RT2353: Add ipsec IKE OID

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 6907bc36835e81b0b969996af7d524b03e129c3b..d91fb1817d96fb61c57354cc69f1f2d560892157 100644 (file)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -60,12 +60,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 1022
-#define NUM_SN 1015
-#define NUM_LN 1015
-#define NUM_OBJ 937
+#define NUM_NID 1023
+#define NUM_SN 1016
+#define NUM_LN 1016
+#define NUM_OBJ 938
 
-static const unsigned char lvalues[6612]={
+static const unsigned char lvalues[6620]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
@@ -997,6 +997,7 @@ static const unsigned char lvalues[6612]={
 0x2A,0x85,0x03,0x64,0x6F,                    /* [6593] OBJ_subjectSignTool */
 0x2A,0x85,0x03,0x64,0x70,                    /* [6598] OBJ_issuerSignTool */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,     /* [6603] OBJ_tlsfeature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,     /* [6611] OBJ_ipsec_IKE */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2670,6 +2671,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"ChaCha20","chacha20",NID_chacha20,0,NULL,0},
 {"tlsfeature","TLS Feature",NID_tlsfeature,8,&(lvalues[6603]),0},
 {"TLS1-PRF","tls1-prf",NID_tls1_prf,0,NULL,0},
+{"ipsecIKE","ipsec Internet Key Exchange",NID_ipsec_IKE,8,
+       &(lvalues[6611]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -3337,6 +3340,7 @@ static const unsigned int sn_objs[NUM_SN]={
 869,   /* "internationaliSDNNumber" */
 142,   /* "invalidityDate" */
 294,   /* "ipsecEndSystem" */
+1022,  /* "ipsecIKE" */
 295,   /* "ipsecTunnel" */
 296,   /* "ipsecUser" */
 86,    /* "issuerAltName" */
@@ -4344,6 +4348,7 @@ static const unsigned int ln_objs[NUM_LN]={
 461,   /* "info" */
 101,   /* "initials" */
 869,   /* "internationaliSDNNumber" */
+1022,  /* "ipsec Internet Key Exchange" */
 749,   /* "ipsec3" */
 750,   /* "ipsec4" */
 181,   /* "iso" */
@@ -5263,6 +5268,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 133,   /* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
 180,   /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
 297,   /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+1022,  /* OBJ_ipsec_IKE                    1 3 6 1 5 5 7 3 17 */
 298,   /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
 299,   /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
 300,   /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 663e86c10cb83acc49d98811a6769bfde5dfa765..2e54d3d261a4597872e0df83e0f5ae655cfd895f 100644 (file)
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1019,3 +1019,4 @@ chacha20_poly1305         1018
 chacha20               1019
 tlsfeature             1020
 tls1_prf               1021
+ipsec_IKE              1022

diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 1de8e79e5b0dfe220f7dfbe78cc98f7efea0e6dc..42175d9daffbf3ef9451d6f0e1e7c10512cec51d 100644 (file)
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -497,6 +497,8 @@ id-kp 8                     : timeStamping          : Time Stamping
 !Cname OCSP-sign
 id-kp 9                        : OCSPSigning           : OCSP Signing
 id-kp 10               : DVCS                  : dvcs
+!Cname ipsec-IKE
+id-kp 17                : ipsecIKE              : ipsec Internet Key Exchange
 
 # CMP information types
 id-it 1                        : id-it-caProtEncCert

diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index c2c710b6c7d6ea874ae3e92f7d6c9b2e1432fbfa..72eec511a256775d502cfaea363dbfb9857bc4db 100644 (file)
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -115,6 +115,8 @@ following PKIX, NS and MS values are meaningful:
  codeSigning           Code signing.
  emailProtection       E-mail Protection (S/MIME).
  timeStamping          Trusted Timestamping
+ OCSPSigning           OCSP Signing
+ ipsecIKE              ipsec Internet Key Exchnage
  msCodeInd             Microsoft Individual Code Signing (authenticode)
  msCodeCom             Microsoft Commercial Code Signing (authenticode)
  msCTLSign             Microsoft Trust List Signing

diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index ad27e0e0c0c91fa8c68bdb5dddf4e6b3b06480b6..a577e51e906b4380b8503a82ad76afd1190cab49 100644 (file)
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1557,6 +1557,11 @@
 #define NID_dvcs                297
 #define OBJ_dvcs                OBJ_id_kp,10L
 
+#define SN_ipsec_IKE            "ipsecIKE"
+#define LN_ipsec_IKE            "ipsec Internet Key Exchange"
+#define NID_ipsec_IKE           1022
+#define OBJ_ipsec_IKE           OBJ_id_kp,17L
+
 #define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
 #define NID_id_it_caProtEncCert         298
 #define OBJ_id_it_caProtEncCert         OBJ_id_it,1L