]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/secoid.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.51.6.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / secoid.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 #include "secoid.h"
35 #include "secitem.h"
36 #include "plhash.h"
37
38 #include <security_asn1/secerr.h>
39 #include <Security/cssmapple.h>
40 #include <pthread.h>
41
42 #pragma clang diagnostic push
43 #pragma clang diagnostic ignored "-Wunused-const-variable"
44
45 /* MISSI Mosaic Object ID space */
46 #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
47 #define MISSI USGOV, 0x02, 0x01, 0x01
48 #define MISSI_OLD_KEA_DSS MISSI, 0x0c
49 #define MISSI_OLD_DSS MISSI, 0x02
50 #define MISSI_KEA_DSS MISSI, 0x14
51 #define MISSI_DSS MISSI, 0x13
52 #define MISSI_KEA MISSI, 0x0a
53 #define MISSI_ALT_KEA MISSI, 0x16
54
55 #define NISTALGS USGOV, 3, 4
56 #define AES NISTALGS, 1
57 #define SHAXXX NISTALGS, 2
58
59 /**
60 ** The Netscape OID space is allocated by Terry Hayes. If you need
61 ** a piece of the space, contact him at thayes@netscape.com.
62 **/
63
64 /* Netscape Communications Corporation Object ID space */
65 /* { 2 16 840 1 113730 } */
66 #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
67 #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
68 #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
69 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
70 #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
71 #define NETSCAPE_POLICY NETSCAPE_OID, 0x04
72 #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
73 #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */
74 #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
75
76 #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
77 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
78
79 /* these are old and should go away soon */
80 #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
81 #define NS_CERT_EXT OLD_NETSCAPE, 0x01
82 #define NS_FILE_TYPE OLD_NETSCAPE, 0x02
83 #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
84
85 /* RSA OID name space */
86 #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
87 #define PKCS RSADSI, 0x01
88 #define DIGEST RSADSI, 0x02
89 #define CIPHER RSADSI, 0x03
90 #define PKCS1 PKCS, 0x01
91 #define PKCS5 PKCS, 0x05
92 #define PKCS7 PKCS, 0x07
93 #define PKCS9 PKCS, 0x09
94 #define PKCS12 PKCS, 0x0c
95
96 /* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
97 /* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
98 #define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
99
100 /* Other OID name spaces */
101 #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
102 #define X500 0x55
103 #define X520_ATTRIBUTE_TYPE X500, 0x04
104 #define X500_ALG X500, 0x08
105 #define X500_ALG_ENCRYPTION X500_ALG, 0x01
106
107 /** X.509 v3 Extension OID
108 ** {joint-iso-ccitt (2) ds(5) 29}
109 **/
110 #define ID_CE_OID X500, 0x1d
111
112 #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
113 /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
114
115 /* PKCS #12 name spaces */
116 #define PKCS12_MODE_IDS PKCS12, 0x01
117 #define PKCS12_ESPVK_IDS PKCS12, 0x02
118 #define PKCS12_BAG_IDS PKCS12, 0x03
119 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04
120 #define PKCS12_OIDS PKCS12, 0x05
121 #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
122 #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
123 #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
124 #define PKCS12_V2_PBE_IDS PKCS12, 0x01
125 #define PKCS9_CERT_TYPES PKCS9, 0x16
126 #define PKCS9_CRL_TYPES PKCS9, 0x17
127 #define PKCS9_SMIME_IDS PKCS9, 0x10
128 #define PKCS9_SMIME_CTYPE PKCS9_SMIME_IDS, 1
129 #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
130 #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
131 #define PKCS12_VERSION1 PKCS12, 0x0a
132 #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
133
134 /* for DSA algorithm */
135 /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
136 #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
137
138 /* for DH algorithm */
139 /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
140 /* need real OID person to look at this, copied the above line
141 * and added 6 to second to last value (and changed '4' to '2' */
142 #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
143
144 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
145
146 #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
147 #define PKIX_CERT_EXTENSIONS PKIX, 1
148 #define PKIX_POLICY_QUALIFIERS PKIX, 2
149 #define PKIX_KEY_USAGE PKIX, 3
150 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
151 #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
152
153 #define PKIX_ID_PKIP PKIX, 5
154 #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1
155 #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2
156
157 /* Microsoft Object ID space */
158 /* { 1.3.6.1.4.1.311 } */
159 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
160
161 /* ECDSA OIDs from X9.62 */
162 #define ANSI_X9_62 0x2A, 0x86, 0x48, 0xCE, 0x3D
163 #define ANSI_X9_62_FIELD_TYPE ANSI_X9_62, 1
164 #define ANSI_X9_62_PUBKEY_TYPE ANSI_X9_62, 2
165 #define ANSI_X9_62_SIG_TYPE ANSI_X9_62, 4
166 #define ECDSA_WITH_SHA2 ANSI_X9_62_SIG_TYPE, 3
167
168 /* X9.63 schemes */
169 #define ANSI_X9_63 0x2B, 0x81, 0x05, 0x10, 0x86, 0x48, 0x3F
170 #define ANSI_X9_63_SCHEME ANSI_X9_63, 0
171
172 /* ECDH curves */
173 #define CERTICOM_ELL_CURVE 0x2B, 0x81, 0x04, 0x00
174
175 /* Apple OID sapce */
176 /* 1.2.840.113635 */
177 #define APPLE_OID 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x63
178 #define APPLE_DATA_SECURITY APPLE_OID, 0x64
179 #define APPLE_CMS_ATTRIBUTES APPLE_DATA_SECURITY, 0x9
180
181 #define CONST_OID static const unsigned char
182
183 CONST_OID md2[] = { DIGEST, 0x02 };
184 CONST_OID md4[] = { DIGEST, 0x04 };
185 CONST_OID md5[] = { DIGEST, 0x05 };
186
187 CONST_OID rc2cbc[] = { CIPHER, 0x02 };
188 CONST_OID rc4[] = { CIPHER, 0x04 };
189 CONST_OID desede3cbc[] = { CIPHER, 0x07 };
190 CONST_OID rc5cbcpad[] = { CIPHER, 0x09 };
191
192 CONST_OID desecb[] = { ALGORITHM, 0x06 };
193 CONST_OID descbc[] = { ALGORITHM, 0x07 };
194 CONST_OID desofb[] = { ALGORITHM, 0x08 };
195 CONST_OID descfb[] = { ALGORITHM, 0x09 };
196 CONST_OID desmac[] = { ALGORITHM, 0x0a };
197 CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c };
198 CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f };
199 CONST_OID desede[] = { ALGORITHM, 0x11 };
200 CONST_OID sha1[] = { ALGORITHM, 0x1a };
201 CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b };
202
203 CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 };
204 CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
205 CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
206 CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
207 CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
208 CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 };
209 CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 };
210 CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 };
211
212 CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
213 CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
214 CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
215
216 CONST_OID pkcs7[] = { PKCS7 };
217 CONST_OID pkcs7Data[] = { PKCS7, 0x01 };
218 CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 };
219 CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 };
220 CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
221 CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 };
222 CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 };
223
224 CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 };
225 CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 };
226 CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 };
227 CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 };
228 CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 };
229 CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 };
230 CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 };
231 CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
232 CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
233 CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 };
234 CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 };
235 CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 };
236
237 CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
238 CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
239 CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
240
241 /* RFC2630 (CMS) OIDs */
242 CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
243 CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
244 CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
245
246 /* RFC2633 SMIME message attributes */
