From d9f777267409a064ee0931b69425009a79771278 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 3 Feb 2016 20:26:03 -0500 Subject: [PATCH] RT2752: Add some EKU OID's And some others found in the Internet. Reviewed-by: Viktor Dukhovni --- crypto/objects/obj_dat.h | 70 +++++++++++++++++++++++++++++++++++--- crypto/objects/obj_mac.num | 11 ++++++ crypto/objects/objects.txt | 15 ++++++++ include/openssl/obj_mac.h | 54 +++++++++++++++++++++++++++++ 4 files changed, 145 insertions(+), 5 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index d91fb1817d..c7a793377f 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -60,12 +60,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 1023 -#define NUM_SN 1016 -#define NUM_LN 1016 -#define NUM_OBJ 938 +#define NUM_NID 1034 +#define NUM_SN 1027 +#define NUM_LN 1027 +#define NUM_OBJ 949 -static const unsigned char lvalues[6620]={ +static const unsigned char lvalues[6704]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -998,6 +998,17 @@ static const unsigned char lvalues[6620]={ 0x2A,0x85,0x03,0x64,0x70, /* [6598] OBJ_issuerSignTool */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [6603] OBJ_tlsfeature */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [6611] OBJ_ipsec_IKE */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [6619] OBJ_capwapAC */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [6627] OBJ_capwapWTP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [6635] OBJ_sshClient */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [6643] OBJ_sshServer */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [6651] OBJ_sendRouter */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [6659] OBJ_sendProxiedRouter */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [6667] OBJ_sendOwner */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [6675] OBJ_sendProxiedOwner */ +0x2B,0x06,0x01,0x05,0x02,0x03, /* [6683] OBJ_id_pkinit */ +0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [6689] OBJ_pkInitClientAuth */ +0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [6696] OBJ_pkInitKDC */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2673,6 +2684,22 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"TLS1-PRF","tls1-prf",NID_tls1_prf,0,NULL,0}, {"ipsecIKE","ipsec Internet Key Exchange",NID_ipsec_IKE,8, &(lvalues[6611]),0}, +{"capwapAC","Ctrl/provision WAP Access",NID_capwapAC,8, + &(lvalues[6619]),0}, +{"capwapWTP","Ctrl/Provision WAP Termination",NID_capwapWTP,8, + &(lvalues[6627]),0}, +{"secureShellClient","SSH Client",NID_sshClient,8,&(lvalues[6635]),0}, +{"secureShellServer","SSH Server",NID_sshServer,8,&(lvalues[6643]),0}, +{"sendRouter","Send Router",NID_sendRouter,8,&(lvalues[6651]),0}, +{"sendProxiedRouter","Send Proxied Router",NID_sendProxiedRouter,8, + &(lvalues[6659]),0}, +{"sendOwner","Send Owner",NID_sendOwner,8,&(lvalues[6667]),0}, +{"sendProxiedOwner","Send Proxied Owner",NID_sendProxiedOwner,8, + &(lvalues[6675]),0}, +{"id-pkinit","id-pkinit",NID_id_pkinit,6,&(lvalues[6683]),0}, +{"pkInitClientAuth","PKINIT Client Auth",NID_pkInitClientAuth,7, + &(lvalues[6689]),0}, +{"pkInitKDC","Signing KDC Response",NID_pkInitKDC,7,&(lvalues[6696]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2951,6 +2978,8 @@ static const unsigned int sn_objs[NUM_SN]={ 483, /* "cNAMERecord" */ 179, /* "caIssuers" */ 785, /* "caRepository" */ +1023, /* "capwapAC" */ +1024, /* "capwapWTP" */ 443, /* "caseIgnoreIA5StringSyntax" */ 152, /* "certBag" */ 677, /* "certicom-arc" */ @@ -3212,6 +3241,7 @@ static const unsigned int sn_objs[NUM_SN]={ 351, /* "id-pda-gender" */ 349, /* "id-pda-placeOfBirth" */ 175, /* "id-pe" */ +1031, /* "id-pkinit" */ 261, /* "id-pkip" */ 258, /* "id-pkix-mod" */ 269, /* "id-pkix1-explicit-88" */ @@ -3416,6 +3446,8 @@ static const unsigned int sn_objs[NUM_SN]={ 440, /* "pilotObjectClass" */ 455, /* "pilotOrganization" */ 445, /* "pilotPerson" */ +1032, /* "pkInitClientAuth" */ +1033, /* "pkInitKDC" */ 2, /* "pkcs" */ 186, /* "pkcs1" */ 27, /* "pkcs3" */ @@ -3504,9 +3536,15 @@ static const unsigned int sn_objs[NUM_SN]={ 732, /* "sect409r1" */ 733, /* "sect571k1" */ 734, /* "sect571r1" */ +1025, /* "secureShellClient" */ +1026, /* "secureShellServer" */ 386, /* "security" */ 878, /* "seeAlso" */ 394, /* "selected-attribute-types" */ +1029, /* "sendOwner" */ +1030, /* "sendProxiedOwner" */ +1028, /* "sendProxiedRouter" */ +1027, /* "sendRouter" */ 105, /* "serialNumber" */ 129, /* "serverAuth" */ 371, /* "serviceLocator" */ @@ -3710,6 +3748,8 @@ static const unsigned int ln_objs[NUM_LN]={ 951, /* "CT Precertificate SCTs" */ 953, /* "CT Precertificate Signer" */ 