git.openssl.org Git - openssl.git/commit

author	Martin Peylo <martin.peylo@nokia.com>
	Tue, 30 May 2017 12:38:37 +0000 (15:38 +0300)
committer	Pauli <paul.dale@oracle.com>
	Tue, 1 Aug 2017 23:32:11 +0000 (09:32 +1000)
commit	418d49c276146208894f2b65916c24bc50a5f4c4
tree	eb8fcca1976f89e932f6d6d3c19b3a1edceb9d7d	tree \| snapshot
parent	fa9ad41476d40185b6fe06fa6564ea01cd527dad	commit \| diff

Adding NID_hmac_sha1 and _md5 to builtin_pbe[]

The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly
referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential for the
common implementations of CMP (Certificate Managing Protocol, RFC4210).

HMAC-MD5's OID {1 3 6 1 5 5 8 1 1} (NID_hmac_md5) is in the same branch and
it seems to generally exist (-> Internet search), but it is unclear where it is
actually defined as it appears not to be referenced by RFCs and practically
rather unused.

Those OIDs are both duplicates to OIDs from an RSA OID branch, which are already
included in builtin_pbe[]:

HMAC-SHA1 also has another OID defined in PKCS#5/RFC2898 (NID_hmacWithSHA1).

It is also unclear where the other OID for HMAC-MD5 (NID_hmacWithMD5) from the
RSA branch is officially specified, as only HMAC-SHA1 from PKCS#5 was found to be
defined. Anyway, HMAC-MD5 likely only plays a neglectable role in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3811)