247 CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
248 CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 };
249
250 CONST_OID smimeSigningCertificate[] = { PKCS9_SMIME_ATTRS, 12 };
251 CONST_OID smimeTimeStampToken[] = { PKCS9_SMIME_ATTRS, 14 };
252 CONST_OID smimeTimeStampTokenInfo[] = { PKCS9_SMIME_CTYPE, 0x04 };
253
254 CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
255 CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
256 CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
257 CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
258 CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
259 CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
260 CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
261
262 CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
263 CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
264 CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
265 CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
266 CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
267
268 CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
269 CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS };
270 CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS };
271 CONST_OID missiCertDSS[] = { MISSI_DSS };
272 CONST_OID missiCertKEA[] = { MISSI_KEA };
273 CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA };
274 CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
275
276 /* added for alg 1485 */
277 CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
278 CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
279 CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
280
281 /* Netscape private certificate extensions */
282 CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
283 CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
284 CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
285 CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
286 CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
287 CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
288 CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
289 CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
290 CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
291 CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
292 CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
293 CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
294 CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
295 CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
296 CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
297 CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
298
299 /* the following 2 extensions are defined for and used by Cartman(NSM) */
300 CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
301 CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
302
303 CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
304 CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
305 /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
306
307 /* Netscape policy values */
308 CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
309
310 /* Netscape other name types */
311 CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01};
312 /* Reserved Netscape REF605437
313 (2 16 840 1 113730 7 2) = { NETSCAPE_NAME_COMPONENTS, 0x02 }; */
314
315 /* OIDs needed for cert server */
316 CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
317
318
319 /* Standard x.509 v3 Certificate Extensions */
320 CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
321 CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 };
322 CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 };
323 CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
324 CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 };
325 CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 };
326 CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 };
327 CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 };
328 CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 };
329 CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 };
330 CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 };
331 CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 34 };
332 CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 };
333 CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 };
334 CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
335
336 /* Standard x.509 v3 CRL Extensions */
337 CONST_OID x509CrlNumber[] = { ID_CE_OID, 20};
338 CONST_OID x509ReasonCode[] = { ID_CE_OID, 21};
339 CONST_OID x509InvalidDate[] = { ID_CE_OID, 24};
340
341 /* pkcs 12 additions */
342 CONST_OID pkcs12[] = { PKCS12 };
343 CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
344 CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
345 CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS };
346 CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
347 CONST_OID pkcs12OIDs[] = { PKCS12_OIDS };
348 CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
349 CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
350 CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
351 CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
352 CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
353 CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
354 CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
355 CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
356 CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
357 CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
358 CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
359 CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
360 CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
361 CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
362 CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
363 CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 };
364 CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 };
365 CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
366
367 /* pkcs 12 version 1.0 ids */
368 CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
369 CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
370 CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 };
371 CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 };
372 CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
373 CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
374
375 CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 };
376 CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
377
378 CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
379 CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
380 CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
381 CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
382 CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
383 CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
384
385 CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
386
387 CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
388 CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 };
389
390 /* verisign OIDs */
391 CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
392
393 /* pkix OIDs */
394 CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
395 CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
396
397 CONST_OID pkixOCSP[] = { PKIX_OCSP };
398 CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
399 CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 };
400 CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 };
401 CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 };
402 CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
403 CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
404 CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
405
406 CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1};
407 CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2};
408 CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3};
409 CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
410 CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5};
411 CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6};
412 CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1};
413 CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2};
414
415 CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 };
416 CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 };
417 CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
418 CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
419 CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
420 CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
421
422 /* OIDs for Netscape defined algorithms */
423 CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
424
425 /* Fortezza algorithm OIDs */
