[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Feb 4 04:34:12 UTC 2016
The branch master has been updated
via d9f777267409a064ee0931b69425009a79771278 (commit)
from 4c35c936618ef31667784f56c7a64552f2ea9fb8 (commit)
- Log -----------------------------------------------------------------
commit d9f777267409a064ee0931b69425009a79771278
Author: Rich Salz <rsalz at akamai.com>
Date: Wed Feb 3 20:26:03 2016 -0500
RT2752: Add some EKU OID's
And some others found in the Internet.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/objects/obj_dat.h | 70 ++++++++++++++++++++++++++++++++++++++++++----
crypto/objects/obj_mac.num | 11 ++++++++
crypto/objects/objects.txt | 15 ++++++++++
include/openssl/obj_mac.h | 54 +++++++++++++++++++++++++++++++++++
4 files changed, 145 insertions(+), 5 deletions(-)
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index d91fb18..c7a7933 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -60,12 +60,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 1023
-#define NUM_SN 1016
-#define NUM_LN 1016
-#define NUM_OBJ 938
+#define NUM_NID 1034
+#define NUM_SN 1027
+#define NUM_LN 1027
+#define NUM_OBJ 949
-static const unsigned char lvalues[6620]={
+static const unsigned char lvalues[6704]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -998,6 +998,17 @@ static const unsigned char lvalues[6620]={
0x2A,0x85,0x03,0x64,0x70, /* [6598] OBJ_issuerSignTool */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [6603] OBJ_tlsfeature */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [6611] OBJ_ipsec_IKE */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [6619] OBJ_capwapAC */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [6627] OBJ_capwapWTP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [6635] OBJ_sshClient */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [6643] OBJ_sshServer */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [6651] OBJ_sendRouter */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [6659] OBJ_sendProxiedRouter */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [6667] OBJ_sendOwner */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [6675] OBJ_sendProxiedOwner */
+0x2B,0x06,0x01,0x05,0x02,0x03, /* [6683] OBJ_id_pkinit */
+0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [6689] OBJ_pkInitClientAuth */
+0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [6696] OBJ_pkInitKDC */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2673,6 +2684,22 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
{"TLS1-PRF","tls1-prf",NID_tls1_prf,0,NULL,0},
{"ipsecIKE","ipsec Internet Key Exchange",NID_ipsec_IKE,8,
&(lvalues[6611]),0},
+{"capwapAC","Ctrl/provision WAP Access",NID_capwapAC,8,
+ &(lvalues[6619]),0},
+{"capwapWTP","Ctrl/Provision WAP Termination",NID_capwapWTP,8,
+ &(lvalues[6627]),0},
+{"secureShellClient","SSH Client",NID_sshClient,8,&(lvalues[6635]),0},
+{"secureShellServer","SSH Server",NID_sshServer,8,&(lvalues[6643]),0},
+{"sendRouter","Send Router",NID_sendRouter,8,&(lvalues[6651]),0},
+{"sendProxiedRouter","Send Proxied Router",NID_sendProxiedRouter,8,
+ &(lvalues[6659]),0},
+{"sendOwner","Send Owner",NID_sendOwner,8,&(lvalues[6667]),0},
+{"sendProxiedOwner","Send Proxied Owner",NID_sendProxiedOwner,8,
+ &(lvalues[6675]),0},
+{"id-pkinit","id-pkinit",NID_id_pkinit,6,&(lvalues[6683]),0},
+{"pkInitClientAuth","PKINIT Client Auth",NID_pkInitClientAuth,7,
+ &(lvalues[6689]),0},
+{"pkInitKDC","Signing KDC Response",NID_pkInitKDC,7,&(lvalues[6696]),0},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -2951,6 +2978,8 @@ static const unsigned int sn_objs[NUM_SN]={
483, /* "cNAMERecord" */
179, /* "caIssuers" */
785, /* "caRepository" */
+1023, /* "capwapAC" */
+1024, /* "capwapWTP" */
443, /* "caseIgnoreIA5StringSyntax" */
152, /* "certBag" */
