[openssl] master update

dev at ddvo.net dev at ddvo.net
Tue Sep 8 21:22:57 UTC 2020


The branch master has been updated
       via  15633d74dcfe446d309d612c69fd075616d45c5b (commit)
      from  1251cddf8d413af3747e81e39141f34318f92cd6 (commit)


- Log -----------------------------------------------------------------
commit 15633d74dcfe446d309d612c69fd075616d45c5b
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Sep 7 20:27:19 2020 +0200

    Add 4 new OIDs for PKIX key purposes and 3 new CMP information types
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12807)

-----------------------------------------------------------------------

Summary of changes:
 crypto/objects/obj_dat.h   | 45 ++++++++++++++++++++++++++++++++++++++++-----
 crypto/objects/obj_mac.num |  7 +++++++
 crypto/objects/objects.txt |  9 +++++++++
 fuzz/oids.txt              |  7 +++++++
 include/openssl/obj_mac.h  | 32 ++++++++++++++++++++++++++++++++
 5 files changed, 95 insertions(+), 5 deletions(-)

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index decf33ef9b..0abd2a8d72 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[7845] = {
+static const unsigned char so[7901] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1086,9 +1086,16 @@ static const unsigned char so[7845] = {
     0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x05,       /* [ 7820] OBJ_XmppAddr */
     0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x07,       /* [ 7828] OBJ_SRVName */
     0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x08,       /* [ 7836] OBJ_NAIRealm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1D,       /* [ 7844] OBJ_cmcArchive */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1E,       /* [ 7852] OBJ_id_kp_bgpsec_router */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1F,       /* [ 7860] OBJ_id_kp_BrandIndicatorforMessageIdentification */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x20,       /* [ 7868] OBJ_cmKGA */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x11,       /* [ 7876] OBJ_id_it_caCerts */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x12,       /* [ 7884] OBJ_id_it_rootCaKeyUpdate */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x13,       /* [ 7892] OBJ_id_it_certReqTemplate */
 };
 
-#define NUM_NID 1219
+#define NUM_NID 1226
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2309,9 +2316,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"modp_6144", "modp_6144", NID_modp_6144},
     {"modp_8192", "modp_8192", NID_modp_8192},
     {"KxGOST18", "kx-gost18", NID_kx_gost18},
+    {"cmcArchive", "CMC Archive Server", NID_cmcArchive, 8, &so[7844]},
+    {"id-kp-bgpsec-router", "BGPsec Router", NID_id_kp_bgpsec_router, 8, &so[7852]},
+    {"id-kp-BrandIndicatorforMessageIdentification", "Brand Indicator for Message Identification", NID_id_kp_BrandIndicatorforMessageIdentification, 8, &so[7860]},
+    {"cmKGA", "Certificate Management Key Generation Authority", NID_cmKGA, 8, &so[7868]},
+    {"id-it-caCerts", "id-it-caCerts", NID_id_it_caCerts, 8, &so[7876]},
+    {"id-it-rootCaKeyUpdate", "id-it-rootCaKeyUpdate", NID_id_it_rootCaKeyUpdate, 8, &so[7884]},
+    {"id-it-certReqTemplate", "id-it-certReqTemplate", NID_id_it_certReqTemplate, 8, &so[7892]},
 };
 
