Add a few extended key usage OIDs.

a27598bf · Dr. Stephen Henson · b2347661 · a27598bf · a27598bf · a27598bf
隐藏空白更改
内联并排

Showing with 147 addition and 5 deletion

CHANGES CHANGES +3 -0

crypto/objects/obj_dat.h crypto/objects/obj_dat.h +75 -5

crypto/objects/objects.h crypto/objects/objects.h +69 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@

 Changes between 0.9.1c and 0.9.2

+  *) Add several PKIX and private extended key usage OIDs.
+     [Steve Henson]
+
  *) Modify the 'ca' program to handle the new extension code. Modify
     openssl.cnf for new extension format, add comments.
     [Steve Henson]

--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -61,12 +61,12 @@
 * perl obj_dat.pl < objects.h > obj_dat.h
 */

-#define NUM_NID 127
-#define NUM_SN 98
-#define NUM_LN 125
-#define NUM_OBJ 99
+#define NUM_NID 140
+#define NUM_SN 111
+#define NUM_LN 136
+#define NUM_OBJ 112

-static unsigned char lvalues[614]={
+static unsigned char lvalues[726]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -166,6 +166,19 @@ static unsigned char lvalues[614]={
 0x29,0x01,0x01,0x85,0x1A,                    /* [600] OBJ_rle_compression */
 0x29,0x01,0x01,0x85,0x1A,                    /* [605] OBJ_zlib_compression */
 0x55,0x1D,0x25,                              /* [610] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07,               /* [613] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [619] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [626] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [634] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [642] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [650] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [658] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [666] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [676] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [686] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */
 };

 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -339,6 +352,26 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"ZLIB","zlib compression",NID_zlib_compression,5,&(lvalues[605]),0},
 {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
 	&(lvalues[610]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[613]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[619]),0},
+{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
+	&(lvalues[626]),0},
+{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
+	&(lvalues[634]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[642]),0},
+{"emailProtection","E-mail Protection",NID_email_protect,8,
+	&(lvalues[650]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[658]),0},
+{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
+	&(lvalues[666]),0},
+{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
+	&(lvalues[676]),0},
+{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
+	&(lvalues[686]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[696]),0},
+{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
+	&(lvalues[706]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0},
 };

 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -386,6 +419,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[57]),/* "Netscape" */
 &(nid_objs[17]),/* "O" */
 &(nid_objs[18]),/* "OU" */
+&(nid_objs[127]),/* "PKIX" */
 &(nid_objs[98]),/* "RC2-40-CBC" */
 &(nid_objs[37]),/* "RC2-CBC" */
 &(nid_objs[39]),/* "RC2-CFB" */
@@ -420,12 +454,21 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[90]),/* "authorityKeyIdentifier" */
 &(nid_objs[87]),/* "basicConstraints" */
 &(nid_objs[89]),/* "certificatePolicies" */
+&(nid_objs[130]),/* "clientAuth" */
+&(nid_objs[131]),/* "codeSigning" */
 &(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[126]),/* "extendedKeyUsage" */
+&(nid_objs[128]),/* "id-kp" */
 &(nid_objs[86]),/* "issuerAltName" */
 &(nid_objs[83]),/* "keyUsage" */
 &(nid_objs[81]),/* "ld-ce" */
+&(nid_objs[136]),/* "msCTLSign" */
+&(nid_objs[135]),/* "msCodeCom" */
+&(nid_objs[134]),/* "msCodeInd" */
+&(nid_objs[138]),/* "msEFS" */
+&(nid_objs[137]),/* "msSGC" */
 &(nid_objs[72]),/* "nsBaseUrl" */
 &(nid_objs[76]),/* "nsCaPolicyUrl" */
 &(nid_objs[74]),/* "nsCaRevocationUrl" */
@@ -436,13 +479,23 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[59]),/* "nsDataType" */
 &(nid_objs[75]),/* "nsRenewalUrl" */
 &(nid_objs[73]),/* "nsRevocationUrl" */
+&(nid_objs[139]),/* "nsSGC" */
 &(nid_objs[77]),/* "nsSslServerName" */
 &(nid_objs[84]),/* "privateKeyUsagePeriod" */
+&(nid_objs[129]),/* "serverAuth" */
 &(nid_objs[85]),/* "subjectAltName" */
 &(nid_objs[82]),/* "subjectKeyIdentifier" */
+&(nid_objs[133]),/* "timeStamping" */
 };