426 CONST_OID skipjackCBC[] = { FORTEZZA_ALG, 0x04 };
427 CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
428
429 CONST_OID aes128_ECB[] = { AES, 1 };
430 CONST_OID aes128_CBC[] = { AES, 2 };
431 #ifdef DEFINE_ALL_AES_CIPHERS
432 CONST_OID aes128_OFB[] = { AES, 3 };
433 CONST_OID aes128_CFB[] = { AES, 4 };
434 #endif
435 CONST_OID aes128_KEY_WRAP[] = { AES, 5 };
436
437 CONST_OID aes192_ECB[] = { AES, 21 };
438 CONST_OID aes192_CBC[] = { AES, 22 };
439 #ifdef DEFINE_ALL_AES_CIPHERS
440 CONST_OID aes192_OFB[] = { AES, 23 };
441 CONST_OID aes192_CFB[] = { AES, 24 };
442 #endif
443 CONST_OID aes192_KEY_WRAP[] = { AES, 25 };
444
445 CONST_OID aes256_ECB[] = { AES, 41 };
446 CONST_OID aes256_CBC[] = { AES, 42 };
447 #ifdef DEFINE_ALL_AES_CIPHERS
448 CONST_OID aes256_OFB[] = { AES, 43 };
449 CONST_OID aes256_CFB[] = { AES, 44 };
450 #endif
451 CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
452
453 CONST_OID sha256[] = { SHAXXX, 1 };
454 CONST_OID sha384[] = { SHAXXX, 2 };
455 CONST_OID sha512[] = { SHAXXX, 3 };
456 CONST_OID sha224[] = { SHAXXX, 4 };
457
458 CONST_OID ecdsaWithSHA1[] = { ANSI_X9_62_SIG_TYPE, 1 };
459 CONST_OID ecdsaWithSHA256[] = { ECDSA_WITH_SHA2, 2 };
460 CONST_OID ecdsaWithSHA384[] = { ECDSA_WITH_SHA2, 3 };
461 CONST_OID ecdsaWithSHA512[] = { ECDSA_WITH_SHA2, 4 };
462 CONST_OID ecPublicKey[] = { ANSI_X9_62_PUBKEY_TYPE, 1 };
463 /* This OID doesn't appear in a CMS msg */
464 CONST_OID ecdsaSig[] = { ANSI_X9_62_SIG_TYPE };
465
466 /* ECDH curves */
467 CONST_OID secp256r1[] = { 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };
468 CONST_OID secp384r1[] = { CERTICOM_ELL_CURVE, 0x22 };
469 CONST_OID secp521r1[] = { CERTICOM_ELL_CURVE, 0x23 };
470
471 /* RFC 3278 */
472 CONST_OID dhSinglePassStdDHsha1kdf[] = {ANSI_X9_63_SCHEME, 2 };
473 CONST_OID dhSinglePassCofactorDHsha1kdf[] = {ANSI_X9_63_SCHEME, 3 };
474 CONST_OID mqvSinglePassSha1kdf[] = {ANSI_X9_63_SCHEME, 4 };
475
476 /* Apple Hash Agility */
477 CONST_OID appleHashAgility[] = {APPLE_CMS_ATTRIBUTES, 1};
478 CONST_OID appleHashAgilityV2[] = {APPLE_CMS_ATTRIBUTES, 2};
479
480 /* a special case: always associated with a caller-specified OID */
481 CONST_OID noOid[] = { 0 };
482
483 #define OI(x) { sizeof x, (uint8 *)x }
484 #ifndef SECOID_NO_STRINGS
485 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
486 #else
487 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
488 #endif
489
490 /*
491 * NOTE: the order of these entries must match the SECOidTag enum in secoidt.h!
492 */
493 const static SECOidData oids[] = {
494 { { 0, NULL }, SEC_OID_UNKNOWN,
495 "Unknown OID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION },
496 OD( md2, SEC_OID_MD2, "MD2", CSSM_ALGID_MD2, INVALID_CERT_EXTENSION ),
497 OD( md4, SEC_OID_MD4,
498 "MD4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
499 OD( md5, SEC_OID_MD5, "MD5", CSSM_ALGID_MD5, INVALID_CERT_EXTENSION ),
500 OD( sha1, SEC_OID_SHA1, "SHA-1", CSSM_ALGID_SHA1, INVALID_CERT_EXTENSION ),
501 OD( rc2cbc, SEC_OID_RC2_CBC,
502 "RC2-CBC", CSSM_ALGID_RC2, INVALID_CERT_EXTENSION ),
503 OD( rc4, SEC_OID_RC4, "RC4", CSSM_ALGID_RC4, INVALID_CERT_EXTENSION ),
504 OD( desede3cbc, SEC_OID_DES_EDE3_CBC,
505 "DES-EDE3-CBC", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ),
506 OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD,
507 "RC5-CBCPad", CSSM_ALGID_RC5, INVALID_CERT_EXTENSION ),
508 OD( desecb, SEC_OID_DES_ECB,
509 "DES-ECB", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
510 OD( descbc, SEC_OID_DES_CBC,
511 "DES-CBC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
512 OD( desofb, SEC_OID_DES_OFB,
513 "DES-OFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
514 OD( descfb, SEC_OID_DES_CFB,
515 "DES-CFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
516 OD( desmac, SEC_OID_DES_MAC,
517 "DES-MAC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
518 OD( desede, SEC_OID_DES_EDE,
519 "DES-EDE", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ),
520 OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
521 "ISO SHA with RSA Signature",
522 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
523 OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
524 "PKCS #1 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ),
525
526 /* the following Signing CSSM_ALGORITHMS should get new CKM_ values when
527 * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
528 * PKCS #11.
529 */
530 OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
531 "PKCS #1 MD2 With RSA Encryption", CSSM_ALGID_MD2WithRSA,
532 INVALID_CERT_EXTENSION ),
533 OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
534 "PKCS #1 MD4 With RSA Encryption",
535 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
536 OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
537 "PKCS #1 MD5 With RSA Encryption", CSSM_ALGID_MD5WithRSA,
538 INVALID_CERT_EXTENSION ),
539 OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
540 "PKCS #1 SHA-1 With RSA Encryption", CSSM_ALGID_SHA1WithRSA,
541 INVALID_CERT_EXTENSION ),
542
543 OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
544 "PKCS #5 Password Based Encryption with MD2 and DES CBC",
545 CSSM_ALGID_PKCS5_PBKDF1_MD2, INVALID_CERT_EXTENSION ),
546 OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
547 "PKCS #5 Password Based Encryption with MD5 and DES CBC",
548 CSSM_ALGID_PKCS5_PBKDF1_MD5, INVALID_CERT_EXTENSION ),
549 OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
550 "PKCS #5 Password Based Encryption with SHA1 and DES CBC",
551 CSSM_ALGID_PKCS5_PBKDF1_SHA1, INVALID_CERT_EXTENSION ),
552 OD( pkcs7, SEC_OID_PKCS7,
553 "PKCS #7", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
554 OD( pkcs7Data, SEC_OID_PKCS7_DATA,
555 "PKCS #7 Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
556 OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
557 "PKCS #7 Signed Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
558 OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
559 "PKCS #7 Enveloped Data",
560 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
561 OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
562 "PKCS #7 Signed And Enveloped Data",
563 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
564 OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
565 "PKCS #7 Digested Data",
566 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
567 OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
568 "PKCS #7 Encrypted Data",
569 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
570 OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
571 "PKCS #9 Email Address",
572 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
573 OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
574 "PKCS #9 Unstructured Name",
575 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
576 OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
577 "PKCS #9 Content Type",
578 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
579 OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
580 "PKCS #9 Message Digest",
581 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
582 OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
583 "PKCS #9 Signing Time",
584 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
585 OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
586 "PKCS #9 Counter Signature",
587 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
588 OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
589 "PKCS #9 Challenge Password",
590 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
591 OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
592 "PKCS #9 Unstructured Address",
593 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
594 OD( pkcs9ExtendedCertificateAttributes,
595 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
596 "PKCS #9 Extended Certificate Attributes",
597 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
598 OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
599 "PKCS #9 S/MIME Capabilities",
600 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
601 OD( x520CommonName, SEC_OID_AVA_COMMON_NAME,
602 "X520 Common Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
603 OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
604 "X520 Country Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
605 OD( x520LocalityName, SEC_OID_AVA_LOCALITY,
606 "X520 Locality Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
607 OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
608 "X520 State Or Province Name",
609 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
610 OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
611 "X520 Organization Name",
612 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
613 OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
614 "X520 Organizational Unit Name",
