8 files changed, 493 insertions, 90 deletions

diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index 28c9370ca3..adb5731f76 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -111,8 +111,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 static int obj_name_cmp(const void *a_void, const void *b_void)
         {
         int ret;
-        OBJ_NAME *a = (OBJ_NAME *)a_void;
-        OBJ_NAME *b = (OBJ_NAME *)b_void;
+        const OBJ_NAME *a = (const OBJ_NAME *)a_void;
+        const OBJ_NAME *b = (const OBJ_NAME *)b_void;
 
         ret=a->type-b->type;
         if (ret == 0)
@@ -133,7 +133,7 @@ static int obj_name_cmp(const void *a_void, const void *b_void)
 static unsigned long obj_name_hash(const void *a_void)
         {
         unsigned long ret;
-        OBJ_NAME *a = (OBJ_NAME *)a_void;
+        const OBJ_NAME *a = (const OBJ_NAME *)a_void;
 
         if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
                 {
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index f549d078ef..7fd7433241 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -58,10 +58,12 @@
 
 #include <stdio.h>
 #include <ctype.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
+#include <openssl/bn.h>
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #ifndef OPENSSL_NO_OBJECT
@@ -115,7 +117,7 @@ static unsigned long add_hash(const void *ca_void)
         int i;
         unsigned long ret=0;
         unsigned char *p;
-        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
+        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
 
         a=ca->obj;
         switch (ca->type)
@@ -149,8 +151,8 @@ static int add_cmp(const void *ca_void, const void *cb_void)
         {
         ASN1_OBJECT *a,*b;
         int i;
-        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
-        ADDED_OBJ *cb = (ADDED_OBJ *)cb_void;
+        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
+        const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
 
         i=ca->type-cb->type;
         if (i) return(i);
@@ -161,7 +163,7 @@ static int add_cmp(const void *ca_void, const void *cb_void)
         case ADDED_DATA:
                 i=(a->length - b->length);
                 if (i) return(i);
-                return(memcmp(a->data,b->data,a->length));
+                return(memcmp(a->data,b->data,(size_t)a->length));
         case ADDED_SNAME:
                 if (a->sn == NULL) return(-1);
                 else if (b->sn == NULL) return(1);
@@ -382,8 +384,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
                 adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
                 if (adp != NULL) return (adp->obj->nid);
                 }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
-                sizeof(ASN1_OBJECT *),obj_cmp);
+        op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
+                NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);
         if (op == NULL)
                 return(NID_undef);
         return((*op)->nid);
@@ -399,7 +401,9 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
         {
         int nid = NID_undef;
         ASN1_OBJECT *op=NULL;
-        unsigned char *buf,*p;
+        unsigned char *buf;
+        unsigned char *p;
+        const unsigned char *cp;
         int i, j;
 
         if(!no_name) {
@@ -411,8 +415,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
         /* Work out size of content octets */
         i=a2d_ASN1_OBJECT(NULL,0,s,-1);
         if (i <= 0) {
-                /* Clear the error */
-                ERR_get_error();
+                /* Don't clear the error */
+                /*ERR_clear_error();*/
                 return NULL;
         }
         /* Work out total size */
@@ -425,75 +429,170 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
         ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
         /* Write out contents */
         a2d_ASN1_OBJECT(p,i,s,-1);
-        
-        p=buf;
-        op=d2i_ASN1_OBJECT(NULL,&p,j);
+
+        cp=buf;
+        op=d2i_ASN1_OBJECT(NULL,&cp,j);
         OPENSSL_free(buf);
         return op;
         }
 
 int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
-        int i,idx=0,n=0,len,nid;
+        int i,n=0,len,nid, first, use_bn;
+        BIGNUM *bl;
         unsigned long l;
         unsigned char *p;
-        const char *s;
         char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
-        if (buf_len <= 0) return(0);
-
         if ((a == NULL) || (a->data == NULL)) {
                 buf[0]='\0';
                 return(0);
         }
 
-        if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
-                len=a->length;
-                p=a->data;
 