677, /* "certicom-arc" */
@@ -3212,6 +3241,7 @@ static const unsigned int sn_objs[NUM_SN]={
351, /* "id-pda-gender" */
349, /* "id-pda-placeOfBirth" */
175, /* "id-pe" */
+1031, /* "id-pkinit" */
261, /* "id-pkip" */
258, /* "id-pkix-mod" */
269, /* "id-pkix1-explicit-88" */
@@ -3416,6 +3446,8 @@ static const unsigned int sn_objs[NUM_SN]={
440, /* "pilotObjectClass" */
455, /* "pilotOrganization" */
445, /* "pilotPerson" */
+1032, /* "pkInitClientAuth" */
+1033, /* "pkInitKDC" */
2, /* "pkcs" */
186, /* "pkcs1" */
27, /* "pkcs3" */
@@ -3504,9 +3536,15 @@ static const unsigned int sn_objs[NUM_SN]={
732, /* "sect409r1" */
733, /* "sect571k1" */
734, /* "sect571r1" */
+1025, /* "secureShellClient" */
+1026, /* "secureShellServer" */
386, /* "security" */
878, /* "seeAlso" */
394, /* "selected-attribute-types" */
+1029, /* "sendOwner" */
+1030, /* "sendProxiedOwner" */
+1028, /* "sendProxiedRouter" */
+1027, /* "sendRouter" */
105, /* "serialNumber" */
129, /* "serverAuth" */
371, /* "serviceLocator" */
@@ -3710,6 +3748,8 @@ static const unsigned int ln_objs[NUM_LN]={
951, /* "CT Precertificate SCTs" */
953, /* "CT Precertificate Signer" */
131, /* "Code Signing" */
+1024, /* "Ctrl/Provision WAP Termination" */
+1023, /* "Ctrl/provision WAP Access" */
783, /* "Diffie-Hellman based MAC" */
382, /* "Directory" */
392, /* "Domain" */
@@ -3801,6 +3841,7 @@ static const unsigned int ln_objs[NUM_LN]={
161, /* "PBES2" */
69, /* "PBKDF2" */
162, /* "PBMAC1" */
+1032, /* "PKINIT Client Auth" */
127, /* "PKIX" */
858, /* "Permanent Identifier" */
164, /* "Policy Qualifier CPS" */
@@ -3813,9 +3854,16 @@ static const unsigned int ln_objs[NUM_LN]={
167, /* "S/MIME Capabilities" */
1006, /* "SNILS" */
387, /* "SNMPv2" */
+1025, /* "SSH Client" */
+1026, /* "SSH Server" */
512, /* "Secure Electronic Transactions" */
386, /* "Security" */
394, /* "Selected Attribute Types" */
+1029, /* "Send Owner" */
+1030, /* "Send Proxied Owner" */
+1028, /* "Send Proxied Router" */
+1027, /* "Send Router" */
+1033, /* "Signing KDC Response" */
1008, /* "Signing Tool of Issuer" */
1007, /* "Signing Tool of Subject" */
143, /* "Strong Extranet ID" */
@@ -4234,6 +4282,7 @@ static const unsigned int ln_objs[NUM_LN]={
351, /* "id-pda-gender" */
349, /* "id-pda-placeOfBirth" */
175, /* "id-pe" */
+1031, /* "id-pkinit" */
261, /* "id-pkip" */
258, /* "id-pkix-mod" */
269, /* "id-pkix1-explicit-88" */
@@ -5042,6 +5091,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */
1, /* OBJ_rsadsi 1 2 840 113549 */
185, /* OBJ_X9cm 1 2 840 10040 4 */
+1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */
127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */
505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */
506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */
@@ -5112,6 +5162,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */
792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */
920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */
+1032, /* OBJ_pkInitClientAuth 1 3 6 1 5 2 3 4 */
+1033, /* OBJ_pkInitKDC 1 3 6 1 5 2 3 5 */
258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */
175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */
259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */
@@ -5269,6 +5321,14 @@ static const unsigned int obj_objs[NUM_OBJ]={
180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */
297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */
1022, /* OBJ_ipsec_IKE 1 3 6 1 5 5 7 3 17 */
+1023, /* OBJ_capwapAC 1 3 6 1 5 5 7 3 18 */
+1024, /* OBJ_capwapWTP 1 3 6 1 5 5 7 3 19 */
+1025, /* OBJ_sshClient 1 3 6 1 5 5 7 3 21 */
+1026, /* OBJ_sshServer 1 3 6 1 5 5 7 3 22 */
+1027, /* OBJ_sendRouter 1 3 6 1 5 5 7 3 23 */
+1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */
