[openssl-commits] [openssl] master update

Tue, 01 Aug 2017 16:32:39 -0700 

The branch master has been updated
       via  418d49c276146208894f2b65916c24bc50a5f4c4 (commit)
      from  fa9ad41476d40185b6fe06fa6564ea01cd527dad (commit)


- Log -----------------------------------------------------------------
commit 418d49c276146208894f2b65916c24bc50a5f4c4
Author: Martin Peylo <[email protected]>
Date:   Tue May 30 15:38:37 2017 +0300

    Adding NID_hmac_sha1 and _md5 to builtin_pbe[]
    
    The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly
    referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential for the
    common implementations of CMP (Certificate Managing Protocol, RFC4210).
    
    HMAC-MD5's OID {1 3 6 1 5 5 8 1 1} (NID_hmac_md5) is in the same branch and
    it seems to generally exist (-> Internet search), but it is unclear where 
it is
    actually defined as it appears not to be referenced by RFCs and practically
    rather unused.
    
    Those OIDs are both duplicates to OIDs from an RSA OID branch, which are 
already
    included in builtin_pbe[]:
    
    HMAC-SHA1 also has another OID defined in PKCS#5/RFC2898 (NID_hmacWithSHA1).
    
    It is also unclear where the other OID for HMAC-MD5 (NID_hmacWithMD5) from 
the
    RSA branch is officially specified, as only HMAC-SHA1 from PKCS#5 was found 
to be
    defined. Anyway, HMAC-MD5 likely only plays a neglectable role in the 
future.
    
    Reviewed-by: Rich Salz <[email protected]>
    Reviewed-by: Paul Dale <[email protected]>
    (Merged from https://github.com/openssl/openssl/pull/3811)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_pbe.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index ebc74af..7a3c61d 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -61,6 +61,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
      NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
 
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Reply via email to