-                idx=0;
-                l=0;
-                while (idx < a->length) {
-                        l|=(p[idx]&0x7f);
-                        if (!(p[idx] & 0x80)) break;
-                        l<<=7L;
-                        idx++;
+        if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
+                {
+                const char *s;
+                s=OBJ_nid2ln(nid);
+                if (s == NULL)
+                        s=OBJ_nid2sn(nid);
+                if (buf)
+                        BUF_strlcpy(buf,s,buf_len);
+                n=strlen(s);
+                return n;
                 }
-                idx++;
-                i=(int)(l/40);
-                if (i > 2) i=2;
-                l-=(long)(i*40);
-
-                BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
-                i=strlen(tbuf);
-                BUF_strlcpy(buf,tbuf,buf_len);
-                buf_len-=i;
-                buf+=i;
-                n+=i;
 
+
+        len=a->length;
+        p=a->data;
+
+        first = 1;
+        bl = NULL;
+
+        while (len > 0)
+                {
                 l=0;
-                for (; idx<len; idx++) {
-                        l|=p[idx]&0x7f;
-                        if (!(p[idx] & 0x80)) {
-                                BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
-                                i=strlen(tbuf);
+                use_bn = 0;
+                for (;;)
+                        {
+                        unsigned char c = *p++;
+                        len--;
+                        if ((len == 0) && (c & 0x80))
+                                goto err;
+                        if (use_bn)
+                                {
+                                if (!BN_add_word(bl, c & 0x7f))
+                                        goto err;
+                                }
+                        else
+                                l |= c  & 0x7f;
+                        if (!(c & 0x80))
+                                break;
+                        if (!use_bn && (l > (ULONG_MAX >> 7L)))
+                                {
+                                if (!bl && !(bl = BN_new()))
+                                        goto err;
+                                if (!BN_set_word(bl, l))
+                                        goto err;
+                                use_bn = 1;
+                                }
+                        if (use_bn)
+                                {
+                                if (!BN_lshift(bl, bl, 7))
+                                        goto err;
+                                }
+                        else
+                                l<<=7L;
+                        }
+
+                if (first)
+                        {
+                        first = 0;
+                        if (l >= 80)
+                                {
+                                i = 2;
+                                if (use_bn)
+                                        {
+                                        if (!BN_sub_word(bl, 80))
+                                                goto err;
+                                        }
+                                else
+                                        l -= 80;
+                                }
+                        else
+                                {
+                                i=(int)(l/40);
+                                l-=(long)(i*40);
+                                }
+                        if (buf && (buf_len > 0))
+                                {
+                                *buf++ = i + '0';
+                                buf_len--;
+                                }
+                        n++;
+                        }
+
+                if (use_bn)
+                        {
+                        char *bndec;
+                        bndec = BN_bn2dec(bl);
+                        if (!bndec)
+                                goto err;
+                        i = strlen(bndec);
+                        if (buf)
+                                {
                                 if (buf_len > 0)
-                                        BUF_strlcpy(buf,tbuf,buf_len);
-                                buf_len-=i;
-                                buf+=i;
-                                n+=i;
-                                l=0;
+                                        {
+                                        *buf++ = '.';
+                                        buf_len--;
+                                        }
+                                BUF_strlcpy(buf,bndec,buf_len);
+                                if (i > buf_len)
+                                        {
+                                        buf += buf_len;
+                                        buf_len = 0;
+                                        }
+                                else
+                                        {
+                                        buf+=i;
+                                        buf_len-=i;
+                                        }
+                                }
+                        n++;
+                        n += i;
+                        OPENSSL_free(bndec);
+                        }
+                else
+                        {
+                        BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
+                        i=strlen(tbuf);
+                        if (buf && (buf_len > 0))
+                                {
+                                BUF_strlcpy(buf,tbuf,buf_len);
+                                if (i > buf_len)
+                                        {
+                                        buf += buf_len;
+                                        buf_len = 0;
+                                        }
+                                else
+                                        {
+                                        buf+=i;
+                                        buf_len-=i;
+                                        }
+                                }
+                        n+=i;
+                        l=0;
                         }
-                        l<<=7L;
                 }
-        } else {
-                s=OBJ_nid2ln(nid);
-                if (s == NULL)
-                        s=OBJ_nid2sn(nid);
-                BUF_strlcpy(buf,s,buf_len);
-                n=strlen(s);
-        }
-        return(n);
+
+        if (bl)
+                BN_free(bl);
+        return n;
+
+        err:
+        if (bl)
+                BN_free(bl);
+        return -1;
 }
 