+1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */
+1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */
298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */
299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */
300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 2e54d3d..f493795 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1020,3 +1020,14 @@ chacha20 1019
tlsfeature 1020
tls1_prf 1021
ipsec_IKE 1022
+capwapAC 1023
+capwapWTP 1024
+sshClient 1025
+sshServer 1026
+sendRouter 1027
+sendProxiedRouter 1028
+sendOwner 1029
+sendProxiedOwner 1030
+id_pkinit 1031
+pkInitClientAuth 1032
+pkInitKDC 1033
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 42175d9..0fcd3e1 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -499,6 +499,16 @@ id-kp 9 : OCSPSigning : OCSP Signing
id-kp 10 : DVCS : dvcs
!Cname ipsec-IKE
id-kp 17 : ipsecIKE : ipsec Internet Key Exchange
+id-kp 18 : capwapAC : Ctrl/provision WAP Access
+id-kp 19 : capwapWTP : Ctrl/Provision WAP Termination
+!Cname sshClient
+id-kp 21 : secureShellClient : SSH Client
+!Cname sshServer
+id-kp 22 : secureShellServer : SSH Server
+id-kp 23 : sendRouter : Send Router
+id-kp 24 : sendProxiedRouter : Send Proxied Router
+id-kp 25 : sendOwner : Send Owner
+id-kp 26 : sendProxiedOwner : Send Proxied Owner
# CMP information types
id-it 1 : id-it-caProtEncCert
@@ -1433,3 +1443,8 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
# NID for TLS1 PRF
: TLS1-PRF : tls1-prf
+
+# RFC 4556
+1 3 6 1 5 2 3 : id-pkinit
+id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
+id-pkinit 5 : pkInitKDC : Signing KDC Response
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index a577e51..d7693db 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1562,6 +1562,46 @@
#define NID_ipsec_IKE 1022
#define OBJ_ipsec_IKE OBJ_id_kp,17L
+#define SN_capwapAC "capwapAC"
+#define LN_capwapAC "Ctrl/provision WAP Access"
+#define NID_capwapAC 1023
+#define OBJ_capwapAC OBJ_id_kp,18L
+
+#define SN_capwapWTP "capwapWTP"
+#define LN_capwapWTP "Ctrl/Provision WAP Termination"
+#define NID_capwapWTP 1024
+#define OBJ_capwapWTP OBJ_id_kp,19L
+
+#define SN_sshClient "secureShellClient"
+#define LN_sshClient "SSH Client"
+#define NID_sshClient 1025
+#define OBJ_sshClient OBJ_id_kp,21L
+
+#define SN_sshServer "secureShellServer"
+#define LN_sshServer "SSH Server"
+#define NID_sshServer 1026
+#define OBJ_sshServer OBJ_id_kp,22L
+
+#define SN_sendRouter "sendRouter"
+#define LN_sendRouter "Send Router"
+#define NID_sendRouter 1027
+#define OBJ_sendRouter OBJ_id_kp,23L
+
+#define SN_sendProxiedRouter "sendProxiedRouter"
+#define LN_sendProxiedRouter "Send Proxied Router"
+#define NID_sendProxiedRouter 1028
+#define OBJ_sendProxiedRouter OBJ_id_kp,24L
+
+#define SN_sendOwner "sendOwner"
+#define LN_sendOwner "Send Owner"
+#define NID_sendOwner 1029
+#define OBJ_sendOwner OBJ_id_kp,25L
+
+#define SN_sendProxiedOwner "sendProxiedOwner"
+#define LN_sendProxiedOwner "Send Proxied Owner"
+#define NID_sendProxiedOwner 1030
+#define OBJ_sendProxiedOwner OBJ_id_kp,26L
+
#define SN_id_it_caProtEncCert "id-it-caProtEncCert"
#define NID_id_it_caProtEncCert 298
#define OBJ_id_it_caProtEncCert OBJ_id_it,1L
@@ -4470,3 +4510,17 @@
#define SN_tls1_prf "TLS1-PRF"
#define LN_tls1_prf "tls1-prf"
#define NID_tls1_prf 1021
+
+#define SN_id_pkinit "id-pkinit"
+#define NID_id_pkinit 1031
+#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L
+
+#define SN_pkInitClientAuth "pkInitClientAuth"
+#define LN_pkInitClientAuth "PKINIT Client Auth"
+#define NID_pkInitClientAuth 1032
+#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L
+
+#define SN_pkInitKDC "pkInitKDC"
+#define LN_pkInitKDC "Signing KDC Response"
+#define NID_pkInitKDC 1033
+#define OBJ_pkInitKDC OBJ_id_pkinit,5L
More information about the openssl-commits
mailing list