]> git.saurik.com Git - apple/security.git/blame - OSX/libsecurity_smime/lib/secoid.c
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-58286.31.2.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / secoid.c
CommitLineData
d8f41ccd
A		 1/*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34#include "secoid.h"
35#include "secitem.h"
36#include "plhash.h"
37
38#include <security_asn1/secerr.h>
39#include <Security/cssmapple.h>
40#include <pthread.h>
41
42#pragma clang diagnostic push
43#pragma clang diagnostic ignored "-Wunused-const-variable"
44
45/* MISSI Mosaic Object ID space */
46#define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
47#define MISSI USGOV, 0x02, 0x01, 0x01
48#define MISSI_OLD_KEA_DSS MISSI, 0x0c
49#define MISSI_OLD_DSS MISSI, 0x02
50#define MISSI_KEA_DSS MISSI, 0x14
51#define MISSI_DSS MISSI, 0x13
52#define MISSI_KEA MISSI, 0x0a
53#define MISSI_ALT_KEA MISSI, 0x16
54
55#define NISTALGS USGOV, 3, 4
56#define AES NISTALGS, 1
57#define SHAXXX NISTALGS, 2
58
59/**
60 ** The Netscape OID space is allocated by Terry Hayes. If you need
61 ** a piece of the space, contact him at thayes@netscape.com.
62 **/
63
64/* Netscape Communications Corporation Object ID space */
65/* { 2 16 840 1 113730 } */
66#define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
67#define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
68#define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
69/* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
70#define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
71#define NETSCAPE_POLICY NETSCAPE_OID, 0x04
72#define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
73#define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */
74#define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
75
76#define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
77#define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
78
79/* these are old and should go away soon */
80#define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
81#define NS_CERT_EXT OLD_NETSCAPE, 0x01
82#define NS_FILE_TYPE OLD_NETSCAPE, 0x02
83#define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
84
85/* RSA OID name space */
86#define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
87#define PKCS RSADSI, 0x01
88#define DIGEST RSADSI, 0x02
89#define CIPHER RSADSI, 0x03
90#define PKCS1 PKCS, 0x01
91#define PKCS5 PKCS, 0x05
92#define PKCS7 PKCS, 0x07
93#define PKCS9 PKCS, 0x09
94#define PKCS12 PKCS, 0x0c
95
96/* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
97/* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
98#define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
99
100/* Other OID name spaces */
101#define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
102#define X500 0x55
103#define X520_ATTRIBUTE_TYPE X500, 0x04
104#define X500_ALG X500, 0x08
105#define X500_ALG_ENCRYPTION X500_ALG, 0x01
106
107/** X.509 v3 Extension OID
108 ** {joint-iso-ccitt (2) ds(5) 29}
109 **/
110#define ID_CE_OID X500, 0x1d
111
112#define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
113/* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
114
115/* PKCS #12 name spaces */
116#define PKCS12_MODE_IDS PKCS12, 0x01
117#define PKCS12_ESPVK_IDS PKCS12, 0x02
118#define PKCS12_BAG_IDS PKCS12, 0x03
119#define PKCS12_CERT_BAG_IDS PKCS12, 0x04
120#define PKCS12_OIDS PKCS12, 0x05
121#define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
122#define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
123#define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
124#define PKCS12_V2_PBE_IDS PKCS12, 0x01
125#define PKCS9_CERT_TYPES PKCS9, 0x16
126#define PKCS9_CRL_TYPES PKCS9, 0x17
127#define PKCS9_SMIME_IDS PKCS9, 0x10
128#define PKCS9_SMIME_CTYPE PKCS9_SMIME_IDS, 1
129#define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
130#define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
131#define PKCS12_VERSION1 PKCS12, 0x0a
132#define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
133
134/* for DSA algorithm */
135/* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
136#define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
137
138/* for DH algorithm */
139/* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
140/* need real OID person to look at this, copied the above line
141 * and added 6 to second to last value (and changed '4' to '2' */
142#define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
143
144#define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
145
146#define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
147#define PKIX_CERT_EXTENSIONS PKIX, 1
148#define PKIX_POLICY_QUALIFIERS PKIX, 2
149#define PKIX_KEY_USAGE PKIX, 3
150#define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
151#define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
152
153#define PKIX_ID_PKIP PKIX, 5
154#define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1
155#define PKIX_ID_REGINFO PKIX_ID_PKIP, 2
156
157/* Microsoft Object ID space */
158/* { 1.3.6.1.4.1.311 } */
159#define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
160
161/* ECDSA OIDs from X9.62 */
e3d460c9
A		 162#define ANSI_X9_62 0x2A, 0x86, 0x48, 0xCE, 0x3D
163#define ANSI_X9_62_FIELD_TYPE ANSI_X9_62, 1
164#define ANSI_X9_62_PUBKEY_TYPE ANSI_X9_62, 2
165#define ANSI_X9_62_SIG_TYPE ANSI_X9_62, 4
166#define ECDSA_WITH_SHA2 ANSI_X9_62_SIG_TYPE, 3
d8f41ccd
A		 167
168/* X9.63 schemes */
169#define ANSI_X9_63 0x2B, 0x81, 0x05, 0x10, 0x86, 0x48, 0x3F
170#define ANSI_X9_63_SCHEME ANSI_X9_63, 0
171
172/* ECDH curves */
173#define CERTICOM_ELL_CURVE 0x2B, 0x81, 0x04, 0x00
174
e3d460c9
A		 175/* Apple OID sapce */
176/* 1.2.840.113635 */
177#define APPLE_OID 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x63
178#define APPLE_DATA_SECURITY APPLE_OID, 0x64
179#define APPLE_CMS_ATTRIBUTES APPLE_DATA_SECURITY, 0x9
180
d8f41ccd
A		 181#define CONST_OID static const unsigned char
182
183CONST_OID md2[] = { DIGEST, 0x02 };
184CONST_OID md4[] = { DIGEST, 0x04 };
185CONST_OID md5[] = { DIGEST, 0x05 };
186
187CONST_OID rc2cbc[] = { CIPHER, 0x02 };
188CONST_OID rc4[] = { CIPHER, 0x04 };
189CONST_OID desede3cbc[] = { CIPHER, 0x07 };
190CONST_OID rc5cbcpad[] = { CIPHER, 0x09 };
191
192CONST_OID desecb[] = { ALGORITHM, 0x06 };
193CONST_OID descbc[] = { ALGORITHM, 0x07 };
194CONST_OID desofb[] = { ALGORITHM, 0x08 };
195CONST_OID descfb[] = { ALGORITHM, 0x09 };
196CONST_OID desmac[] = { ALGORITHM, 0x0a };
197CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c };
198CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f };
199CONST_OID desede[] = { ALGORITHM, 0x11 };
200CONST_OID sha1[] = { ALGORITHM, 0x1a };
201CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b };
202
203CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 };
204CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
205CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
206CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
207CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
208CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 };
209CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 };
210CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 };
211
212CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
213CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
214CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
215
216CONST_OID pkcs7[] = { PKCS7 };
217CONST_OID pkcs7Data[] = { PKCS7, 0x01 };
218CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 };
219CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 };
220CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
221CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 };
222CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 };
223
224CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 };
225CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 };
226CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 };
227CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 };
228CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 };
229CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 };
230CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 };
231CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
232CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
233CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 };
234CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 };
235CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 };
236
237CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
238CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
239CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
240
241/* RFC2630 (CMS) OIDs */
242CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
243CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
244CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
245
246/* RFC2633 SMIME message attributes */
247CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
248CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 };
249
250CONST_OID smimeSigningCertificate[] = { PKCS9_SMIME_ATTRS, 12 };
251CONST_OID smimeTimeStampToken[] = { PKCS9_SMIME_ATTRS, 14 };
252CONST_OID smimeTimeStampTokenInfo[] = { PKCS9_SMIME_CTYPE, 0x04 };
253
254CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
255CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
256CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
257CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
258CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
259CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
260CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
261
262CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
263CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
264CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
265CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
266CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
267
268CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
269CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS };
270CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS };
271CONST_OID missiCertDSS[] = { MISSI_DSS };
272CONST_OID missiCertKEA[] = { MISSI_KEA };
273CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA };
274CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
275
276/* added for alg 1485 */
277CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
278CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
279CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
280
281/* Netscape private certificate extensions */
282CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
283CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
284CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
285CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
286CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
287CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
288CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
289CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
290CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
291CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
292CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
293CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
294CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
295CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
296CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
297CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
298
299/* the following 2 extensions are defined for and used by Cartman(NSM) */
300CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
301CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
302
303CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
304CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
305/* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
306
307/* Netscape policy values */
308CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
309
310/* Netscape other name types */
311CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01};
312/* Reserved Netscape REF605437
313 (2 16 840 1 113730 7 2) = { NETSCAPE_NAME_COMPONENTS, 0x02 }; */
314
315/* OIDs needed for cert server */
316CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
317
318
319/* Standard x.509 v3 Certificate Extensions */
320CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
321CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 };
322CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 };
323CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
324CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 };
325CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 };
326CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 };
327CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 };
328CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 };
329CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 };
330CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 };
331CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 34 };
332CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 };
333CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 };
334CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
335
336/* Standard x.509 v3 CRL Extensions */
337CONST_OID x509CrlNumber[] = { ID_CE_OID, 20};
338CONST_OID x509ReasonCode[] = { ID_CE_OID, 21};
339CONST_OID x509InvalidDate[] = { ID_CE_OID, 24};
340
341/* pkcs 12 additions */
342CONST_OID pkcs12[] = { PKCS12 };
343CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
344CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
345CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS };
346CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
347CONST_OID pkcs12OIDs[] = { PKCS12_OIDS };
348CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
349CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
350CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
351CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
352CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
353CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
354CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
355CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
356CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
357CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
358CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
359CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
360CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
361CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
362CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
363CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 };
364CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 };
365CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
366
367/* pkcs 12 version 1.0 ids */
368CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
369CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
370CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 };
371CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 };
372CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
373CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
374
375CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 };
376CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
377
378CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
379CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
380CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
381CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
382CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
383CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
384
385CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
386
387CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
388CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 };
389
390/* verisign OIDs */
391CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
392
393/* pkix OIDs */
394CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
395CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
396
397CONST_OID pkixOCSP[] = { PKIX_OCSP };
398CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
399CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 };
400CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 };
401CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 };
402CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
403CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
404CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
405
406CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1};
407CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2};
408CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3};
409CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
410CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5};
411CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6};
412CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1};
413CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2};
414
415CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 };
416CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 };
417CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
418CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
419CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
420CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
421
422/* OIDs for Netscape defined algorithms */
423CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
424
425/* Fortezza algorithm OIDs */