 int OBJ_txt2nid(const char *s)
@@ -519,7 +618,7 @@ int OBJ_ln2nid(const char *s)
                 adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
                 if (adp != NULL) return (adp->obj->nid);
                 }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
                 sizeof(ASN1_OBJECT *),ln_cmp);
         if (op == NULL) return(NID_undef);
         return((*op)->nid);
@@ -547,8 +646,8 @@ int OBJ_sn2nid(const char *s)
 static int obj_cmp(const void *ap, const void *bp)
         {
         int j;
-        ASN1_OBJECT *a= *(ASN1_OBJECT **)ap;
-        ASN1_OBJECT *b= *(ASN1_OBJECT **)bp;
+        const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
+        const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;
 
         j=(a->length - b->length);
         if (j) return(j);
@@ -558,8 +657,14 @@ static int obj_cmp(const void *ap, const void *bp)
 const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
         int (*cmp)(const void *, const void *))
         {
-        int l,h,i,c;
-        const char *p;
+        return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
+        }
+
+const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+        int size, int (*cmp)(const void *, const void *), int flags)
+        {
+        int l,h,i=0,c=0;
+        const char *p = NULL;
 
         if (num == 0) return(NULL);
         l=0;
@@ -574,20 +679,33 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
                 else if (c > 0)
                         l=i+1;
                 else
-                        return(p);
+                        break;
                 }
 #ifdef CHARSET_EBCDIC
 /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
  * I don't have perl (yet), we revert to a *LINEAR* search
  * when the object wasn't found in the binary search.
  */
-        for (i=0; i<num; ++i) {
-                p= &(base[i*size]);
-                if ((*cmp)(key,p) == 0)
-                        return p;
-        }
+        if (c != 0)
+                {
+                for (i=0; i<num; ++i)
+                        {
+                        p= &(base[i*size]);
+                        c = (*cmp)(key,p);
+                        if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
+                                return p;
+                        }
+                }
 #endif
-        return(NULL);
+        if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
+                p = NULL;
+        else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH))
+                {
+                while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0)
+                        i--;
+                p = &(base[i*size]);
+                }
+        return(p);
         }
 
 int OBJ_create_objects(BIO *in)
diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl
index d0371661f9..8a09a46ee6 100644
--- a/src/lib/libcrypto/objects/obj_dat.pl
+++ b/src/lib/libcrypto/objects/obj_dat.pl
@@ -94,7 +94,7 @@ for ($i=0; $i<$n; $i++)
         {
         if (!defined($nid{$i}))
                 {
-                push(@out,"{NULL,NULL,NID_undef,0,NULL},\n");
+                push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n");
                 }
         else
                 {
@@ -138,7 +138,7 @@ for ($i=0; $i<$n; $i++)
                         }
                 else
                         {
-                        $out.="0,NULL";
+                        $out.="0,NULL,0";
                         }
                 $out.="},\n";
                 push(@out,$out);
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c
index 0682979b38..12b48850c6 100644
--- a/src/lib/libcrypto/objects/obj_err.c
+++ b/src/lib/libcrypto/objects/obj_err.c
@@ -91,15 +91,12 @@ static ERR_STRING_DATA OBJ_str_reasons[]=
 
 void ERR_load_OBJ_strings(void)
         {
-        static int init=1;
+#ifndef OPENSSL_NO_ERR
 