615 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
616 OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
617 "X520 DN Qualifier", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
618 OD( rfc2247DomainComponent, SEC_OID_AVA_DC,
619 "RFC 2247 Domain Component",
620 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
621
622 OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF,
623 "GIF", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
624 OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
625 "JPEG", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
626 OD( nsTypeURL, SEC_OID_NS_TYPE_URL,
627 "URL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
628 OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML,
629 "HTML", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
630 OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
631 "Certificate Sequence",
632 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
633 OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD,
634 "MISSI KEA and DSS Algorithm (Old)",
635 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
636 OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD,
637 "MISSI DSS Algorithm (Old)",
638 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
639 OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS,
640 "MISSI KEA and DSS Algorithm",
641 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
642 OD( missiCertDSS, SEC_OID_MISSI_DSS,
643 "MISSI DSS Algorithm",
644 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
645 OD( missiCertKEA, SEC_OID_MISSI_KEA,
646 "MISSI KEA Algorithm",
647 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
648 OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA,
649 "MISSI Alternate KEA Algorithm",
650 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
651
652 /* Netscape private extensions */
653 OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
654 "Netscape says this cert is OK",
655 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
656 OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
657 "Certificate Issuer Logo",
658 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
659 OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
660 "Certificate Subject Logo",
661 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
662 OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
663 "Certificate Type",
664 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
665 OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
666 "Certificate Extension Base URL",
667 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
668 OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
669 "Certificate Revocation URL",
670 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
671 OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
672 "Certificate Authority Revocation URL",
673 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
674 OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
675 "Certificate Authority CRL Download URL",
676 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
677 OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
678 "Certificate Authority Certificate Download URL",
679 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
680 OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
681 "Certificate Renewal URL",
682 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
683 OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
684 "Certificate Authority Policy URL",
685 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
686 OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
687 "Certificate Homepage URL",
688 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
689 OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
690 "Certificate Entity Logo",
691 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
692 OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
693 "Certificate User Picture",
694 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
695 OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
696 "Certificate SSL Server Name",
697 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
698 OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
699 "Certificate Comment",
700 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
701 OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
702 "Lost Password URL",
703 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
704 OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
705 "Certificate Renewal Time",
706 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
707 OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
708 "Strong Crypto Export Approved",
709 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
710
711
712 /* x.509 v3 certificate extensions */
713 OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
714 "Certificate Subject Directory Attributes",
715 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION),
716 OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID,
717 "Certificate Subject Key ID",
718 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
719 OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE,
720 "Certificate Key Usage",
721 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
722 OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
723 "Certificate Private Key Usage Period",
724 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
725 OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME,
726 "Certificate Subject Alt Name",
727 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
728 OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME,
729 "Certificate Issuer Alt Name",
730 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
731 OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS,
732 "Certificate Basic Constraints",
733 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
734 OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS,
735 "Certificate Name Constraints",
736 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
737 OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS,
738 "CRL Distribution Points",
739 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
740 OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
741 "Certificate Policies",
742 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
743 OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS,
744 "Certificate Policy Mappings",
745 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
746 OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS,
747 "Certificate Policy Constraints",
748 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
749 OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID,
750 "Certificate Authority Key Identifier",
751 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
752 OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE,
753 "Extended Key Usage",
754 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
755 OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS,
756 "Authority Information Access",
757 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
758
759 /* x.509 v3 CRL extensions */
760 OD( x509CrlNumber, SEC_OID_X509_CRL_NUMBER,
761 "CRL Number", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
762 OD( x509ReasonCode, SEC_OID_X509_REASON_CODE,
763 "CRL reason code", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
764 OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE,
765 "Invalid Date", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
766
767 OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
768 "X500 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ),
769
770 /* added for alg 1485 */
771 OD( rfc1274Uid, SEC_OID_RFC1274_UID,
772 "RFC1274 User Id", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
773 OD( rfc1274Mail, SEC_OID_RFC1274_MAIL,
774 "RFC1274 E-mail Address",
775 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
776
777 /* pkcs 12 additions */
778 OD( pkcs12, SEC_OID_PKCS12,
779 "PKCS #12", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
780 OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
781 "PKCS #12 Mode IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
782 OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
783 "PKCS #12 ESPVK IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
784 OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
785 "PKCS #12 Bag IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
786 OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
787 "PKCS #12 Cert Bag IDs",
788 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
789 OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS,
790 "PKCS #12 OIDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
791 OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