426CONST_OID skipjackCBC[] = { FORTEZZA_ALG, 0x04 };
427CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
428
429CONST_OID aes128_ECB[] = { AES, 1 };
430CONST_OID aes128_CBC[] = { AES, 2 };
431#ifdef DEFINE_ALL_AES_CIPHERS
432CONST_OID aes128_OFB[] = { AES, 3 };
433CONST_OID aes128_CFB[] = { AES, 4 };
434#endif
435CONST_OID aes128_KEY_WRAP[] = { AES, 5 };
436
437CONST_OID aes192_ECB[] = { AES, 21 };
438CONST_OID aes192_CBC[] = { AES, 22 };
439#ifdef DEFINE_ALL_AES_CIPHERS
440CONST_OID aes192_OFB[] = { AES, 23 };
441CONST_OID aes192_CFB[] = { AES, 24 };
442#endif
443CONST_OID aes192_KEY_WRAP[] = { AES, 25 };
444
445CONST_OID aes256_ECB[] = { AES, 41 };
446CONST_OID aes256_CBC[] = { AES, 42 };
447#ifdef DEFINE_ALL_AES_CIPHERS
448CONST_OID aes256_OFB[] = { AES, 43 };
449CONST_OID aes256_CFB[] = { AES, 44 };
450#endif
451CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
452
453CONST_OID sha256[] = { SHAXXX, 1 };
454CONST_OID sha384[] = { SHAXXX, 2 };
455CONST_OID sha512[] = { SHAXXX, 3 };
e3d460c9 456CONST_OID sha224[] = { SHAXXX, 4 };
d8f41ccd
A		 457
458CONST_OID ecdsaWithSHA1[] = { ANSI_X9_62_SIG_TYPE, 1 };
e3d460c9
A		 459CONST_OID ecdsaWithSHA256[] = { ECDSA_WITH_SHA2, 2 };
460CONST_OID ecdsaWithSHA384[] = { ECDSA_WITH_SHA2, 3 };
461CONST_OID ecdsaWithSHA512[] = { ECDSA_WITH_SHA2, 4 };
d8f41ccd
A		 462CONST_OID ecPublicKey[] = { ANSI_X9_62_PUBKEY_TYPE, 1 };
463/* This OID doesn't appear in a CMS msg */
464CONST_OID ecdsaSig[] = { ANSI_X9_62_SIG_TYPE };
465
466/* ECDH curves */
467CONST_OID secp256r1[] = { 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };
468CONST_OID secp384r1[] = { CERTICOM_ELL_CURVE, 0x22 };
469CONST_OID secp521r1[] = { CERTICOM_ELL_CURVE, 0x23 };
470
471/* RFC 3278 */
472CONST_OID dhSinglePassStdDHsha1kdf[] = {ANSI_X9_63_SCHEME, 2 };
473CONST_OID dhSinglePassCofactorDHsha1kdf[] = {ANSI_X9_63_SCHEME, 3 };
474CONST_OID mqvSinglePassSha1kdf[] = {ANSI_X9_63_SCHEME, 4 };
475
e3d460c9
A		 476/* Apple Hash Agility */
477CONST_OID appleHashAgility[] = {APPLE_CMS_ATTRIBUTES, 1};
478
d8f41ccd
A		 479/* a special case: always associated with a caller-specified OID */
480CONST_OID noOid[] = { 0 };
481
482#define OI(x) { sizeof x, (uint8 *)x }
483#ifndef SECOID_NO_STRINGS
484#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
485#else
486#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
487#endif
488
489/*
e3d460c9 490 * NOTE: the order of these entries must match the SECOidTag enum in secoidt.h!
d8f41ccd
A		 491 */
492const static SECOidData oids[] = {
493 { { 0, NULL }, SEC_OID_UNKNOWN,
494 "Unknown OID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION },
495 OD( md2, SEC_OID_MD2, "MD2", CSSM_ALGID_MD2, INVALID_CERT_EXTENSION ),
496 OD( md4, SEC_OID_MD4,
497 "MD4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
498 OD( md5, SEC_OID_MD5, "MD5", CSSM_ALGID_MD5, INVALID_CERT_EXTENSION ),
499 OD( sha1, SEC_OID_SHA1, "SHA-1", CSSM_ALGID_SHA1, INVALID_CERT_EXTENSION ),
500 OD( rc2cbc, SEC_OID_RC2_CBC,
501 "RC2-CBC", CSSM_ALGID_RC2, INVALID_CERT_EXTENSION ),
502 OD( rc4, SEC_OID_RC4, "RC4", CSSM_ALGID_RC4, INVALID_CERT_EXTENSION ),
503 OD( desede3cbc, SEC_OID_DES_EDE3_CBC,
504 "DES-EDE3-CBC", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ),
505 OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD,
506 "RC5-CBCPad", CSSM_ALGID_RC5, INVALID_CERT_EXTENSION ),
507 OD( desecb, SEC_OID_DES_ECB,
508 "DES-ECB", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
509 OD( descbc, SEC_OID_DES_CBC,
510 "DES-CBC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
511 OD( desofb, SEC_OID_DES_OFB,
512 "DES-OFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
513 OD( descfb, SEC_OID_DES_CFB,
514 "DES-CFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
515 OD( desmac, SEC_OID_DES_MAC,
516 "DES-MAC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
517 OD( desede, SEC_OID_DES_EDE,
518 "DES-EDE", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ),
519 OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
520 "ISO SHA with RSA Signature",
521 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
522 OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
523 "PKCS #1 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ),
524
525 /* the following Signing CSSM_ALGORITHMS should get new CKM_ values when
526 * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
527 * PKCS #11.
528 */
529 OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
530 "PKCS #1 MD2 With RSA Encryption", CSSM_ALGID_MD2WithRSA,
531 INVALID_CERT_EXTENSION ),
532 OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
533 "PKCS #1 MD4 With RSA Encryption",
534 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
535 OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
536 "PKCS #1 MD5 With RSA Encryption", CSSM_ALGID_MD5WithRSA,
537 INVALID_CERT_EXTENSION ),
538 OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
539 "PKCS #1 SHA-1 With RSA Encryption", CSSM_ALGID_SHA1WithRSA,
540 INVALID_CERT_EXTENSION ),
541
542 OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
543 "PKCS #5 Password Based Encryption with MD2 and DES CBC",
544 CSSM_ALGID_PKCS5_PBKDF1_MD2, INVALID_CERT_EXTENSION ),
545 OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
546 "PKCS #5 Password Based Encryption with MD5 and DES CBC",
547 CSSM_ALGID_PKCS5_PBKDF1_MD5, INVALID_CERT_EXTENSION ),
548 OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
549 "PKCS #5 Password Based Encryption with SHA1 and DES CBC",
550 CSSM_ALGID_PKCS5_PBKDF1_SHA1, INVALID_CERT_EXTENSION ),
551 OD( pkcs7, SEC_OID_PKCS7,
552 "PKCS #7", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
553 OD( pkcs7Data, SEC_OID_PKCS7_DATA,
554 "PKCS #7 Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
555 OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
556 "PKCS #7 Signed Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
557 OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
558 "PKCS #7 Enveloped Data",
559 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
560 OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
561 "PKCS #7 Signed And Enveloped Data",
562 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
563 OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
564 "PKCS #7 Digested Data",
565 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
566 OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
567 "PKCS #7 Encrypted Data",
568 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
569 OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
570 "PKCS #9 Email Address",
571 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
572 OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
573 "PKCS #9 Unstructured Name",
574 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
575 OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
576 "PKCS #9 Content Type",
577 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
578 OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
579 "PKCS #9 Message Digest",
580 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
581 OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
582 "PKCS #9 Signing Time",
583 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
584 OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
585 "PKCS #9 Counter Signature",
586 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
587 OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
588 "PKCS #9 Challenge Password",
589 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
590 OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
591 "PKCS #9 Unstructured Address",
592 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
593 OD( pkcs9ExtendedCertificateAttributes,
594 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
595 "PKCS #9 Extended Certificate Attributes",
596 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
597 OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
598 "PKCS #9 S/MIME Capabilities",
599 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
600 OD( x520CommonName, SEC_OID_AVA_COMMON_NAME,
601 "X520 Common Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
602 OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
603 "X520 Country Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
604 OD( x520LocalityName, SEC_OID_AVA_LOCALITY,
605 "X520 Locality Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
606 OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
607 "X520 State Or Province Name",
608 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
609 OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
610 "X520 Organization Name",
611 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
612 OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
613 "X520 Organizational Unit Name",