-        if (init)
+        if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)
                 {
-                init=0;
-#ifndef OPENSSL_NO_ERR
                 ERR_load_strings(0,OBJ_str_functs);
                 ERR_load_strings(0,OBJ_str_reasons);
-#endif
-
                 }
+#endif
         }
diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c
index b0b0f2ff24..706fa0b0e7 100644
--- a/src/lib/libcrypto/objects/obj_lib.c
+++ b/src/lib/libcrypto/objects/obj_lib.c
@@ -82,7 +82,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
         r->data=OPENSSL_malloc(o->length);
         if (r->data == NULL)
                 goto err;
-        memcpy(r->data,o->data,o->length);
+        if (o->data != NULL)
+                memcpy(r->data,o->data,o->length);
         r->length=o->length;
         r->nid=o->nid;
         r->ln=r->sn=NULL;
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
index 84555d936e..47815b1e4e 100644
--- a/src/lib/libcrypto/objects/obj_mac.num
+++ b/src/lib/libcrypto/objects/obj_mac.num
@@ -673,3 +673,118 @@ sha256		672
 sha384          673
 sha512          674
 sha224          675
+identified_organization         676
+certicom_arc            677
+wap             678
+wap_wsg         679
+X9_62_id_characteristic_two_basis               680
+X9_62_onBasis           681
+X9_62_tpBasis           682
+X9_62_ppBasis           683
+X9_62_c2pnb163v1                684
+X9_62_c2pnb163v2                685
+X9_62_c2pnb163v3                686
+X9_62_c2pnb176v1                687
+X9_62_c2tnb191v1                688
+X9_62_c2tnb191v2                689
+X9_62_c2tnb191v3                690
+X9_62_c2onb191v4                691
+X9_62_c2onb191v5                692
+X9_62_c2pnb208w1                693
+X9_62_c2tnb239v1                694
+X9_62_c2tnb239v2                695
+X9_62_c2tnb239v3                696
+X9_62_c2onb239v4                697
+X9_62_c2onb239v5                698
+X9_62_c2pnb272w1                699
+X9_62_c2pnb304w1                700
+X9_62_c2tnb359v1                701
+X9_62_c2pnb368w1                702
+X9_62_c2tnb431r1                703
+secp112r1               704
+secp112r2               705
+secp128r1               706
+secp128r2               707
+secp160k1               708
+secp160r1               709
+secp160r2               710
+secp192k1               711
+secp224k1               712
+secp224r1               713
+secp256k1               714
+secp384r1               715
+secp521r1               716
+sect113r1               717
+sect113r2               718
+sect131r1               719
+sect131r2               720
+sect163k1               721
+sect163r1               722
+sect163r2               723
+sect193r1               724
+sect193r2               725
+sect233k1               726
+sect233r1               727
+sect239k1               728
+sect283k1               729
+sect283r1               730
+sect409k1               731
+sect409r1               732
+sect571k1               733
+sect571r1               734
+wap_wsg_idm_ecid_wtls1          735
+wap_wsg_idm_ecid_wtls3          736
+wap_wsg_idm_ecid_wtls4          737
+wap_wsg_idm_ecid_wtls5          738
+wap_wsg_idm_ecid_wtls6          739
+wap_wsg_idm_ecid_wtls7          740
+wap_wsg_idm_ecid_wtls8          741
+wap_wsg_idm_ecid_wtls9          742
+wap_wsg_idm_ecid_wtls10         743
+wap_wsg_idm_ecid_wtls11         744
+wap_wsg_idm_ecid_wtls12         745
+any_policy              746
+policy_mappings         747
+inhibit_any_policy              748
+ipsec3          749
+ipsec4          750
+camellia_128_cbc                751
+camellia_192_cbc                752
+camellia_256_cbc                753
+camellia_128_ecb                754
+camellia_192_ecb                755
+camellia_256_ecb                756
+camellia_128_cfb128             757
+camellia_192_cfb128             758
+camellia_256_cfb128             759
+camellia_128_cfb1               760
+camellia_192_cfb1               761
+camellia_256_cfb1               762
+camellia_128_cfb8               763
+camellia_192_cfb8               764
+camellia_256_cfb8               765
+camellia_128_ofb128             766
+camellia_192_ofb128             767
+camellia_256_ofb128             768
+subject_directory_attributes            769
+issuing_distribution_point              770
+certificate_issuer              771
+korea           772
+kisa            773
+kftc            774
+npki_alg                775
+seed_ecb                776
+seed_cbc                777
+seed_ofb128             778
+seed_cfb128             779
+hmac_md5                780
+hmac_sha1               781
+id_PasswordBasedMAC             782
+id_DHBasedMac           783
+id_it_suppLangTags              784
+caRepository            785
+id_smime_ct_compressedData              786
+id_ct_asciiTextWithCRLF         787
+id_aes128_wrap          788
+id_aes192_wrap          789
+id_aes256_wrap          790
diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h
index f859d859b8..7242f76fb0 100644
--- a/src/lib/libcrypto/objects/objects.h
+++ b/src/lib/libcrypto/objects/objects.h
@@ -966,7 +966,10 @@
 #define OBJ_NAME_TYPE_COMP_METH         0x04
 #define OBJ_NAME_TYPE_NUM               0x05
 