131, /* "Code Signing" */ +1024, /* "Ctrl/Provision WAP Termination" */ +1023, /* "Ctrl/provision WAP Access" */ 783, /* "Diffie-Hellman based MAC" */ 382, /* "Directory" */ 392, /* "Domain" */ @@ -3801,6 +3841,7 @@ static const unsigned int ln_objs[NUM_LN]={ 161, /* "PBES2" */ 69, /* "PBKDF2" */ 162, /* "PBMAC1" */ +1032, /* "PKINIT Client Auth" */ 127, /* "PKIX" */ 858, /* "Permanent Identifier" */ 164, /* "Policy Qualifier CPS" */ @@ -3813,9 +3854,16 @@ static const unsigned int ln_objs[NUM_LN]={ 167, /* "S/MIME Capabilities" */ 1006, /* "SNILS" */ 387, /* "SNMPv2" */ +1025, /* "SSH Client" */ +1026, /* "SSH Server" */ 512, /* "Secure Electronic Transactions" */ 386, /* "Security" */ 394, /* "Selected Attribute Types" */ +1029, /* "Send Owner" */ +1030, /* "Send Proxied Owner" */ +1028, /* "Send Proxied Router" */ +1027, /* "Send Router" */ +1033, /* "Signing KDC Response" */ 1008, /* "Signing Tool of Issuer" */ 1007, /* "Signing Tool of Subject" */ 143, /* "Strong Extranet ID" */ @@ -4234,6 +4282,7 @@ static const unsigned int ln_objs[NUM_LN]={ 351, /* "id-pda-gender" */ 349, /* "id-pda-placeOfBirth" */ 175, /* "id-pe" */ +1031, /* "id-pkinit" */ 261, /* "id-pkip" */ 258, /* "id-pkix-mod" */ 269, /* "id-pkix1-explicit-88" */ @@ -5042,6 +5091,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */ 1, /* OBJ_rsadsi 1 2 840 113549 */ 185, /* OBJ_X9cm 1 2 840 10040 4 */ +1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */ 127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ 505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ 506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ @@ -5112,6 +5162,8 @@ static const unsigned int obj_objs[NUM_OBJ]={ 791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ 792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ 920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ +1032, /* OBJ_pkInitClientAuth 1 3 6 1 5 2 3 4 */ +1033, /* OBJ_pkInitKDC 1 3 6 1 5 2 3 5 */ 258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ 175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ 259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ @@ -5269,6 +5321,14 @@ static const unsigned int obj_objs[NUM_OBJ]={ 180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ 297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ 1022, /* OBJ_ipsec_IKE 1 3 6 1 5 5 7 3 17 */ +1023, /* OBJ_capwapAC 1 3 6 1 5 5 7 3 18 */ +1024, /* OBJ_capwapWTP 1 3 6 1 5 5 7 3 19 */ +1025, /* OBJ_sshClient 1 3 6 1 5 5 7 3 21 */ +1026, /* OBJ_sshServer 1 3 6 1 5 5 7 3 22 */ +1027, /* OBJ_sendRouter 1 3 6 1 5 5 7 3 23 */ +1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */ +1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */ +1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */ 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 2e54d3d261..f4937958c7 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1020,3 +1020,14 @@ chacha20 1019 tlsfeature 1020 tls1_prf 1021 ipsec_IKE 1022 +capwapAC 1023 +capwapWTP 1024 +sshClient 1025 +sshServer 1026 +sendRouter 1027 +sendProxiedRouter 1028 +sendOwner 1029 +sendProxiedOwner 1030 +id_pkinit 1031 +pkInitClientAuth 1032 +pkInitKDC 1033 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 42175d9daf..0fcd3e1624 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -499,6 +499,16 @@ id-kp 9 : OCSPSigning : OCSP Signing id-kp 10 : DVCS : dvcs !Cname ipsec-IKE id-kp 17 : ipsecIKE : ipsec Internet Key Exchange +id-kp 18 : capwapAC : Ctrl/provision WAP Access +id-kp 19 : capwapWTP : Ctrl/Provision WAP Termination +!Cname sshClient +id-kp 21 : secureShellClient : SSH Client +!Cname sshServer +id-kp 22 : secureShellServer : SSH Server +id-kp 23 : sendRouter : Send Router +id-kp 24 : sendProxiedRouter : Send Proxied Router +id-kp 25 : sendOwner : Send Owner +id-kp 26 : sendProxiedOwner : Send Proxied Owner # CMP information types id-it 1 : id-it-caProtEncCert @@ -1433,3 +1443,8 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme # NID for TLS1 PRF : TLS1-PRF : tls1-prf + +# RFC 4556 +1 3 6 1 5 2 3 : id-pkinit +id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth +id-pkinit 5 : pkInitKDC : Signing KDC Response diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index a577e51e90..d7693db6f8 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -1562,6 +1562,46 @@ #define NID_ipsec_IKE 1022 #define OBJ_ipsec_IKE OBJ_id_kp,17L +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 #define OBJ_id_it_caProtEncCert OBJ_id_it,1L @@ -4470,3 +4510,17 @@ #define SN_tls1_prf "TLS1-PRF" #define LN_tls1_prf "tls1-prf" #define NID_tls1_prf 1021 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L -- 2.34.1