION_parse(CBS *cbs) { if (!SSL_SESSION_parse_u16(&session, &ret->peer_signature_algorithm, kPeerSignatureAlgorithmTag, 0) || + !SSL_SESSION_parse_u32(&session, &ret->ticket_max_early_data, + kTicketMaxEarlyDataTag, 0) || CBS_len(&session) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); goto err; diff --git a/src/ssl/ssl_buffer.c b/src/ssl/ssl_buffer.c index 7feb1615..c27db8ba 100644 --- a/src/ssl/ssl_buffer.c +++ b/src/ssl/ssl_buffer.c @@ -24,6 +24,7 @@ #include <openssl/mem.h> #include <openssl/type_check.h> +#include "../crypto/internal.h" #include "internal.h" @@ -67,7 +68,7 @@ static void consume_buffer(SSL3_BUFFER *buf, size_t len) { static void clear_buffer(SSL3_BUFFER *buf) { OPENSSL_free(buf->buf); - memset(buf, 0, sizeof(SSL3_BUFFER)); + OPENSSL_memset(buf, 0, sizeof(SSL3_BUFFER)); } OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= diff --git a/src/ssl/ssl_cert.c b/src/ssl/ssl_cert.c index 277ee4d4..397fbf0e 100644 --- a/src/ssl/ssl_cert.c +++ b/src/ssl/ssl_cert.c @@ -147,7 +147,7 @@ CERT *ssl_cert_new(void) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(CERT)); + OPENSSL_memset(ret, 0, sizeof(CERT)); return ret; } @@ -158,7 +158,7 @@ CERT *ssl_cert_dup(CERT *cert) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(CERT)); + OPENSSL_memset(ret, 0, sizeof(CERT)); if (cert->x509_leaf != NULL) { X509_up_ref(cert->x509_leaf); @@ -557,54 +557,53 @@ int ssl_add_cert_chain(SSL *ssl, CBB *cbb) { return CBB_add_u24(cbb, 0); } - CERT *cert = ssl->cert; - X509 *x = cert->x509_leaf; - CBB child; - if (!CBB_add_u24_length_prefixed(cbb, &child)) { + if (!CBB_add_u24_length_prefixed(cbb, &child) || + !ssl_add_cert_with_length(&child, ssl->cert->x509_leaf)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return 0; } - int no_chain = 0; - STACK_OF(X509) *chain = cert->x509_chain; - if ((ssl->mode & SSL_MODE_NO_AUTO_CHAIN) || chain != NULL) { - no_chain = 1; - } - - if (no_chain) { - if (!ssl_add_cert_with_length(&child, x)) { + STACK_OF(X509) *chain = ssl->cert->x509_chain; + for (size_t i = 0; i < sk_X509_num(chain); i++) { + if (!ssl_add_cert_with_length(&child, sk_X509_value(chain, i))) { return 0; } + } - for (size_t i = 0; i < sk_X509_num(chain); i++) { - x = sk_X509_value(chain, i); - if (!ssl_add_cert_with_length(&child, x)) { - return 0; - } - } - } else { - X509_STORE_CTX xs_ctx; + return CBB_flush(cbb); +} + +int ssl_auto_chain_if_needed(SSL *ssl) { + /* Only build a chain if there are no intermediates configured and the feature + * isn't disabled. */ + if ((ssl->mode & SSL_MODE_NO_AUTO_CHAIN) || + !ssl_has_certificate(ssl) || + ssl->cert->x509_chain != NULL) { + return 1; + } - if (!X509_STORE_CTX_init(&xs_ctx, ssl->ctx->cert_store, x, NULL)) { - OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB); + X509_STORE_CTX ctx; + if (!X509_STORE_CTX_init(&ctx, ssl->ctx->cert_store, ssl->cert->x509_leaf, + NULL)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB); + return 0; + } + + /* Attempt to build a chain, ignoring the result. */ + X509_verify_cert(&ctx); + ERR_clear_error(); + + /* Configure the intermediates from any partial chain we managed to build. */ + for (size_t i = 1; i < sk_X509_num(ctx.chain); i++) { + if (!SSL_add1_chain_cert(ssl, sk_X509_value(ctx.chain, i))) { + X509_STORE_CTX_cleanup(&ctx); return 0; } - X509_verify_cert(&xs_ctx); - /* Don't leave errors in the queue */ - ERR_clear_error(); - - for (size_t i = 0; i < sk_X509_num(xs_ctx.chain); i++) { - x = sk_X509_value(xs_ctx.chain, i); - if (!ssl_add_cert_with_length(&child, x)) { - X509_STORE_CTX_cleanup(&xs_ctx); - return 0; - } - } - X509_STORE_CTX_cleanup(&xs_ctx); } - return CBB_flush(cbb); + X509_STORE_CTX_cleanup(&ctx); + return 1; } /* ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and @@ -707,7 +706,8 @@ int ssl_cert_check_digital_signature_key_usage(const CBS *in) { static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f}; if (CBS_len(&oid) != sizeof(kKeyUsageOID) || - memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) != 0) { + OPENSSL_memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) != + 0) { continue; } diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c index 52237215..20b075e7 100644 --- a/src/ssl/ssl_cipher.c +++ b/src/ssl/ssl_cipher.c @@ -1073,7 +1073,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } - memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); + OPENSSL_memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); /* Now find the strength_bits values actually used. */ curr = *head_p; @@ -1437,7 +1437,7 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, if (!pref_list->in_group_flags) { goto err; } - memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags); + OPENSSL_memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags); OPENSSL_free(in_group_flags); in_group_flags = NULL; if (*out_cipher_list != NULL) { diff --git a/src/ssl/ssl_lib.c b/src/ssl/ssl_lib.c index 77e86a8c..a60bf81e 100644 --- a/src/ssl/ssl_lib.c +++ b/src/ssl/ssl_lib.c @@ -196,8 +196,8 @@ static uint32_t ssl_session_hash(const SSL_SESSION *sess) { uint8_t tmp_storage[sizeof(uint32_t)]; if (sess->session_id_length < sizeof(tmp_storage)) { - memset(tmp_storage, 0, sizeof(tmp_storage)); - memcpy(tmp_storage, sess->session_id, sess->session_id_length); + OPENSSL_memset(tmp_storage, 0, sizeof(tmp_storage)); + OPENSSL_memcpy(tmp_storage, sess->session_id, sess->session_id_length); session_id = tmp_storage; } @@ -224,7 +224,7 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { return 1; } - return memcmp(a->session_id, b->session_id, a->session_id_length); + return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length); } SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { @@ -245,7 +245,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { goto err; } - memset(ret, 0, sizeof(SSL_CTX)); + OPENSSL_memset(ret, 0, sizeof(SSL_CTX)); ret->method = method->method; @@ -352,8 +352,6 @@ void SSL_CTX_free(SSL_CTX *ctx) { lh_SSL_SESSION_free(ctx->sessions); X509_STORE_free(ctx->cert_store); ssl_cipher_preference_list_free(ctx->cipher_list); - ssl_cipher_preference_list_free(ctx->cipher_list_tls10); - ssl_cipher_preference_list_free(ctx->cipher_list_tls11); ssl_cert_free(ctx->cert); sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions, SSL_CUSTOM_EXTENSION_free); @@ -385,7 +383,7 @@ SSL *SSL_new(SSL_CTX *ctx) { if (ssl == NULL) { goto err; } - memset(ssl, 0, sizeof(SSL)); + OPENSSL_memset(ssl, 0, sizeof(SSL)); ssl->min_version = ctx->min_version; ssl->max_version = ctx->max_version; @@ -408,7 +406,7 @@ SSL *SSL_new(SSL_CTX *ctx) { ssl->verify_mode = ctx->verify_mode; ssl->sid_ctx_length = ctx->sid_ctx_length; assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); - memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + OPENSSL_memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); ssl->verify_callback = ctx->default_verify_callback; ssl->retain_only_sha256_of_client_certs = ctx->retain_only_sha256_of_client_certs; @@ -421,9 +419,9 @@ SSL *SSL_new(SSL_CTX *ctx) { ssl->quiet_shutdown = ctx->quiet_shutdown; ssl->max_send_fragment = ctx->max_send_fragment; - CRYPTO_refcount_inc(&ctx->references); + SSL_CTX_up_ref(ctx); ssl->ctx = ctx; - CRYPTO_refcount_inc(&ctx->references); + SSL_CTX_up_ref(ctx); ssl->initial_ctx = ctx; if (ctx->supported_group_list) { @@ -614,11 +612,16 @@ BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; } -int SSL_do_handshake(SSL *ssl) { +void ssl_reset_error_state(SSL *ssl) { + /* Functions which use |SSL_get_error| must reset I/O and error state on + * entry. */ ssl->rwstate = SSL_NOTHING; - /* Functions which use SSL_get_error must clear the error queue on entry. */ ERR_clear_error(); ERR_clear_system_error(); +} + +int SSL_do_handshake(SSL *ssl) { + ssl_reset_error_state(ssl); if (ssl->handshake_func == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET); @@ -737,10 +740,7 @@ static int ssl_do_post_handshake(SSL *ssl) { } static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) { - ssl->rwstate = SSL_NOTHING; - /* Functions which use SSL_get_error must clear the error queue on entry. */ - ERR_clear_error(); - ERR_clear_system_error(); + ssl_reset_error_state(ssl); if (ssl->handshake_func == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); @@ -786,10 +786,7 @@ int SSL_peek(SSL *ssl, void *buf, int num) { } int SSL_write(SSL *ssl, const void *buf, int num) { - ssl->rwstate = SSL_NOTHING; - /* Functions which use SSL_get_error must clear the error queue on entry. */ - ERR_clear_error(); - ERR_clear_system_error(); + ssl_reset_error_state(ssl); if (ssl->handshake_func == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); @@ -817,10 +814,7 @@ int SSL_write(SSL *ssl, const void *buf, int num) { } int SSL_shutdown(SSL *ssl) { - ssl->rwstate = SSL_NOTHING; - /* Functions which use SSL_get_error must clear the error queue on entry. */ - ERR_clear_error(); - ERR_clear_system_error(); + ssl_reset_error_state(ssl); if (ssl->handshake_func == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); @@ -880,6 +874,10 @@ int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) { return ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); } +void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) { + ctx->enable_early_data = !!enabled; +} + static int bio_retry_reason_to_error(int reason) { switch (reason) { case BIO_RR_CONNECT: @@ -1159,12 +1157,12 @@ int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len, *out_len = max_out; } - memcpy(out, finished, *out_len); + OPENSSL_memcpy(out, finished, *out_len); return 1; err: *out_len = 0; - memset(out, 0, max_out); + OPENSSL_memset(out, 0, max_out); return 0; } @@ -1177,7 +1175,7 @@ int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx, assert(sizeof(ctx->sid_ctx) < 256); ctx->sid_ctx_length = (uint8_t)sid_ctx_len; - memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); + OPENSSL_memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); return 1; } @@ -1191,7 +1189,7 @@ int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, assert(sizeof(ssl->sid_ctx) < 256); ssl->sid_ctx_length = (uint8_t)sid_ctx_len; - memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); + OPENSSL_memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); return 1; } @@ -1311,7 +1309,7 @@ static size_t copy_finished(void *out, size_t out_len, const uint8_t *in, if (out_len > in_len) { out_len = in_len; } - memcpy(out, in, out_len); + OPENSSL_memcpy(out, in, out_len); return in_len; } @@ -1547,9 +1545,9 @@ int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, size_t len) { return 0; } uint8_t *out_bytes = out; - memcpy(out_bytes, ctx->tlsext_tick_key_name, 16); - memcpy(out_bytes + 16, ctx->tlsext_tick_hmac_key, 16); - memcpy(out_bytes + 32, ctx->tlsext_tick_aes_key, 16); + OPENSSL_memcpy(out_bytes, ctx->tlsext_tick_key_name, 16); + OPENSSL_memcpy(out_bytes + 16, ctx->tlsext_tick_hmac_key, 16); + OPENSSL_memcpy(out_bytes + 32, ctx->tlsext_tick_aes_key, 16); return 1; } @@ -1562,9 +1560,9 @@ int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) { return 0; } const uint8_t *in_bytes = in; - memcpy(ctx->tlsext_tick_key_name, in_bytes, 16); - memcpy(ctx->tlsext_tick_hmac_key, in_bytes + 16, 16); - memcpy(ctx->tlsext_tick_aes_key, in_bytes + 32, 16); + OPENSSL_memcpy(ctx->tlsext_tick_key_name, in_bytes, 16); + OPENSSL_memcpy(ctx->tlsext_tick_hmac_key, in_bytes + 16, 16); + OPENSSL_memcpy(ctx->tlsext_tick_aes_key, in_bytes + 32, 16); return 1; } @@ -1680,38 +1678,6 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { return 1; } -int SSL_CTX_set_cipher_list_tls10(SSL_CTX *ctx, const char *str) { - STACK_OF(SSL_CIPHER) *cipher_list = - ssl_create_cipher_list(ctx->method, &ctx->cipher_list_tls10, str); - if (cipher_list == NULL) { - return 0; - } - - /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */ - if (sk_SSL_CIPHER_num(cipher_list) == 0) { - OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH); - return 0; - } - - return 1; -} - -int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str) { - STACK_OF(SSL_CIPHER) *cipher_list = - ssl_create_cipher_list(ctx->method, &ctx->cipher_list_tls11, str); - if (cipher_list == NULL) { - return 0; - } - - /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */ - if (sk_SSL_CIPHER_num(cipher_list) == 0) { - OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH); - return 0; - } - - return 1; -} - int SSL_set_cipher_list(SSL *ssl, const char *str) { STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(ssl->ctx->method, &ssl->cipher_list, str); @@ -1878,7 +1844,7 @@ int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, for (i = 0; i < server_len;) { for (j = 0; j < client_len;) { if (server[i] == client[j] && - memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { + OPENSSL_memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { /* We found a match */ result = &server[i]; status = OPENSSL_NPN_NEGOTIATED; @@ -2030,7 +1996,8 @@ size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) { if (!ssl->s3->tlsext_channel_id_valid) { return 0; } - memcpy(out, ssl->s3->tlsext_channel_id, (max_out < 64) ? max_out : 64); + OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id, + (max_out < 64) ? max_out : 64); return 64; } @@ -2299,13 +2266,13 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); - CRYPTO_refcount_inc(&ctx->references); - SSL_CTX_free(ssl->ctx); /* decrement reference count */ + SSL_CTX_up_ref(ctx); + SSL_CTX_free(ssl->ctx); ssl->ctx = ctx; ssl->sid_ctx_length = ctx->sid_ctx_length; assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); - memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx)); + OPENSSL_memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx)); return ssl->ctx; } @@ -2869,7 +2836,7 @@ size_t SSL_get_client_random(const SSL *ssl, uint8_t *out, size_t max_out) { if (max_out > sizeof(ssl->s3->client_random)) { max_out = sizeof(ssl->s3->client_random); } - memcpy(out, ssl->s3->client_random, max_out); + OPENSSL_memcpy(out, ssl->s3->client_random, max_out); return max_out; } @@ -2880,7 +2847,7 @@ size_t SSL_get_server_random(const SSL *ssl, uint8_t *out, size_t max_out) { if (max_out > sizeof(ssl->s3->server_random)) { max_out = sizeof(ssl->s3->server_random); } - memcpy(out, ssl->s3->server_random, max_out); + OPENSSL_memcpy(out, ssl->s3->server_random, max_out); return max_out; } @@ -2903,6 +2870,10 @@ void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled) { ctx->grease_enabled = !!enabled; } +void SSL_CTX_set_short_header_enabled(SSL_CTX *ctx, int enabled) { + ctx->short_header_enabled = !!enabled; +} + int SSL_clear(SSL *ssl) { /* In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously * established session to be offered the next time around. wpa_supplicant diff --git a/src/ssl/ssl_session.c b/src/ssl/ssl_session.c index d6d7dabd..7adef1a3 100644 --- a/src/ssl/ssl_session.c +++ b/src/ssl/ssl_session.c @@ -166,7 +166,7 @@ SSL_SESSION *SSL_SESSION_new(void) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } - memset(session, 0, sizeof(SSL_SESSION)); + OPENSSL_memset(session, 0, sizeof(SSL_SESSION)); session->verify_result = X509_V_ERR_INVALID_CALL; session->references = 1; @@ -185,11 +185,11 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { new_session->is_server = session->is_server; new_session->ssl_version = session->ssl_version; new_session->sid_ctx_length = session->sid_ctx_length; - memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length); + OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length); /* Copy the key material. */ new_session->master_key_length = session->master_key_length; - memcpy(new_session->master_key, session->master_key, + OPENSSL_memcpy(new_session->master_key, session->master_key, session->master_key_length); new_session->cipher = session->cipher; @@ -245,7 +245,8 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { } } - memcpy(new_session->peer_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH); + OPENSSL_memcpy(new_session->peer_sha256, session->peer_sha256, + SHA256_DIGEST_LENGTH); new_session->peer_sha256_valid = session->peer_sha256_valid; if (session->tlsext_hostname != NULL) { @@ -263,18 +264,19 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { /* Copy non-authentication connection properties. */ if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) { new_session->session_id_length = session->session_id_length; - memcpy(new_session->session_id, session->session_id, - session->session_id_length); + OPENSSL_memcpy(new_session->session_id, session->session_id, + session->session_id_length); new_session->group_id = session->group_id; - memcpy(new_session->original_handshake_hash, - session->original_handshake_hash, - session->original_handshake_hash_len); + OPENSSL_memcpy(new_session->original_handshake_hash, + session->original_handshake_hash, + session->original_handshake_hash_len); new_session->original_handshake_hash_len = session->original_handshake_hash_len; new_session->tlsext_tick_lifetime_hint = session->tlsext_tick_lifetime_hint; new_session->ticket_age_add = session->ticket_age_add; + new_session->ticket_max_early_data = session->ticket_max_early_data; new_session->extended_master_secret = session->extended_master_secret; } @@ -387,7 +389,7 @@ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out, if (max_out > (size_t)session->master_key_length) { max_out = (size_t)session->master_key_length; } - memcpy(out, session->master_key, max_out); + OPENSSL_memcpy(out, session->master_key, max_out); return max_out; } @@ -418,7 +420,7 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *session, const uint8_t *sid_ctx, assert(sizeof(session->sid_ctx) < 256); session->sid_ctx_length = (uint8_t)sid_ctx_len; - memcpy(session->sid_ctx, sid_ctx, sid_ctx_len); + OPENSSL_memcpy(session->sid_ctx, sid_ctx, sid_ctx_len); return 1; } @@ -517,7 +519,7 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } - memcpy(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length); + OPENSSL_memcpy(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length); session->sid_ctx_length = ssl->sid_ctx_length; /* The session is marked not resumable until it is completely filled in. */ @@ -627,7 +629,7 @@ int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session) { NULL)) { goto err; } - memcpy(key_name, tctx->tlsext_tick_key_name, 16); + OPENSSL_memcpy(key_name, tctx->tlsext_tick_key_name, 16); } uint8_t *ptr; @@ -639,7 +641,7 @@ int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session) { size_t total = 0; #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) - memcpy(ptr, session_buf, session_len); + OPENSSL_memcpy(ptr, session_buf, session_len); total = session_len; #else int len; @@ -679,7 +681,8 @@ int ssl_session_is_context_valid(const SSL *ssl, const SSL_SESSION *session) { } return session->sid_ctx_length == ssl->sid_ctx_length && - memcmp(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length) == 0; + OPENSSL_memcmp(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length) == + 0; } int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) { @@ -737,7 +740,7 @@ static enum ssl_session_result_t ssl_lookup_session( SSL_SESSION data; data.ssl_version = ssl->version; data.session_id_length = session_id_len; - memcpy(data.session_id, session_id, session_id_len); + OPENSSL_memcpy(data.session_id, session_id, session_id_len); CRYPTO_MUTEX_lock_read(&ssl->initial_ctx->lock); session = lh_SSL_SESSION_retrieve(ssl->initial_ctx->sessions, &data); diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc index b74e51e1..952ac114 100644 --- a/src/ssl/ssl_test.cc +++ b/src/ssl/ssl_test.cc @@ -673,7 +673,7 @@ static bool TestSSL_SESSIONEncoding(const char *input_b64) { } encoded.reset(encoded_raw); if (encoded_len != input.size() || - memcmp(input.data(), encoded.get(), input.size()) != 0) { + OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) { fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n"); hexdump(stderr, "Before: ", input.data(), input.size()); hexdump(stderr, "After: ", encoded_raw, encoded_len); @@ -711,7 +711,7 @@ static bool TestSSL_SESSIONEncoding(const char *input_b64) { fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n"); return false; } - if (memcmp(input.data(), encoded.get(), input.size()) != 0) { + if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) { fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n"); return false; } @@ -838,7 +838,7 @@ static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version, if (session->tlsext_tick == nullptr) { return nullptr; } - memset(session->tlsext_tick, 'a', ticket_len); + OPENSSL_memset(session->tlsext_tick, 'a', ticket_len); session->tlsext_ticklen = ticket_len; // Fix up the timeout. @@ -1030,8 +1030,8 @@ static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) { } ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - memset(ret->session_id, 0, ret->session_id_length); - memcpy(ret->session_id, &number, sizeof(number)); + OPENSSL_memset(ret->session_id, 0, ret->session_id_length); + OPENSSL_memcpy(ret->session_id, &number, sizeof(number)); return ret; } @@ -1142,7 +1142,8 @@ static bssl::UniquePtr<X509> GetTestCertificate() { "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n" "-----END CERTIFICATE-----\n"; bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM))); - return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); + return bssl::UniquePtr<X509>( + PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); } static bssl::UniquePtr<EVP_PKEY> GetTestKey() { @@ -1197,6 +1198,90 @@ static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() { PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); } +static bssl::UniquePtr<X509> GetChainTestCertificate() { + static const char kCertPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n" + "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n" + "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n" + "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n" + "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n" + "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n" + "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n" + "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n" + "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n" + "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n" + "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n" + "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n" + "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n" + "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n" + "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n" + "1ngWZ7Ih\n" + "-----END CERTIFICATE-----\n"; + bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM))); + return bssl::UniquePtr<X509>( + PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); +} + +static bssl::UniquePtr<X509> GetChainTestIntermediate() { + static const char kCertPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n" + "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n" + "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n" + "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n" + "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n" + "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n" + "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n" + "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n" + "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" + "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n" + "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n" + "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n" + "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n" + "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n" + "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n" + "-----END CERTIFICATE-----\n"; + bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM))); + return bssl::UniquePtr<X509>( + PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); +} + +static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() { + static const char kKeyPEM[] = + "-----BEGIN PRIVATE KEY-----\n" + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n" + "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n" + "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n" + "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n" + "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n" + "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n" + "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n" + "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n" + "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n" + "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n" + "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n" + "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n" + "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n" + "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n" + "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n" + "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n" + "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n" + "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n" + "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n" + "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n" + "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n" + "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n" + "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n" + "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n" + "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n" + "SxpiPQ8d/hmSGwn4ksrWUsJD\n" + "-----END PRIVATE KEY-----\n"; + bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM))); + return bssl::UniquePtr<EVP_PKEY>( + PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); +} + static bool CompleteHandshakes(SSL *client, SSL *server) { // Drive both their handshakes to completion. for (;;) { @@ -1442,7 +1527,7 @@ static bool TestSessionDuplication() { } bssl::UniquePtr<uint8_t> free_s1(s1_bytes); - return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0; + return s0_len == s1_len && OPENSSL_memcmp(s0_bytes, s1_bytes, s0_len) == 0; } static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) { @@ -1711,7 +1796,8 @@ static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method, return false; } - if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) { + if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != + 0) { fprintf(stderr, "peer_sha256 did not match.\n"); return false; } @@ -1747,10 +1833,10 @@ static bool ClientHelloMatches(uint16_t version, const uint8_t *expected, fprintf(stderr, "ClientHello for version %04x too short.\n", version); return false; } - memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE); + OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE); if (client_hello.size() != expected_len || - memcmp(client_hello.data(), expected, expected_len) != 0) { + OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) { fprintf(stderr, "ClientHello for version %04x did not match:\n", version); fprintf(stderr, "Got:\n\t"); for (size_t i = 0; i < client_hello.size(); i++) { @@ -2097,9 +2183,9 @@ static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, static const uint8_t kZeros[16] = {0}; if (encrypt) { - memcpy(key_name, kZeros, sizeof(kZeros)); + OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros)); RAND_bytes(iv, 16); - } else if (memcmp(key_name, kZeros, 16) != 0) { + } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) { return 0; } @@ -2124,7 +2210,7 @@ static bool GetServerTicketTime(long *out, const SSL_SESSION *session) { #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) // Fuzzer-mode tickets are unencrypted. - memcpy(plaintext.get(), ciphertext, len); + OPENSSL_memcpy(plaintext.get(), ciphertext, len); #else static const uint8_t kZeros[16] = {0}; const uint8_t *iv = session->tlsext_tick + 16; @@ -2588,6 +2674,27 @@ static bool TestSetVersion() { return true; } +static const char *GetVersionName(uint16_t version) { + switch (version) { + case SSL3_VERSION: + return "SSLv3"; + case TLS1_VERSION: + return "TLSv1"; + case TLS1_1_VERSION: + return "TLSv1.1"; + case TLS1_2_VERSION: + return "TLSv1.2"; + case TLS1_3_VERSION: + return "TLSv1.3"; + case DTLS1_VERSION: + return "DTLSv1"; + case DTLS1_2_VERSION: + return "DTLSv1.2"; + default: + return "???"; + } +} + static bool TestVersion(bool is_dtls, const SSL_METHOD *method, uint16_t version) { bssl::UniquePtr<X509> cert = GetTestCertificate(); @@ -2619,6 +2726,29 @@ static bool TestVersion(bool is_dtls, const SSL_METHOD *method, return false; } + // Test the version name is reported as expected. + const char *version_name = GetVersionName(version); + if (strcmp(version_name, SSL_get_version(client.get())) != 0 || + strcmp(version_name, SSL_get_version(server.get())) != 0) { + fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n", + SSL_get_version(client.get()), SSL_get_version(server.get()), + version_name); + return false; + } + + // Test SSL_SESSION reports the same name. + const char *client_name = + SSL_SESSION_get_version(SSL_get_session(client.get())); + const char *server_name = + SSL_SESSION_get_version(SSL_get_session(server.get())); + if (strcmp(version_name, client_name) != 0 || + strcmp(version_name, server_name) != 0) { + fprintf(stderr, + "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n", + client_name, server_name, version_name); + return false; + } + return true; } @@ -2738,6 +2868,268 @@ static bool TestSSLClearSessionResumption(bool is_dtls, return true; } +static bool ChainsEqual(STACK_OF(X509) *chain, + const std::vector<X509 *> &expected) { + if (sk_X509_num(chain) != expected.size()) { + return false; + } + + for (size_t i = 0; i < expected.size(); i++) { + if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) { + return false; + } + } + + return true; +} + +static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method, + uint16_t version) { + bssl::UniquePtr<X509> cert = GetChainTestCertificate(); + bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate(); + bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey(); + if (!cert || !intermediate || !key) { + return false; + } + + // Configure both client and server to accept any certificate. Add + // |intermediate| to the cert store. + bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method)); + if (!ctx || + !SSL_CTX_use_certificate(ctx.get(), cert.get()) || + !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) || + !SSL_CTX_set_min_proto_version(ctx.get(), version) || + !SSL_CTX_set_max_proto_version(ctx.get(), version) || + !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()), + intermediate.get())) { + return false; + } + SSL_CTX_set_verify( + ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr); + SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL); + + // By default, the client and server should each only send the leaf. + bssl::UniquePtr<SSL> client, server; + if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(), + nullptr /* no session */)) { + return false; + } + + if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) { + fprintf(stderr, "Client-received chain did not match.\n"); + return false; + } + + if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) { + fprintf(stderr, "Server-received chain did not match.\n"); + return false; + } + + // If auto-chaining is enabled, then the intermediate is sent. + SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN); + if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(), + nullptr /* no session */)) { + return false; + } + + if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), + {cert.get(), intermediate.get()})) { + fprintf(stderr, "Client-received chain did not match (auto-chaining).\n"); + return false; + } + + if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), + {cert.get(), intermediate.get()})) { + fprintf(stderr, "Server-received chain did not match (auto-chaining).\n"); + return false; + } + + // Auto-chaining does not override explicitly-configured intermediates. + if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) || + !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(), + nullptr /* no session */)) { + return false; + } + + if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), + {cert.get(), cert.get()})) { + fprintf(stderr, + "Client-received chain did not match (auto-chaining, explicit " + "intermediate).\n"); + return false; + } + + if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), + {cert.get(), cert.get()})) { + fprintf(stderr, + "Server-received chain did not match (auto-chaining, explicit " + "intermediate).\n"); + return false; + } + + return true; +} + +static bool ExpectBadWriteRetry() { + int err = ERR_get_error(); + if (ERR_GET_LIB(err) != ERR_LIB_SSL || + ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) { + char buf[ERR_ERROR_STRING_BUF_LEN]; + ERR_error_string_n(err, buf, sizeof(buf)); + fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf); + return false; + } + + if (ERR_peek_error() != 0) { + fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n"); + return false; + } + + return true; +} + +static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method, + uint16_t version) { + if (is_dtls) { + return true; + } + + for (bool enable_partial_write : std::vector<bool>{false, true}) { + // Connect a client and server. + bssl::UniquePtr<X509> cert = GetTestCertificate(); + bssl::UniquePtr<EVP_PKEY> key = GetTestKey(); + bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method)); + bssl::UniquePtr<SSL> client, server; + if (!cert || !key || !ctx || + !SSL_CTX_use_certificate(ctx.get(), cert.get()) || + !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) || + !SSL_CTX_set_min_proto_version(ctx.get(), version) || + !SSL_CTX_set_max_proto_version(ctx.get(), version) || + !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(), + nullptr /* no session */)) { + return false; + } + + if (enable_partial_write) { + SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE); + } + + // Write without reading until the buffer is full and we have an unfinished + // write. Keep a count so we may reread it again later. "hello!" will be + // written in two chunks, "hello" and "!". + char data[] = "hello!"; + static const int kChunkLen = 5; // The length of "hello". + unsigned count = 0; + for (;;) { + int ret = SSL_write(client.get(), data, kChunkLen); + if (ret <= 0) { + int err = SSL_get_error(client.get(), ret); + if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) { + break; + } + fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err); + return false; + } + + if (ret != 5) { + fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret); + return false; + } + + count++; + } + + // Retrying with the same parameters is legal. + if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) != + SSL_ERROR_WANT_WRITE) { + fprintf(stderr, "SSL_write retry unexpectedly failed.\n"); + return false; + } + + // Retrying with the same buffer but shorter length is not legal. + if (SSL_get_error(client.get(), + SSL_write(client.get(), data, kChunkLen - 1)) != + SSL_ERROR_SSL || + !ExpectBadWriteRetry()) { + fprintf(stderr, "SSL_write retry did not fail as expected.\n"); + return false; + } + + // Retrying with a different buffer pointer is not legal. + char data2[] = "hello"; + if (SSL_get_error(client.get(), SSL_write(client.get(), data2, + kChunkLen)) != SSL_ERROR_SSL || + !ExpectBadWriteRetry()) { + fprintf(stderr, "SSL_write retry did not fail as expected.\n"); + return false; + } + + // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move. + SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + if (SSL_get_error(client.get(), + SSL_write(client.get(), data2, kChunkLen)) != + SSL_ERROR_WANT_WRITE) { + fprintf(stderr, "SSL_write retry unexpectedly failed.\n"); + return false; + } + + // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks. + if (SSL_get_error(client.get(), + SSL_write(client.get(), data2, kChunkLen - 1)) != + SSL_ERROR_SSL || + !ExpectBadWriteRetry()) { + fprintf(stderr, "SSL_write retry did not fail as expected.\n"); + return false; + } + + // Retrying with a larger buffer is legal. + if (SSL_get_error(client.get(), + SSL_write(client.get(), data, kChunkLen + 1)) != + SSL_ERROR_WANT_WRITE) { + fprintf(stderr, "SSL_write retry unexpectedly failed.\n"); + return false; + } + + // Drain the buffer. + char buf[20]; + for (unsigned i = 0; i < count; i++) { + if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen || + OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) { + fprintf(stderr, "Failed to read initial records.\n"); + return false; + } + } + + // Now that there is space, a retry with a larger buffer should flush the + // pending record, skip over that many bytes of input (on assumption they + // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE + // is set, this will complete in two steps. + char data3[] = "_____!"; + if (enable_partial_write) { + if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen || + SSL_write(client.get(), data3 + kChunkLen, 1) != 1) { + fprintf(stderr, "SSL_write retry failed.\n"); + return false; + } + } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) { + fprintf(stderr, "SSL_write retry failed.\n"); + return false; + } + + // Check the last write was correct. The data will be spread over two + // records, so SSL_read returns twice. + if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen || + OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 || + SSL_read(server.get(), buf, sizeof(buf)) != 1 || + buf[0] != '!') { + fprintf(stderr, "Failed to read write retry.