792 "PKCS #12 PBE IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
793 OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
794 "PKCS #12 Signature IDs",
795 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
796 OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
797 "PKCS #12 Enveloping IDs",
798 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
799 OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
800 "PKCS #12 Key Shrouding",
801 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
802 OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
803 "PKCS #12 Key Bag ID",
804 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
805 OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
806 "PKCS #12 Cert And CRL Bag ID",
807 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
808 OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
809 "PKCS #12 Secret Bag ID",
810 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
811 OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
812 "PKCS #12 X509 Cert CRL Bag",
813 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
814 OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
815 "PKCS #12 SDSI Cert Bag",
816 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
817 OD( pkcs12PBEWithSha1And128BitRC4,
818 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
819 "PKCS #12 PBE With Sha1 and 128 Bit RC4",
820 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
821 OD( pkcs12PBEWithSha1And40BitRC4,
822 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
823 "PKCS #12 PBE With Sha1 and 40 Bit RC4",
824 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
825 OD( pkcs12PBEWithSha1AndTripleDESCBC,
826 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
827 "PKCS #12 PBE With Sha1 and Triple DES CBC",
828 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
829 OD( pkcs12PBEWithSha1And128BitRC2CBC,
830 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
831 "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC",
832 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
833 OD( pkcs12PBEWithSha1And40BitRC2CBC,
834 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
835 "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC",
836 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
837 OD( pkcs12RSAEncryptionWith128BitRC4,
838 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
839 "PKCS #12 RSA Encryption with 128 Bit RC4",
840 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
841 OD( pkcs12RSAEncryptionWith40BitRC4,
842 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
843 "PKCS #12 RSA Encryption with 40 Bit RC4",
844 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
845 OD( pkcs12RSAEncryptionWithTripleDES,
846 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
847 "PKCS #12 RSA Encryption with Triple DES",
848 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
849 OD( pkcs12RSASignatureWithSHA1Digest,
850 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
851 "PKCS #12 RSA Encryption with Triple DES",
852 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
853
854 /* DSA signatures */
855 OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
856 "ANSI X9.57 DSA Signature", CSSM_ALGID_DSA, INVALID_CERT_EXTENSION ),
857 OD( ansix9DSASignaturewithSHA1Digest,
858 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
859 "ANSI X9.57 DSA Signature with SHA1 Digest",
860 CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
861 OD( bogusDSASignaturewithSHA1Digest,
862 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
863 "FORTEZZA DSA Signature with SHA1 Digest",
864 CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
865
866 /* verisign oids */
867 OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
868 "Verisign User Notices",
869 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
870
871 /* pkix oids */
872 OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
873 "PKIX CPS Pointer Qualifier",
874 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
875 OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
876 "PKIX User Notice Qualifier",
877 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
878
879 OD( pkixOCSP, SEC_OID_PKIX_OCSP,
880 "PKIX Online Certificate Status Protocol",
881 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
882 OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
883 "OCSP Basic Response", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
884 OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
885 "OCSP Nonce Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
886 OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
887 "OCSP CRL Reference Extension",
888 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
889 OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
890 "OCSP Response Types Extension",
891 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
892 OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
893 "OCSP No Check Extension",
894 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
895 OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
896 "OCSP Archive Cutoff Extension",
897 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
898 OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
899 "OCSP Service Locator Extension",
900 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
901
902 OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
903 "PKIX CRMF Registration Control, Registration Token",
904 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
905 OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
906 "PKIX CRMF Registration Control, Registration Authenticator",
907 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
908 OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
909 "PKIX CRMF Registration Control, PKI Publication Info",
910 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
911 OD( pkixRegCtrlPKIArchOptions,
912 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
913 "PKIX CRMF Registration Control, PKI Archive Options",
914 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
915 OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
916 "PKIX CRMF Registration Control, Old Certificate ID",
917 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
918 OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
919 "PKIX CRMF Registration Control, Protocol Encryption Key",
920 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
921 OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
922 "PKIX CRMF Registration Info, UTF8 Pairs",
923 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
924 OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
925 "PKIX CRMF Registration Info, Certificate Request",
926 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
927 OD( pkixExtendedKeyUsageServerAuth,
928 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
929 "TLS Web Server Authentication Certificate",
930 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
931 OD( pkixExtendedKeyUsageClientAuth,
932 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
933 "TLS Web Client Authentication Certificate",
934 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
935 OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
936 "Code Signing Certificate",
937 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
938 OD( pkixExtendedKeyUsageEMailProtect,
939 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
940 "E-Mail Protection Certificate",
941 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
942 OD( pkixExtendedKeyUsageTimeStamp,
943 SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
944 "Time Stamping Certifcate",
945 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
946 OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
947 "OCSP Responder Certificate",
948 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
949
950 /* Netscape Algorithm OIDs */
951
952 OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
953 "Netscape S/MIME KEA", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
954
955 /* Skipjack OID -- ### mwelch temporary */
956 OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
957 "Skipjack CBC64", CSSM_ALGID_SKIPJACK, INVALID_CERT_EXTENSION ),
958
959 /* pkcs12 v2 oids */
960 OD( pkcs12V2PBEWithSha1And128BitRC4,
961 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
962 "PKCS12 V2 PBE With SHA1 And 128 Bit RC4",
963 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
964 OD( pkcs12V2PBEWithSha1And40BitRC4,
965 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
966 "PKCS12 V2 PBE With SHA1 And 40 Bit RC4",
967 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
968 OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
969 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
970 "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc",