-#define OBJ_NAME_ALIAS          0x8000
+#define OBJ_NAME_ALIAS                  0x8000
+
+#define OBJ_BSEARCH_VALUE_ON_NOMATCH            0x01
+#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH        0x02
 
 
 #ifdef  __cplusplus
@@ -1010,6 +1013,8 @@ int		OBJ_sn2nid(const char *s);
 int             OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
 const char *    OBJ_bsearch(const char *key,const char *base,int num,int size,
         int (*cmp)(const void *, const void *));
+const char *    OBJ_bsearch_ex(const char *key,const char *base,int num,
+        int size, int (*cmp)(const void *, const void *), int flags);
 
 int             OBJ_new_nid(int num);
 int             OBJ_add_object(const ASN1_OBJECT *obj);
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index 2635c4e667..34c8d1d647 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -1,12 +1,28 @@
-0                       : CCITT                 : ccitt
+# CCITT was renamed to ITU-T quite some time ago
+0                       : ITU-T                 : itu-t
+!Alias ccitt itu-t
 
 1                       : ISO                   : iso
 
-2                       : JOINT-ISO-CCITT       : joint-iso-ccitt
+2                       : JOINT-ISO-ITU-T       : joint-iso-itu-t
+!Alias joint-iso-ccitt joint-iso-itu-t
 
 iso 2                   : member-body           : ISO Member Body
 
-joint-iso-ccitt 5 1 5   : selected-attribute-types      : Selected Attribute Types
+iso 3                   : identified-organization
+
+# HMAC OIDs
+identified-organization 6 1 5 5 8 1 1   : HMAC-MD5      : hmac-md5
+identified-organization 6 1 5 5 8 1 2   : HMAC-SHA1     : hmac-sha1
+
+identified-organization 132     : certicom-arc
+
+joint-iso-itu-t 23      : international-organizations   : International Organizations
+
+international-organizations 43  : wap
+wap 13                  : wap-wsg
+
+joint-iso-itu-t 5 1 5   : selected-attribute-types      : Selected Attribute Types
 
 selected-attribute-types 55     : clearance
 
@@ -24,12 +40,34 @@ ISO-US 10045		: ansi-X9-62		: ANSI X9.62
 !Alias id-fieldType ansi-X9-62 1
 X9-62_id-fieldType 1            : prime-field
 X9-62_id-fieldType 2            : characteristic-two-field
-# ... characteristic-two-field OID subtree
+X9-62_characteristic-two-field 3 : id-characteristic-two-basis
+X9-62_id-characteristic-two-basis 1 : onBasis
+X9-62_id-characteristic-two-basis 2 : tpBasis
+X9-62_id-characteristic-two-basis 3 : ppBasis
 !Alias id-publicKeyType ansi-X9-62 2
 X9-62_id-publicKeyType 1        : id-ecPublicKey
 !Alias ellipticCurve ansi-X9-62 3
 !Alias c-TwoCurve X9-62_ellipticCurve 0
-# ... characteristic 2 curve OIDs
+X9-62_c-TwoCurve 1              : c2pnb163v1
+X9-62_c-TwoCurve 2              : c2pnb163v2
+X9-62_c-TwoCurve 3              : c2pnb163v3
+X9-62_c-TwoCurve 4              : c2pnb176v1
+X9-62_c-TwoCurve 5              : c2tnb191v1
+X9-62_c-TwoCurve 6              : c2tnb191v2
+X9-62_c-TwoCurve 7              : c2tnb191v3
+X9-62_c-TwoCurve 8              : c2onb191v4
+X9-62_c-TwoCurve 9              : c2onb191v5
+X9-62_c-TwoCurve 10             : c2pnb208w1
+X9-62_c-TwoCurve 11             : c2tnb239v1
+X9-62_c-TwoCurve 12             : c2tnb239v2
+X9-62_c-TwoCurve 13             : c2tnb239v3
+X9-62_c-TwoCurve 14             : c2onb239v4
+X9-62_c-TwoCurve 15             : c2onb239v5
+X9-62_c-TwoCurve 16             : c2pnb272w1
+X9-62_c-TwoCurve 17             : c2pnb304w1
+X9-62_c-TwoCurve 18             : c2tnb359v1
+X9-62_c-TwoCurve 19             : c2pnb368w1
+X9-62_c-TwoCurve 20             : c2tnb431r1
 !Alias primeCurve X9-62_ellipticCurve 1
 X9-62_primeCurve 1              : prime192v1
 X9-62_primeCurve 2              : prime192v2
@@ -42,6 +80,60 @@ X9-62_primeCurve 7	 	: prime256v1
 !global
 X9-62_id-ecSigType 1            : ecdsa-with-SHA1
 
+# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
+# (http://www.secg.org/)
+!Alias secg_ellipticCurve certicom-arc 0
+# SECG prime curves OIDs
+secg-ellipticCurve 6            : secp112r1
+secg-ellipticCurve 7            : secp112r2
+secg-ellipticCurve 28           : secp128r1
+secg-ellipticCurve 29           : secp128r2
+secg-ellipticCurve 9            : secp160k1
+secg-ellipticCurve 8            : secp160r1
+secg-ellipticCurve 30           : secp160r2
+secg-ellipticCurve 31           : secp192k1
+# NOTE: the curve secp192r1 is the same as prime192v1 defined above
+#       and is therefore omitted
+secg-ellipticCurve 32           : secp224k1
+secg-ellipticCurve 33           : secp224r1
+secg-ellipticCurve 10           : secp256k1
+# NOTE: the curve secp256r1 is the same as prime256v1 defined above
+#       and is therefore omitted
+secg-ellipticCurve 34           : secp384r1
+secg-ellipticCurve 35           : secp521r1
+# SECG characteristic two curves OIDs
+secg-ellipticCurve 4            : sect113r1
+secg-ellipticCurve 5            : sect113r2
+secg-ellipticCurve 22           : sect131r1
+secg-ellipticCurve 23           : sect131r2
+secg-ellipticCurve 1            : sect163k1
+secg-ellipticCurve 2            : sect163r1
+secg-ellipticCurve 15           : sect163r2
+secg-ellipticCurve 24           : sect193r1
+secg-ellipticCurve 25           : sect193r2
+secg-ellipticCurve 26           : sect233k1
+secg-ellipticCurve 27           : sect233r1
+secg-ellipticCurve 3            : sect239k1
+secg-ellipticCurve 16           : sect283k1
+secg-ellipticCurve 17           : sect283r1
+secg-ellipticCurve 36           : sect409k1
+secg-ellipticCurve 37           : sect409r1
+secg-ellipticCurve 38           : sect571k1
+secg-ellipticCurve 39           : sect571r1
+
+# WAP/TLS curve OIDs (http://www.wapforum.org/)
+!Alias wap-wsg-idm-ecid wap-wsg 4
+wap-wsg-idm-ecid 1      : wap-wsg-idm-ecid-wtls1
+wap-wsg-idm-ecid 3      : wap-wsg-idm-ecid-wtls3
+wap-wsg-idm-ecid 4      : wap-wsg-idm-ecid-wtls4
+wap-wsg-idm-ecid 5      : wap-wsg-idm-ecid-wtls5
+wap-wsg-idm-ecid 6      : wap-wsg-idm-ecid-wtls6
+wap-wsg-idm-ecid 7      : wap-wsg-idm-ecid-wtls7
+wap-wsg-idm-ecid 8      : wap-wsg-idm-ecid-wtls8
+wap-wsg-idm-ecid 9      : wap-wsg-idm-ecid-wtls9
+wap-wsg-idm-ecid 10     : wap-wsg-idm-ecid-wtls10
+wap-wsg-idm-ecid 11     : wap-wsg-idm-ecid-wtls11
+wap-wsg-idm-ecid 12     : wap-wsg-idm-ecid-wtls12
 