614 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
615 OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
616 "X520 DN Qualifier", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
617 OD( rfc2247DomainComponent, SEC_OID_AVA_DC,
618 "RFC 2247 Domain Component",
619 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
620
621 OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF,
622 "GIF", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
623 OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
624 "JPEG", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
625 OD( nsTypeURL, SEC_OID_NS_TYPE_URL,
626 "URL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
627 OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML,
628 "HTML", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
629 OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
630 "Certificate Sequence",
631 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
632 OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD,
633 "MISSI KEA and DSS Algorithm (Old)",
634 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
635 OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD,
636 "MISSI DSS Algorithm (Old)",
637 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
638 OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS,
639 "MISSI KEA and DSS Algorithm",
640 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
641 OD( missiCertDSS, SEC_OID_MISSI_DSS,
642 "MISSI DSS Algorithm",
643 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
644 OD( missiCertKEA, SEC_OID_MISSI_KEA,
645 "MISSI KEA Algorithm",
646 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
647 OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA,
648 "MISSI Alternate KEA Algorithm",
649 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
650
651 /* Netscape private extensions */
652 OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
653 "Netscape says this cert is OK",
654 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
655 OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
656 "Certificate Issuer Logo",
657 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
658 OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
659 "Certificate Subject Logo",
660 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
661 OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
662 "Certificate Type",
663 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
664 OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
665 "Certificate Extension Base URL",
666 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
667 OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
668 "Certificate Revocation URL",
669 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
670 OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
671 "Certificate Authority Revocation URL",
672 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
673 OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
674 "Certificate Authority CRL Download URL",
675 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
676 OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
677 "Certificate Authority Certificate Download URL",
678 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
679 OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
680 "Certificate Renewal URL",
681 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
682 OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
683 "Certificate Authority Policy URL",
684 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
685 OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
686 "Certificate Homepage URL",
687 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
688 OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
689 "Certificate Entity Logo",
690 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
691 OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
692 "Certificate User Picture",
693 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
694 OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
695 "Certificate SSL Server Name",
696 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
697 OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
698 "Certificate Comment",
699 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
700 OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
701 "Lost Password URL",
702 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
703 OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
704 "Certificate Renewal Time",
705 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
706 OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
707 "Strong Crypto Export Approved",
708 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
709
710
711 /* x.509 v3 certificate extensions */
712 OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
713 "Certificate Subject Directory Attributes",
714 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION),
715 OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID,
716 "Certificate Subject Key ID",
717 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
718 OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE,
719 "Certificate Key Usage",
720 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
721 OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
722 "Certificate Private Key Usage Period",
723 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
724 OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME,
725 "Certificate Subject Alt Name",
726 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
727 OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME,
728 "Certificate Issuer Alt Name",
729 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
730 OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS,
731 "Certificate Basic Constraints",
732 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
733 OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS,
734 "Certificate Name Constraints",
735 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
736 OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS,
737 "CRL Distribution Points",
738 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
739 OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
740 "Certificate Policies",
741 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
742 OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS,
743 "Certificate Policy Mappings",
744 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
745 OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS,
746 "Certificate Policy Constraints",
747 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
748 OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID,
749 "Certificate Authority Key Identifier",
750 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
751 OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE,
752 "Extended Key Usage",
753 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
754 OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS,
755 "Authority Information Access",
756 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
757
758 /* x.509 v3 CRL extensions */
759 OD( x509CrlNumber, SEC_OID_X509_CRL_NUMBER,
760 "CRL Number", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
761 OD( x509ReasonCode, SEC_OID_X509_REASON_CODE,
762 "CRL reason code", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
763 OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE,
764 "Invalid Date", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
765
766 OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
767 "X500 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ),
768
769 /* added for alg 1485 */
770 OD( rfc1274Uid, SEC_OID_RFC1274_UID,
771 "RFC1274 User Id", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
772 OD( rfc1274Mail, SEC_OID_RFC1274_MAIL,
773 "RFC1274 E-mail Address",
774 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
775
776 /* pkcs 12 additions */
777 OD( pkcs12, SEC_OID_PKCS12,
778 "PKCS #12", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
779 OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
780 "PKCS #12 Mode IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
781 OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
782 "PKCS #12 ESPVK IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
783 OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
784 "PKCS #12 Bag IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
785 OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
786 "PKCS #12 Cert Bag IDs",
787 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
788 OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS,
789 "PKCS #12 OIDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
790 OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