971 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
972 OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
973 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
974 "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc",
975 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
976 OD( pkcs12V2PBEWithSha1And128BitRC2cbc,
977 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
978 "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC",
979 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
980 OD( pkcs12V2PBEWithSha1And40BitRC2cbc,
981 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
982 "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC",
983 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
984 OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
985 "PKCS #12 Safe Contents ID",
986 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
987 OD( pkcs12PKCS8ShroudedKeyBagID,
988 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
989 "PKCS #12 Safe Contents ID",
990 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
991 OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
992 "PKCS #12 V1 Key Bag",
993 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
994 OD( pkcs12V1PKCS8ShroudedKeyBag,
995 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
996 "PKCS #12 V1 PKCS8 Shrouded Key Bag",
997 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
998 OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
999 "PKCS #12 V1 Cert Bag",
1000 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1001 OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
1002 "PKCS #12 V1 CRL Bag",
1003 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1004 OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
1005 "PKCS #12 V1 Secret Bag",
1006 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1007 OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
1008 "PKCS #12 V1 Safe Contents Bag",
1009 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1010
1011 OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
1012 "PKCS #9 X509 Certificate",
1013 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1014 OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
1015 "PKCS #9 SDSI Certificate",
1016 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1017 OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
1018 "PKCS #9 X509 CRL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1019 OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
1020 "PKCS #9 Friendly Name",
1021 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1022 OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
1023 "PKCS #9 Local Key ID",
1024 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1025 OD( pkcs12KeyUsageAttr, SEC_OID_PKCS12_KEY_USAGE,
1026 "PKCS 12 Key Usage", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1027 OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
1028 "Diffie-Helman Public Key", CSSM_ALGID_DH,
1029 INVALID_CERT_EXTENSION ),
1030 OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
1031 "Netscape Nickname", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1032
1033 /* Cert Server specific OIDs */
1034 OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
1035 "Recovery Request OID",
1036 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1037
1038 OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
1039 "Certificate Renewal Locator OID", CSSM_ALGID_NONE,
1040 INVALID_CERT_EXTENSION ),
1041
1042 OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
1043 "Certificate Scope-of-Use Extension", CSSM_ALGID_NONE,
1044 SUPPORTED_CERT_EXTENSION ),
1045
1046 /* CMS stuff */
1047 OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
1048 "Ephemeral-Static Diffie-Hellman", CSSM_ALGID_NONE /* XXX */,
1049 INVALID_CERT_EXTENSION ),
1050 OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
1051 "CMS 3DES Key Wrap", CSSM_ALGID_NONE /* XXX */,
1052 INVALID_CERT_EXTENSION ),
1053 OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
1054 "CMS RC2 Key Wrap", CSSM_ALGID_NONE /* XXX */,
1055 INVALID_CERT_EXTENSION ),
1056 OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
1057 "S/MIME Encryption Key Preference",
1058 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1059
1060 /* AES algorithm OIDs */
1061 OD( aes128_ECB, SEC_OID_AES_128_ECB,
1062 "AES-128-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1063 OD( aes128_CBC, SEC_OID_AES_128_CBC,
1064 "AES-128-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1065 OD( aes192_ECB, SEC_OID_AES_192_ECB,
1066 "AES-192-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1067 OD( aes192_CBC, SEC_OID_AES_192_CBC,
1068 "AES-192-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1069 OD( aes256_ECB, SEC_OID_AES_256_ECB,
1070 "AES-256-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1071 OD( aes256_CBC, SEC_OID_AES_256_CBC,
1072 "AES-256-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1073
1074 /* More bogus DSA OIDs */
1075 OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE,
1076 "SDN.702 DSA Signature", CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
1077
1078 OD( ms_smimeEncryptionKeyPreference,
1079 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
1080 "Microsoft S/MIME Encryption Key Preference",
1081 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1082
1083 OD( sha224, SEC_OID_SHA224, "SHA-224", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1084 OD( sha256, SEC_OID_SHA256, "SHA-256", CSSM_ALGID_SHA256, INVALID_CERT_EXTENSION),
1085 OD( sha384, SEC_OID_SHA384, "SHA-384", CSSM_ALGID_SHA384, INVALID_CERT_EXTENSION),
1086 OD( sha512, SEC_OID_SHA512, "SHA-512", CSSM_ALGID_SHA512, INVALID_CERT_EXTENSION),
1087
1088 OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
1089 "PKCS #1 SHA-256 With RSA Encryption", CSSM_ALGID_SHA256WithRSA,
1090 INVALID_CERT_EXTENSION ),
1091 OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
1092 "PKCS #1 SHA-384 With RSA Encryption", CSSM_ALGID_SHA384WithRSA,
1093 INVALID_CERT_EXTENSION ),
1094 OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
1095 "PKCS #1 SHA-512 With RSA Encryption", CSSM_ALGID_SHA512WithRSA,
1096 INVALID_CERT_EXTENSION ),
1097
1098 OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
1099 "AES-128 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1100 OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
1101 "AES-192 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1102 OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
1103 "AES-256 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1104
1105 /* caller-specified OID for eContentType */
1106 OD( noOid, SEC_OID_OTHER,
1107 "Caller-specified eContentType", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1108
1109 OD( ecPublicKey, SEC_OID_EC_PUBLIC_KEY,
1110 "ECDSA Public Key", CSSM_ALGID_ECDSA,
1111 INVALID_CERT_EXTENSION ),
1112 OD( ecdsaWithSHA1, SEC_OID_ECDSA_WithSHA1,
1113 "SHA-1 With ECDSA", CSSM_ALGID_SHA1WithECDSA,
1114 INVALID_CERT_EXTENSION ),
1115 OD( dhSinglePassStdDHsha1kdf, SEC_OID_DH_SINGLE_STD_SHA1KDF,
1116 "ECDH With SHA1 KDF", CSSM_ALGID_ECDH_X963_KDF,
1117 INVALID_CERT_EXTENSION ),
1118 OD( secp256r1, SEC_OID_SECP_256_R1,
1119 "secp256r1", CSSM_ALGID_NONE,
1120 INVALID_CERT_EXTENSION ),
1121 OD( secp384r1, SEC_OID_SECP_384_R1,
1122 "secp384r1", CSSM_ALGID_NONE,
1123 INVALID_CERT_EXTENSION ),
1124 OD( secp521r1, SEC_OID_SECP_521_R1,
1125 "secp521r1", CSSM_ALGID_NONE,
1126 INVALID_CERT_EXTENSION ),
1127
1128 OD( smimeTimeStampTokenInfo, SEC_OID_PKCS9_ID_CT_TSTInfo,
1129 "id-ct-TSTInfo", CSSM_ALGID_NONE,
1130 INVALID_CERT_EXTENSION ),
1131
1132 OD( smimeTimeStampToken, SEC_OID_PKCS9_TIMESTAMP_TOKEN,
1133 "id-aa-timeStampToken", CSSM_ALGID_NONE,
1134 INVALID_CERT_EXTENSION ),
1135
1136 OD( smimeSigningCertificate, SEC_OID_PKCS9_SIGNING_CERTIFICATE,
1137 "id-aa-signing-certificate", CSSM_ALGID_NONE,
1138 INVALID_CERT_EXTENSION ),
1139
1140 /* ECDSA with SHA2 */
1141 OD( ecdsaWithSHA256, SEC_OID_ECDSA_WITH_SHA256,
1142 "ECDSA With SHA-256", CSSM_ALGID_SHA256WithECDSA,
1143 INVALID_CERT_EXTENSION ),
1144 OD( ecdsaWithSHA384, SEC_OID_ECDSA_WITH_SHA384,
1145 "ECDSA With SHA-384", CSSM_ALGID_SHA384WithECDSA,
1146 INVALID_CERT_EXTENSION ),
1147 OD( ecdsaWithSHA512, SEC_OID_ECDSA_WITH_SHA512,
1148 "ECDSA With SHA-512", CSSM_ALGID_SHA512WithECDSA,
1149 INVALID_CERT_EXTENSION ),
1150
1151 /* Apple Hash Agility */
1152 OD( appleHashAgility, SEC_OID_APPLE_HASH_AGILITY,
1153 "appleCodesigningHashAgilityAttribute", CSSM_ALGID_NONE,
1154 INVALID_CERT_EXTENSION),
1155 OD( appleHashAgilityV2, SEC_OID_APPLE_HASH_AGILITY_V2,
1156 "appleCodesigningHashAgilityAttribute", CSSM_ALGID_NONE,
1157 INVALID_CERT_EXTENSION),
1158 };
1159
1160 /*
1161 * now the dynamic table. The dynamic table gets build at init time.