\n"); + return false; + } + } + + return true; +} + static bool ForEachVersion(bool (*test_func)(bool is_dtls, const SSL_METHOD *method, uint16_t version)) { @@ -2814,7 +3206,9 @@ int main() { !TestSetVersion() || !ForEachVersion(TestVersion) || !ForEachVersion(TestALPNCipherAvailable) || - !ForEachVersion(TestSSLClearSessionResumption)) { + !ForEachVersion(TestSSLClearSessionResumption) || + !ForEachVersion(TestAutoChain) || + !ForEachVersion(TestSSLWriteRetry)) { ERR_print_errors_fp(stderr); return 1; } diff --git a/src/ssl/t1_enc.c b/src/ssl/t1_enc.c index 70907e18..5e5c3483 100644 --- a/src/ssl/t1_enc.c +++ b/src/ssl/t1_enc.c @@ -146,6 +146,7 @@ #include <openssl/nid.h> #include <openssl/rand.h> +#include "../crypto/internal.h" #include "internal.h" @@ -231,7 +232,7 @@ static int tls1_prf(const SSL *ssl, uint8_t *out, size_t out_len, return 1; } - memset(out, 0, out_len); + OPENSSL_memset(out, 0, out_len); uint32_t algorithm_prf = ssl_get_algorithm_prf(ssl); if (algorithm_prf == SSL_HANDSHAKE_MAC_DEFAULT) { @@ -528,12 +529,13 @@ int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, return 0; } - memcpy(seed, ssl->s3->client_random, SSL3_RANDOM_SIZE); - memcpy(seed + SSL3_RANDOM_SIZE, ssl->s3->server_random, SSL3_RANDOM_SIZE); + OPENSSL_memcpy(seed, ssl->s3->client_random, SSL3_RANDOM_SIZE); + OPENSSL_memcpy(seed + SSL3_RANDOM_SIZE, ssl->s3->server_random, + SSL3_RANDOM_SIZE); if (use_context) { seed[2 * SSL3_RANDOM_SIZE] = (uint8_t)(context_len >> 8); seed[2 * SSL3_RANDOM_SIZE + 1] = (uint8_t)context_len; - memcpy(seed + 2 * SSL3_RANDOM_SIZE + 2, context, context_len); + OPENSSL_memcpy(seed + 2 * SSL3_RANDOM_SIZE + 2, context, context_len); } int ret = diff --git a/src/ssl/t1_lib.c b/src/ssl/t1_lib.c index 4549fe2f..06819191 100644 --- a/src/ssl/t1_lib.c +++ b/src/ssl/t1_lib.c @@ -205,7 +205,7 @@ done: int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out, const uint8_t *in, size_t in_len) { - memset(out, 0, sizeof(*out)); + OPENSSL_memset(out, 0, sizeof(*out)); out->ssl = ssl; out->client_hello = in; out->client_hello_len = in_len; @@ -308,9 +308,6 @@ static const uint16_t kDefaultGroups[] = { SSL_CURVE_X25519, SSL_CURVE_SECP256R1, SSL_CURVE_SECP384R1, -#if defined(BORINGSSL_ANDROID_SYSTEM) - SSL_CURVE_SECP521R1, -#endif }; void tls1_get_grouplist(SSL *ssl, const uint16_t **out_group_ids, @@ -464,8 +461,7 @@ static const uint16_t kVerifySignatureAlgorithms[] = { #endif SSL_SIGN_RSA_PKCS1_SHA384, - /* TODO(davidben): Remove this entry and SSL_CURVE_SECP521R1 from - * kDefaultGroups. */ + /* TODO(davidben): Remove this. */ #if defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_ECDSA_SECP521R1_SHA512, #endif @@ -1510,8 +1506,9 @@ static int ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, } if (CBS_len(&client_protocol_name) == CBS_len(&protocol_name) && - memcmp(CBS_data(&client_protocol_name), CBS_data(&protocol_name), - CBS_len(&protocol_name)) == 0) { + OPENSSL_memcmp(CBS_data(&client_protocol_name), + CBS_data(&protocol_name), + CBS_len(&protocol_name)) == 0) { protocol_ok = 1; break; } @@ -1885,8 +1882,9 @@ static int ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, /* Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed * point format. */ - if (memchr(CBS_data(&ec_point_format_list), TLSEXT_ECPOINTFORMAT_uncompressed, - CBS_len(&ec_point_format_list)) == NULL) { + if (OPENSSL_memchr(CBS_data(&ec_point_format_list), + TLSEXT_ECPOINTFORMAT_uncompressed, + CBS_len(&ec_point_format_list)) == NULL) { *out_alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } @@ -2145,8 +2143,8 @@ static int ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs, } /* We only support tickets with PSK_DHE_KE. */ - hs->accept_psk_mode = - memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE, CBS_len(&ke_modes)) != NULL; + hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE, + CBS_len(&ke_modes)) != NULL; return 1; } @@ -2347,7 +2345,7 @@ int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, int *out_found, uint8_t *secret = NULL; size_t secret_len; SSL_ECDH_CTX group; - memset(&group, 0, sizeof(SSL_ECDH_CTX)); + OPENSSL_memset(&group, 0, sizeof(SSL_ECDH_CTX)); CBB public_key; if (!CBB_init(&public_key, 32) || !SSL_ECDH_CTX_init(&group, group_id) || @@ -2460,6 +2458,46 @@ static int ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { } +/* Short record headers + * + * This is a non-standard extension which negotiates + * https://github.com/tlswg/tls13-spec/pull/762 for experimenting. */ + +static int ext_short_header_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { + SSL *const ssl = hs->ssl; + uint16_t min_version, max_version; + if (!ssl_get_version_range(ssl, &min_version, &max_version)) { + return 0; + } + + if (max_version < TLS1_3_VERSION || + !ssl->ctx->short_header_enabled) { + return 1; + } + + return CBB_add_u16(out, TLSEXT_TYPE_short_header) && + CBB_add_u16(out, 0 /* empty extension */); +} + +static int ext_short_header_parse_clienthello(SSL_HANDSHAKE *hs, + uint8_t *out_alert, + CBS *contents) { + SSL *const ssl = hs->ssl; + if (contents == NULL || + !ssl->ctx->short_header_enabled || + ssl3_protocol_version(ssl) < TLS1_3_VERSION) { + return 1; + } + + if (CBS_len(contents) != 0) { + return 0; + } + + ssl->s3->short_header = 1; + return 1; +} + + /* Negotiated Groups * * https://tools.ietf.org/html/rfc4492#section-5.1.2 @@ -2690,6 +2728,14 @@ static const struct tls_extension kExtensions[] = { ignore_parse_clienthello, dont_add_serverhello, }, + { + TLSEXT_TYPE_short_header, + NULL, + ext_short_header_add_clienthello, + forbid_parse_serverhello, + ext_short_header_parse_clienthello, + dont_add_serverhello, + }, /* The final extension must be non-empty. WebSphere Application Server 7.0 is * intolerant to the last extension being zero-length. See * https://crbug.com/363583. */ @@ -2824,7 +2870,7 @@ int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) { goto err; } - memset(padding_bytes, 0, padding_len); + OPENSSL_memset(padding_bytes, 0, padding_len); } } @@ -3187,8 +3233,8 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session, } } else { /* Check the key name matches. */ - if (memcmp(ticket, ssl_ctx->tlsext_tick_key_name, - SSL_TICKET_KEY_NAME_LEN) != 0) { + if (OPENSSL_memcmp(ticket, ssl_ctx->tlsext_tick_key_name, + SSL_TICKET_KEY_NAME_LEN) != 0) { goto done; } if (!HMAC_Init_ex(&hmac_ctx, ssl_ctx->tlsext_tick_hmac_key, @@ -3231,7 +3277,7 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session, } size_t plaintext_len; #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) - memcpy(plaintext, ciphertext, ciphertext_len); + OPENSSL_memcpy(plaintext, ciphertext, ciphertext_len); plaintext_len = ciphertext_len; #else if (ciphertext_len >= INT_MAX) { @@ -3256,7 +3302,7 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session, /* Copy the client's session ID into the new session, to denote the ticket has * been accepted. */ - memcpy(session->session_id, session_id, session_id_len); + OPENSSL_memcpy(session->session_id, session_id, session_id_len); session->session_id_length = session_id_len; *out_session = session; @@ -3443,7 +3489,7 @@ int tls1_verify_channel_id(SSL *ssl) { goto err; } - memcpy(ssl->s3->tlsext_channel_id, p, 64); + OPENSSL_memcpy(ssl->s3->tlsext_channel_id, p, 64); ret = 1; err: diff --git a/src/ssl/test/async_bio.cc b/src/ssl/test/async_bio.cc index 605b33aa..fd351760 100644 --- a/src/ssl/test/async_bio.cc +++ b/src/ssl/test/async_bio.cc @@ -20,6 +20,8 @@ #include <openssl/bio.h> #include <openssl/mem.h> +#include "../../crypto/internal.h" + namespace { @@ -110,7 +112,7 @@ static int AsyncNew(BIO *bio) { if (a == NULL) { return 0; } - memset(a, 0, sizeof(*a)); + OPENSSL_memset(a, 0, sizeof(*a)); a->enforce_write_quota = true; bio->init = 1; bio->ptr = (char *)a; diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc index a3903e2a..a98ff438 100644 --- a/src/ssl/test/bssl_shim.cc +++ b/src/ssl/test/bssl_shim.cc @@ -330,8 +330,8 @@ static ssl_private_key_result_t AsyncPrivateKeyComplete( fprintf(stderr, "Output buffer too small.\n"); return ssl_private_key_failure; } - memcpy(out, test_state->private_key_result.data(), - test_state->private_key_result.size()); + OPENSSL_memcpy(out, test_state->private_key_result.data(), + test_state->private_key_result.size()); *out_len = test_state->private_key_result.size(); test_state->private_key_result.clear(); @@ -498,9 +498,9 @@ static bool CheckCertificateRequest(SSL *ssl) { size_t certificate_types_len = SSL_get0_certificate_types(ssl, &certificate_types); if (certificate_types_len != config->expected_certificate_types.size() || - memcmp(certificate_types, - config->expected_certificate_types.data(), - certificate_types_len) != 0) { + OPENSSL_memcmp(certificate_types, + config->expected_certificate_types.data(), + certificate_types_len) != 0) { fprintf(stderr, "certificate types mismatch\n"); return false; } @@ -626,8 +626,8 @@ static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen, if (!config->expected_advertised_alpn.empty() && (config->expected_advertised_alpn.size() != inlen || - memcmp(config->expected_advertised_alpn.data(), - in, inlen) != 0)) { + OPENSSL_memcmp(config->expected_advertised_alpn.data(), in, inlen) != + 0)) { fprintf(stderr, "bad ALPN select callback inputs\n"); exit(1); } @@ -663,7 +663,7 @@ static unsigned PskClientCallback(SSL *ssl, const char *hint, BUF_strlcpy(out_identity, config->psk_identity.c_str(), max_identity_len); - memcpy(out_psk, config->psk.data(), config->psk.size()); + OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size()); return config->psk.size(); } @@ -681,7 +681,7 @@ static unsigned PskServerCallback(SSL *ssl, const char *identity, return 0; } - memcpy(out_psk, config->psk.data(), config->psk.size()); + OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size()); return config->psk.size(); } @@ -758,9 +758,9 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, static const uint8_t kZeros[16] = {0}; if (encrypt) { - memcpy(key_name, kZeros, sizeof(kZeros)); + OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros)); RAND_bytes(iv, 16); - } else if (memcmp(key_name, kZeros, 16) != 0) { + } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) { return 0; } @@ -824,7 +824,7 @@ static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value, } if (contents_len != sizeof(kCustomExtensionContents) - 1 || - memcmp(contents, kCustomExtensionContents, contents_len) != 0) { + OPENSSL_memcmp(contents, kCustomExtensionContents, contents_len) != 0) { *out_alert_value = SSL_AD_DECODE_ERROR; return 0; } @@ -862,7 +862,7 @@ static int Connect(uint16_t port) { return -1; } sockaddr_in sin; - memset(&sin, 0, sizeof(sin)); + OPENSSL_memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(port); if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { @@ -928,17 +928,6 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { return nullptr; } - if (!config->cipher_tls10.empty() && - !SSL_CTX_set_cipher_list_tls10(ssl_ctx.get(), - config->cipher_tls10.c_str())) { - return nullptr; - } - if (!config->cipher_tls11.empty() && - !SSL_CTX_set_cipher_list_tls11(ssl_ctx.get(), - config->cipher_tls11.c_str())) { - return nullptr; - } - bssl::UniquePtr<DH> dh(DH_get_2048_256(NULL)); if (!dh) { return nullptr; @@ -994,7 +983,6 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL); } - SSL_CTX_set_tls_channel_id_enabled(ssl_ctx.get(), 1); SSL_CTX_set_channel_id_cb(ssl_ctx.get(), ChannelIdCallback); SSL_CTX_set_current_time_cb(ssl_ctx.get(), CurrentTimeCallback); @@ -1053,6 +1041,14 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { return nullptr; } + if (config->enable_short_header) { + SSL_CTX_set_short_header_enabled(ssl_ctx.get(), 1); + } + + if (config->enable_early_data) { + SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1); + } + return ssl_ctx; } @@ -1154,7 +1150,7 @@ static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { // SSL_peek should synchronously return the same data. int ret2 = SSL_peek(ssl, buf.get(), ret); if (ret2 != ret || - memcmp(buf.get(), out, ret) != 0) { + OPENSSL_memcmp(buf.get(), out, ret) != 0) { fprintf(stderr, "First and second SSL_peek did not match.\n"); return -1; } @@ -1162,7 +1158,7 @@ static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { // SSL_read should synchronously return the same data and consume it. ret2 = SSL_read(ssl, buf.get(), ret); if (ret2 != ret || - memcmp(buf.get(), out, ret) != 0) { + OPENSSL_memcmp(buf.get(), out, ret) != 0) { fprintf(stderr, "SSL_peek and SSL_read did not match.\n"); return -1; } @@ -1276,8 +1272,8 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { unsigned next_proto_len; SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); if (next_proto_len != config->expected_next_proto.size() || - memcmp(next_proto, config->expected_next_proto.data(), - next_proto_len) != 0) { + OPENSSL_memcmp(next_proto, config->expected_next_proto.data(), + next_proto_len) != 0) { fprintf(stderr, "negotiated next proto mismatch\n"); return false; } @@ -1288,8 +1284,8 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { unsigned alpn_proto_len; SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); if (alpn_proto_len != config->expected_alpn.size() || - memcmp(alpn_proto, config->expected_alpn.data(), - alpn_proto_len) != 0) { + OPENSSL_memcmp(alpn_proto, config->expected_alpn.data(), + alpn_proto_len) != 0) { fprintf(stderr, "negotiated alpn proto mismatch\n"); return false; } @@ -1302,8 +1298,8 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { return false; } if (config->expected_channel_id.size() != 64 || - memcmp(config->expected_channel_id.data(), - channel_id, 64) != 0) { + OPENSSL_memcmp(config->expected_channel_id.data(), channel_id, 64) != + 0) { fprintf(stderr, "channel id mismatch\n"); return false; } @@ -1321,7 +1317,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { size_t len; SSL_get0_ocsp_response(ssl, &data, &len); if (config->expected_ocsp_response.size() != len || - memcmp(config->expected_ocsp_response.data(), data, len) != 0) { + OPENSSL_memcmp(config->expected_ocsp_response.data(), data, len) != 0) { fprintf(stderr, "OCSP response mismatch\n"); return false; } @@ -1332,8 +1328,8 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { size_t len; SSL_get0_signed_cert_timestamp_list(ssl, &data, &len); if (config->expected_signed_cert_timestamps.size() != len || - memcmp(config->expected_signed_cert_timestamps.data(), - data, len) != 0) { + OPENSSL_memcmp(config->expected_signed_cert_timestamps.data(), data, + len) != 0) { fprintf(stderr, "SCT list mismatch\n"); return false; } @@ -1754,7 +1750,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session, // trip up the CBC record splitting code. static const size_t kBufLen = 32769; std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]); - memset(buf.get(), 0x42, kBufLen); + OPENSSL_memset(buf.get(), 0x42, kBufLen); static const size_t kRecordSizes[] = { 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769}; for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) { @@ -1768,6 +1764,19 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session, } } } else { + if (config->read_with_unfinished_write) { + if (!config->async) { + fprintf(stderr, "-read-with-unfinished-write requires -async.\n"); + return false; + } + + int write_ret = SSL_write(ssl.get(), + reinterpret_cast<const uint8_t *>("unfinished"), 10); + if (SSL_get_error(ssl.get(), write_ret) != SSL_ERROR_WANT_WRITE) { + fprintf(stderr, "Failed to leave unfinished write.\n"); + return false; + } + } if (config->shim_writes_first) { if (WriteAll(ssl.get(), reinterpret_cast<const uint8_t *>("hello"), 5) < 0) { @@ -1839,6 +1848,19 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session, GetTestState(ssl.get())->got_new_session ? "" : " not"); return false; } + + if (expect_new_session) { + bool got_early_data_info = + GetTestState(ssl.get())->new_session->ticket_max_early_data != 0; + if (config->expect_early_data_info != got_early_data_info) { + fprintf( + stderr, + "new session did%s include ticket_early_data_info, but we expected " + "the opposite\n", + got_early_data_info ? "" : " not"); + return false; + } + } } if (out_session) { diff --git a/src/ssl/test/packeted_bio.cc b/src/ssl/test/packeted_bio.cc index 8331b4b6..835df0e6 100644 --- a/src/ssl/test/packeted_bio.cc +++ b/src/ssl/test/packeted_bio.cc @@ -21,6 +21,8 @@ #include <openssl/mem.h> +#include "../../crypto/internal.h" + namespace { @@ -33,8 +35,8 @@ const uint8_t kOpcodeTimeoutAck = 't'; struct PacketedBio { PacketedBio(timeval *clock_arg, bool advance_clock_arg) : clock(clock_arg), advance_clock(advance_clock_arg) { - memset(&timeout, 0, sizeof(timeout)); - memset(&read_deadline, 0, sizeof(read_deadline)); + OPENSSL_memset(&timeout, 0, sizeof(timeout)); + OPENSSL_memset(&read_deadline, 0, sizeof(read_deadline)); } bool HasTimeout() const { @@ -209,7 +211,7 @@ static int PacketedRead(BIO *bio, char *out, int outl) { if (outl > (int)len) { outl = len; } - memcpy(out, buf, outl); + OPENSSL_memcpy(out, buf, outl); OPENSSL_free(buf); return outl; } @@ -217,7 +219,7 @@ static int PacketedRead(BIO *bio, char *out, int outl) { static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) { if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) { - memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval)); + OPENSSL_memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval)); return 1; } @@ -290,6 +292,6 @@ bool PacketedBioAdvanceClock(BIO *bio) { data->clock->tv_sec += data->clock->tv_usec / 1000000; data->clock->tv_usec %= 1000000; data->clock->tv_sec += data->timeout.tv_sec; - memset(&data->timeout, 0, sizeof(data->timeout)); + OPENSSL_memset(&data->timeout, 0, sizeof(data->timeout)); return true; } diff --git a/src/ssl/test/runner/alert.go b/src/ssl/test/runner/alert.go index 8320b7e5..652e9eec 100644 --- a/src/ssl/test/runner/alert.go +++ b/src/ssl/test/runner/alert.go @@ -23,7 +23,7 @@ const ( alertRecordOverflow alert = 22 alertDecompressionFailure alert = 30 alertHandshakeFailure alert = 40 - alertNoCertficate alert = 41 + alertNoCertificate alert = 41 alertBadCertificate alert = 42 alertUnsupportedCertificate alert = 43 alertCertificateRevoked alert = 44 @@ -37,6 +37,7 @@ const ( alertProtocolVersion alert = 70 alertInsufficientSecurity alert = 71 alertInternalError alert = 80 + alertInappropriateFallback alert = 86 alertUserCanceled alert = 90 alertNoRenegotiation alert = 100 alertMissingExtension alert = 109 @@ -55,6 +56,7 @@ var alertText = map[alert]string{ alertRecordOverflow: "record overflow", alertDecompressionFailure: "decompression failure", alertHandshakeFailure: "handshake failure", + alertNoCertificate: "no certificate", alertBadCertificate: "bad certificate", alertUnsupportedCertificate: "unsupported certificate", alertCertificateRevoked: "revoked certificate", @@ -68,6 +70,7 @@ var alertText = map[alert]string{ alertProtocolVersion: "protocol version not supported", alertInsufficientSecurity: "insufficient security level", alertInternalError: "internal error", + alertInappropriateFallback: "inappropriate fallback", alertUserCanceled: "user canceled", alertNoRenegotiation: "no renegotiation", alertMissingExtension: "missing extension", diff --git a/src/ssl/test/runner/common.go b/src/ssl/test/runner/common.go index f5fedb0f..96bc39ae 100644 --- a/src/ssl/test/runner/common.go +++ b/src/ssl/test/runner/common.go @@ -95,15 +95,12 @@ const ( extensionSupportedVersions uint16 = 43 // draft-ietf-tls-tls13-16 extensionCookie uint16 = 44 // draft-ietf-tls-tls13-16 extensionPSKKeyExchangeModes uint16 = 45 // draft-ietf-tls-tls13-18 + extensionTicketEarlyDataInfo uint16 = 46 // draft-ietf-tls-tls13-18 extensionCustom uint16 = 1234 // not IANA assigned extensionNextProtoNeg uint16 = 13172 // not IANA assigned extensionRenegotiationInfo uint16 = 0xff01 extensionChannelID uint16 = 30032 // not IANA assigned -) - -// TLS ticket extension numbers -const ( - ticketExtensionCustom uint16 = 1234 // not IANA assigned + extensionShortHeader uint16 = 27463 // not IANA assigned ) // TLS signaling cipher suite values @@ -126,7 +123,8 @@ const ( // TLS Elliptic Curve Point Formats // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9 const ( - pointFormatUncompressed uint8 = 0 + pointFormatUncompressed uint8 = 0 + pointFormatCompressedPrime uint8 = 1 ) // TLS CertificateStatusType (RFC 3546) @@ -225,6 +223,7 @@ type ConnectionState struct { SCTList []byte // signed certificate timestamp list PeerSignatureAlgorithm signatureAlgorithm // algorithm used by the peer in the handshake CurveID CurveID // the curve used in ECDHE + ShortHeader bool // whether the short header extension was negotiated } // ClientAuthType declares the policy the server will follow for @@ -956,6 +955,19 @@ type ProtocolBugs struct { // receipt of a NewSessionTicket message. ExpectNoNewSessionTicket bool + // SendTicketEarlyDataInfo, if non-zero, is the maximum amount of data that we + // will accept as early data, and gets sent in the ticket_early_data_info + // extension of the NewSessionTicket message. + SendTicketEarlyDataInfo uint32 + + // DuplicateTicketEarlyDataInfo causes an extra empty extension of + // ticket_early_data_info to be sent in NewSessionTicket. + DuplicateTicketEarlyDataInfo bool + + // ExpectTicketEarlyDataInfo, if true, means that the client will fail upon + // absence of the ticket_early_data_info extension. + ExpectTicketEarlyDataInfo bool + // ExpectTicketAge, if non-zero, is the expected age of the ticket that the // server receives from the client. ExpectTicketAge time.Duration @@ -1224,6 +1236,23 @@ type ProtocolBugs struct { // NoSignedCertificateTimestamps, if true, causes the client to not // request signed certificate timestamps. NoSignedCertificateTimestamps bool + + // EnableShortHeader, if true, causes the TLS 1.3 short header extension + // to be enabled. + EnableShortHeader bool + + // AlwaysNegotiateShortHeader, if true, causes the server to always + // negotiate the short header extension in ServerHello. + AlwaysNegotiateShortHeader bool + + // ClearShortHeaderBit, if true, causes the server to send short headers + // without the high bit set. + ClearShortHeaderBit bool + + // SendSupportedPointFormats, if not nil, is the list of supported point + // formats to send in