-#define NUM_SN 1210
+#define NUM_SN 1217
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2692,6 +2706,8 @@ static const unsigned int sn_objs[NUM_SN] = {
      407,    /* "characteristic-two-field" */
      395,    /* "clearance" */
      130,    /* "clientAuth" */
+    1222,    /* "cmKGA" */
+    1219,    /* "cmcArchive" */
     1131,    /* "cmcCA" */
     1132,    /* "cmcRA" */
      131,    /* "codeSigning" */
@@ -2931,8 +2947,10 @@ static const unsigned int sn_objs[NUM_SN] = {
     1104,    /* "id-hmacWithSHA3-384" */
     1105,    /* "id-hmacWithSHA3-512" */
      260,    /* "id-it" */
+    1223,    /* "id-it-caCerts" */
      302,    /* "id-it-caKeyUpdateInfo" */
      298,    /* "id-it-caProtEncCert" */
+    1225,    /* "id-it-certReqTemplate" */
      311,    /* "id-it-confirmWaitTime" */
      303,    /* "id-it-currentCRL" */
      300,    /* "id-it-encKeyPairTypes" */
@@ -2942,12 +2960,15 @@ static const unsigned int sn_objs[NUM_SN] = {
      312,    /* "id-it-origPKIMessage" */
      301,    /* "id-it-preferredSymmAlg" */
      309,    /* "id-it-revPassphrase" */
+    1224,    /* "id-it-rootCaKeyUpdate" */
      299,    /* "id-it-signKeyPairTypes" */
      305,    /* "id-it-subscriptionRequest" */
      306,    /* "id-it-subscriptionResponse" */
      784,    /* "id-it-suppLangTags" */
      304,    /* "id-it-unsupportedOIDs" */
      128,    /* "id-kp" */
+    1221,    /* "id-kp-BrandIndicatorforMessageIdentification" */
+    1220,    /* "id-kp-bgpsec-router" */
      280,    /* "id-mod-attribute-cert" */
      274,    /* "id-mod-cmc" */
      277,    /* "id-mod-cmp" */
@@ -3525,7 +3546,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1210
+#define NUM_LN 1217
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3533,16 +3554,20 @@ static const unsigned int ln_objs[NUM_LN] = {
      910,    /* "Any Extended Key Usage" */
      664,    /* "Any language" */
      177,    /* "Authority Information Access" */
+    1220,    /* "BGPsec Router" */
      365,    /* "Basic OCSP Response" */
      285,    /* "Biometric Info" */
+    1221,    /* "Brand Indicator for Message Identification" */
      179,    /* "CA Issuers" */
      785,    /* "CA Repository" */
+    1219,    /* "CMC Archive Server" */
     1131,    /* "CMC Certificate Authority" */
     1132,    /* "CMC Registration Authority" */
      954,    /* "CT Certificate SCTs" */
      952,    /* "CT Precertificate Poison" */
      951,    /* "CT Precertificate SCTs" */
      953,    /* "CT Precertificate Signer" */
+    1222,    /* "Certificate Management Key Generation Authority" */
      131,    /* "Code Signing" */
     1024,    /* "Ctrl/Provision WAP Termination" */
     1023,    /* "Ctrl/provision WAP Access" */
@@ -4144,8 +4169,10 @@ static const unsigned int ln_objs[NUM_LN] = {
      508,    /* "id-hex-multipart-message" */
      507,    /* "id-hex-partial-message" */
      260,    /* "id-it" */
+    1223,    /* "id-it-caCerts" */
      302,    /* "id-it-caKeyUpdateInfo" */
      298,    /* "id-it-caProtEncCert" */
+    1225,    /* "id-it-certReqTemplate" */
      311,    /* "id-it-confirmWaitTime" */
      303,    /* "id-it-currentCRL" */
      300,    /* "id-it-encKeyPairTypes" */
@@ -4155,6 +4182,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      312,    /* "id-it-origPKIMessage" */
      301,    /* "id-it-preferredSymmAlg" */
      309,    /* "id-it-revPassphrase" */
+    1224,    /* "id-it-rootCaKeyUpdate" */
      299,    /* "id-it-signKeyPairTypes" */
      305,    /* "id-it-subscriptionRequest" */
      306,    /* "id-it-subscriptionResponse" */
@@ -4739,7 +4767,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      125,    /* "zlib compression" */
 };
 
-#define NUM_OBJ 1081
+#define NUM_OBJ 1088
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -5345,6 +5373,10 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     1030,    /* OBJ_sendProxiedOwner             1 3 6 1 5 5 7 3 26 */
     1131,    /* OBJ_cmcCA                        1 3 6 1 5 5 7 3 27 */
     1132,    /* OBJ_cmcRA                        1 3 6 1 5 5 7 3 28 */
+    1219,    /* OBJ_cmcArchive                   1 3 6 1 5 5 7 3 29 */
+    1220,    /* OBJ_id_kp_bgpsec_router          1 3 6 1 5 5 7 3 30 */
+    1221,    /* OBJ_id_kp_BrandIndicatorforMessageIdentification 1 3 6 1 5 5 7 3 31 */
+    1222,    /* OBJ_cmKGA                        1 3 6 1 5 5 7 3 32 */
      298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
      299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
      300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
@@ -5361,6 +5393,9 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      311,    /* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
      312,    /* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
      784,    /* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
+    1223,    /* OBJ_id_it_caCerts                1 3 6 1 5 5 7 4 17 */
+    1224,    /* OBJ_id_it_rootCaKeyUpdate        1 3 6 1 5 5 7 4 18 */
+    1225,    /* OBJ_id_it_certReqTemplate        1 3 6 1 5 5 7 4 19 */
      313,    /* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
      314,    /* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
      323,    /* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 6d2c0d74a8..fb40663977 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1216,3 +1216,10 @@ modp_4096		1215
 modp_6144		1216
 modp_8192		1217
 kx_gost18		1218
+cmcArchive		1219
+id_kp_bgpsec_router		1220
+id_kp_BrandIndicatorforMessageIdentification		1221
+cmKGA		1222
+id_it_caCerts		1223
+id_it_rootCaKeyUpdate		1224
+id_it_certReqTemplate		1225
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index b19454209b..4aa6fc5854 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -509,6 +509,7 @@ id-qt 1			: id-qt-cps		: Policy Qualifier CPS
 id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice
 id-qt 3			: textNotice
 
+# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
 # PKIX key purpose identifiers
 !Cname server-auth
 id-kp 1			: serverAuth		: TLS Web Server Authentication
@@ -541,7 +542,12 @@ id-kp 25                : sendOwner             : Send Owner
 id-kp 26                : sendProxiedOwner      : Send Proxied Owner
 id-kp 27                : cmcCA                 : CMC Certificate Authority
 id-kp 28                : cmcRA                 : CMC Registration Authority
+id-kp 29                : cmcArchive            : CMC Archive Server
+id-kp 30                : id-kp-bgpsec-router 	: BGPsec Router
+id-kp 31                : id-kp-BrandIndicatorforMessageIdentification : Brand Indicator for Message Identification
+id-kp 32                : cmKGA                 : Certificate Management Key Generation Authority
 
+# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4
 # CMP information types
 id-it 1			: id-it-caProtEncCert
 id-it 2			: id-it-signKeyPairTypes
@@ -561,6 +567,9 @@ id-it 13		: id-it-implicitConfirm
 id-it 14		: id-it-confirmWaitTime
 id-it 15		: id-it-origPKIMessage
 id-it 16		: id-it-suppLangTags
+id-it 17		: id-it-caCerts
+id-it 18		: id-it-rootCaKeyUpdate
+id-it 19		: id-it-certReqTemplate
 
 # CRMF registration
 id-pkip 1		: id-regCtrl
diff --git a/fuzz/oids.txt b/fuzz/oids.txt
index ddd50880ce..2b4cb110ce 100644
--- a/fuzz/oids.txt
+++ b/fuzz/oids.txt
@@ -1073,3 +1073,10 @@ OBJ_id_on_SmtpUTF8Mailbox="\x2B\x06\x01\x05\x05\x07\x08\x09"
 OBJ_XmppAddr="\x2B\x06\x01\x05\x05\x07\x08\x05"
 OBJ_SRVName="\x2B\x06\x01\x05\x05\x07\x08\x07"
 OBJ_NAIRealm="\x2B\x06\x01\x05\x05\x07\x08\x08"
+OBJ_cmcArchive="\x2B\x06\x01\x05\x05\x07\x03\x1D"
+OBJ_id_kp_bgpsec_router="\x2B\x06\x01\x05\x05\x07\x03\x1E"
+OBJ_id_kp_BrandIndicatorforMessageIdentification="\x2B\x06\x01\x05\x05\x07\x03\x1F"
+OBJ_cmKGA="\x2B\x06\x01\x05\x05\x07\x03\x20"
+OBJ_id_it_caCerts="\x2B\x06\x01\x05\x05\x07\x04\x11"
+OBJ_id_it_rootCaKeyUpdate="\x2B\x06\x01\x05\x05\x07\x04\x12"
+OBJ_id_it_certReqTemplate="\x2B\x06\x01\x05\x05\x07\x04\x13"
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 0f9adc9b6a..18fd0ec451 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1647,6 +1647,26 @@
 #define NID_cmcRA               1132
 #define OBJ_cmcRA               OBJ_id_kp,28L
 
+#define SN_cmcArchive           "cmcArchive"
+#define LN_cmcArchive           "CMC Archive Server"
+#define NID_cmcArchive          1219
+#define OBJ_cmcArchive          OBJ_id_kp,29L
+
+#define SN_id_kp_bgpsec_router          "id-kp-bgpsec-router"
+#define LN_id_kp_bgpsec_router          "BGPsec Router"
+#define NID_id_kp_bgpsec_router         1220
+#define OBJ_id_kp_bgpsec_router         OBJ_id_kp,30L
+
+#define SN_id_kp_BrandIndicatorforMessageIdentification         "id-kp-BrandIndicatorforMessageIdentification"
+#define LN_id_kp_BrandIndicatorforMessageIdentification         "Brand Indicator for Message Identification"
+#define NID_id_kp_BrandIndicatorforMessageIdentification                1221
+#define OBJ_id_kp_BrandIndicatorforMessageIdentification                OBJ_id_kp,31L
+
+#define SN_cmKGA                "cmKGA"
+#define LN_cmKGA                "Certificate Management Key Generation Authority"
+#define NID_cmKGA               1222
+#define OBJ_cmKGA               OBJ_id_kp,32L
+
 #define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
 #define NID_id_it_caProtEncCert         298
 #define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
@@ -1711,6 +1731,18 @@
 #define NID_id_it_suppLangTags          784
 #define OBJ_id_it_suppLangTags          OBJ_id_it,16L
 
+#define SN_id_it_caCerts                "id-it-caCerts"
+#define NID_id_it_caCerts               1223
+#define OBJ_id_it_caCerts               OBJ_id_it,17L
+
+#define SN_id_it_rootCaKeyUpdate                "id-it-rootCaKeyUpdate"
+#define NID_id_it_rootCaKeyUpdate               1224
+#define OBJ_id_it_rootCaKeyUpdate               OBJ_id_it,18L
+
+#define SN_id_it_certReqTemplate                "id-it-certReqTemplate"
+#define NID_id_it_certReqTemplate               1225
+#define OBJ_id_it_certReqTemplate               OBJ_id_it,19L
+
 #define SN_id_regCtrl           "id-regCtrl"
 #define NID_id_regCtrl          313
 #define OBJ_id_regCtrl          OBJ_id_pkip,1L


More information about the openssl-commits mailing list