1162 * and gets modified if the user loads new crypto modules.
1163 */
1164
1165 static PLHashTable *oid_d_hash = 0;
1166 static SECOidData **secoidDynamicTable = NULL;
1167 static int secoidDynamicTableSize = 0;
1168 static int secoidLastDynamicEntry = 0;
1169 static int secoidLastHashEntry = 0;
1170
1171 /*
1172 * A mutex to protect creation and writing of all three hash tables in
1173 * this module, and reading of the dynamic table.
1174 */
1175 static pthread_mutex_t oid_hash_mutex = PTHREAD_MUTEX_INITIALIZER;
1176
1177 /* caller holds oid_hash_mutex */
1178 static SECStatus
1179 secoid_DynamicRehash(void)
1180 {
1181 SECOidData *oid;
1182 PLHashEntry *entry;
1183 int i;
1184 int last = secoidLastDynamicEntry;
1185
1186 if (!oid_d_hash) {
1187 oid_d_hash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1188 PL_CompareValues, NULL, NULL);
1189 }
1190
1191
1192 if ( !oid_d_hash ) {
1193 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1194 return(SECFailure);
1195 }
1196
1197 for ( i = secoidLastHashEntry; i < last; i++ ) {
1198 oid = secoidDynamicTable[i];
1199
1200 entry = PL_HashTableAdd( oid_d_hash, &oid->oid, oid );
1201 if ( entry == NULL ) {
1202 return(SECFailure);
1203 }
1204 }
1205 secoidLastHashEntry = last;
1206 return(SECSuccess);
1207 }
1208
1209
1210
1211 /*
1212 * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
1213 * cheaper to rehash the table when it changes than it is to do the loop
1214 * each time.
1215 */
1216 static SECOidData *
1217 secoid_FindDynamic(const SECItem *key) {
1218 SECOidData *ret = NULL;
1219
1220 pthread_mutex_lock(&oid_hash_mutex);
1221 /* subsequent errors to loser: */
1222 if (secoidDynamicTable == NULL) {
1223 /* PORT_SetError! */
1224 goto loser;
1225 }
1226 if (secoidLastHashEntry != secoidLastDynamicEntry) {
1227 SECStatus rv = secoid_DynamicRehash();
1228 if ( rv != SECSuccess ) {
1229 goto loser;
1230 }
1231 }
1232 ret = (SECOidData *)PL_HashTableLookup (oid_d_hash, key);
1233 loser:
1234 pthread_mutex_unlock(&oid_hash_mutex);
1235 return ret;
1236
1237 }
1238
1239 static SECOidData *
1240 secoid_FindDynamicByTag(SECOidTag tagnum)
1241 {
1242 int tagNumDiff;
1243 SECOidData *rtn = NULL;
1244
1245 if (tagnum < SEC_OID_TOTAL) {
1246 return NULL;
1247 }
1248
1249 pthread_mutex_lock(&oid_hash_mutex);
1250 /* subsequent errors to loser: */
1251
1252 if (secoidDynamicTable == NULL) {
1253 goto loser;
1254 }
1255
1256 tagNumDiff = tagnum - SEC_OID_TOTAL;
1257 if (tagNumDiff >= secoidLastDynamicEntry) {
1258 goto loser;
1259 }
1260
1261 rtn = secoidDynamicTable[tagNumDiff];
1262 loser:
1263 pthread_mutex_unlock(&oid_hash_mutex);
1264 return rtn;
1265 }
1266
1267 #if 0
1268 SECStatus
1269 SECOID_AddEntry(SECItem *oid, char *description, CSSM_ALGORITHMS cssmAlgorithm) {
1270 SECOidData *oiddp;
1271 int last;
1272 int tableSize;
1273 int next;
1274 SECOidData **newTable;
1275 SECOidData **oldTable = NULL;
1276 SECStatus srtn = SECFailure;
1277
1278 if (oid == NULL) {
1279 return SECFailure;
1280 }
1281
1282 pthread_mutex_lock(&oid_hash_mutex);
1283 /* subsequent errors to loser: */
1284
1285 oiddp = (SECOidData *)PORT_Alloc(sizeof(SECOidData));
1286 last = secoidLastDynamicEntry;
1287 tableSize = secoidDynamicTableSize;
1288 next = last++;
1289 newTable = secoidDynamicTable;
1290
1291 /* fill in oid structure */
1292 if (SECITEM_CopyItem(NULL,&oiddp->oid,oid) != SECSuccess) {
1293 PORT_Free(oiddp);
1294 goto loser;
1295 }
1296 oiddp->offset = (SECOidTag)(next + SEC_OID_TOTAL);
1297 /* may we should just reference the copy passed to us? */
1298 oiddp->desc = PORT_Strdup(description);
1299 oiddp->cssmAlgorithm = cssmAlgorithm;
1300
1301
1302 if (last > tableSize) {
1303 int oldTableSize = tableSize;
1304 tableSize += 10;
1305 oldTable = newTable;
1306 newTable = (SECOidData **)PORT_ZAlloc(sizeof(SECOidData *)*tableSize);
1307 if (newTable == NULL) {
1308 PORT_Free(oiddp->oid.Data);
1309 PORT_Free(oiddp);
1310 goto loser;
1311 }
1312 PORT_Memcpy(newTable,oldTable,sizeof(SECOidData *)*oldTableSize);
1313 PORT_Free(oldTable);
1314 }
1315
1316 newTable[next] = oiddp;
1317 secoidDynamicTable = newTable;
1318 secoidDynamicTableSize = tableSize;
1319 secoidLastDynamicEntry = last;
1320 srtn = SECSuccess;
1321 loser:
1322 pthread_mutex_unlock(&oid_hash_mutex);
1323 return srtn;
1324 }
1325 #endif
1326
1327
1328 /* normal static table processing */
1329
1330 /* creation and writes to these hash tables is protected by oid_hash_mutex */
1331 static PLHashTable *oidhash = NULL;
1332 static PLHashTable *oidmechhash = NULL;
1333
1334 static PLHashNumber
1335 secoid_HashNumber(const void *key)
1336 {
1337 intptr_t keyint = (intptr_t)key;
1338 // XXX/gh revisit this
1339 keyint ^= (keyint >> 8);