ClientHello or ServerHello. If set to a non-nil + // empty slice, no extension will be sent. + SendSupportedPointFormats []byte } func (c *Config) serverInit() { diff --git a/src/ssl/test/runner/conn.go b/src/ssl/test/runner/conn.go index 80a5b06d..ee342fab 100644 --- a/src/ssl/test/runner/conn.go +++ b/src/ssl/test/runner/conn.go @@ -21,6 +21,8 @@ import ( "time" ) +var errNoCertificateAlert = errors.New("tls: no certificate alert") + // A Conn represents a secured connection. // It implements the net.Conn interface. type Conn struct { @@ -163,6 +165,8 @@ type halfConn struct { trafficSecret []byte + shortHeader bool + config *Config } @@ -301,10 +305,17 @@ func (hc *halfConn) updateOutSeq() { copy(hc.outSeq[:], hc.seq[:]) } +func (hc *halfConn) isShortHeader() bool { + return hc.shortHeader && hc.cipher != nil +} + func (hc *halfConn) recordHeaderLen() int { if hc.isDTLS { return dtlsRecordHeaderLen } + if hc.isShortHeader() { + return 2 + } return tlsRecordHeaderLen } @@ -608,6 +619,9 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int, typ recordType) (bool, n := len(b.data) - recordHeaderLen b.data[recordHeaderLen-2] = byte(n >> 8) b.data[recordHeaderLen-1] = byte(n) + if hc.isShortHeader() && !hc.config.Bugs.ClearShortHeaderBit { + b.data[0] |= 0x80 + } hc.incSeq(true) return true, 0 @@ -716,7 +730,7 @@ func (c *Conn) doReadRecord(want recordType) (recordType, *block, error) { return c.dtlsDoReadRecord(want) } - recordHeaderLen := tlsRecordHeaderLen + recordHeaderLen := c.in.recordHeaderLen() if c.rawInput == nil { c.rawInput = c.in.newBlock() @@ -736,19 +750,36 @@ func (c *Conn) doReadRecord(want recordType) (recordType, *block, error) { } return 0, nil, err } - typ := recordType(b.data[0]) - // No valid TLS record has a type of 0x80, however SSLv2 handshakes - // start with a uint16 length where the MSB is set and the first record - // is always < 256 bytes long. Therefore typ == 0x80 strongly suggests - // an SSLv2 client. - if want == recordTypeHandshake && typ == 0x80 { - c.sendAlert(alertProtocolVersion) - return 0, nil, c.in.setErrorLocked(errors.New("tls: unsupported SSLv2 handshake received")) + var typ recordType + var vers uint16 + var n int + if c.in.isShortHeader() { + typ = recordTypeApplicationData + vers = VersionTLS10 + n = int(b.data[0])<<8 | int(b.data[1]) + if n&0x8000 == 0 { + c.sendAlert(alertDecodeError) + return 0, nil, c.in.setErrorLocked(errors.New("tls: length did not have high bit set")) + } + + n = n & 0x7fff + } else { + typ = recordType(b.data[0]) + + // No valid TLS record has a type of 0x80, however SSLv2 handshakes + // start with a uint16 length where the MSB is set and the first record + // is always < 256 bytes long. Therefore typ == 0x80 strongly suggests + // an SSLv2 client. + if want == recordTypeHandshake && typ == 0x80 { + c.sendAlert(alertProtocolVersion) + return 0, nil, c.in.setErrorLocked(errors.New("tls: unsupported SSLv2 handshake received")) + } + + vers = uint16(b.data[1])<<8 | uint16(b.data[2]) + n = int(b.data[3])<<8 | int(b.data[4]) } - vers := uint16(b.data[1])<<8 | uint16(b.data[2]) - n := int(b.data[3])<<8 | int(b.data[4]) // Alerts sent near version negotiation do not have a well-defined // record-layer version prior to TLS 1.3. (In TLS 1.3, the record-layer // version is irrelevant.) @@ -866,6 +897,11 @@ Again: } switch data[0] { case alertLevelWarning: + if alert(data[1]) == alertNoCertificate { + c.in.freeBlock(b) + return errNoCertificateAlert + } + // drop on the floor c.in.freeBlock(b) goto Again @@ -934,7 +970,7 @@ func (c *Conn) sendAlertLocked(level byte, err alert) error { // L < c.out.Mutex. func (c *Conn) sendAlert(err alert) error { level := byte(alertLevelError) - if err == alertNoRenegotiation || err == alertCloseNotify || err == alertNoCertficate { + if err == alertNoRenegotiation || err == alertCloseNotify || err == alertNoCertificate { level = alertLevelWarning } return c.SendAlert(level, err) @@ -1007,7 +1043,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) { } func (c *Conn) doWriteRecord(typ recordType, data []byte) (n int, err error) { - recordHeaderLen := tlsRecordHeaderLen + recordHeaderLen := c.out.recordHeaderLen() b := c.out.newBlock() first := true isClientHello := typ == recordTypeHandshake && len(data) > 0 && data[0] == typeClientHello @@ -1049,32 +1085,36 @@ func (c *Conn) doWriteRecord(typ recordType, data []byte) (n int, err error) { } } b.resize(recordHeaderLen + explicitIVLen + m) - b.data[0] = byte(typ) - if c.vers >= VersionTLS13 && c.out.cipher != nil { - b.data[0] = byte(recordTypeApplicationData) - if outerType := c.config.Bugs.OuterRecordType; outerType != 0 { - b.data[0] = byte(outerType) + // If using a short record header, the length will be filled in + // by encrypt. + if !c.out.isShortHeader() { + b.data[0] = byte(typ) + if c.vers >= VersionTLS13 && c.out.cipher != nil { + b.data[0] = byte(recordTypeApplicationData) + if outerType := c.config.Bugs.OuterRecordType; outerType != 0 { + b.data[0] = byte(outerType) + } } + vers := c.vers + if vers == 0 || vers >= VersionTLS13 { + // Some TLS servers fail if the record version is + // greater than TLS 1.0 for the initial ClientHello. + // + // TLS 1.3 fixes the version number in the record + // layer to {3, 1}. + vers = VersionTLS10 + } + if c.config.Bugs.SendRecordVersion != 0 { + vers = c.config.Bugs.SendRecordVersion + } + if c.vers == 0 && c.config.Bugs.SendInitialRecordVersion != 0 { + vers = c.config.Bugs.SendInitialRecordVersion + } + b.data[1] = byte(vers >> 8) + b.data[2] = byte(vers) + b.data[3] = byte(m >> 8) + b.data[4] = byte(m) } - vers := c.vers - if vers == 0 || vers >= VersionTLS13 { - // Some TLS servers fail if the record version is - // greater than TLS 1.0 for the initial ClientHello. - // - // TLS 1.3 fixes the version number in the record - // layer to {3, 1}. - vers = VersionTLS10 - } - if c.config.Bugs.SendRecordVersion != 0 { - vers = c.config.Bugs.SendRecordVersion - } - if c.vers == 0 && c.config.Bugs.SendInitialRecordVersion != 0 { - vers = c.config.Bugs.SendInitialRecordVersion - } - b.data[1] = byte(vers >> 8) - b.data[2] = byte(vers) - b.data[3] = byte(m >> 8) - b.data[4] = byte(m) if explicitIVLen > 0 { explicitIV := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] if explicitIVIsSeq { @@ -1162,6 +1202,13 @@ func (c *Conn) doReadHandshake() ([]byte, error) { // c.in.Mutex < L; c.out.Mutex < L. func (c *Conn) readHandshake() (interface{}, error) { data, err := c.doReadHandshake() + if err == errNoCertificateAlert { + if c.hand.Len() != 0 { + // The warning alert may not interleave with a handshake message. + return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + return new(ssl3NoCertificateMsg), nil + } if err != nil { return nil, err } @@ -1404,6 +1451,10 @@ func (c *Conn) handlePostHandshakeMessage() error { return errors.New("tls: no GREASE ticket extension found") } + if c.config.Bugs.ExpectTicketEarlyDataInfo && newSessionTicket.earlyDataInfo == 0 { + return errors.New("tls: no ticket_early_data_info extension found") + } + if c.config.Bugs.ExpectNoNewSessionTicket { return errors.New("tls: received unexpected NewSessionTicket") } @@ -1620,6 +1671,7 @@ func (c *Conn) ConnectionState() ConnectionState { state.SCTList = c.sctList state.PeerSignatureAlgorithm = c.peerSignatureAlgorithm state.CurveID = c.curveID + state.ShortHeader = c.in.shortHeader } return state @@ -1715,10 +1767,12 @@ func (c *Conn) SendNewSessionTicket() error { // TODO(davidben): Allow configuring these values. m := &newSessionTicketMsg{ - version: c.vers, - ticketLifetime: uint32(24 * time.Hour / time.Second), - customExtension: c.config.Bugs.CustomTicketExtension, - ticketAgeAdd: ticketAgeAdd, + version: c.vers, + ticketLifetime: uint32(24 * time.Hour / time.Second), + earlyDataInfo: c.config.Bugs.SendTicketEarlyDataInfo, + duplicateEarlyDataInfo: c.config.Bugs.DuplicateTicketEarlyDataInfo, + customExtension: c.config.Bugs.CustomTicketExtension, + ticketAgeAdd: ticketAgeAdd, } state := sessionState{ @@ -1781,3 +1835,8 @@ func (c *Conn) sendFakeEarlyData(len int) error { _, err := c.conn.Write(payload) return err } + +func (c *Conn) setShortHeader() { + c.in.shortHeader = true + c.out.shortHeader = true +} diff --git a/src/ssl/test/runner/fuzzer_mode.json b/src/ssl/test/runner/fuzzer_mode.json index cb2befa2..80a9bf1d 100644 --- a/src/ssl/test/runner/fuzzer_mode.json +++ b/src/ssl/test/runner/fuzzer_mode.json @@ -25,12 +25,15 @@ "ECDSACurveMismatch-Verify-TLS13": "Fuzzer mode always accepts a signature.", "InvalidChannelIDSignature-*": "Fuzzer mode always accepts a signature.", + "Resume-Server-CipherNotPreferred*": "Fuzzer mode does not encrypt tickets.", "Resume-Server-DeclineBadCipher*": "Fuzzer mode does not encrypt tickets.", "Resume-Server-DeclineCrossVersion*": "Fuzzer mode does not encrypt tickets.", "TicketCallback-SingleCall-*": "Fuzzer mode does not encrypt tickets.", "CorruptTicket-*": "Fuzzer mode does not encrypt tickets.", "ShimTicketRewritable": "Fuzzer mode does not encrypt tickets.", - "Resume-Server-*Binder*": "Fuzzer mode does not check binders." + "Resume-Server-*Binder*": "Fuzzer mode does not check binders.", + + "SkipEarlyData*": "Trial decryption does not work with the NULL cipher." } } diff --git a/src/ssl/test/runner/handshake_client.go b/src/ssl/test/runner/handshake_client.go index 7fa7ea21..507ea401 100644 --- a/src/ssl/test/runner/handshake_client.go +++ b/src/ssl/test/runner/handshake_client.go @@ -81,6 +81,7 @@ func (c *Conn) clientHandshake() error { srtpMasterKeyIdentifier: c.config.Bugs.SRTPMasterKeyIdentifer, customExtension: c.config.Bugs.CustomExtension, pskBinderFirst: c.config.Bugs.PSKBinderFirst, + shortHeaderSupported: c.config.Bugs.EnableShortHeader, } disableEMS := c.config.Bugs.NoExtendedMasterSecret @@ -104,6 +105,10 @@ func (c *Conn) clientHandshake() error { hello.compressionMethods = c.config.Bugs.SendCompressionMethods } + if c.config.Bugs.SendSupportedPointFormats != nil { + hello.supportedPoints = c.config.Bugs.SendSupportedPointFormats + } + if len(c.clientVerify) > 0 && !c.config.Bugs.EmptyRenegotiationInfo { if c.config.Bugs.BadRenegotiationInfo { hello.secureRenegotiation = append(hello.secureRenegotiation, c.clientVerify...) @@ -684,6 +689,18 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { hs.finishedHash.addEntropy(zeroSecret) } + if hs.serverHello.shortHeader && !hs.hello.shortHeaderSupported { + return errors.New("tls: server sent unsolicited short header extension") + } + + if hs.serverHello.shortHeader && hs.hello.hasEarlyData { + return errors.New("tls: server sent short header extension in response to early data") + } + + if hs.serverHello.shortHeader { + c.setShortHeader() + } + // Switch to handshake traffic keys. clientHandshakeTrafficSecret := hs.finishedHash.deriveSecret(clientHandshakeTrafficLabel) c.out.useTrafficSecret(c.vers, hs.suite, clientHandshakeTrafficSecret, clientWrite) @@ -1011,7 +1028,7 @@ func (hs *clientHandshakeState) doFullHandshake() error { // no_certificate warning alert. if certRequested { if c.vers == VersionSSL30 && chainToSend == nil { - c.sendAlert(alertNoCertficate) + c.sendAlert(alertNoCertificate) } else if !c.config.Bugs.SkipClientCertificate { certMsg := new(certificateMsg) if chainToSend != nil { @@ -1291,6 +1308,10 @@ func (hs *clientHandshakeState) serverResumedSession() bool { func (hs *clientHandshakeState) processServerHello() (bool, error) { c := hs.c + if hs.serverHello.shortHeader { + return false, errors.New("tls: short header extension sent before TLS 1.3") + } + if hs.serverResumedSession() { // For test purposes, assert that the server never accepts the // resumption offer on renegotiation. diff --git a/src/ssl/test/runner/handshake_messages.go b/src/ssl/test/runner/handshake_messages.go index 8a338f0b..62309b8c 100644 --- a/src/ssl/test/runner/handshake_messages.go +++ b/src/ssl/test/runner/handshake_messages.go @@ -167,6 +167,7 @@ type clientHelloMsg struct { customExtension string hasGREASEExtension bool pskBinderFirst bool + shortHeaderSupported bool } func (m *clientHelloMsg) equal(i interface{}) bool { @@ -212,7 +213,8 @@ func (m *clientHelloMsg) equal(i interface{}) bool { m.sctListSupported == m1.sctListSupported && m.customExtension == m1.customExtension && m.hasGREASEExtension == m1.hasGREASEExtension && - m.pskBinderFirst == m1.pskBinderFirst + m.pskBinderFirst == m1.pskBinderFirst && + m.shortHeaderSupported == m1.shortHeaderSupported } func (m *clientHelloMsg) marshal() []byte { @@ -314,9 +316,7 @@ func (m *clientHelloMsg) marshal() []byte { extensions.addU16(extensionSupportedPoints) supportedPointsList := extensions.addU16LengthPrefixed() supportedPoints := supportedPointsList.addU8LengthPrefixed() - for _, pointFormat := range m.supportedPoints { - supportedPoints.addU8(pointFormat) - } + supportedPoints.addBytes(m.supportedPoints) } if m.hasKeyShares { extensions.addU16(extensionKeyShare) @@ -430,6 +430,10 @@ func (m *clientHelloMsg) marshal() []byte { customExt := extensions.addU16LengthPrefixed() customExt.addBytes([]byte(m.customExtension)) } + if m.shortHeaderSupported { + extensions.addU16(extensionShortHeader) + extensions.addU16(0) // Length is always 0 + } // The PSK extension must be last (draft-ietf-tls-tls13-18 section 4.2.6). if len(m.pskIdentities) > 0 && !m.pskBinderFirst { extensions.addU16(extensionPreSharedKey) @@ -601,8 +605,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { if length != l+1 { return false } - m.supportedPoints = make([]uint8, l) - copy(m.supportedPoints, data[1:]) + m.supportedPoints = data[1 : 1+l] case extensionSessionTicket: // http://tools.ietf.org/html/rfc5077#section-3.2 m.ticketSupported = true @@ -802,6 +805,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { return false } m.sctListSupported = true + case extensionShortHeader: + if length != 0 { + return false + } + m.shortHeaderSupported = true case extensionCustom: m.customExtension = string(data[:length]) } @@ -831,6 +839,7 @@ type serverHelloMsg struct { compressionMethod uint8 customExtension string unencryptedALPN string + shortHeader bool extensions serverExtensions } @@ -868,6 +877,11 @@ func (m *serverHelloMsg) marshal() []byte { extensions := hello.addU16LengthPrefixed() + if m.shortHeader { + extensions.addU16(extensionShortHeader) + extensions.addU16(0) // Length + } + if vers >= VersionTLS13 { if m.hasKeyShare { extensions.addU16(extensionKeyShare) @@ -996,6 +1010,11 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool { return false } m.earlyDataIndication = true + case extensionShortHeader: + if len(d) != 0 { + return false + } + m.shortHeader = true default: // Only allow the 3 extensions that are sent in // the clear in TLS 1.3. @@ -1071,6 +1090,7 @@ type serverExtensions struct { npnAfterAlpn bool hasKeyShare bool keyShare keyShareEntry + supportedPoints []uint8 } func (m *serverExtensions) marshal(extensions *byteBuilder) { @@ -1165,6 +1185,13 @@ func (m *serverExtensions) marshal(extensions *byteBuilder) { keyExchange := keyShare.addU16LengthPrefixed() keyExchange.addBytes(m.keyShare.keyExchange) } + if len(m.supportedPoints) > 0 { + // http://tools.ietf.org/html/rfc4492#section-5.1.2 + extensions.addU16(extensionSupportedPoints) + supportedPointsList := extensions.addU16LengthPrefixed() + supportedPoints := supportedPointsList.addU8LengthPrefixed() + supportedPoints.addBytes(m.supportedPoints) + } } func (m *serverExtensions) unmarshal(data []byte, version uint16) bool { @@ -1265,7 +1292,15 @@ func (m *serverExtensions) unmarshal(data []byte, version uint16) bool { if version >= VersionTLS13 { return false } - // Ignore this extension from the server. + // http://tools.ietf.org/html/rfc4492#section-5.5.2 + if length < 1 { + return false + } + l := int(data[0]) + if length != l+1 { + return false + } + m.supportedPoints = data[1 : 1+l] case extensionSupportedCurves: // The server can only send supported_curves in TLS 1.3. if version < VersionTLS13 { @@ -1968,13 +2003,15 @@ func (m *certificateVerifyMsg) unmarshal(data []byte) bool { } type newSessionTicketMsg struct { - raw []byte - version uint16 - ticketLifetime uint32 - ticketAgeAdd uint32 - ticket []byte - customExtension string - hasGREASEExtension bool + raw []byte + version uint16 + ticketLifetime uint32 + ticketAgeAdd uint32 + ticket []byte + earlyDataInfo uint32 + customExtension string + duplicateEarlyDataInfo bool + hasGREASEExtension bool } func (m *newSessionTicketMsg) marshal() []byte { @@ -1996,8 +2033,16 @@ func (m *newSessionTicketMsg) marshal() []byte { if m.version >= VersionTLS13 { extensions := body.addU16LengthPrefixed() + if m.earlyDataInfo > 0 { + extensions.addU16(extensionTicketEarlyDataInfo) + extensions.addU16LengthPrefixed().addU32(m.earlyDataInfo) + if m.duplicateEarlyDataInfo { + extensions.addU16(extensionTicketEarlyDataInfo) + extensions.addU16LengthPrefixed().addU32(m.earlyDataInfo) + } + } if len(m.customExtension) > 0 { - extensions.addU16(ticketExtensionCustom) + extensions.addU16(extensionCustom) extensions.addU16LengthPrefixed().addBytes([]byte(m.customExtension)) } } @@ -2043,28 +2088,37 @@ func (m *newSessionTicketMsg) unmarshal(data []byte) bool { if len(data) < 2 { return false } - extsLength := int(data[0])<<8 + int(data[1]) + + extensionsLength := int(data[0])<<8 | int(data[1]) data = data[2:] - if len(data) < extsLength { + if extensionsLength != len(data) { return false } - extensions := data[:extsLength] - data = data[extsLength:] - for len(extensions) > 0 { - if len(extensions) < 4 { + for len(data) != 0 { + if len(data) < 4 { return false } - extValue := uint16(extensions[0])<<8 | uint16(extensions[1]) - extLength := int(extensions[2])<<8 | int(extensions[3]) - if len(extensions) < 4+extLength { + extension := uint16(data[0])<<8 | uint16(data[1]) + length := int(data[2])<<8 | int(data[3]) + data = data[4:] + if len(data) < length { return false } - extensions = extensions[4+extLength:] - if isGREASEValue(extValue) { - m.hasGREASEExtension = true + switch extension { + case extensionTicketEarlyDataInfo: + if length != 4 { + return false + } + m.earlyDataInfo = uint32(data[0])<<24 | uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) + default: + if isGREASEValue(extension) { + m.hasGREASEExtension = true + } } + + data = data[length:] } } @@ -2240,6 +2294,10 @@ func (m *keyUpdateMsg) unmarshal(data []byte) bool { return m.keyUpdateRequest == keyUpdateNotRequested || m.keyUpdateRequest == keyUpdateRequested } +// ssl3NoCertificateMsg is a dummy message to handle SSL 3.0 using a warning +// alert in the handshake. +type ssl3NoCertificateMsg struct{} + func eqUint16s(x, y []uint16) bool { if len(x) != len(y) { return false diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go index 57566c57..1116d6c1 100644 --- a/src/ssl/test/runner/handshake_server.go +++ b/src/ssl/test/runner/handshake_server.go @@ -365,6 +365,15 @@ func (hs *serverHandshakeState) doTLS13Handshake() error { versOverride: config.Bugs.SendServerHelloVersion, customExtension: config.Bugs.CustomUnencryptedExtension, unencryptedALPN: config.Bugs.SendUnencryptedALPN, + shortHeader: hs.clientHello.shortHeaderSupported && config.Bugs.EnableShortHeader, + } + + if config.Bugs.AlwaysNegotiateShortHeader { + hs.hello.shortHeader = true + } + + if hs.hello.shortHeader { + c.setShortHeader() } hs.hello.random = make([]byte, 32) @@ -972,6 +981,7 @@ func (hs *serverHandshakeState) processClientHello() (isResume bool, err error) vers: versionToWire(c.vers, c.isDTLS), versOverride: config.Bugs.SendServerHelloVersion, compressionMethod: compressionNone, + shortHeader: config.Bugs.AlwaysNegotiateShortHeader, } hs.hello.random = make([]byte, 32) @@ -1182,6 +1192,10 @@ func (hs *serverHandshakeState) processClientExtensions(serverExtensions *server serverExtensions.ticketSupported = true } + if c.config.Bugs.SendSupportedPointFormats != nil { + serverExtensions.supportedPoints = c.config.Bugs.SendSupportedPointFormats + } + if !hs.clientHello.hasGREASEExtension && config.Bugs.ExpectGREASE { return errors.New("tls: no GREASE extension found") } @@ -1438,7 +1452,13 @@ func (hs *serverHandshakeState) doFullHandshake() error { for _, cert := range certMsg.certificates { certificates = append(certificates, cert.data) } - } else if c.vers != VersionSSL30 { + } else if c.vers == VersionSSL30 { + // In SSL 3.0, no certificate is signaled by a warning + // alert which we translate to ssl3NoCertificateMsg. + if _, ok := msg.