 
 ISO-US 113533 7 66 10   : CAST5-CBC             : cast5-cbc
@@ -53,6 +145,10 @@ ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
 !Cname pbeWithMD5AndCast5-CBC
 ISO-US 113533 7 66 12   :                       : pbeWithMD5AndCast5CBC
 
+# Macs for CMP and CRMF
+ISO-US 113533 7 66 13   : id-PasswordBasedMAC   : password based MAC
+ISO-US 113533 7 66 30   : id-DHBasedMac         : Diffie-Hellman based MAC
+
 ISO-US 113549           : rsadsi                : RSA Data Security, Inc.
 
 rsadsi 1                : pkcs                  : RSA Data Security, Inc. PKCS
@@ -149,6 +245,8 @@ id-smime-ct 5		: id-smime-ct-TDTInfo
 id-smime-ct 6           : id-smime-ct-contentInfo
 id-smime-ct 7           : id-smime-ct-DVCSRequestData
 id-smime-ct 8           : id-smime-ct-DVCSResponseData
+id-smime-ct 9           : id-smime-ct-compressedData
+id-smime-ct 27          : id-ct-asciiTextWithCRLF
 
 # S/MIME Attributes
 id-smime-aa 1           : id-smime-aa-receiptRequest
@@ -396,6 +494,7 @@ id-it 12		: id-it-revPassphrase
 id-it 13                : id-it-implicitConfirm
 id-it 14                : id-it-confirmWaitTime
 id-it 15                : id-it-origPKIMessage
+id-it 16                : id-it-suppLangTags
 
 # CRMF registration
 id-pkip 1               : id-regCtrl
@@ -482,6 +581,7 @@ id-ad 2			: caIssuers		: CA Issuers
 id-ad 3                 : ad_timestamping       : AD Time Stamping
 !Cname ad-dvcs
 id-ad 4                 : AD_DVCS               : ad dvcs
+id-ad 5                 : caRepository          : CA Repository
 
 
 !Alias id-pkix-OCSP ad-OCSP
@@ -569,6 +669,8 @@ X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
 X500algorithms 3 101    : MDC2                  : mdc2
 
 X500 29                 : id-ce
+!Cname subject-directory-attributes
+id-ce 9                 : subjectDirectoryAttributes : X509v3 Subject Directory Attributes
 !Cname subject-key-identifier
 id-ce 14                : subjectKeyIdentifier  : X509v3 Subject Key Identifier
 !Cname key-usage
@@ -589,18 +691,28 @@ id-ce 21		: CRLReason		: X509v3 CRL Reason Code
 id-ce 24                : invalidityDate        : Invalidity Date
 !Cname delta-crl
 id-ce 27                : deltaCRL              : X509v3 Delta CRL Indicator
+!Cname issuing-distribution-point
+id-ce 28                : issuingDistributionPoint : X509v3 Issuing Distrubution Point
+!Cname certificate-issuer
+id-ce 29                : certificateIssuer     : X509v3 Certificate Issuer
 !Cname name-constraints
 id-ce 30                : nameConstraints       : X509v3 Name Constraints
 !Cname crl-distribution-points
 id-ce 31                : crlDistributionPoints : X509v3 CRL Distribution Points
 !Cname certificate-policies
 id-ce 32                : certificatePolicies   : X509v3 Certificate Policies
+!Cname any-policy
+certificate-policies 0  : anyPolicy             : X509v3 Any Policy
+!Cname policy-mappings
+id-ce 33                : policyMappings        : X509v3 Policy Mappings
 !Cname authority-key-identifier
 id-ce 35                : authorityKeyIdentifier : X509v3 Authority Key Identifier
 !Cname policy-constraints
 id-ce 36                : policyConstraints     : X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37                : extendedKeyUsage      : X509v3 Extended Key Usage
+!Cname inhibit-any-policy
+id-ce 54                : inhibitAnyPolicy      : X509v3 Inhibit Any Policy
 !Cname target-information
 id-ce 55                : targetInformation     : X509v3 AC Targeting
 !Cname no-rev-avail
@@ -668,7 +780,7 @@ mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message
 !Cname rle-compression
 1 1 1 1 666 1           : RLE                   : run length compression
 !Cname zlib-compression
-1 1 1 1 666 2           : ZLIB                  : zlib compression
+id-smime-alg 8          : ZLIB                  : zlib compression
 
