| commit | acee477141c6dcca7b273f0185c9fca7ab4f80c4 | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Tue, 30 May 2017 07:55:02 +0000 (30 00:55 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Tue, 30 May 2017 07:55:02 +0000 (30 00:55 -0700) | ||
| tree | 9ab7a5823fd23a8862531a86ccc9fff92f1b35c6 | treesnapshot (tar.gz zip) |
| parent | 9be2b2f54c69b88beb6356ff14e2933f3c50b61a | commitdiff |
CACreateCert: calm the whirlpool a bit
A message on the OpenSSL mailing list had suggested using an
unofficial OID as a "whirlpoolWithRSAEncryption" OID.
http://openssl.6102.n7.nabble.com/Creating-a-x509-request-with-Whirlpool-td27209.html#message27213o
That unofficial OID has since been officially assigned by
RFC 8017 to something else.
The whirlpool hash algorithm identifier is officially declared
as 1.0.10118.3.0.55 in RFC 6931 section 2.3.8. However that
section is actually titled "RSA-Whirlpool" and the section is
fairly clear that the only valid encryption method to be used
with whirlpool is RSA. Therefore using the same OID for both the
hash algorithm and signature algorithm OIDs should be clear and
unambiguous. Like mud.
Update the signature algorithm OID used for RSA-Whirlpool to be
the same as the OID used for the whirlpool hash algorithm (the
officially assigned 1.0.10118.3.0.55 "whirlpool" value) and change
the warning text and bug text appropriately in order to stop using
or referencing the unofficial OID that is now officially something
else. Also add constants for two new RSA hash+encryption OIDs
(from RFC 8017), but do not include an implementation as there
doesn't yet seem to be any "openssl" option to generate them.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
A message on the OpenSSL mailing list had suggested using an
unofficial OID as a "whirlpoolWithRSAEncryption" OID.
http://openssl.6102.n7.nabble.com/Creating-a-x509-request-with-Whirlpool-td27209.html#message27213o
That unofficial OID has since been officially assigned by
RFC 8017 to something else.
The whirlpool hash algorithm identifier is officially declared
as 1.0.10118.3.0.55 in RFC 6931 section 2.3.8. However that
section is actually titled "RSA-Whirlpool" and the section is
fairly clear that the only valid encryption method to be used
with whirlpool is RSA. Therefore using the same OID for both the
hash algorithm and signature algorithm OIDs should be clear and
unambiguous. Like mud.
Update the signature algorithm OID used for RSA-Whirlpool to be
the same as the OID used for the whirlpool hash algorithm (the
officially assigned 1.0.10118.3.0.55 "whirlpool" value) and change
the warning text and bug text appropriately in order to stop using
or referencing the unofficial OID that is now officially something
else. Also add constants for two new RSA hash+encryption OIDs
(from RFC 8017), but do not include an implementation as there
doesn't yet seem to be any "openssl" option to generate them.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| CACreateCert | diffblobblamehistory |