(*ssl3NoCertificateMsg); !ok { + return errors.New("tls: client provided neither a certificate nor no_certificate warning alert") + } + } else { // In TLS, the Certificate message is required. In SSL // 3.0, the peer skips it when sending no certificates. c.sendAlert(alertUnexpectedMessage) @@ -1459,11 +1479,9 @@ func (hs *serverHandshakeState) doFullHandshake() error { return err } - if ok { - msg, err = c.readHandshake() - if err != nil { - return err - } + msg, err = c.readHandshake() + if err != nil { + return err } } diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go index fc66cf69..ba78fcec 100644 --- a/src/ssl/test/runner/runner.go +++ b/src/ssl/test/runner/runner.go @@ -383,6 +383,8 @@ type testCase struct { // expectPeerCertificate, if not nil, is the certificate chain the peer // is expected to send. expectPeerCertificate *Certificate + // expectShortHeader is whether the short header extension should be negotiated. + expectShortHeader bool } var testCases []testCase @@ -611,6 +613,10 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, nu } } + if test.expectShortHeader != connState.ShortHeader { + return fmt.Errorf("ShortHeader is %t, but we expected the opposite", connState.ShortHeader) + } + if test.exportKeyingMaterial > 0 { actual := make([]byte, test.exportKeyingMaterial) if _, err := io.ReadFull(tlsConn, actual); err != nil { @@ -1315,13 +1321,15 @@ func addBasicTests() { SendFallbackSCSV: true, }, }, - shouldFail: true, - expectedError: ":INAPPROPRIATE_FALLBACK:", + shouldFail: true, + expectedError: ":INAPPROPRIATE_FALLBACK:", + expectedLocalError: "remote error: inappropriate fallback", }, { testType: serverTest, - name: "FallbackSCSV-VersionMatch", + name: "FallbackSCSV-VersionMatch-TLS13", config: Config{ + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ SendFallbackSCSV: true, }, @@ -2561,35 +2569,57 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto expectedError: expectedClientError, }) - if !shouldClientFail { - // Ensure the maximum record size is accepted. - testCases = append(testCases, testCase{ - protocol: protocol, - name: prefix + ver.name + "-" + suite.name + "-LargeRecord", - config: Config{ - MinVersion: ver.version, - MaxVersion: ver.version, - CipherSuites: []uint16{suite.id}, - Certificates: []Certificate{cert}, - PreSharedKey: []byte(psk), - PreSharedKeyIdentity: pskIdentity, - }, - flags: flags, - messageLen: maxPlaintext, - }) + if shouldClientFail { + return + } - // Test bad records for all ciphers. Bad records are fatal in TLS - // and ignored in DTLS. - var shouldFail bool - var expectedError string - if protocol == tls { - shouldFail = true - expectedError = ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:" - } + // Ensure the maximum record size is accepted. + testCases = append(testCases, testCase{ + protocol: protocol, + name: prefix + ver.name + "-" + suite.name + "-LargeRecord", + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + CipherSuites: []uint16{suite.id}, + Certificates: []Certificate{cert}, + PreSharedKey: []byte(psk), + PreSharedKeyIdentity: pskIdentity, + }, + flags: flags, + messageLen: maxPlaintext, + }) + + // Test bad records for all ciphers. Bad records are fatal in TLS + // and ignored in DTLS. + var shouldFail bool + var expectedError string + if protocol == tls { + shouldFail = true + expectedError = ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:" + } + + testCases = append(testCases, testCase{ + protocol: protocol, + name: prefix + ver.name + "-" + suite.name + "-BadRecord", + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + CipherSuites: []uint16{suite.id}, + Certificates: []Certificate{cert}, + PreSharedKey: []byte(psk), + PreSharedKeyIdentity: pskIdentity, + }, + flags: flags, + damageFirstWrite: true, + messageLen: maxPlaintext, + shouldFail: shouldFail, + expectedError: expectedError, + }) + if ver.version >= VersionTLS13 { testCases = append(testCases, testCase{ protocol: protocol, - name: prefix + ver.name + "-" + suite.name + "-BadRecord", + name: prefix + ver.name + "-" + suite.name + "-ShortHeader", config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -2597,12 +2627,13 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto Certificates: []Certificate{cert}, PreSharedKey: []byte(psk), PreSharedKeyIdentity: pskIdentity, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + }, }, - flags: flags, - damageFirstWrite: true, - messageLen: maxPlaintext, - shouldFail: shouldFail, - expectedError: expectedError, + flags: append([]string{"-enable-short-header"}, flags...), + resumeSession: true, + expectShortHeader: true, }) } } @@ -2774,94 +2805,6 @@ func addCipherSuiteTests() { }, flags: []string{"-psk", "secret"}, }) - - // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS - // 1.1 specific cipher suite settings. A server is setup with the given - // cipher lists and then a connection is made for each member of - // expectations. The cipher suite that the server selects must match - // the specified one. - var versionSpecificCiphersTest = []struct { - ciphersDefault, ciphersTLS10, ciphersTLS11 string - // expectations is a map from TLS version to cipher suite id. - expectations map[uint16]uint16 - }{ - { - // Test that the null case (where no version-specific ciphers are set) - // works as expected. - "DES-CBC3-SHA:AES128-SHA", // default ciphers - "", // no ciphers specifically for TLS ≥ 1.0 - "", // no ciphers specifically for TLS ≥ 1.1 - map[uint16]uint16{ - VersionSSL30: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - VersionTLS10: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - VersionTLS11: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - VersionTLS12: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - }, - }, - { - // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different - // cipher. - "DES-CBC3-SHA:AES128-SHA", // default - "AES128-SHA", // these ciphers for TLS ≥ 1.0 - "", // no ciphers specifically for TLS ≥ 1.1 - map[uint16]uint16{ - VersionSSL30: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA, - VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA, - VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA, - }, - }, - { - // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different - // cipher. - "DES-CBC3-SHA:AES128-SHA", // default - "", // no ciphers specifically for TLS ≥ 1.0 - "AES128-SHA", // these ciphers for TLS ≥ 1.1 - map[uint16]uint16{ - VersionSSL30: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - VersionTLS10: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA, - VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA, - }, - }, - { - // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should - // mask ciphers_tls10 for TLS 1.1 and 1.2. - "DES-CBC3-SHA:AES128-SHA", // default - "AES128-SHA", // these ciphers for TLS ≥ 1.0 - "AES256-SHA", // these ciphers for TLS ≥ 1.1 - map[uint16]uint16{ - VersionSSL30: TLS_RSA_WITH_3DES_EDE_CBC_SHA, - VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA, - VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA, - VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA, - }, - }, - } - - for i, test := range versionSpecificCiphersTest { - for version, expectedCipherSuite := range test.expectations { - flags := []string{"-cipher", test.ciphersDefault} - if len(test.ciphersTLS10) > 0 { - flags = append(flags, "-cipher-tls10", test.ciphersTLS10) - } - if len(test.ciphersTLS11) > 0 { - flags = append(flags, "-cipher-tls11", test.ciphersTLS11) - } - - testCases = append(testCases, testCase{ - testType: serverTest, - name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version), - config: Config{ - MaxVersion: version, - MinVersion: version, - CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA}, - }, - flags: flags, - expectedCipher: expectedCipherSuite, - }) - } - } } func addBadECDSASignatureTests() { @@ -6319,6 +6262,24 @@ func addRenegotiationTests() { expectedLocalError: "remote error: no renegotiation", }) + // Renegotiation is not allowed when there is an unfinished write. + testCases = append(testCases, testCase{ + name: "Renegotiate-Client-UnfinishedWrite", + config: Config{ + MaxVersion: VersionTLS12, + }, + renegotiate: 1, + flags: []string{ + "-async", + "-renegotiate-freely", + "-read-with-unfinished-write", + }, + shouldFail: true, + expectedError: ":NO_RENEGOTIATION:", + // We do not successfully send the no_renegotiation alert in + // this case. https://crbug.com/boringssl/130 + }) + // Stray HelloRequests during the handshake are ignored in TLS 1.2. testCases = append(testCases, testCase{ name: "StrayHelloRequest", @@ -8178,6 +8139,102 @@ func addCurveTests() { }, resumeSession: true, }) + + // Server-sent point formats are legal in TLS 1.2, but not in TLS 1.3. + testCases = append(testCases, testCase{ + name: "PointFormat-ServerHello-TLS12", + config: Config{ + MaxVersion: VersionTLS12, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{pointFormatUncompressed}, + }, + }, + }) + testCases = append(testCases, testCase{ + name: "PointFormat-EncryptedExtensions-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{pointFormatUncompressed}, + }, + }, + shouldFail: true, + expectedError: ":ERROR_PARSING_EXTENSION:", + }) + + // Test that we tolerate unknown point formats, as long as + // pointFormatUncompressed is present. Limit ciphers to ECDHE ciphers to + // check they are still functional. + testCases = append(testCases, testCase{ + name: "PointFormat-Client-Tolerance", + config: Config{ + MaxVersion: VersionTLS12, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{42, pointFormatUncompressed, 99, pointFormatCompressedPrime}, + }, + }, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "PointFormat-Server-Tolerance", + config: Config{ + MaxVersion: VersionTLS12, + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{42, pointFormatUncompressed, 99, pointFormatCompressedPrime}, + }, + }, + }) + + // Test TLS 1.2 does not require the point format extension to be + // present. + testCases = append(testCases, testCase{ + name: "PointFormat-Client-Missing", + config: Config{ + MaxVersion: VersionTLS12, + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{}, + }, + }, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "PointFormat-Server-Missing", + config: Config{ + MaxVersion: VersionTLS12, + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{}, + }, + }, + }) + + // If the point format extension is present, uncompressed points must be + // offered. BoringSSL requires this whether or not ECDHE is used. + testCases = append(testCases, testCase{ + name: "PointFormat-Client-MissingUncompressed", + config: Config{ + MaxVersion: VersionTLS12, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{pointFormatCompressedPrime}, + }, + }, + shouldFail: true, + expectedError: ":ERROR_PARSING_EXTENSION:", + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "PointFormat-Server-MissingUncompressed", + config: Config{ + MaxVersion: VersionTLS12, + Bugs: ProtocolBugs{ + SendSupportedPointFormats: []byte{pointFormatCompressedPrime}, + }, + }, + shouldFail: true, + expectedError: ":ERROR_PARSING_EXTENSION:", + }) } func addTLS13RecordTests() { @@ -8322,6 +8379,48 @@ func addSessionTicketTests() { expectedLocalError: "tls: invalid ticket age", }) + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS13-SendTicketEarlyDataInfo", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendTicketEarlyDataInfo: 16384, + }, + }, + flags: []string{ + "-expect-early-data-info", + }, + }) + + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS13-DuplicateTicketEarlyDataInfo", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendTicketEarlyDataInfo: 16384, + DuplicateTicketEarlyDataInfo: true, + }, + }, + shouldFail: true, + expectedError: ":DUPLICATE_EXTENSION:", + expectedLocalError: "remote error: illegal parameter", + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "TLS13-ExpectTicketEarlyDataInfo", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectTicketEarlyDataInfo: true, + }, + }, + flags: []string{ + "-enable-early-data", + }, + }) } func addChangeCipherSpecTests() { @@ -9853,6 +9952,150 @@ func addECDSAKeyUsageTests() { } } +func addShortHeaderTests() { + // The short header extension may be negotiated as either client or + // server. + testCases = append(testCases, testCase{ + name: "ShortHeader-Client", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + }, + }, + flags: []string{"-enable-short-header"}, + expectShortHeader: true, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ShortHeader-Server", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + }, + }, + flags: []string{"-enable-short-header"}, + expectShortHeader: true, + }) + + // If the peer doesn't support it, it will not be negotiated. + testCases = append(testCases, testCase{ + name: "ShortHeader-No-Yes-Client", + config: Config{ + MaxVersion: VersionTLS13, + }, + flags: []string{"-enable-short-header"}, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ShortHeader-No-Yes-Server", + config: Config{ + MaxVersion: VersionTLS13, + }, + flags: []string{"-enable-short-header"}, + }) + + // If we don't support it, it will not be negotiated. + testCases = append(testCases, testCase{ + name: "ShortHeader-Yes-No-Client", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + }, + }, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ShortHeader-Yes-No-Server", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + }, + }, + }) + + // It will not be negotiated at TLS 1.2. + testCases = append(testCases, testCase{ + name: "ShortHeader-TLS12-Client", + config: Config{ + MaxVersion: VersionTLS12, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + }, + }, + flags: []string{"-enable-short-header"}, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ShortHeader-TLS12-Server", + config: Config{ + MaxVersion: VersionTLS12, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + }, + }, + flags: []string{"-enable-short-header"}, + }) + + // Servers reject early data and short header sent together. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ShortHeader-EarlyData", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EnableShortHeader: true, + SendEarlyDataLength: 1, + }, + }, + flags: []string{"-enable-short-header"}, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) + + // Clients reject unsolicited short header extensions. + testCases = append(testCases, testCase{ + name: "ShortHeader-Unsolicited", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + AlwaysNegotiateShortHeader: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) + testCases = append(testCases, testCase{ + name: "ShortHeader-Unsolicited-TLS12", + config: Config{ + MaxVersion: VersionTLS12, + Bugs: ProtocolBugs{ + AlwaysNegotiateShortHeader: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) + + // The high bit must be checked in short headers. + testCases = append(testCases, testCase{ + name: "ShortHeader-ClearShortHeaderBit", + config: Config{ + Bugs: ProtocolBugs{ + EnableShortHeader: true, + ClearShortHeaderBit: true, + }, + }, + flags: []string{"-enable-short-header"}, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + expectedLocalError: "remote error: error decoding message", + }) +} + func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) { defer wg.Done() @@ -9979,6 +10222,7 @@ func main() { addCertificateTests() addRetainOnlySHA256ClientCertTests() addECDSAKeyUsageTests() + addShortHeaderTests() var wg sync.WaitGroup diff --git a/src/ssl/test/test_config.cc b/src/ssl/test/test_config.cc index 492dd735..a06b5e54 100644 --- a/src/ssl/test/test_config.cc +++ b/src/ssl/test/test_config.cc @@ -81,8 +81,10 @@ const Flag<bool> kBoolFlags[] = { { "-tls-unique", &TestConfig::tls_unique }, { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, { "-expect-no-session", &TestConfig::expect_no_session }, + { "-expect-early-data-info", &TestConfig::expect_early_data_info }, { "-use-ticket-callback", &TestConfig::use_ticket_callback }, { "-renew-ticket", &TestConfig::renew_ticket }, + { "-enable-early-data", &TestConfig::enable_early_data }, { "-enable-client-custom-extension", &TestConfig::enable_client_custom_extension }, { "-enable-server-custom-extension", @@ -115,6 +117,8 @@ const Flag<bool> kBoolFlags[] = { &TestConfig::expect_sha256_client_cert_initial }, { "-expect-sha256-client-cert-resume", &TestConfig::expect_sha256_client_cert_resume }, + { "-enable-short-header", &TestConfig::enable_short_header }, + { "-read-with-unfinished-write", &TestConfig::read_with_unfinished_write }, }; const Flag<std::string> kStringFlags[] = { @@ -135,8 +139,6 @@ const Flag<std::string> kStringFlags[] = { { "-psk-identity", &TestConfig::psk_identity }, { "-srtp-profiles", &TestConfig::srtp_profiles }, { "-cipher", &TestConfig::cipher }, - { "-cipher-tls10", &TestConfig::cipher_tls10 }, - { "-cipher-tls11", &TestConfig::cipher_tls11 }, { "-export-label", &TestConfig::export_label }, { "-export-context", &TestConfig::export_context }, { "-expect-peer-cert-file", &TestConfig::expect_peer_cert_file }, diff --git a/src/ssl/test/test_config.h b/src/ssl/test/test_config.h index 4d6a3362..1307d565 100644 --- a/src/ssl/test/test_config.h +++ b/src/ssl/test/test_config.h @@ -75,8 +75,6 @@ struct TestConfig { bool fail_second_ddos_callback = false; bool fail_cert_callback = false; std::string cipher; - std::string cipher_tls10; - std::string cipher_tls11; bool handshake_never_done = false; int export_keying_material = 0; std::string export_label; @@ -85,8 +83,10 @@ struct TestConfig { bool tls_unique = false; bool expect_ticket_renewal = false; bool expect_no_session = false; + bool expect_early_data_info = false; bool use_ticket_callback = false; bool renew_ticket = false; + bool enable_early_data = false; bool enable_client_custom_extension = false; bool enable_server_custom_extension = false; bool custom_extension_skip = false; @@ -125,6 +125,8 @@ struct TestConfig { bool retain_only_sha256_client_cert_resume = false; bool expect_sha256_client_cert_initial = false; bool expect_sha256_client_cert_resume = false; + bool enable_short_header = false; + bool read_with_unfinished_write = false; }; bool ParseConfig(int argc, char **argv, TestConfig *out_config); diff --git a/src/ssl/tls13_both.c b/src/ssl/tls13_both.c index 5a058b11..7347fc44 100644 --- a/src/ssl/tls13_both.c +++ b/src/ssl/tls13_both.c @@ -243,7 +243,8 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, int allow_anonymous) { uint8_t alert; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types))) { + OPENSSL_ARRAY_SIZE(ext_types), + 0 /* reject unknown */)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); goto err; } diff --git a/src/ssl/tls13_client.c b/src/ssl/tls13_client.c index 4a202d72..6f2bb218 100644 --- a/src/ssl/tls13_client.c +++ b/src/ssl/tls13_client.c @@ -78,7 +78,8 @@ static enum ssl_hs_wait_t do_process_hello_retry_request(SSL_HANDSHAKE *hs) { uint8_t alert; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types))) { + OPENSSL_ARRAY_SIZE(ext_types), + 0 /* reject unknown */)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); return ssl_hs_error; } @@ -182,7 +183,8 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) { } assert(ssl->s3->have_version); - memcpy(ssl->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE); + OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random), + SSL3_RANDOM_SIZE); const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite); if (cipher == NULL) { @@ -200,16 +202,18 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) { } /* Parse out the extensions. */ - int have_key_share = 0, have_pre_shared_key = 0; - CBS key_share, pre_shared_key; + int have_key_share = 0, have_pre_shared_key = 0, have_short_header = 0; + CBS key_share, pre_shared_key, short_header; const SSL_EXTENSION_TYPE ext_types[] = { {TLSEXT_TYPE_key_share, &have_key_share, &key_share}, {TLSEXT_TYPE_pre_shared_key, &have_pre_shared_key, &pre_shared_key}, + {TLSEXT_TYPE_short_header, &have_short_header, &short_header}, }; uint8_t alert; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types))) { + OPENSSL_ARRAY_SIZE(ext_types), + 0 /* reject unknown */)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); return ssl_hs_error; } @@ -304,6 +308,23 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) { } OPENSSL_free(dhe_secret); + /* Negotiate short record headers. */ + if (have_short_header) { + if (CBS_len(&short_header) != 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return ssl_hs_error; + } + + if (!ssl->ctx->short_header_enabled) { + OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); + ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION); + return ssl_hs_error; + } + + ssl->s3->short_header = 1; + } + /* If there was no HelloRetryRequest, the version negotiation logic has * already hashed the message. */ if (hs->received_hello_retry_request && @@ -311,7 +332,11 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - if (!tls13_set_handshake_traffic(hs)) { + if (!tls13_derive_handshake_secrets(hs) || + !tls13_set_traffic_key(ssl, evp_aead_open, hs->server_handshake_secret, + hs->hash_len) || + !tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_handshake_secret, + hs->hash_len)) { return ssl_hs_error; } @@ -464,7 +489,8 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) { } } - if (!tls13_prepare_certificate(hs)) { + if (!ssl_auto_chain_if_needed(ssl) || + !tls13_prepare_certificate(hs)) { return ssl_hs_error; } @@ -612,6 +638,7 @@ enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) { } int tls13_process_new_session_ticket(SSL *ssl) { + int ret = 0; SSL_SESSION *session = SSL_SESSION_dup(ssl->s3->established_session, SSL_SESSION_INCLUDE_NONAUTH); @@ -629,10 +656,34 @@ int tls13_process_new_session_ticket(SSL *ssl) { !CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) || !CBS_get_u16_length_prefixed(&cbs, &extensions) || CBS_len(&cbs) != 0) { - SSL_SESSION_free(session); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return 0; + goto err; + } + + /* Parse out the extensions. */ + int have_early_data_info = 0; + CBS early_data_info; + const SSL_EXTENSION_TYPE ext_types[] = { + {TLSEXT_TYPE_ticket_early_data_info, &have_early_data_info, + &early_data_info}, + }; + + uint8_t alert; + if (!ssl_parse_extensions(&extensions, &alert, ext_types, + OPENSSL_ARRAY_SIZE(ext_types), + 1 /* ignore unknown */)) { + ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); + goto err; + } + + if (have_early_data_info) { + if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) || + CBS_len(&early_data_info) != 0) { + ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + goto err; + } } session->ticket_age_add_valid = 1; @@ -641,11 +692,14 @@ int tls13_process_new_session_ticket(SSL *ssl) { if (ssl->ctx->new_session_cb != NULL && ssl->ctx->new_session_cb(ssl, session)) { /* |new_session_cb|'s return value signals that it took ownership. */ - return 1; + session = NULL; } + ret = 1; + +err: SSL_SESSION_free(session); - return 1; + return ret; } void ssl_clear_tls13_state(SSL_HANDSHAKE *hs) { diff --git a/src/ssl/tls13_enc.c b/src/ssl/tls13_enc.c index 4fca65bb..ea9dce84 100644 --- a/src/ssl/tls13_enc.c +++ b/src/ssl/tls13_enc.c @@ -24,6 +24,7 @@ #include <openssl/hmac.h> #include <openssl/mem.h> +#include "../crypto/internal.h" #include "internal.h" @@ -34,7 +35,7 @@ int tls13_init_key_schedule(SSL_HANDSHAKE *hs) { hs->hash_len = EVP_MD_size(digest); /* Initialize the secret to the zero key. */ - memset(hs->secret, 0, hs->hash_len); + OPENSSL_memset(hs->secret, 0, hs->hash_len); /* Initialize the rolling hashes and release the handshake buffer. */ if (!ssl3_init_handshake_hash(ssl)) { @@ -166,10 +167,12 @@ int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, /* Save the traffic secret. */ if (direction == evp_aead_open) { - memmove(ssl->s3->read_traffic_secret, traffic_secret, traffic_secret_len); + OPENSSL_memmove(ssl->s3->read_traffic_secret, traffic_secret, + traffic_secret_len); ssl->s3->read_traffic_secret_len = traffic_secret_len; } else { - memmove(ssl->s3->write_traffic_secret, traffic_secret, traffic_secret_len); + OPENSSL_memmove(ssl->s3->write_traffic_secret, traffic_secret, + traffic_secret_len); ssl->s3->write_traffic_secret_len = traffic_secret_len; } @@ -185,39 +188,18 @@ static const char kTLS13LabelClientApplicationTraffic[] = static const char kTLS13LabelServerApplicationTraffic[] = "server application traffic secret"; -int tls13_set_handshake_traffic(SSL_HANDSHAKE *hs) { +int tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; - uint8_t client_traffic_secret[EVP_MAX_MD_SIZE]; - uint8_t server_traffic_secret[EVP_MAX_MD_SIZE]; - if (!derive_secret(hs, client_traffic_secret, hs->hash_len, - (const uint8_t *)kTLS13LabelClientHandshakeTraffic, - strlen(kTLS13LabelClientHandshakeTraffic)) || - !ssl_log_secret(ssl, "CLIENT_HANDSHAKE_TRAFFIC_SECRET", - client_traffic_secret, hs->hash_len) || - !derive_secret(hs, server_traffic_secret, hs->hash_len, - (const uint8_t *)kTLS13LabelServerHandshakeTraffic, - strlen(kTLS13LabelServerHandshakeTraffic)) || - !ssl_log_secret(ssl, "SERVER_HANDSHAKE_TRAFFIC_SECRET", - server_traffic_secret, hs->hash_len)) { - return 0; - } - - if (ssl->server) { - if (!tls13_set_traffic_key(ssl, evp_aead_open, client_traffic_secret, - hs->hash_len) || - !tls13_set_traffic_key(ssl, evp_aead_seal, server_traffic_secret, - hs->hash_len)) { - return 0; - } - } else { - if (!tls13_set_traffic_key(ssl, evp_aead_open, server_traffic_secret, - hs->hash_len) || - !tls13_set_traffic_key(ssl, evp_aead_seal, client_traffic_secret, - hs->hash_len)) { - return 0; - } - } - return 1; + return derive_secret(hs, hs->client_handshake_secret, hs->hash_len, + (const uint8_t *)kTLS13LabelClientHandshakeTraffic, + strlen(kTLS13LabelClientHandshakeTraffic)) && + ssl_log_secret(ssl, "CLIENT_HANDSHAKE_TRAFFIC_SECRET", + hs->client_handshake_secret, hs->hash_len) && + derive_secret(hs, hs->server_handshake_secret, hs->hash_len, + (const uint8_t *)kTLS13LabelServerHandshakeTraffic, + strlen(kTLS13LabelServerHandshakeTraffic)) && + ssl_log_secret(ssl, "SERVER_HANDSHAKE_TRAFFIC_SECRET", + hs->server_handshake_secret, hs->hash_len); } static const char kTLS13LabelExporter[] = "exporter master secret"; @@ -405,7 +387,7 @@ int tls13_write_psk_binder(SSL *ssl, uint8_t *msg, size_t len) { return 0; } - memcpy(msg + len - hash_len, verify_data, hash_len); + OPENSSL_memcpy(msg + len - hash_len, verify_data, hash_len); return 1; } diff --git a/src/ssl/tls13_server.c b/src/ssl/tls13_server.c index 1aca6343..750e47fa 100644 --- a/src/ssl/tls13_server.c +++ b/src/ssl/tls13_server.c @@ -25,9 +25,15 @@ #include <openssl/rand.h> #include <openssl/stack.h> +#include "../crypto/internal.h" #include "internal.h" +/* kMaxEarlyDataAccepted is the advertised number of plaintext bytes of early + * data that will be accepted. This value should be slightly below + * kMaxEarlyDataSkipped in tls_record.c, which is measured in ciphertext. */ +static const size_t kMaxEarlyDataAccepted = 14336; + enum server_hs_state_t { state_process_client_hello = 0, state_select_parameters, @@ -109,7 +115,8 @@ static enum ssl_hs_wait_t do_process_client_hello(SSL_HANDSHAKE *hs) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return ssl_hs_error; } - memcpy(ssl->s3->client_random, client_hello.random, client_hello.random_len); + OPENSSL_memcpy(ssl->s3->client_random, client_hello.random, + client_hello.random_len); /* TLS 1.3 requires the peer only advertise the null compression. */ if (client_hello.compression_methods_len != 1 || @@ -125,6 +132,12 @@ static enum ssl_hs_wait_t do_process_client_hello(SSL_HANDSHAKE *hs) { return ssl_hs_error; } + /* The short record header extension is incompatible with early data. */ + if (ssl->s3->skip_early_data && ssl->s3->short_header) { + OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); + return ssl_hs_error; + } + hs->tls13_state = state_select_parameters; return ssl_hs_ok; } @@ -191,6 +204,10 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) { } } + if (!ssl_auto_chain_if_needed(ssl)) { + return ssl_hs_error; + } + SSL_CLIENT_HELLO client_hello; if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg, ssl->init_num)) { @@ -389,8 +406,18 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) { !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) || !CBB_add_u16_length_prefixed(&body, &extensions) || !ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) || - !ssl_ext_key_share_add_serverhello(hs, &extensions) || - !ssl_complete_message(ssl, &cbb)) { + !ssl_ext_key_share_add_serverhello(hs, &extensions)) { + goto err; + } + + if (ssl->s3->short_header) { + if (!CBB_add_u16(&extensions, TLSEXT_TYPE_short_header) || + !CBB_add_u16(&extensions, 0 /* empty extension */)) { + goto err; + } + } + + if (!ssl_complete_message(ssl, &cbb)) { goto err; } @@ -404,7 +431,11 @@ err: static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; - if (!tls13_set_handshake_traffic(hs)) { + if (!tls13_derive_handshake_secrets(hs) || + !tls13_set_traffic_key(ssl, evp_aead_open, hs->client_handshake_secret, + hs->hash_len) || + !tls13_set_traffic_key(ssl, evp_aead_seal, hs->server_handshake_secret, + hs->hash_len)) { return ssl_hs_error; } @@ -631,9 +662,6 @@ static enum ssl_hs_wait_t do_send_new_session_ticket(SSL_HANDSHAKE *hs) { goto err; } - /* TODO(svaldez): Add support for sending 0RTT through TicketEarlyDataInfo - * extension. */ - CBB cbb, body, ticket, extensions; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_NEW_SESSION_TICKET) || @@ -645,6 +673,18 @@ static enum ssl_hs_wait_t do_send_new_session_ticket(SSL_HANDSHAKE *hs) { goto err; } + if (ssl->ctx->enable_early_data) { + session->ticket_max_early_data = kMaxEarlyDataAccepted; + + CBB early_data_info; + if (!CBB_add_u16(&extensions, TLSEXT_TYPE_ticket_early_data_info) || + !CBB_add_u16_length_prefixed(&extensions, &early_data_info) || + !CBB_add_u32(&early_data_info, session->ticket_max_early_data) || + !CBB_flush(&extensions)) { + goto err; + } + } + /* Add a fake extension. See draft-davidben-tls-grease-01. */ if (!CBB_add_u16(&extensions, ssl_get_grease_value(ssl, ssl_grease_ticket_extension)) || diff --git a/src/ssl/tls_method.c b/src/ssl/tls_method.c index 9effb363..4efed3f0 100644 --- a/src/ssl/tls_method.c +++ b/src/ssl/tls_method.c @@ -61,6 +61,7 @@ #include <openssl/buf.h> +#include "../crypto/internal.h" #include "internal.h" @@ -112,7 +113,7 @@ static int ssl3_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { return 0; } - memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence)); + OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence)); SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx); ssl->s3->aead_read_ctx = aead_ctx; @@ -120,7 +121,7 @@ static int ssl3_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { } static int ssl3_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) { - memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence)); + OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence)); SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx); ssl->s3->aead_write_ctx = aead_ctx; diff --git a/src/ssl/tls_record.c b/src/ssl/tls_record.c index c52909ce..362b0c27 100644 --- a/src/ssl/tls_record.c +++ b/src/ssl/tls_record.c @@ -125,10 +125,11 @@ * forever. */ static const uint8_t kMaxEmptyRecords = 32; -/* kMaxEarlyDataSkipped is the maximum amount of data processed when skipping - * over early data. Without this limit an attacker could send records at a - * faster rate than we can process and cause trial decryption to loop - * forever. */ +/* kMaxEarlyDataSkipped is the maximum number of rejected early data bytes that + * will be skipped. Without this limit an attacker could send records at a + * faster rate than we can process and cause trial decryption to loop forever. + * This value should be slightly above kMaxEarlyDataAccepted in tls13_server.c, + * which is measured in plaintext. */ static const size_t kMaxEarlyDataSkipped = 16384; /* kMaxWarningAlerts is the number of consecutive warning alerts that will be @@ -144,6 +145,19 @@ static int ssl_needs_record_splitting(const SSL *ssl) { SSL_CIPHER_is_block_cipher(ssl->s3->aead_write_ctx->cipher); } +static int ssl_uses_short_header(const SSL *ssl, + enum evp_aead_direction_t dir) { + if (!ssl->s3->short_header) { + return 0; + } + + if (dir == evp_aead_open) { + return ssl->s3->aead_read_ctx != NULL; + } + + return ssl->s3->aead_write_ctx != NULL; +} + int ssl_record_sequence_update(uint8_t *seq, size_t seq_len) { for (size_t i = seq_len - 1; i < seq_len; i--) { ++seq[i]; @@ -156,34 +170,46 @@ int ssl_record_sequence_update(uint8_t *seq, size_t seq_len) { } size_t ssl_record_prefix_len(const SSL *ssl) { + size_t header_len; if (SSL_is_dtls(ssl)) { - return DTLS1_RT_HEADER_LENGTH + - SSL_AEAD_CTX_explicit_nonce_len(ssl->s3->aead_read_ctx); + header_len = DTLS1_RT_HEADER_LENGTH; + } else if (ssl_uses_short_header(ssl, evp_aead_open)) { + header_len = 2; } else { - return SSL3_RT_HEADER_LENGTH + - SSL_AEAD_CTX_explicit_nonce_len(ssl->s3->aead_read_ctx); + header_len = SSL3_RT_HEADER_LENGTH; } + + return header_len + SSL_AEAD_CTX_explicit_nonce_len(ssl->s3->aead_read_ctx); } size_t ssl_seal_align_prefix_len(const SSL *ssl) { if (SSL_is_dtls(ssl)) { return DTLS1_RT_HEADER_LENGTH + SSL_AEAD_CTX_explicit_nonce_len(ssl->s3->aead_write_ctx); + } + + size_t header_len; + if (ssl_uses_short_header(ssl, evp_aead_seal)) { + header_len = 2; } else { - size_t ret = SSL3_RT_HEADER_LENGTH + - SSL_AEAD_CTX_explicit_nonce_len(ssl->s3->aead_write_ctx); - if (ssl_needs_record_splitting(ssl)) { - ret += SSL3_RT_HEADER_LENGTH; - ret += ssl_cipher_get_record_split_len(ssl->s3->aead_write_ctx->cipher); - } - return ret; + header_len = SSL3_RT_HEADER_LENGTH; + } + + size_t ret = + header_len + SSL_AEAD_CTX_explicit_nonce_len(ssl->s3->aead_write_ctx); + if (ssl_needs_record_splitting(ssl)) { + ret += header_len; + ret += ssl_cipher_get_record_split_len(ssl->s3->aead_write_ctx->cipher); } + return ret; } size_t SSL_max_seal_overhead(const SSL *ssl) { size_t ret = SSL_AEAD_CTX_max_overhead(ssl->s3->aead_write_ctx); if (SSL_is_dtls(ssl)) { ret += DTLS1_RT_HEADER_LENGTH; + } else if (ssl_uses_short_header(ssl, evp_aead_seal)) { + ret += 2; } else { ret += SSL3_RT_HEADER_LENGTH; } @@ -209,11 +235,31 @@ enum ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type, CBS *out, /* Decode the record header. */ uint8_t type; uint16_t version, ciphertext_len; - if (!CBS_get_u8(&cbs, &type) || - !CBS_get_u16(&cbs, &version) || - !CBS_get_u16(&cbs, &ciphertext_len)) { - *out_consumed = SSL3_RT_HEADER_LENGTH; - return ssl_open_record_partial; + size_t header_len; + if (ssl_uses_short_header(ssl, evp_aead_open)) { + if (!CBS_get_u16(&cbs, &ciphertext_len)) { + *out_consumed = 2; + return ssl_open_record_partial; + } + + if ((ciphertext_len & 0x8000) == 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + *out_alert = SSL_AD_DECODE_ERROR; + return ssl_open_record_error; + } + + ciphertext_len &= 0x7fff; + type = SSL3_RT_APPLICATION_DATA; + version = TLS1_VERSION; + header_len = 2; + } else { + if (!CBS_get_u8(&cbs, &type) || + !CBS_get_u16(&cbs, &version) || + !CBS_get_u16(&cbs, &ciphertext_len)) { + *out_consumed = SSL3_RT_HEADER_LENGTH; + return ssl_open_record_partial; + } + header_len = SSL3_RT_HEADER_LENGTH; } int version_ok; @@ -245,12 +291,11 @@ enum ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type, CBS *out, /* Extract the body. */ CBS body; if (!CBS_get_bytes(&cbs, &body, ciphertext_len)) { - *out_consumed = SSL3_RT_HEADER_LENGTH + (size_t)ciphertext_len; + *out_consumed = header_len + (size_t)ciphertext_len; return ssl_open_record_partial; } - ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, in, - SSL3_RT_HEADER_LENGTH); + ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, in, header_len); *out_consumed = in_len - CBS_len(&cbs); @@ -352,21 +397,32 @@ skipped_data: static int do_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, uint8_t type, const uint8_t *in, size_t in_len) { - if (max_out < SSL3_RT_HEADER_LENGTH) { + assert(!buffers_alias(in, in_len, out, max_out)); + + const int short_header = ssl_uses_short_header(ssl, evp_aead_seal); + size_t header_len = short_header ? 2 : SSL3_RT_HEADER_LENGTH; + + /* TLS 1.3 hides the actual record type inside the encrypted data. */ + if (ssl->s3->have_version && + ssl3_protocol_version(ssl) >= TLS1_3_VERSION && + ssl->s3->aead_write_ctx != NULL) { + if (in_len > in_len + header_len + 1 || max_out < in_len + header_len + 1) { + OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); + return 0; + } + + OPENSSL_memcpy(out + header_len, in, in_len); + out[header_len + in_len] = type; + in = out + header_len; + type = SSL3_RT_APPLICATION_DATA; + in_len++; + } + + if (max_out < header_len) { OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); return 0; } - /* Either |in| and |out| don't alias or |in| aligns with the - * ciphertext. |tls_seal_record| forbids aliasing, but TLS 1.3 aliases them - * internally. */ - assert(!buffers_alias(in, in_len, out, max_out) || - in == - out + SSL3_RT_HEADER_LENGTH + - SSL_AEAD_CTX_explicit_nonce_len(ssl->s3->aead_write_ctx)); - - out[0] = type; - /* The TLS record-layer version number is meaningless and, starting in * TLS 1.3, is frozen at TLS 1.0. But for historical reasons, SSL 3.0 * ClientHellos should use SSL 3.0 and pre-TLS-1.3 expects the version @@ -376,29 +432,39 @@ static int do_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, (ssl->s3->have_version && ssl3_protocol_version(ssl) < TLS1_3_VERSION)) { wire_version = ssl->version; } - out[1] = wire_version >> 8; - out[2] = wire_version & 0xff; + /* Write the non-length portions of the header. */ + if (!short_header) { + out[0] = type; + out[1] = wire_version >> 8; + out[2] = wire_version & 0xff; + out += 3; + max_out -= 3; + } + + /* Write the ciphertext, leaving two bytes for the length. */ size_t ciphertext_len; - if (!SSL_AEAD_CTX_seal(ssl->s3->aead_write_ctx, out + SSL3_RT_HEADER_LENGTH, - &ciphertext_len, max_out - SSL3_RT_HEADER_LENGTH, - type, wire_version, ssl->s3->write_sequence, in, - in_len) || + if (!SSL_AEAD_CTX_seal(ssl->s3->aead_write_ctx, out + 2, &ciphertext_len, + max_out - 2, type, wire_version, + ssl->s3->write_sequence, in, in_len) || !ssl_record_sequence_update(ssl->s3->write_sequence, 8)) { return 0; } - if (ciphertext_len >= 1 << 16) { + /* Fill in the length. */ + if (ciphertext_len >= 1 << 15) { OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); return 0; } - out[3] = ciphertext_len >> 8; - out[4] = ciphertext_len & 0xff; + out[0] = ciphertext_len >> 8; + out[1] = ciphertext_len & 0xff; + if (short_header) { + out[0] |= 0x80; + } - *out_len = SSL3_RT_HEADER_LENGTH + ciphertext_len; + *out_len = header_len + ciphertext_len; - ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, out, - SSL3_RT_HEADER_LENGTH); + ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, out, header_len); return 1; } @@ -410,25 +476,6 @@ int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, } size_t frag_len = 0; - - /* TLS 1.3 hides the actual record type inside the encrypted data. */ - if (ssl->s3->have_version && - ssl3_protocol_version(ssl) >= TLS1_3_VERSION && - ssl->s3->aead_write_ctx != NULL) { - size_t padding = SSL3_RT_HEADER_LENGTH + 1; - - if (in_len > in_len + padding || max_out < in_len + padding) { - OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); - return 0; - } - - memmove(out + SSL3_RT_HEADER_LENGTH, in, in_len); - out[SSL3_RT_HEADER_LENGTH + in_len] = type; - in = out + SSL3_RT_HEADER_LENGTH; - type = SSL3_RT_APPLICATION_DATA; - in_len++; - } - if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 && ssl_needs_record_splitting(ssl)) { if (!do_seal_record(ssl, out, &frag_len, max_out, type, in, 1)) { @@ -439,6 +486,7 @@ int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, out += frag_len; max_out -= frag_len; + assert(!ssl_uses_short_header(ssl, evp_aead_seal)); #if !defined(BORINGSSL_UNSAFE_FUZZER_MODE) assert(SSL3_RT_HEADER_LENGTH + ssl_cipher_get_record_split_len( ssl->s3->aead_write_ctx->cipher) == diff --git a/src/tool/client.cc b/src/tool/client.cc index b9f1c13b..dd3f846c 100644 --- a/src/tool/client.cc +++ b/src/tool/client.cc @@ -16,10 +16,17 @@ #include <stdio.h> +#if !defined(OPENSSL_WINDOWS) +#include <sys/select.h> +#else +#include <winsock2.h> +#endif + #include <openssl/err.h> #include <openssl/pem.h> #include <openssl/ssl.h> +#include "../crypto/internal.h" #include "internal.h" #include "transport_common.h" @@ -93,6 +100,10 @@ static const struct argument kArguments[] = { "Enable GREASE", }, { + "-resume", kBooleanArgument, + "Establish a second connection resuming the original connection.", + }, + { "", kOptionalArgument, "", }, }; @@ -122,6 +133,7 @@ static void KeyLogCallback(const SSL *ssl, const char *line) { } static bssl::UniquePtr<BIO> session_out; +static bssl::UniquePtr<SSL_SESSION> resume_session; static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { if (session_out) { @@ -132,8 +144,105 @@ static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { return 0; } } + resume_session = bssl::UniquePtr<SSL_SESSION>(session); + return 1; +} + +static bool WaitForSession(SSL *ssl, int sock) { + fd_set read_fds; + FD_ZERO(&read_fds); - return 0; + if (!SocketSetNonBlocking(sock, true)) { + return false; + } + + while (!resume_session) { + FD_SET(sock, &read_fds); + int ret = select(sock + 1, &read_fds, NULL, NULL, NULL); + if (ret <= 0) { + perror("select"); + return false; + } + + uint8_t buffer[512]; + int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer)); + + if (ssl_ret <= 0) { + int ssl_err = SSL_get_error(ssl, ssl_ret); + if (ssl_err == SSL_ERROR_WANT_READ) { + continue; + } + fprintf(stderr, "Error while reading: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + } + + return true; +} + +static bool DoConnection(SSL_CTX *ctx, + std::map<std::string, std::string> args_map, + bool (*cb)(SSL *ssl, int sock)) { + int sock = -1; + if (!Connect(&sock, args_map["-connect"])) { + return false; + } + + if (args_map.count("-starttls") != 0) { + const std::string& starttls = args_map["-starttls"]; + if (starttls == "smtp") { + if (!DoSMTPStartTLS(sock)) { + return false; + } + } else { + fprintf(stderr, "Unknown value for -starttls: %s\n", starttls.c_str()); + return false; + } + } + + bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_CLOSE)); + bssl::UniquePtr<SSL> ssl(SSL_new(ctx)); + + if (args_map.count("-server-name") != 0) { + SSL_set_tlsext_host_name(ssl.get(), args_map["-server-name"].c_str()); + } + + if (args_map.count("-session-in") != 0) { + bssl::UniquePtr<BIO> in(BIO_new_file(args_map["-session-in"].c_str(), + "rb")); + if (!in) { + fprintf(stderr, "Error reading session\n"); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + bssl::UniquePtr<SSL_SESSION> session(PEM_read_bio_SSL_SESSION(in.get(), + nullptr, nullptr, nullptr)); + if (!session) { + fprintf(stderr, "Error reading session\n"); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + SSL_set_session(ssl.get(), session.get()); + } else if (resume_session) { + SSL_set_session(ssl.get(), resume_session.get()); + } + + SSL_set_bio(ssl.get(), bio.get(), bio.get()); + bio.release(); + + int ret = SSL_connect(ssl.get()); + if (ret != 1) { + int ssl_err = SSL_get_error(ssl.get(), ret); + fprintf(stderr, "Error while connecting: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + + fprintf(stderr, "Connected.\n"); + PrintConnectionInfo(ssl.get()); + + return cb(ssl.get(), sock); } bool Client(const std::vector<std::string> &args) { @@ -217,7 +326,8 @@ bool Client(const std::vector<std::string> &args) { } wire.push_back(static_cast<uint8_t>(len)); wire.resize(wire.size() + len); - memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i, len); + OPENSSL_memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i, + len); i = j + 1; } if (SSL_CTX_set_alpn_protos(ctx.get(), wire.data(), wire.size()) != 0) { @@ -261,6 +371,9 @@ bool Client(const std::vector<std::string> &args) { } } + SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_CLIENT); + SSL_CTX_sess_set_new_cb(ctx.get(), NewSessionCallback); + if (args_map.count("-session-out") != 0) { session_out.reset(BIO_new_file(args_map["-session-out"].c_str(), "wb")); if (!session_out) { @@ -269,71 +382,16 @@ bool Client(const std::vector<std::string> &args) { ERR_print_errors_cb(PrintErrorCallback, stderr); return false; } - SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_CLIENT); - SSL_CTX_sess_set_new_cb(ctx.get(), NewSessionCallback); } if (args_map.count("-grease") != 0) { SSL_CTX_set_grease_enabled(ctx.get(), 1); } - int sock = -1; - if (!Connect(&sock, args_map["-connect"])) { - return false; - } - - if (args_map.count("-starttls") != 0) { - const std::string& starttls = args_map["-starttls"]; - if (starttls == "smtp") { - if (!DoSMTPStartTLS(sock)) { - return false; - } - } else { - fprintf(stderr, "Unknown value for -starttls: %s\n", starttls.c_str()); - return false; - } - } - - bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_CLOSE)); - bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get())); - - if (args_map.count("-server-name") != 0) { - SSL_set_tlsext_host_name(ssl.get(), args_map["-server-name"].c_str()); - } - - if (args_map.count("-session-in") != 0) { - bssl::UniquePtr<BIO> in(BIO_new_file(args_map["-session-in"].c_str(), - "rb")); - if (!in) { - fprintf(stderr, "Error reading session\n"); - ERR_print_errors_cb(PrintErrorCallback, stderr); - return false; - } - bssl::UniquePtr<SSL_SESSION> session(PEM_read_bio_SSL_SESSION(in.get(), - nullptr, nullptr, nullptr)); - if (!session) { - fprintf(stderr, "Error reading session\n"); - ERR_print_errors_cb(PrintErrorCallback, stderr); - return false; - } - SSL_set_session(ssl.get(), session.get()); - } - - SSL_set_bio(ssl.get(), bio.get(), bio.get()); - bio.release(); - - int ret = SSL_connect(ssl.get()); - if (ret != 1) { - int ssl_err = SSL_get_error(ssl.get(), ret); - fprintf(stderr, "Error while connecting: %d\n", ssl_err); - ERR_print_errors_cb(PrintErrorCallback, stderr); + if (args_map.count("-resume") != 0 && + !DoConnection(ctx.get(), args_map, &WaitForSession)) { return false; } - fprintf(stderr, "Connected.\n"); - PrintConnectionInfo(ssl.get()); - - bool ok = TransferData(ssl.get(), sock); - - return ok; + return DoConnection(ctx.get(), args_map, &TransferData); } diff --git a/src/tool/pkcs12.cc b/src/tool/pkcs12.cc index 7fd6f131..a8ddb0e0 100644 --- a/src/tool/pkcs12.cc +++ b/src/tool/pkcs12.cc @@ -36,6 +36,7 @@ #include <openssl/pkcs8.h> #include <openssl/stack.h> +#include "../crypto/internal.h" #include "internal.h" @@ -106,11 +107,11 @@ bool DoPKCS12(const std::vector<std::string> &args) { if (n >= 0) { off += static_cast<size_t>(n); } - } while ((n > 0 && memchr(password, '\n', off) == NULL && + } while ((n > 0 && OPENSSL_memchr(password, '\n', off) == NULL && off < sizeof(password) - 1) || (n == -1 && errno == EINTR)); - char *newline = reinterpret_cast<char*>(memchr(password, '\n', off)); + char *newline = reinterpret_cast<char *>(OPENSSL_memchr(password, '\n', off)); if (newline == NULL) { return false; } diff --git a/src/tool/server.cc b/src/tool/server.cc index a049422e..94abbbd9 100644 --- a/src/tool/server.cc +++ b/src/tool/server.cc @@ -24,33 +24,37 @@ static const struct argument kArguments[] = { { - "-accept", kRequiredArgument, - "The port of the server to bind on; eg 45102", + "-accept", kRequiredArgument, + "The port of the server to bind on; eg 45102", }, { - "-cipher", kOptionalArgument, - "An OpenSSL-style cipher suite string that configures the offered ciphers", + "-cipher", kOptionalArgument, + "An OpenSSL-style cipher suite string that configures the offered " + "ciphers", }, { - "-max-version", kOptionalArgument, - "The maximum acceptable protocol version", + "-max-version", kOptionalArgument, + "The maximum acceptable protocol version", }, { - "-min-version", kOptionalArgument, - "The minimum acceptable protocol version", + "-min-version", kOptionalArgument, + "The minimum acceptable protocol version", }, { - "-key", kOptionalArgument, - "PEM-encoded file containing the private key, leaf certificate and " - "optional certificate chain. A self-signed certificate is generated " - "at runtime if this argument is not provided.", + "-key", kOptionalArgument, + "PEM-encoded file containing the private key, leaf certificate and " + "optional certificate chain. A self-signed certificate is generated " + "at runtime if this argument is not provided.", }, { - "-ocsp-response", kOptionalArgument, - "OCSP response file to send", + "-ocsp-response", kOptionalArgument, "OCSP response file to send", }, { - "", kOptionalArgument, "", + "-loop", kBooleanArgument, + "The server will continue accepting new sequential connections.", + }, + { + "", kOptionalArgument, "", }, }; @@ -219,25 +223,30 @@ bool Server(const std::vector<std::string> &args) { return false; } - int sock = -1; - if (!Accept(&sock, args_map["-accept"])) { - return false; - } + bool result = true; + do { + int sock = -1; + if (!Accept(&sock, args_map["-accept"])) { + return false; + } - BIO *bio = BIO_new_socket(sock, BIO_CLOSE); - bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get())); - SSL_set_bio(ssl.get(), bio, bio); + BIO *bio = BIO_new_socket(sock, BIO_CLOSE); + bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get())); + SSL_set_bio(ssl.get(), bio, bio); - int ret = SSL_accept(ssl.get()); - if (ret != 1) { - int ssl_err = SSL_get_error(ssl.get(), ret); - fprintf(stderr, "Error while connecting: %d\n", ssl_err); - ERR_print_errors_cb(PrintErrorCallback, stderr); - return false; - } + int ret = SSL_accept(ssl.get()); + if (ret != 1) { + int ssl_err = SSL_get_error(ssl.get(), ret); + fprintf(stderr, "Error while connecting: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + + fprintf(stderr, "Connected.\n"); + PrintConnectionInfo(ssl.get()); - fprintf(stderr, "Connected.\n"); - PrintConnectionInfo(ssl.get()); + result = TransferData(ssl.get(), sock); + } while (result && args_map.count("-loop") != 0); - return TransferData(ssl.get(), sock); + return result; } diff --git a/src/tool/speed.cc b/src/tool/speed.cc index ad2ce95a..52708c07 100644 --- a/src/tool/speed.cc +++ b/src/tool/speed.cc @@ -43,6 +43,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #include <time.h> #endif +#include "../crypto/internal.h" #include "internal.h" @@ -208,18 +209,18 @@ static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, const size_t overhead_len = EVP_AEAD_max_overhead(aead); std::unique_ptr<uint8_t[]> key(new uint8_t[key_len]); - memset(key.get(), 0, key_len); + OPENSSL_memset(key.get(), 0, key_len); std::unique_ptr<uint8_t[]> nonce(new uint8_t[nonce_len]); - memset(nonce.get(), 0, nonce_len); + OPENSSL_memset(nonce.get(), 0, nonce_len); std::unique_ptr<uint8_t[]> in_storage(new uint8_t[chunk_len + kAlignment]); std::unique_ptr<uint8_t[]> out_storage(new uint8_t[chunk_len + overhead_len + kAlignment]); std::unique_ptr<uint8_t[]> ad(new uint8_t[ad_len]); - memset(ad.get(), 0, ad_len); + OPENSSL_memset(ad.get(), 0, ad_len); uint8_t *const in = align(in_storage.get(), kAlignment); - memset(in, 0, chunk_len); + OPENSSL_memset(in, 0, chunk_len); uint8_t *const out = align(out_storage.get(), kAlignment); - memset(out, 0, chunk_len + overhead_len); + OPENSSL_memset(out, 0, chunk_len + overhead_len); if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.get(), key_len, EVP_AEAD_DEFAULT_TAG_LENGTH, @@ -381,7 +382,7 @@ static bool SpeedECDSACurve(const std::string &name, int nid, return false; } uint8_t digest[20]; - memset(digest, 42, sizeof(digest)); + OPENSSL_memset(digest, 42, sizeof(digest)); unsigned sig_len; TimeResults results; @@ -462,7 +463,7 @@ static bool Speed25519(const std::string &selected) { if (!TimeFunction(&results, []() -> bool { uint8_t out[32], in[32]; - memset(in, 0, sizeof(in)); + OPENSSL_memset(in, 0, sizeof(in)); X25519_public_from_private(out, in); return true; })) { @@ -474,8 +475,8 @@ static bool Speed25519(const std::string &selected) { if (!TimeFunction(&results, []() -> bool { uint8_t out[32], in1[32], in2[32]; - memset(in1, 0, sizeof(in1)); - memset(in2, 0, sizeof(in2)); + OPENSSL_memset(in1, 0, sizeof(in1)); + OPENSSL_memset(in2, 0, sizeof(in2)); in1[0] = 1; in2[0] = 9; return X25519(out, in1, in2) == 1; diff --git a/src/tool/transport_common.cc b/src/tool/transport_common.cc index 0fee377e..cd3e0d69 100644 --- a/src/tool/transport_common.cc +++ b/src/tool/transport_common.cc @@ -47,6 +47,7 @@ OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) #include <openssl/ssl.h> #include <openssl/x509.h> +#include "../crypto/internal.h" #include "internal.h" #include "transport_common.h" @@ -98,7 +99,7 @@ bool Connect(int *out_sock, const std::string &hostname_and_port) { } struct addrinfo hint, *result; - memset(&hint, 0, sizeof(hint)); + OPENSSL_memset(&hint, 0, sizeof(hint)); hint.ai_family = AF_UNSPEC; hint.ai_socktype = SOCK_STREAM; @@ -151,13 +152,18 @@ out: bool Accept(int *out_sock, const std::string &port) { struct sockaddr_in6 addr, cli_addr; socklen_t cli_addr_len = sizeof(cli_addr); - memset(&addr, 0, sizeof(addr)); + OPENSSL_memset(&addr, 0, sizeof(addr)); addr.sin6_family = AF_INET6; addr.sin6_addr = IN6ADDR_ANY_INIT; addr.sin6_port = htons(atoi(port.c_str())); bool ok = false; +#if defined(OPENSSL_WINDOWS) + const BOOL enable = TRUE; +#else + const int enable = 1; +#endif int server_sock = -1; server_sock = @@ -167,6 +173,12 @@ bool Accept(int *out_sock, const std::string &port) { goto out; } + if (setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, (const char *)&enable, + sizeof(enable)) < 0) { + perror("setsockopt"); + goto out; + } + if (bind(server_sock, (struct sockaddr*)&addr, sizeof(addr)) != 0) { perror("connect"); goto out; @@ -434,7 +446,7 @@ class SocketLineReader { out_line->assign(buf_, length); buf_len_ -= i + 1; - memmove(buf_, &buf_[i + 1], buf_len_); + OPENSSL_memmove(buf_, &buf_[i + 1], buf_len_); return true; } diff --git a/src/util/generate-coverage.sh b/src/util/generate-coverage.sh index edd2edb2..e16a9a44 100755 --- a/src/util/generate-coverage.sh +++ b/src/util/generate-coverage.sh @@ -27,8 +27,7 @@ if [ -n "$1" ]; then fi cd "$BUILD" -cmake "$SRC" -GNinja -DCMAKE_C_FLAGS='-fprofile-arcs -ftest-coverage' \ - -DCMAKE_CXX_FLAGS='-fprofile-arcs -ftest-coverage' +cmake "$SRC" -GNinja -DGCOV=1 ninja cp -r "$SRC/crypto" "$SRC/decrepit" "$SRC/include" "$SRC/ssl" "$SRC/tool" \ diff --git a/win-x86_64/crypto/bn/rsaz-x86_64.asm b/win-x86_64/crypto/bn/rsaz-x86_64.asm deleted file mode 100644 index 72ec5052..00000000 --- a/win-x86_64/crypto/bn/rsaz-x86_64.asm +++ /dev/null @@ -1,1495 +0,0 @@ -default rel -%define XMMWORD -%define YMMWORD -%define ZMMWORD -section .text code align=64 - - -EXTERN OPENSSL_ia32cap_P - -global rsaz_512_sqr - -ALIGN 32 -rsaz_512_sqr: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_rsaz_512_sqr: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - - - push rbx - push rbp - push r12 - push r13 - push r14 - push r15 - - sub rsp,128+24 -$L$sqr_body: - mov rbp,rdx - mov rdx,QWORD[rsi] - mov rax,QWORD[8+rsi] - mov QWORD[128+rsp],rcx - jmp NEAR $L$oop_sqr - -ALIGN 32 -$L$oop_sqr: - mov DWORD[((128+8))+rsp],r8d - - mov rbx,rdx - mul rdx - mov r8,rax - mov rax,QWORD[16+rsi] - mov r9,rdx - - mul rbx - add r9,rax - mov rax,QWORD[24+rsi] - mov r10,rdx - adc r10,0 - - mul rbx - add r10,rax - mov rax,QWORD[32+rsi] - mov r11,rdx - adc r11,0 - - mul rbx - add r11,rax - mov rax,QWORD[40+rsi] - mov r12,rdx - adc r12,0 - - mul rbx - add r12,rax - mov rax,QWORD[48+rsi] - mov r13,rdx - adc r13,0 - - mul rbx - add r13,rax - mov rax,QWORD[56+rsi] - mov r14,rdx - adc r14,0 - - mul rbx - add r14,rax - mov rax,rbx - mov r15,rdx - adc r15,0 - - add r8,r8 - mov rcx,r9 - adc r9,r9 - - mul rax - mov QWORD[rsp],rax - add r8,rdx - adc r9,0 - - mov QWORD[8+rsp],r8 - shr rcx,63 - - - mov r8,QWORD[8+rsi] - mov rax,QWORD[16+rsi] - mul r8 - add r10,rax - mov rax,QWORD[24+rsi] - mov rbx,rdx - adc rbx,0 - - mul r8 - add r11,rax - mov rax,QWORD[32+rsi] - adc rdx,0 - add r11,rbx - mov rbx,rdx - adc rbx,0 - - mul r8 - add r12,rax - mov rax,QWORD[40+rsi] - adc rdx,0 - add r12,rbx - mov rbx,rdx - adc rbx,0 - - mul r8 - add r13,rax - mov rax,QWORD[48+rsi] - adc rdx,0 - add r13,rbx - mov rbx,rdx - adc rbx,0 - - mul r8 - add r14,rax - mov rax,QWORD[56+rsi] - adc rdx,0 - add r14,rbx - mov rbx,rdx - adc rbx,0 - - mul r8 - add r15,rax - mov rax,r8 - adc rdx,0 - add r15,rbx - mov r8,rdx - mov rdx,r10 - adc r8,0 - - add rdx,rdx - lea r10,[r10*2+rcx] - mov rbx,r11 - adc r11,r11 - - mul rax - add r9,rax - adc r10,rdx - adc r11,0 - - mov QWORD[16+rsp],r9 - mov QWORD[24+rsp],r10 - shr rbx,63 - - - mov r9,QWORD[16+rsi] - mov rax,QWORD[24+rsi] - mul r9 - add r12,rax - mov rax,QWORD[32+rsi] - mov rcx,rdx - adc rcx,0 - - mul r9 - add r13,rax - mov rax,QWORD[40+rsi] - adc rdx,0 - add r13,rcx - mov rcx,rdx - adc rcx,0 - - mul r9 - add r14,rax - mov rax,QWORD[48+rsi] - adc rdx,0 - add r14,rcx - mov rcx,rdx - adc rcx,0 - - mul r9 - mov r10,r12 - lea r12,[r12*2+rbx] - add r15,rax - mov rax,QWORD[56+rsi] - adc rdx,0 - add r15,rcx - mov rcx,rdx - adc rcx,0 - - mul r9 - shr r10,63 - add r8,rax - mov rax,r9 - adc rdx,0 - add r8,rcx - mov r9,rdx - adc r9,0 - - mov rcx,r13 - lea r13,[r13*2+r10] - - mul rax - add r11,rax - adc r12,rdx - adc r13,0 - - mov QWORD[32+rsp],r11 - mov QWORD[40+rsp],r12 - shr rcx,63 - - - mov r10,QWORD[24+rsi] - mov rax,QWORD[32+rsi] - mul r10 - add r14,rax - mov rax,QWORD[40+rsi] - mov rbx,rdx - adc rbx,0 - - mul r10 - add r15,rax - mov rax,QWORD[48+rsi] - adc rdx,0 - add r15,rbx - mov rbx,rdx - adc rbx,0 - - mul r10 - mov r12,r14 - lea r14,[r14*2+rcx] - add r8,rax - mov rax,QWORD[56+rsi] - adc rdx,0 - add r8,rbx - mov rbx,rdx - adc rbx,0 - - mul r10 - shr r12,63 - add r9,rax - mov rax,r10 - adc rdx,0 - add r9,rbx - mov r10,rdx - adc r10,0 - - mov rbx,r15 - lea r15,[r15*2+r12] - - mul rax - add r13,rax - adc r14,rdx - adc r15,0 - - mov QWORD[48+rsp],r13 - mov QWORD[56+rsp],r14 - shr rbx,63 - - - mov r11,QWORD[32+rsi] - mov rax,QWORD[40+rsi] - mul r11 - add r8,rax - mov rax,QWORD[48+rsi] - mov rcx,rdx - adc rcx,0 - - mul r11 - add r9,rax - mov rax,QWORD[56+rsi] - adc rdx,0 - mov r12,r8 - lea r8,[r8*2+rbx] - add r9,rcx - mov rcx,rdx - adc rcx,0 - - mul r11 - shr r12,63 - add r10,rax - mov rax,r11 - adc rdx,0 - add r10,rcx - mov r11,rdx - adc r11,0 - - mov rcx,r9 - lea r9,[r9*2+r12] - - mul rax - add r15,rax - adc r8,rdx - adc r9,0 - - mov QWORD[64+rsp],r15 - mov QWORD[72+rsp],r8 - shr rcx,63 - - - mov r12,QWORD[40+rsi] - mov rax,QWORD[48+rsi] - mul r12 - add r10,rax - mov rax,QWORD[56+rsi] - mov rbx,rdx - adc rbx,0 - - mul r12 - add r11,rax - mov rax,r12 - mov r15,r10 - lea r10,[r10*2+rcx] - adc rdx,0 - shr r15,63 - add r11,rbx - mov r12,rdx - adc r12,0 - - mov rbx,r11 - lea r11,[r11*2+r15] - - mul rax - add r9,rax - adc r10,rdx - adc r11,0 - - mov QWORD[80+rsp],r9 - mov QWORD[88+rsp],r10 - - - mov r13,QWORD[48+rsi] - mov rax,QWORD[56+rsi] - mul r13 - add r12,rax - mov rax,r13 - mov r13,rdx - adc r13,0 - - xor r14,r14 - shl rbx,1 - adc r12,r12 - adc r13,r13 - adc r14,r14 - - mul rax - add r11,rax - adc r12,rdx - adc r13,0 - - mov QWORD[96+rsp],r11 - mov QWORD[104+rsp],r12 - - - mov rax,QWORD[56+rsi] - mul rax - add r13,rax - adc rdx,0 - - add r14,rdx - - mov QWORD[112+rsp],r13 - mov QWORD[120+rsp],r14 - - mov r8,QWORD[rsp] - mov r9,QWORD[8+rsp] - mov r10,QWORD[16+rsp] - mov r11,QWORD[24+rsp] - mov r12,QWORD[32+rsp] - mov r13,QWORD[40+rsp] - mov r14,QWORD[48+rsp] - mov