791 "PKCS #12 PBE IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
792 OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
793 "PKCS #12 Signature IDs",
794 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
795 OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
796 "PKCS #12 Enveloping IDs",
797 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
798 OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
799 "PKCS #12 Key Shrouding",
800 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
801 OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
802 "PKCS #12 Key Bag ID",
803 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
804 OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
805 "PKCS #12 Cert And CRL Bag ID",
806 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
807 OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
808 "PKCS #12 Secret Bag ID",
809 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
810 OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
811 "PKCS #12 X509 Cert CRL Bag",
812 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
813 OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
814 "PKCS #12 SDSI Cert Bag",
815 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
816 OD( pkcs12PBEWithSha1And128BitRC4,
817 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
818 "PKCS #12 PBE With Sha1 and 128 Bit RC4",
819 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
820 OD( pkcs12PBEWithSha1And40BitRC4,
821 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
822 "PKCS #12 PBE With Sha1 and 40 Bit RC4",
823 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
824 OD( pkcs12PBEWithSha1AndTripleDESCBC,
825 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
826 "PKCS #12 PBE With Sha1 and Triple DES CBC",
827 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
828 OD( pkcs12PBEWithSha1And128BitRC2CBC,
829 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
830 "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC",
831 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
832 OD( pkcs12PBEWithSha1And40BitRC2CBC,
833 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
834 "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC",
835 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
836 OD( pkcs12RSAEncryptionWith128BitRC4,
837 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
838 "PKCS #12 RSA Encryption with 128 Bit RC4",
839 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
840 OD( pkcs12RSAEncryptionWith40BitRC4,
841 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
842 "PKCS #12 RSA Encryption with 40 Bit RC4",
843 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
844 OD( pkcs12RSAEncryptionWithTripleDES,
845 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
846 "PKCS #12 RSA Encryption with Triple DES",
847 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
848 OD( pkcs12RSASignatureWithSHA1Digest,
849 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
850 "PKCS #12 RSA Encryption with Triple DES",
851 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
852
853 /* DSA signatures */
854 OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
855 "ANSI X9.57 DSA Signature", CSSM_ALGID_DSA, INVALID_CERT_EXTENSION ),
856 OD( ansix9DSASignaturewithSHA1Digest,
857 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
858 "ANSI X9.57 DSA Signature with SHA1 Digest",
859 CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
860 OD( bogusDSASignaturewithSHA1Digest,
861 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
862 "FORTEZZA DSA Signature with SHA1 Digest",
863 CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
864
865 /* verisign oids */
866 OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
867 "Verisign User Notices",
868 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
869
870 /* pkix oids */
871 OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
872 "PKIX CPS Pointer Qualifier",
873 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
874 OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
875 "PKIX User Notice Qualifier",
876 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
877
878 OD( pkixOCSP, SEC_OID_PKIX_OCSP,
879 "PKIX Online Certificate Status Protocol",
880 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
881 OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
882 "OCSP Basic Response", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
883 OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
884 "OCSP Nonce Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
885 OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
886 "OCSP CRL Reference Extension",
887 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
888 OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
889 "OCSP Response Types Extension",
890 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
891 OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
892 "OCSP No Check Extension",
893 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
894 OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
895 "OCSP Archive Cutoff Extension",
896 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
897 OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
898 "OCSP Service Locator Extension",
899 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
900
901 OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
902 "PKIX CRMF Registration Control, Registration Token",
903 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
904 OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
905 "PKIX CRMF Registration Control, Registration Authenticator",
906 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
907 OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
908 "PKIX CRMF Registration Control, PKI Publication Info",
909 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
910 OD( pkixRegCtrlPKIArchOptions,
911 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
912 "PKIX CRMF Registration Control, PKI Archive Options",
913 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
914 OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
915 "PKIX CRMF Registration Control, Old Certificate ID",
916 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
917 OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
918 "PKIX CRMF Registration Control, Protocol Encryption Key",
919 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
920 OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
921 "PKIX CRMF Registration Info, UTF8 Pairs",
922 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
923 OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
924 "PKIX CRMF Registration Info, Certificate Request",
925 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
926 OD( pkixExtendedKeyUsageServerAuth,
927 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
928 "TLS Web Server Authentication Certificate",
929 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
930 OD( pkixExtendedKeyUsageClientAuth,
931 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
932 "TLS Web Client Authentication Certificate",
933 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
934 OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
935 "Code Signing Certificate",
936 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
937 OD( pkixExtendedKeyUsageEMailProtect,
938 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
939 "E-Mail Protection Certificate",
940 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
941 OD( pkixExtendedKeyUsageTimeStamp,
942 SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
943 "Time Stamping Certifcate",
944 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
945 OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
946 "OCSP Responder Certificate",
947 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
948
949 /* Netscape Algorithm OIDs */
950
951 OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
952 "Netscape S/MIME KEA", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
953
954 /* Skipjack OID -- ### mwelch temporary */
955 OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
956 "Skipjack CBC64", CSSM_ALGID_SKIPJACK, INVALID_CERT_EXTENSION ),
957
958 /* pkcs12 v2 oids */
959 OD( pkcs12V2PBEWithSha1And128BitRC4,
960 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
961 "PKCS12 V2 PBE With SHA1 And 128 Bit RC4",
962 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
963 OD( pkcs12V2PBEWithSha1And40BitRC4,
964 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
965 "PKCS12 V2 PBE With SHA1 And 40 Bit RC4",
966 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
967 OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
968 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