1340 keyint ^= (keyint << 8);
1341 return (PLHashNumber) keyint;
1342 }
1343
1344 /* caller holds oid_hash_mutex */
1345 static SECStatus
1346 InitOIDHash(void)
1347 {
1348 PLHashEntry *entry;
1349 const SECOidData *oid;
1350 int i;
1351
1352 oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1353 PL_CompareValues, NULL, NULL);
1354 oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
1355 PL_CompareValues, NULL, NULL);
1356
1357 if ( !oidhash || !oidmechhash) {
1358 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1359 PORT_Assert(0); /*This function should never fail. */
1360 return(SECFailure);
1361 }
1362
1363 for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
1364 oid = &oids[i];
1365
1366 PORT_Assert ( oid->offset == i );
1367
1368 entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
1369 if ( entry == NULL ) {
1370 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1371 PORT_Assert(0); /*This function should never fail. */
1372 return(SECFailure);
1373 }
1374
1375 if ( oid->cssmAlgorithm != CSSM_ALGID_NONE ) {
1376 intptr_t algorithm = oid->cssmAlgorithm;
1377 entry = PL_HashTableAdd( oidmechhash,
1378 (void *)algorithm, (void *)oid );
1379 if ( entry == NULL ) {
1380 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1381 PORT_Assert(0); /* This function should never fail. */
1382 return(SECFailure);
1383 }
1384 }
1385 }
1386
1387 PORT_Assert (i == SEC_OID_TOTAL);
1388
1389 return(SECSuccess);
1390 }
1391
1392 SECOidData *
1393 SECOID_FindOIDByCssmAlgorithm(CSSM_ALGORITHMS cssmAlgorithm)
1394 {
1395 SECOidData *ret;
1396 int rv;
1397
1398 pthread_mutex_lock(&oid_hash_mutex);
1399 if ( !oidhash ) {
1400 rv = InitOIDHash();
1401 if ( rv != SECSuccess ) {
1402 pthread_mutex_unlock(&oid_hash_mutex);
1403 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1404 return NULL;
1405 }
1406 }
1407 pthread_mutex_unlock(&oid_hash_mutex);
1408 intptr_t algorithm = cssmAlgorithm;
1409 ret = PL_HashTableLookupConst ( oidmechhash, (void *)algorithm);
1410 if ( ret == NULL ) {
1411 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1412 }
1413
1414 return (ret);
1415 }
1416
1417 SECOidData *
1418 SECOID_FindOID(const SECItem *oid)
1419 {
1420 SECOidData *ret;
1421 int rv;
1422
1423 pthread_mutex_lock(&oid_hash_mutex);
1424 if ( !oidhash ) {
1425 rv = InitOIDHash();
1426 if ( rv != SECSuccess ) {
1427 pthread_mutex_unlock(&oid_hash_mutex);
1428 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1429 return NULL;
1430 }
1431 }
1432 pthread_mutex_unlock(&oid_hash_mutex);
1433
1434 ret = PL_HashTableLookupConst ( oidhash, oid );
1435 if ( ret == NULL ) {
1436 ret = secoid_FindDynamic(oid);
1437 if (ret == NULL) {
1438 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1439 }
1440 }
1441
1442 return(ret);
1443 }
1444
1445 SECOidTag
1446 SECOID_FindOIDTag(const SECItem *oid)
1447 {
1448 SECOidData *oiddata;
1449
1450 oiddata = SECOID_FindOID (oid);
1451 if (oiddata == NULL)
1452 return SEC_OID_UNKNOWN;
1453
1454 return oiddata->offset;
1455 }
1456
1457 /* This really should return const. */
1458 SECOidData *
1459 SECOID_FindOIDByTag(SECOidTag tagnum)
1460 {
1461
1462 if (tagnum >= SEC_OID_TOTAL) {
1463 return secoid_FindDynamicByTag(tagnum);
1464 }
1465
1466 PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
1467 return (SECOidData *)(&oids[tagnum]);
1468 }
1469
1470 Boolean SECOID_KnownCertExtenOID (const SECItem *extenOid)
1471 {
1472 SECOidData * oidData;
1473
1474 oidData = SECOID_FindOID (extenOid);
1475 if (oidData == (SECOidData *)NULL)
1476 return (PR_FALSE);
1477 return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
1478 PR_TRUE : PR_FALSE);
1479 }
1480
1481
1482 const char *
1483 SECOID_FindOIDTagDescription(SECOidTag tagnum)
1484 {
1485 const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
1486 return oidData ? oidData->desc : 0;
1487 }
1488
1489 /*
1490 * free up the oid tables.
1491 */
1492 SECStatus
1493 SECOID_Shutdown(void)
1494 {
1495 int i;
1496
1497 pthread_mutex_lock(&oid_hash_mutex);
1498 if (oidhash) {
1499 PL_HashTableDestroy(oidhash);
1500 oidhash = NULL;
1501 }
1502 if (oidmechhash) {
1503 PL_HashTableDestroy(oidmechhash);
1504 oidmechhash = NULL;
1505 }
1506 if (oid_d_hash) {
1507 PL_HashTableDestroy(oid_d_hash);
1508 oid_d_hash = NULL;
1509 }
1510 if (secoidDynamicTable) {
1511 for (i=0; i < secoidLastDynamicEntry; i++) {
1512 PORT_Free(secoidDynamicTable[i]);
1513 }
1514 PORT_Free(secoidDynamicTable);
1515 secoidDynamicTable = NULL;
1516 secoidDynamicTableSize = 0;
1517 secoidLastDynamicEntry = 0;
1518 secoidLastHashEntry = 0;
1519 }
1520 pthread_mutex_unlock(&oid_hash_mutex);
1521 return SECSuccess;
1522 }
1523
1524 #pragma clang diagnostic pop
mirror of Security