r15,QWORD[56+rsp] - - call __rsaz_512_reduce - - add r8,QWORD[64+rsp] - adc r9,QWORD[72+rsp] - adc r10,QWORD[80+rsp] - adc r11,QWORD[88+rsp] - adc r12,QWORD[96+rsp] - adc r13,QWORD[104+rsp] - adc r14,QWORD[112+rsp] - adc r15,QWORD[120+rsp] - sbb rcx,rcx - - call __rsaz_512_subtract - - mov rdx,r8 - mov rax,r9 - mov r8d,DWORD[((128+8))+rsp] - mov rsi,rdi - - dec r8d - jnz NEAR $L$oop_sqr - - lea rax,[((128+24+48))+rsp] - mov r15,QWORD[((-48))+rax] - mov r14,QWORD[((-40))+rax] - mov r13,QWORD[((-32))+rax] - mov r12,QWORD[((-24))+rax] - mov rbp,QWORD[((-16))+rax] - mov rbx,QWORD[((-8))+rax] - lea rsp,[rax] -$L$sqr_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_sqr: -global rsaz_512_mul - -ALIGN 32 -rsaz_512_mul: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_rsaz_512_mul: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - - - push rbx - push rbp - push r12 - push r13 - push r14 - push r15 - - sub rsp,128+24 -$L$mul_body: -DB 102,72,15,110,199 -DB 102,72,15,110,201 - mov QWORD[128+rsp],r8 - mov rbx,QWORD[rdx] - mov rbp,rdx - call __rsaz_512_mul - -DB 102,72,15,126,199 -DB 102,72,15,126,205 - - mov r8,QWORD[rsp] - mov r9,QWORD[8+rsp] - mov r10,QWORD[16+rsp] - mov r11,QWORD[24+rsp] - mov r12,QWORD[32+rsp] - mov r13,QWORD[40+rsp] - mov r14,QWORD[48+rsp] - mov r15,QWORD[56+rsp] - - call __rsaz_512_reduce - add r8,QWORD[64+rsp] - adc r9,QWORD[72+rsp] - adc r10,QWORD[80+rsp] - adc r11,QWORD[88+rsp] - adc r12,QWORD[96+rsp] - adc r13,QWORD[104+rsp] - adc r14,QWORD[112+rsp] - adc r15,QWORD[120+rsp] - sbb rcx,rcx - - call __rsaz_512_subtract - - lea rax,[((128+24+48))+rsp] - mov r15,QWORD[((-48))+rax] - mov r14,QWORD[((-40))+rax] - mov r13,QWORD[((-32))+rax] - mov r12,QWORD[((-24))+rax] - mov rbp,QWORD[((-16))+rax] - mov rbx,QWORD[((-8))+rax] - lea rsp,[rax] -$L$mul_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul: -global rsaz_512_mul_gather4 - -ALIGN 32 -rsaz_512_mul_gather4: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_rsaz_512_mul_gather4: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - push rbx - push rbp - push r12 - push r13 - push r14 - push r15 - - sub rsp,328 - movaps XMMWORD[160+rsp],xmm6 - movaps XMMWORD[176+rsp],xmm7 - movaps XMMWORD[192+rsp],xmm8 - movaps XMMWORD[208+rsp],xmm9 - movaps XMMWORD[224+rsp],xmm10 - movaps XMMWORD[240+rsp],xmm11 - movaps XMMWORD[256+rsp],xmm12 - movaps XMMWORD[272+rsp],xmm13 - movaps XMMWORD[288+rsp],xmm14 - movaps XMMWORD[304+rsp],xmm15 -$L$mul_gather4_body: - movd xmm8,r9d - movdqa xmm1,XMMWORD[(($L$inc+16))] - movdqa xmm0,XMMWORD[$L$inc] - - pshufd xmm8,xmm8,0 - movdqa xmm7,xmm1 - movdqa xmm2,xmm1 - paddd xmm1,xmm0 - pcmpeqd xmm0,xmm8 - movdqa xmm3,xmm7 - paddd xmm2,xmm1 - pcmpeqd xmm1,xmm8 - movdqa xmm4,xmm7 - paddd xmm3,xmm2 - pcmpeqd xmm2,xmm8 - movdqa xmm5,xmm7 - paddd xmm4,xmm3 - pcmpeqd xmm3,xmm8 - movdqa xmm6,xmm7 - paddd xmm5,xmm4 - pcmpeqd xmm4,xmm8 - paddd xmm6,xmm5 - pcmpeqd xmm5,xmm8 - paddd xmm7,xmm6 - pcmpeqd xmm6,xmm8 - pcmpeqd xmm7,xmm8 - - movdqa xmm8,XMMWORD[rdx] - movdqa xmm9,XMMWORD[16+rdx] - movdqa xmm10,XMMWORD[32+rdx] - movdqa xmm11,XMMWORD[48+rdx] - pand xmm8,xmm0 - movdqa xmm12,XMMWORD[64+rdx] - pand xmm9,xmm1 - movdqa xmm13,XMMWORD[80+rdx] - pand xmm10,xmm2 - movdqa xmm14,XMMWORD[96+rdx] - pand xmm11,xmm3 - movdqa xmm15,XMMWORD[112+rdx] - lea rbp,[128+rdx] - pand xmm12,xmm4 - pand xmm13,xmm5 - pand xmm14,xmm6 - pand xmm15,xmm7 - por xmm8,xmm10 - por xmm9,xmm11 - por xmm8,xmm12 - por xmm9,xmm13 - por xmm8,xmm14 - por xmm9,xmm15 - - por xmm8,xmm9 - pshufd xmm9,xmm8,0x4e - por xmm8,xmm9 -DB 102,76,15,126,195 - - mov QWORD[128+rsp],r8 - mov QWORD[((128+8))+rsp],rdi - mov QWORD[((128+16))+rsp],rcx - - mov rax,QWORD[rsi] - mov rcx,QWORD[8+rsi] - mul rbx - mov QWORD[rsp],rax - mov rax,rcx - mov r8,rdx - - mul rbx - add r8,rax - mov rax,QWORD[16+rsi] - mov r9,rdx - adc r9,0 - - mul rbx - add r9,rax - mov rax,QWORD[24+rsi] - mov r10,rdx - adc r10,0 - - mul rbx - add r10,rax - mov rax,QWORD[32+rsi] - mov r11,rdx - adc r11,0 - - mul rbx - add r11,rax - mov rax,QWORD[40+rsi] - mov r12,rdx - adc r12,0 - - mul rbx - add r12,rax - mov rax,QWORD[48+rsi] - mov r13,rdx - adc r13,0 - - mul rbx - add r13,rax - mov rax,QWORD[56+rsi] - mov r14,rdx - adc r14,0 - - mul rbx - add r14,rax - mov rax,QWORD[rsi] - mov r15,rdx - adc r15,0 - - lea rdi,[8+rsp] - mov ecx,7 - jmp NEAR $L$oop_mul_gather - -ALIGN 32 -$L$oop_mul_gather: - movdqa xmm8,XMMWORD[rbp] - movdqa xmm9,XMMWORD[16+rbp] - movdqa xmm10,XMMWORD[32+rbp] - movdqa xmm11,XMMWORD[48+rbp] - pand xmm8,xmm0 - movdqa xmm12,XMMWORD[64+rbp] - pand xmm9,xmm1 - movdqa xmm13,XMMWORD[80+rbp] - pand xmm10,xmm2 - movdqa xmm14,XMMWORD[96+rbp] - pand xmm11,xmm3 - movdqa xmm15,XMMWORD[112+rbp] - lea rbp,[128+rbp] - pand xmm12,xmm4 - pand xmm13,xmm5 - pand xmm14,xmm6 - pand xmm15,xmm7 - por xmm8,xmm10 - por xmm9,xmm11 - por xmm8,xmm12 - por xmm9,xmm13 - por xmm8,xmm14 - por xmm9,xmm15 - - por xmm8,xmm9 - pshufd xmm9,xmm8,0x4e - por xmm8,xmm9 -DB 102,76,15,126,195 - - mul rbx - add r8,rax - mov rax,QWORD[8+rsi] - mov QWORD[rdi],r8 - mov r8,rdx - adc r8,0 - - mul rbx - add r9,rax - mov rax,QWORD[16+rsi] - adc rdx,0 - add r8,r9 - mov r9,rdx - adc r9,0 - - mul rbx - add r10,rax - mov rax,QWORD[24+rsi] - adc rdx,0 - add r9,r10 - mov r10,rdx - adc r10,0 - - mul rbx - add r11,rax - mov rax,QWORD[32+rsi] - adc rdx,0 - add r10,r11 - mov r11,rdx - adc r11,0 - - mul rbx - add r12,rax - mov rax,QWORD[40+rsi] - adc rdx,0 - add r11,r12 - mov r12,rdx - adc r12,0 - - mul rbx - add r13,rax - mov rax,QWORD[48+rsi] - adc rdx,0 - add r12,r13 - mov r13,rdx - adc r13,0 - - mul rbx - add r14,rax - mov rax,QWORD[56+rsi] - adc rdx,0 - add r13,r14 - mov r14,rdx - adc r14,0 - - mul rbx - add r15,rax - mov rax,QWORD[rsi] - adc rdx,0 - add r14,r15 - mov r15,rdx - adc r15,0 - - lea rdi,[8+rdi] - - dec ecx - jnz NEAR $L$oop_mul_gather - - mov QWORD[rdi],r8 - mov QWORD[8+rdi],r9 - mov QWORD[16+rdi],r10 - mov QWORD[24+rdi],r11 - mov QWORD[32+rdi],r12 - mov QWORD[40+rdi],r13 - mov QWORD[48+rdi],r14 - mov QWORD[56+rdi],r15 - - mov rdi,QWORD[((128+8))+rsp] - mov rbp,QWORD[((128+16))+rsp] - - mov r8,QWORD[rsp] - mov r9,QWORD[8+rsp] - mov r10,QWORD[16+rsp] - mov r11,QWORD[24+rsp] - mov r12,QWORD[32+rsp] - mov r13,QWORD[40+rsp] - mov r14,QWORD[48+rsp] - mov r15,QWORD[56+rsp] - - call __rsaz_512_reduce - add r8,QWORD[64+rsp] - adc r9,QWORD[72+rsp] - adc r10,QWORD[80+rsp] - adc r11,QWORD[88+rsp] - adc r12,QWORD[96+rsp] - adc r13,QWORD[104+rsp] - adc r14,QWORD[112+rsp] - adc r15,QWORD[120+rsp] - sbb rcx,rcx - - call __rsaz_512_subtract - - lea rax,[((128+24+48))+rsp] - movaps xmm6,XMMWORD[((160-200))+rax] - movaps xmm7,XMMWORD[((176-200))+rax] - movaps xmm8,XMMWORD[((192-200))+rax] - movaps xmm9,XMMWORD[((208-200))+rax] - movaps xmm10,XMMWORD[((224-200))+rax] - movaps xmm11,XMMWORD[((240-200))+rax] - movaps xmm12,XMMWORD[((256-200))+rax] - movaps xmm13,XMMWORD[((272-200))+rax] - movaps xmm14,XMMWORD[((288-200))+rax] - movaps xmm15,XMMWORD[((304-200))+rax] - lea rax,[176+rax] - mov r15,QWORD[((-48))+rax] - mov r14,QWORD[((-40))+rax] - mov r13,QWORD[((-32))+rax] - mov r12,QWORD[((-24))+rax] - mov rbp,QWORD[((-16))+rax] - mov rbx,QWORD[((-8))+rax] - lea rsp,[rax] -$L$mul_gather4_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul_gather4: -global rsaz_512_mul_scatter4 - -ALIGN 32 -rsaz_512_mul_scatter4: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_rsaz_512_mul_scatter4: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - push rbx - push rbp - push r12 - push r13 - push r14 - push r15 - - mov r9d,r9d - sub rsp,128+24 -$L$mul_scatter4_body: - lea r8,[r9*8+r8] -DB 102,72,15,110,199 -DB 102,72,15,110,202 -DB 102,73,15,110,208 - mov QWORD[128+rsp],rcx - - mov rbp,rdi - mov rbx,QWORD[rdi] - call __rsaz_512_mul - -DB 102,72,15,126,199 -DB 102,72,15,126,205 - - mov r8,QWORD[rsp] - mov r9,QWORD[8+rsp] - mov r10,QWORD[16+rsp] - mov r11,QWORD[24+rsp] - mov r12,QWORD[32+rsp] - mov r13,QWORD[40+rsp] - mov r14,QWORD[48+rsp] - mov r15,QWORD[56+rsp] - - call __rsaz_512_reduce - add r8,QWORD[64+rsp] - adc r9,QWORD[72+rsp] - adc r10,QWORD[80+rsp] - adc r11,QWORD[88+rsp] - adc r12,QWORD[96+rsp] - adc r13,QWORD[104+rsp] - adc r14,QWORD[112+rsp] - adc r15,QWORD[120+rsp] -DB 102,72,15,126,214 - sbb rcx,rcx - - call __rsaz_512_subtract - - mov QWORD[rsi],r8 - mov QWORD[128+rsi],r9 - mov QWORD[256+rsi],r10 - mov QWORD[384+rsi],r11 - mov QWORD[512+rsi],r12 - mov QWORD[640+rsi],r13 - mov QWORD[768+rsi],r14 - mov QWORD[896+rsi],r15 - - lea rax,[((128+24+48))+rsp] - mov r15,QWORD[((-48))+rax] - mov r14,QWORD[((-40))+rax] - mov r13,QWORD[((-32))+rax] - mov r12,QWORD[((-24))+rax] - mov rbp,QWORD[((-16))+rax] - mov rbx,QWORD[((-8))+rax] - lea rsp,[rax] -$L$mul_scatter4_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul_scatter4: -global rsaz_512_mul_by_one - -ALIGN 32 -rsaz_512_mul_by_one: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_rsaz_512_mul_by_one: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - - - push rbx - push rbp - push r12 - push r13 - push r14 - push r15 - - sub rsp,128+24 -$L$mul_by_one_body: - mov rbp,rdx - mov QWORD[128+rsp],rcx - - mov r8,QWORD[rsi] - pxor xmm0,xmm0 - mov r9,QWORD[8+rsi] - mov r10,QWORD[16+rsi] - mov r11,QWORD[24+rsi] - mov r12,QWORD[32+rsi] - mov r13,QWORD[40+rsi] - mov r14,QWORD[48+rsi] - mov r15,QWORD[56+rsi] - - movdqa XMMWORD[rsp],xmm0 - movdqa XMMWORD[16+rsp],xmm0 - movdqa XMMWORD[32+rsp],xmm0 - movdqa XMMWORD[48+rsp],xmm0 - movdqa XMMWORD[64+rsp],xmm0 - movdqa XMMWORD[80+rsp],xmm0 - movdqa XMMWORD[96+rsp],xmm0 - call __rsaz_512_reduce - mov QWORD[rdi],r8 - mov QWORD[8+rdi],r9 - mov QWORD[16+rdi],r10 - mov QWORD[24+rdi],r11 - mov QWORD[32+rdi],r12 - mov QWORD[40+rdi],r13 - mov QWORD[48+rdi],r14 - mov QWORD[56+rdi],r15 - - lea rax,[((128+24+48))+rsp] - mov r15,QWORD[((-48))+rax] - mov r14,QWORD[((-40))+rax] - mov r13,QWORD[((-32))+rax] - mov r12,QWORD[((-24))+rax] - mov rbp,QWORD[((-16))+rax] - mov rbx,QWORD[((-8))+rax] - lea rsp,[rax] -$L$mul_by_one_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_mul_by_one: - -ALIGN 32 -__rsaz_512_reduce: - mov rbx,r8 - imul rbx,QWORD[((128+8))+rsp] - mov rax,QWORD[rbp] - mov ecx,8 - jmp NEAR $L$reduction_loop - -ALIGN 32 -$L$reduction_loop: - mul rbx - mov rax,QWORD[8+rbp] - neg r8 - mov r8,rdx - adc r8,0 - - mul rbx - add r9,rax - mov rax,QWORD[16+rbp] - adc rdx,0 - add r8,r9 - mov r9,rdx - adc r9,0 - - mul rbx - add r10,rax - mov rax,QWORD[24+rbp] - adc rdx,0 - add r9,r10 - mov r10,rdx - adc r10,0 - - mul rbx - add r11,rax - mov rax,QWORD[32+rbp] - adc rdx,0 - add r10,r11 - mov rsi,QWORD[((128+8))+rsp] - - - adc rdx,0 - mov r11,rdx - - mul rbx - add r12,rax - mov rax,QWORD[40+rbp] - adc rdx,0 - imul rsi,r8 - add r11,r12 - mov r12,rdx - adc r12,0 - - mul rbx - add r13,rax - mov rax,QWORD[48+rbp] - adc rdx,0 - add r12,r13 - mov r13,rdx - adc r13,0 - - mul rbx - add r14,rax - mov rax,QWORD[56+rbp] - adc rdx,0 - add r13,r14 - mov r14,rdx - adc r14,0 - - mul rbx - mov rbx,rsi - add r15,rax - mov rax,QWORD[rbp] - adc rdx,0 - add r14,r15 - mov r15,rdx - adc r15,0 - - dec ecx - jne NEAR $L$reduction_loop - - DB 0F3h,0C3h ;repret - - -ALIGN 32 -__rsaz_512_subtract: - mov QWORD[rdi],r8 - mov QWORD[8+rdi],r9 - mov QWORD[16+rdi],r10 - mov QWORD[24+rdi],r11 - mov QWORD[32+rdi],r12 - mov QWORD[40+rdi],r13 - mov QWORD[48+rdi],r14 - mov QWORD[56+rdi],r15 - - mov r8,QWORD[rbp] - mov r9,QWORD[8+rbp] - neg r8 - not r9 - and r8,rcx - mov r10,QWORD[16+rbp] - and r9,rcx - not r10 - mov r11,QWORD[24+rbp] - and r10,rcx - not r11 - mov r12,QWORD[32+rbp] - and r11,rcx - not r12 - mov r13,QWORD[40+rbp] - and r12,rcx - not r13 - mov r14,QWORD[48+rbp] - and r13,rcx - not r14 - mov r15,QWORD[56+rbp] - and r14,rcx - not r15 - and r15,rcx - - add r8,QWORD[rdi] - adc r9,QWORD[8+rdi] - adc r10,QWORD[16+rdi] - adc r11,QWORD[24+rdi] - adc r12,QWORD[32+rdi] - adc r13,QWORD[40+rdi] - adc r14,QWORD[48+rdi] - adc r15,QWORD[56+rdi] - - mov QWORD[rdi],r8 - mov QWORD[8+rdi],r9 - mov QWORD[16+rdi],r10 - mov QWORD[24+rdi],r11 - mov QWORD[32+rdi],r12 - mov QWORD[40+rdi],r13 - mov QWORD[48+rdi],r14 - mov QWORD[56+rdi],r15 - - DB 0F3h,0C3h ;repret - - -ALIGN 32 -__rsaz_512_mul: - lea rdi,[8+rsp] - - mov rax,QWORD[rsi] - mul rbx - mov QWORD[rdi],rax - mov rax,QWORD[8+rsi] - mov r8,rdx - - mul rbx - add r8,rax - mov rax,QWORD[16+rsi] - mov r9,rdx - adc r9,0 - - mul rbx - add r9,rax - mov rax,QWORD[24+rsi] - mov r10,rdx - adc r10,0 - - mul rbx - add r10,rax - mov rax,QWORD[32+rsi] - mov r11,rdx - adc r11,0 - - mul rbx - add r11,rax - mov rax,QWORD[40+rsi] - mov r12,rdx - adc r12,0 - - mul rbx - add r12,rax - mov rax,QWORD[48+rsi] - mov r13,rdx - adc r13,0 - - mul rbx - add r13,rax - mov rax,QWORD[56+rsi] - mov r14,rdx - adc r14,0 - - mul rbx - add r14,rax - mov rax,QWORD[rsi] - mov r15,rdx - adc r15,0 - - lea rbp,[8+rbp] - lea rdi,[8+rdi] - - mov ecx,7 - jmp NEAR $L$oop_mul - -ALIGN 32 -$L$oop_mul: - mov rbx,QWORD[rbp] - mul rbx - add r8,rax - mov rax,QWORD[8+rsi] - mov QWORD[rdi],r8 - mov r8,rdx - adc r8,0 - - mul rbx - add r9,rax - mov rax,QWORD[16+rsi] - adc rdx,0 - add r8,r9 - mov r9,rdx - adc r9,0 - - mul rbx - add r10,rax - mov rax,QWORD[24+rsi] - adc rdx,0 - add r9,r10 - mov r10,rdx - adc r10,0 - - mul rbx - add r11,rax - mov rax,QWORD[32+rsi] - adc rdx,0 - add r10,r11 - mov r11,rdx - adc r11,0 - - mul rbx - add r12,rax - mov rax,QWORD[40+rsi] - adc rdx,0 - add r11,r12 - mov r12,rdx - adc r12,0 - - mul rbx - add r13,rax - mov rax,QWORD[48+rsi] - adc rdx,0 - add r12,r13 - mov r13,rdx - adc r13,0 - - mul rbx - add r14,rax - mov rax,QWORD[56+rsi] - adc rdx,0 - add r13,r14 - mov r14,rdx - lea rbp,[8+rbp] - adc r14,0 - - mul rbx - add r15,rax - mov rax,QWORD[rsi] - adc rdx,0 - add r14,r15 - mov r15,rdx - adc r15,0 - - lea rdi,[8+rdi] - - dec ecx - jnz NEAR $L$oop_mul - - mov QWORD[rdi],r8 - mov QWORD[8+rdi],r9 - mov QWORD[16+rdi],r10 - mov QWORD[24+rdi],r11 - mov QWORD[32+rdi],r12 - mov QWORD[40+rdi],r13 - mov QWORD[48+rdi],r14 - mov QWORD[56+rdi],r15 - - DB 0F3h,0C3h ;repret - -global rsaz_512_scatter4 - -ALIGN 16 -rsaz_512_scatter4: - lea rcx,[r8*8+rcx] - mov r9d,8 - jmp NEAR $L$oop_scatter -ALIGN 16 -$L$oop_scatter: - mov rax,QWORD[rdx] - lea rdx,[8+rdx] - mov QWORD[rcx],rax - lea rcx,[128+rcx] - dec r9d - jnz NEAR $L$oop_scatter - DB 0F3h,0C3h ;repret - - -global rsaz_512_gather4 - -ALIGN 16 -rsaz_512_gather4: -$L$SEH_begin_rsaz_512_gather4: -DB 0x48,0x81,0xec,0xa8,0x00,0x00,0x00 -DB 0x0f,0x29,0x34,0x24 -DB 0x0f,0x29,0x7c,0x24,0x10 -DB 0x44,0x0f,0x29,0x44,0x24,0x20 -DB 0x44,0x0f,0x29,0x4c,0x24,0x30 -DB 0x44,0x0f,0x29,0x54,0x24,0x40 -DB 0x44,0x0f,0x29,0x5c,0x24,0x50 -DB 0x44,0x0f,0x29,0x64,0x24,0x60 -DB 0x44,0x0f,0x29,0x6c,0x24,0x70 -DB 0x44,0x0f,0x29,0xb4,0x24,0x80,0,0,0 -DB 0x44,0x0f,0x29,0xbc,0x24,0x90,0,0,0 - movd xmm8,r8d - movdqa xmm1,XMMWORD[(($L$inc+16))] - movdqa xmm0,XMMWORD[$L$inc] - - pshufd xmm8,xmm8,0 - movdqa xmm7,xmm1 - movdqa xmm2,xmm1 - paddd xmm1,xmm0 - pcmpeqd xmm0,xmm8 - movdqa xmm3,xmm7 - paddd xmm2,xmm1 - pcmpeqd xmm1,xmm8 - movdqa xmm4,xmm7 - paddd xmm3,xmm2 - pcmpeqd xmm2,xmm8 - movdqa xmm5,xmm7 - paddd xmm4,xmm3 - pcmpeqd xmm3,xmm8 - movdqa xmm6,xmm7 - paddd xmm5,xmm4 - pcmpeqd xmm4,xmm8 - paddd xmm6,xmm5 - pcmpeqd xmm5,xmm8 - paddd xmm7,xmm6 - pcmpeqd xmm6,xmm8 - pcmpeqd xmm7,xmm8 - mov r9d,8 - jmp NEAR $L$oop_gather -ALIGN 16 -$L$oop_gather: - movdqa xmm8,XMMWORD[rdx] - movdqa xmm9,XMMWORD[16+rdx] - movdqa xmm10,XMMWORD[32+rdx] - movdqa xmm11,XMMWORD[48+rdx] - pand xmm8,xmm0 - movdqa xmm12,XMMWORD[64+rdx] - pand xmm9,xmm1 - movdqa xmm13,XMMWORD[80+rdx] - pand xmm10,xmm2 - movdqa xmm14,XMMWORD[96+rdx] - pand xmm11,xmm3 - movdqa xmm15,XMMWORD[112+rdx] - lea rdx,[128+rdx] - pand xmm12,xmm4 - pand xmm13,xmm5 - pand xmm14,xmm6 - pand xmm15,xmm7 - por xmm8,xmm10 - por xmm9,xmm11 - por xmm8,xmm12 - por xmm9,xmm13 - por xmm8,xmm14 - por xmm9,xmm15 - - por xmm8,xmm9 - pshufd xmm9,xmm8,0x4e - por xmm8,xmm9 - movq QWORD[rcx],xmm8 - lea rcx,[8+rcx] - dec r9d - jnz NEAR $L$oop_gather - movaps xmm6,XMMWORD[rsp] - movaps xmm7,XMMWORD[16+rsp] - movaps xmm8,XMMWORD[32+rsp] - movaps xmm9,XMMWORD[48+rsp] - movaps xmm10,XMMWORD[64+rsp] - movaps xmm11,XMMWORD[80+rsp] - movaps xmm12,XMMWORD[96+rsp] - movaps xmm13,XMMWORD[112+rsp] - movaps xmm14,XMMWORD[128+rsp] - movaps xmm15,XMMWORD[144+rsp] - add rsp,0xa8 - DB 0F3h,0C3h ;repret -$L$SEH_end_rsaz_512_gather4: - - -ALIGN 64 -$L$inc: - DD 0,0,1,1 - DD 2,2,2,2 -EXTERN __imp_RtlVirtualUnwind - -ALIGN 16 -se_handler: - push rsi - push rdi - push rbx - push rbp - push r12 - push r13 - push r14 - push r15 - pushfq - sub rsp,64 - - mov rax,QWORD[120+r8] - mov rbx,QWORD[248+r8] - - mov rsi,QWORD[8+r9] - mov r11,QWORD[56+r9] - - mov r10d,DWORD[r11] - lea r10,[r10*1+rsi] - cmp rbx,r10 - jb NEAR $L$common_seh_tail - - mov rax,QWORD[152+r8] - - mov r10d,DWORD[4+r11] - lea r10,[r10*1+rsi] - cmp rbx,r10 - jae NEAR $L$common_seh_tail - - lea rax,[((128+24+48))+rax] - - lea rbx,[$L$mul_gather4_epilogue] - cmp rbx,r10 - jne NEAR $L$se_not_in_mul_gather4 - - lea rax,[176+rax] - - lea rsi,[((-48-168))+rax] - lea rdi,[512+r8] - mov ecx,20 - DD 0xa548f3fc - -$L$se_not_in_mul_gather4: - mov rbx,QWORD[((-8))+rax] - mov rbp,QWORD[((-16))+rax] - mov r12,QWORD[((-24))+rax] - mov r13,QWORD[((-32))+rax] - mov r14,QWORD[((-40))+rax] - mov r15,QWORD[((-48))+rax] - mov QWORD[144+r8],rbx - mov QWORD[160+r8],rbp - mov QWORD[216+r8],r12 - mov QWORD[224+r8],r13 - mov QWORD[232+r8],r14 - mov QWORD[240+r8],r15 - -$L$common_seh_tail: - mov rdi,QWORD[8+rax] - mov rsi,QWORD[16+rax] - mov QWORD[152+r8],rax - mov QWORD[168+r8],rsi - mov QWORD[176+r8],rdi - - mov rdi,QWORD[40+r9] - mov rsi,r8 - mov ecx,154 - DD 0xa548f3fc - - mov rsi,r9 - xor rcx,rcx - mov rdx,QWORD[8+rsi] - mov r8,QWORD[rsi] - mov r9,QWORD[16+rsi] - mov r10,QWORD[40+rsi] - lea r11,[56+rsi] - lea r12,[24+rsi] - mov QWORD[32+rsp],r10 - mov QWORD[40+rsp],r11 - mov QWORD[48+rsp],r12 - mov QWORD[56+rsp],rcx - call QWORD[__imp_RtlVirtualUnwind] - - mov eax,1 - add rsp,64 - popfq - pop r15 - pop r14 - pop r13 - pop r12 - pop rbp - pop rbx - pop rdi - pop rsi - DB 0F3h,0C3h ;repret - - -section .pdata rdata align=4 -ALIGN 4 - DD $L$SEH_begin_rsaz_512_sqr wrt ..imagebase - DD $L$SEH_end_rsaz_512_sqr wrt ..imagebase - DD $L$SEH_info_rsaz_512_sqr wrt ..imagebase - - DD $L$SEH_begin_rsaz_512_mul wrt ..imagebase - DD $L$SEH_end_rsaz_512_mul wrt ..imagebase - DD $L$SEH_info_rsaz_512_mul wrt ..imagebase - - DD $L$SEH_begin_rsaz_512_mul_gather4 wrt ..imagebase - DD $L$SEH_end_rsaz_512_mul_gather4 wrt ..imagebase - DD $L$SEH_info_rsaz_512_mul_gather4 wrt ..imagebase - - DD $L$SEH_begin_rsaz_512_mul_scatter4 wrt ..imagebase - DD $L$SEH_end_rsaz_512_mul_scatter4 wrt ..imagebase - DD $L$SEH_info_rsaz_512_mul_scatter4 wrt ..imagebase - - DD $L$SEH_begin_rsaz_512_mul_by_one wrt ..imagebase - DD $L$SEH_end_rsaz_512_mul_by_one wrt ..imagebase - DD $L$SEH_info_rsaz_512_mul_by_one wrt ..imagebase - - DD $L$SEH_begin_rsaz_512_gather4 wrt ..imagebase - DD $L$SEH_end_rsaz_512_gather4 wrt ..imagebase - DD $L$SEH_info_rsaz_512_gather4 wrt ..imagebase - -section .xdata rdata align=8 -ALIGN 8 -$L$SEH_info_rsaz_512_sqr: -DB 9,0,0,0 - DD se_handler wrt ..imagebase - DD $L$sqr_body wrt ..imagebase,$L$sqr_epilogue wrt ..imagebase -$L$SEH_info_rsaz_512_mul: -DB 9,0,0,0 - DD se_handler wrt ..imagebase - DD $L$mul_body wrt ..imagebase,$L$mul_epilogue wrt ..imagebase -$L$SEH_info_rsaz_512_mul_gather4: -DB 9,0,0,0 - DD se_handler wrt ..imagebase - DD $L$mul_gather4_body wrt ..imagebase,$L$mul_gather4_epilogue wrt ..imagebase -$L$SEH_info_rsaz_512_mul_scatter4: -DB 9,0,0,0 - DD se_handler wrt ..imagebase - DD $L$mul_scatter4_body wrt ..imagebase,$L$mul_scatter4_epilogue wrt ..imagebase -$L$SEH_info_rsaz_512_mul_by_one: -DB 9,0,0,0 - DD se_handler wrt ..imagebase - DD $L$mul_by_one_body wrt ..imagebase,$L$mul_by_one_epilogue wrt ..imagebase -$L$SEH_info_rsaz_512_gather4: -DB 0x01,0x46,0x16,0x00 -DB 0x46,0xf8,0x09,0x00 -DB 0x3d,0xe8,0x08,0x00 -DB 0x34,0xd8,0x07,0x00 -DB 0x2e,0xc8,0x06,0x00 -DB 0x28,0xb8,0x05,0x00 -DB 0x22,0xa8,0x04,0x00 -DB 0x1c,0x98,0x03,0x00 -DB 0x16,0x88,0x02,0x00 -DB 0x10,0x78,0x01,0x00 -DB 0x0b,0x68,0x00,0x00 -DB 0x07,0x01,0x15,0x00 |