969 "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc",
970 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
971 OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
972 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
973 "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc",
974 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
975 OD( pkcs12V2PBEWithSha1And128BitRC2cbc,
976 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
977 "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC",
978 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
979 OD( pkcs12V2PBEWithSha1And40BitRC2cbc,
980 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
981 "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC",
982 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
983 OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
984 "PKCS #12 Safe Contents ID",
985 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
986 OD( pkcs12PKCS8ShroudedKeyBagID,
987 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
988 "PKCS #12 Safe Contents ID",
989 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
990 OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
991 "PKCS #12 V1 Key Bag",
992 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
993 OD( pkcs12V1PKCS8ShroudedKeyBag,
994 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
995 "PKCS #12 V1 PKCS8 Shrouded Key Bag",
996 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
997 OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
998 "PKCS #12 V1 Cert Bag",
999 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1000 OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
1001 "PKCS #12 V1 CRL Bag",
1002 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1003 OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
1004 "PKCS #12 V1 Secret Bag",
1005 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1006 OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
1007 "PKCS #12 V1 Safe Contents Bag",
1008 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1009
1010 OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
1011 "PKCS #9 X509 Certificate",
1012 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1013 OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
1014 "PKCS #9 SDSI Certificate",
1015 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1016 OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
1017 "PKCS #9 X509 CRL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1018 OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
1019 "PKCS #9 Friendly Name",
1020 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1021 OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
1022 "PKCS #9 Local Key ID",
1023 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1024 OD( pkcs12KeyUsageAttr, SEC_OID_PKCS12_KEY_USAGE,
1025 "PKCS 12 Key Usage", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1026 OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
1027 "Diffie-Helman Public Key", CSSM_ALGID_DH,
1028 INVALID_CERT_EXTENSION ),
1029 OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
1030 "Netscape Nickname", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1031
1032 /* Cert Server specific OIDs */
1033 OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
1034 "Recovery Request OID",
1035 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1036
1037 OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
1038 "Certificate Renewal Locator OID", CSSM_ALGID_NONE,
1039 INVALID_CERT_EXTENSION ),
1040
1041 OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
1042 "Certificate Scope-of-Use Extension", CSSM_ALGID_NONE,
1043 SUPPORTED_CERT_EXTENSION ),
1044
1045 /* CMS stuff */
1046 OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
1047 "Ephemeral-Static Diffie-Hellman", CSSM_ALGID_NONE /* XXX */,
1048 INVALID_CERT_EXTENSION ),
1049 OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
1050 "CMS 3DES Key Wrap", CSSM_ALGID_NONE /* XXX */,
1051 INVALID_CERT_EXTENSION ),
1052 OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
1053 "CMS RC2 Key Wrap", CSSM_ALGID_NONE /* XXX */,
1054 INVALID_CERT_EXTENSION ),
1055 OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
1056 "S/MIME Encryption Key Preference",
1057 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1058
1059 /* AES algorithm OIDs */
1060 OD( aes128_ECB, SEC_OID_AES_128_ECB,
1061 "AES-128-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1062 OD( aes128_CBC, SEC_OID_AES_128_CBC,
1063 "AES-128-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1064 OD( aes192_ECB, SEC_OID_AES_192_ECB,
1065 "AES-192-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1066 OD( aes192_CBC, SEC_OID_AES_192_CBC,
1067 "AES-192-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1068 OD( aes256_ECB, SEC_OID_AES_256_ECB,
1069 "AES-256-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1070 OD( aes256_CBC, SEC_OID_AES_256_CBC,
1071 "AES-256-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1072
1073 /* More bogus DSA OIDs */
1074 OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE,
1075 "SDN.702 DSA Signature", CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
1076
1077 OD( ms_smimeEncryptionKeyPreference,
1078 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
1079 "Microsoft S/MIME Encryption Key Preference",
1080 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1081
e3d460c9 1082 OD( sha224, SEC_OID_SHA224, "SHA-224", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
d8f41ccd
A		 1083 OD( sha256, SEC_OID_SHA256, "SHA-256", CSSM_ALGID_SHA256, INVALID_CERT_EXTENSION),
1084 OD( sha384, SEC_OID_SHA384, "SHA-384", CSSM_ALGID_SHA384, INVALID_CERT_EXTENSION),
1085 OD( sha512, SEC_OID_SHA512, "SHA-512", CSSM_ALGID_SHA512, INVALID_CERT_EXTENSION),
1086
1087 OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
1088 "PKCS #1 SHA-256 With RSA Encryption", CSSM_ALGID_SHA256WithRSA,
1089 INVALID_CERT_EXTENSION ),
1090 OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
1091 "PKCS #1 SHA-384 With RSA Encryption", CSSM_ALGID_SHA384WithRSA,
1092 INVALID_CERT_EXTENSION ),
1093 OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
1094 "PKCS #1 SHA-512 With RSA Encryption", CSSM_ALGID_SHA512WithRSA,
1095 INVALID_CERT_EXTENSION ),
1096
1097 OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
1098 "AES-128 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1099 OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
1100 "AES-192 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1101 OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
1102 "AES-256 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1103
1104 /* caller-specified OID for eContentType */
1105 OD( noOid, SEC_OID_OTHER,
1106 "Caller-specified eContentType", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1107
1108 OD( ecPublicKey, SEC_OID_EC_PUBLIC_KEY,
1109 "ECDSA Public Key", CSSM_ALGID_ECDSA,
1110 INVALID_CERT_EXTENSION ),
1111 OD( ecdsaWithSHA1, SEC_OID_ECDSA_WithSHA1,
1112 "SHA-1 With ECDSA", CSSM_ALGID_SHA1WithECDSA,
1113 INVALID_CERT_EXTENSION ),
1114 OD( dhSinglePassStdDHsha1kdf, SEC_OID_DH_SINGLE_STD_SHA1KDF,
1115 "ECDH With SHA1 KDF", CSSM_ALGID_ECDH_X963_KDF,
1116 INVALID_CERT_EXTENSION ),
1117 OD( secp256r1, SEC_OID_SECP_256_R1,
1118 "secp256r1", CSSM_ALGID_NONE,
1119 INVALID_CERT_EXTENSION ),
1120 OD( secp384r1, SEC_OID_SECP_384_R1,
1121 "secp384r1", CSSM_ALGID_NONE,
1122 INVALID_CERT_EXTENSION ),
1123 OD( secp521r1, SEC_OID_SECP_521_R1,
1124 "secp521r1", CSSM_ALGID_NONE,
1125 INVALID_CERT_EXTENSION ),
1126
1127 OD( smimeTimeStampTokenInfo, SEC_OID_PKCS9_ID_CT_TSTInfo,
1128 "id-ct-TSTInfo", CSSM_ALGID_NONE,
1129 INVALID_CERT_EXTENSION ),
1130
1131 OD( smimeTimeStampToken, SEC_OID_PKCS9_TIMESTAMP_TOKEN,
1132 "id-aa-timeStampToken", CSSM_ALGID_NONE,
1133 INVALID_CERT_EXTENSION ),
1134
1135 OD( smimeSigningCertificate, SEC_OID_PKCS9_SIGNING_CERTIFICATE,
1136 "id-aa-signing-certificate", CSSM_ALGID_NONE,
1137 INVALID_CERT_EXTENSION ),
1138
e3d460c9
A		 1139 /* ECDSA with SHA2 */
1140 OD( ecdsaWithSHA256, SEC_OID_ECDSA_WITH_SHA256,
1141 "ECDSA With SHA-256", CSSM_ALGID_SHA256WithECDSA,
1142 INVALID_CERT_EXTENSION ),
1143 OD( ecdsaWithSHA384, SEC_OID_ECDSA_WITH_SHA384,
1144 "ECDSA With SHA-384", CSSM_ALGID_SHA384WithECDSA,
1145 INVALID_CERT_EXTENSION ),
1146 OD( ecdsaWithSHA512, SEC_OID_ECDSA_WITH_SHA512,
1147 "ECDSA With SHA-512", CSSM_ALGID_SHA512WithECDSA,
1148 INVALID_CERT_EXTENSION ),
1149
1150 /* Apple Hash Agility */
1151 OD( appleHashAgility, SEC_OID_APPLE_HASH_AGILITY,
1152 "appleCodesigningHashAgilityAttribute", CSSM_ALGID_NONE,
1153 INVALID_CERT_EXTENSION),
1154
d8f41ccd
A		 1155};
1156
1157/*
1158 * now the dynamic table. The dynamic table gets build at init time.