 # AES aka Rijndael
 
@@ -710,6 +822,10 @@ aes 44			: AES-256-CFB		: aes-256-cfb
                         : DES-EDE3-CFB1         : des-ede3-cfb1
                         : DES-EDE3-CFB8         : des-ede3-cfb8
 
+aes 5                   : id-aes128-wrap 
+aes 25                  : id-aes192-wrap 
+aes 45                  : id-aes256-wrap 
+
 # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
 !Alias nist_hashalgs nistAlgorithms 2
 nist_hashalgs 1         : SHA256                : sha256
@@ -728,9 +844,9 @@ holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
 !Cname hold-instruction-reject
 holdInstruction 3       : holdInstructionReject : Hold Instruction Reject
 
-# OID's from CCITT.  Most of this is defined in RFC 1274.  A couple of
+# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of
 # them are also mentioned in RFC 2247
-ccitt 9                 : data
+itu-t 9                 : data
 data 2342               : pss
 pss 19200300            : ucl
 ucl 100                 : pilot
@@ -804,7 +920,7 @@ pilotAttributeType 54	:			: dITRedirect
 pilotAttributeType 55   : audio
 pilotAttributeType 56   :                       : documentPublisher
 
-2 23 42                 : id-set                : Secure Electronic Transactions
+international-organizations 42  : id-set        : Secure Electronic Transactions
 
 id-set 0                : set-ctype             : content types
 id-set 1                : set-msgExt            : message extensions
@@ -950,3 +1066,54 @@ set-brand 6011		: set-brand-Novus
 
 rsadsi 3 10             : DES-CDMF              : des-cdmf
 rsadsi 1 1 6            : rsaOAEPEncryptionSET
+
+                        : Oakley-EC2N-3         : ipsec3
+                        : Oakley-EC2N-4         : ipsec4
+
+
+# Definitions for Camellia cipher - CBC MODE
+1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC            : camellia-128-cbc
+1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC            : camellia-192-cbc
+1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC            : camellia-256-cbc
+
+# Definitions for Camellia cipher - ECB, CFB, OFB MODE
+!Alias ntt-ds 0 3 4401 5
+!Alias camellia ntt-ds 3 1 9 
+
+camellia 1              : CAMELLIA-128-ECB              : camellia-128-ecb
+!Cname camellia-128-ofb128
+camellia 3              : CAMELLIA-128-OFB              : camellia-128-ofb
+!Cname camellia-128-cfb128
+camellia 4              : CAMELLIA-128-CFB              : camellia-128-cfb
+
+camellia 21             : CAMELLIA-192-ECB              : camellia-192-ecb
+!Cname camellia-192-ofb128
+camellia 23             : CAMELLIA-192-OFB              : camellia-192-ofb
+!Cname camellia-192-cfb128
+camellia 24             : CAMELLIA-192-CFB              : camellia-192-cfb
+
+camellia 41             : CAMELLIA-256-ECB              : camellia-256-ecb
+!Cname camellia-256-ofb128
+camellia 43             : CAMELLIA-256-OFB              : camellia-256-ofb
+!Cname camellia-256-cfb128
+camellia 44             : CAMELLIA-256-CFB              : camellia-256-cfb
+
+# There are no OIDs for these modes...
+
+                        : CAMELLIA-128-CFB1             : camellia-128-cfb1
+                        : CAMELLIA-192-CFB1             : camellia-192-cfb1
+                        : CAMELLIA-256-CFB1             : camellia-256-cfb1
+                        : CAMELLIA-128-CFB8             : camellia-128-cfb8
+                        : CAMELLIA-192-CFB8             : camellia-192-cfb8
+                        : CAMELLIA-256-CFB8             : camellia-256-cfb8
+
+
+# Definitions for SEED cipher - ECB, CBC, OFB mode
+
+member-body 410 200004  : KISA          : kisa
+kisa 1 3                : SEED-ECB      : seed-ecb
+kisa 1 4                : SEED-CBC      : seed-cbc
+!Cname seed-cfb128
+kisa 1 5                : SEED-CFB      : seed-cfb
+!Cname seed-ofb128
+kisa 1 6                : SEED-OFB      : seed-ofb