1159 * and gets modified if the user loads new crypto modules.
1160 */
1161
1162static PLHashTable *oid_d_hash = 0;
1163static SECOidData **secoidDynamicTable = NULL;
1164static int secoidDynamicTableSize = 0;
1165static int secoidLastDynamicEntry = 0;
1166static int secoidLastHashEntry = 0;
1167
1168/*
1169 * A mutex to protect creation and writing of all three hash tables in
1170 * this module, and reading of the dynamic table.
1171 */
1172static pthread_mutex_t oid_hash_mutex = PTHREAD_MUTEX_INITIALIZER;
1173
1174/* caller holds oid_hash_mutex */
1175static SECStatus
1176secoid_DynamicRehash(void)
1177{
1178 SECOidData *oid;
1179 PLHashEntry *entry;
1180 int i;
1181 int last = secoidLastDynamicEntry;
1182
1183 if (!oid_d_hash) {
1184 oid_d_hash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1185 PL_CompareValues, NULL, NULL);
1186 }
1187
1188
1189 if ( !oid_d_hash ) {
1190 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1191 return(SECFailure);
1192 }
1193
1194 for ( i = secoidLastHashEntry; i < last; i++ ) {
1195 oid = secoidDynamicTable[i];
1196
1197 entry = PL_HashTableAdd( oid_d_hash, &oid->oid, oid );
1198 if ( entry == NULL ) {
1199 return(SECFailure);
1200 }
1201 }
1202 secoidLastHashEntry = last;
1203 return(SECSuccess);
1204}
1205
1206
1207
1208/*
1209 * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
1210 * cheaper to rehash the table when it changes than it is to do the loop
1211 * each time.
1212 */
1213static SECOidData *
1214secoid_FindDynamic(const SECItem *key) {
1215 SECOidData *ret = NULL;
1216
1217 pthread_mutex_lock(&oid_hash_mutex);
1218 /* subsequent errors to loser: */
1219 if (secoidDynamicTable == NULL) {
1220 /* PORT_SetError! */
1221 goto loser;
1222 }
1223 if (secoidLastHashEntry != secoidLastDynamicEntry) {
1224 SECStatus rv = secoid_DynamicRehash();
1225 if ( rv != SECSuccess ) {
1226 goto loser;
1227 }
1228 }
1229 ret = (SECOidData *)PL_HashTableLookup (oid_d_hash, key);
1230loser:
1231 pthread_mutex_unlock(&oid_hash_mutex);
1232 return ret;
1233
1234}
1235
1236static SECOidData *
1237secoid_FindDynamicByTag(SECOidTag tagnum)
1238{
1239 int tagNumDiff;
1240 SECOidData *rtn = NULL;
1241
1242 if (tagnum < SEC_OID_TOTAL) {
1243 return NULL;
1244 }
1245
1246 pthread_mutex_lock(&oid_hash_mutex);
1247 /* subsequent errors to loser: */
1248
1249 if (secoidDynamicTable == NULL) {
1250 goto loser;
1251 }
1252
1253 tagNumDiff = tagnum - SEC_OID_TOTAL;
1254 if (tagNumDiff >= secoidLastDynamicEntry) {
1255 goto loser;
1256 }
1257
1258 rtn = secoidDynamicTable[tagNumDiff];
1259loser:
1260 pthread_mutex_unlock(&oid_hash_mutex);
1261 return rtn;
1262}
1263
1264#if 0
1265SECStatus
1266SECOID_AddEntry(SECItem *oid, char *description, CSSM_ALGORITHMS cssmAlgorithm) {
1267 SECOidData *oiddp;
1268 int last;
1269 int tableSize;
1270 int next;
1271 SECOidData **newTable;
1272 SECOidData **oldTable = NULL;
1273 SECStatus srtn = SECFailure;
1274
1275 if (oid == NULL) {
1276 return SECFailure;
1277 }
1278
1279 pthread_mutex_lock(&oid_hash_mutex);
1280 /* subsequent errors to loser: */
1281
1282 oiddp = (SECOidData *)PORT_Alloc(sizeof(SECOidData));
1283 last = secoidLastDynamicEntry;
1284 tableSize = secoidDynamicTableSize;
1285 next = last++;
1286 newTable = secoidDynamicTable;
1287
1288 /* fill in oid structure */
1289 if (SECITEM_CopyItem(NULL,&oiddp->oid,oid) != SECSuccess) {
1290 PORT_Free(oiddp);
1291 goto loser;
1292 }
1293 oiddp->offset = (SECOidTag)(next + SEC_OID_TOTAL);
1294 /* may we should just reference the copy passed to us? */
1295 oiddp->desc = PORT_Strdup(description);
1296 oiddp->cssmAlgorithm = cssmAlgorithm;
1297
1298
1299 if (last > tableSize) {
1300 int oldTableSize = tableSize;
1301 tableSize += 10;
1302 oldTable = newTable;
1303 newTable = (SECOidData **)PORT_ZAlloc(sizeof(SECOidData *)*tableSize);
1304 if (newTable == NULL) {
1305 PORT_Free(oiddp->oid.Data);
1306 PORT_Free(oiddp);
1307 goto loser;
1308 }
1309 PORT_Memcpy(newTable,oldTable,sizeof(SECOidData *)*oldTableSize);
1310 PORT_Free(oldTable);
1311 }
1312
1313 newTable[next] = oiddp;
1314 secoidDynamicTable = newTable;
1315 secoidDynamicTableSize = tableSize;
1316 secoidLastDynamicEntry = last;
1317 srtn = SECSuccess;
1318loser:
1319 pthread_mutex_unlock(&oid_hash_mutex);
1320 return srtn;
1321}
1322#endif
1323
1324
1325/* normal static table processing */
1326
1327/* creation and writes to these hash tables is protected by oid_hash_mutex */
1328static PLHashTable *oidhash = NULL;
1329static PLHashTable *oidmechhash = NULL;
1330
1331static PLHashNumber
1332secoid_HashNumber(const void *key)
1333{
1334 intptr_t keyint = (intptr_t)key;
1335 // XXX/gh revisit this
1336 keyint ^= (keyint >> 8);
1337 keyint ^= (keyint << 8);
1338 return (PLHashNumber) keyint;
1339}
1340
1341/* caller holds oid_hash_mutex */
1342static SECStatus
1343InitOIDHash(void)
1344{
1345 PLHashEntry *entry;
1346 const SECOidData *oid;
1347 int i;
1348
1349 oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1350 PL_CompareValues, NULL, NULL);
1351 oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
1352 PL_CompareValues, NULL, NULL);
1353
1354 if ( !oidhash || !oidmechhash) {
1355 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1356 PORT_Assert(0); /*This function should never fail. */
1357 return(SECFailure);
1358 }
1359
1360 for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
1361 oid = &oids[i];
1362
1363 PORT_Assert ( oid->offset == i );
1364
1365 entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
1366 if ( entry == NULL ) {
1367 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1368 PORT_Assert(0); /*This function should never fail. */
1369 return(SECFailure);
1370 }
1371
1372 if ( oid->cssmAlgorithm != CSSM_ALGID_NONE ) {
1373 intptr_t algorithm = oid->cssmAlgorithm;
1374 entry = PL_HashTableAdd( oidmechhash,
1375 (void *)algorithm, (void *)oid );
1376 if ( entry == NULL ) {
1377 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1378 PORT_Assert(0); /* This function should never fail. */
1379 return(SECFailure);
1380 }
1381 }
1382 }
1383
1384 PORT_Assert (i == SEC_OID_TOTAL);
1385
1386 return(SECSuccess);
1387}
1388
1389SECOidData *
1390SECOID_FindOIDByCssmAlgorithm(CSSM_ALGORITHMS cssmAlgorithm)
1391{
1392 SECOidData *ret;
1393 int rv;
1394
1395 pthread_mutex_lock(&oid_hash_mutex);
1396 if ( !oidhash ) {
1397 rv = InitOIDHash();
1398 if ( rv != SECSuccess ) {
1399 pthread_mutex_unlock(&oid_hash_mutex);
1400 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1401 return NULL;
1402 }
1403 }
1404 pthread_mutex_unlock(&oid_hash_mutex);
1405 intptr_t algorithm = cssmAlgorithm;
1406 ret = PL_HashTableLookupConst ( oidmechhash, (void *)algorithm);
1407 if ( ret == NULL ) {
1408 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1409 }
1410
1411 return (ret);
1412}
1413
1414SECOidData *
1415SECOID_FindOID(const SECItem *oid)
1416{
1417 SECOidData *ret;
1418 int rv;
1419
1420 pthread_mutex_lock(&oid_hash_mutex);
1421 if ( !oidhash ) {
1422 rv = InitOIDHash();
1423 if ( rv != SECSuccess ) {
1424 pthread_mutex_unlock(&oid_hash_mutex);
1425 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1426 return NULL;
1427 }
1428 }
1429 pthread_mutex_unlock(&oid_hash_mutex);
1430
1431 ret = PL_HashTableLookupConst ( oidhash, oid );
1432 if ( ret == NULL ) {
1433 ret = secoid_FindDynamic(oid);
1434 if (ret == NULL) {
1435 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1436 }
1437 }
1438
1439 return(ret);
1440}
1441
1442SECOidTag
1443SECOID_FindOIDTag(const SECItem *oid)
1444{
1445 SECOidData *oiddata;
1446
1447 oiddata = SECOID_FindOID (oid);
1448 if (oiddata == NULL)
1449 return SEC_OID_UNKNOWN;
1450
1451 return oiddata->offset;
1452}
1453
1454/* This really should return const. */
1455SECOidData *
1456SECOID_FindOIDByTag(SECOidTag tagnum)
1457{
1458
1459 if (tagnum >= SEC_OID_TOTAL) {
1460 return secoid_FindDynamicByTag(tagnum);
1461 }
1462
1463 PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
1464 return (SECOidData *)(&oids[tagnum]);
1465}
1466
1467Boolean SECOID_KnownCertExtenOID (const SECItem *extenOid)
1468{
1469 SECOidData * oidData;
1470
1471 oidData = SECOID_FindOID (extenOid);
1472 if (oidData == (SECOidData *)NULL)
1473 return (PR_FALSE);
1474 return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
1475 PR_TRUE : PR_FALSE);
1476}
1477
1478
1479const char *
1480SECOID_FindOIDTagDescription(SECOidTag tagnum)
1481{
1482 const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
1483 return oidData ? oidData->desc : 0;
1484}
1485
1486/*
1487 * free up the oid tables.
1488 */
1489SECStatus
1490SECOID_Shutdown(void)
1491{
1492 int i;
1493
1494 pthread_mutex_lock(&oid_hash_mutex);
1495 if (oidhash) {
1496 PL_HashTableDestroy(oidhash);
1497 oidhash = NULL;
1498 }
1499 if (oidmechhash) {
1500 PL_HashTableDestroy(oidmechhash);
1501 oidmechhash = NULL;
1502 }
1503 if (oid_d_hash) {
1504 PL_HashTableDestroy(oid_d_hash);
1505 oid_d_hash = NULL;
1506 }
1507 if (secoidDynamicTable) {
1508 for (i=0; i < secoidLastDynamicEntry; i++) {
1509 PORT_Free(secoidDynamicTable[i]);
1510 }
1511 PORT_Free(secoidDynamicTable);
1512 secoidDynamicTable = NULL;
1513 secoidDynamicTableSize = 0;
1514 secoidLastDynamicEntry = 0;
1515 secoidLastHashEntry = 0;
1516 }
1517 pthread_mutex_unlock(&oid_hash_mutex);
1518 return SECSuccess;
1519}
1520
1521#pragma clang diagnostic pop
mirror of Security