 static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[131]),/* "Code Signing" */
+&(nid_objs[132]),/* "E-mail Protection" */
+&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
+&(nid_objs[138]),/* "Microsoft Encrypted File System" */
+&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+&(nid_objs[136]),/* "Microsoft Trust List Signing" */
 &(nid_objs[72]),/* "Netscape Base Url" */
 &(nid_objs[76]),/* "Netscape CA Policy Url" */
 &(nid_objs[74]),/* "Netscape CA Revocation Url" */
@@ -455,6 +508,10 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[75]),/* "Netscape Renewal Url" */
 &(nid_objs[73]),/* "Netscape Revocation Url" */
 &(nid_objs[77]),/* "Netscape SSL Server Name" */
+&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[130]),/* "TLS Web Client Authentication" */
+&(nid_objs[129]),/* "TLS Web Server Authentication" */
+&(nid_objs[133]),/* "Time Stamping" */
 &(nid_objs[11]),/* "X500" */
 &(nid_objs[12]),/* "X509" */
 &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
@@ -619,10 +676,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
 &(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
 &(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
 &(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
 &(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
 &(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
 &(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
 &(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
 &(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
 &(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
@@ -633,6 +692,11 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
 &(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
 &(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
 &(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
 &(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
 &(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
@@ -670,5 +734,11 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
 &(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
 &(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
 };

--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -670,6 +670,75 @@ extern "C" {
 #define NID_ext_key_usage		126
 #define OBJ_ext_key_usage		OBJ_ld_ce,37

+#define SN_id_pkix			"PKIX"
+#define NID_id_pkix			127
+#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_kp			"id-kp"
+#define NID_id_kp			128
+#define OBJ_id_kp			OBJ_id_pkix,3L
+
+/* PKIX extended key usage OIDs */
+
+#define SN_server_auth			"serverAuth"
+#define LN_server_auth			"TLS Web Server Authentication"
+#define NID_server_auth			129
+#define OBJ_server_auth			OBJ_id_kp,1L
+
+#define SN_client_auth			"clientAuth"
+#define LN_client_auth			"TLS Web Client Authentication"
+#define NID_client_auth			130
+#define OBJ_client_auth			OBJ_id_kp,2L
+
+#define SN_code_sign			"codeSigning"
+#define LN_code_sign			"Code Signing"
+#define NID_code_sign			131
+#define OBJ_code_sign			OBJ_id_kp,3L
+
+#define SN_email_protect		"emailProtection"
+#define LN_email_protect		"E-mail Protection"
+#define NID_email_protect		132
+#define OBJ_email_protect		OBJ_id_kp,4L
+
+#define SN_time_stamp			"timeStamping"
+#define LN_time_stamp			"Time Stamping"
+#define NID_time_stamp			133
+#define OBJ_time_stamp			OBJ_id_kp,8L
+
+/* Additional extended key usage OIDs: Microsoft */
+
+#define SN_ms_code_ind			"msCodeInd"
+#define LN_ms_code_ind			"Microsoft Individual Code Signing"
+#define NID_ms_code_ind			134
+#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com			"msCodeCom"
+#define LN_ms_code_com			"Microsoft Commercial Code Signing"
+#define NID_ms_code_com			135
+#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign			"msCTLSign"
+#define LN_ms_ctl_sign			"Microsoft Trust List Signing"
+#define NID_ms_ctl_sign			136
+#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc			"msSGC"
+#define LN_ms_sgc			"Microsoft Server Gated Crypto"
+#define NID_ms_sgc			137
+#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs			"msEFS"
+#define LN_ms_efs			"Microsoft Encrypted File System"
+#define NID_ms_efs			138
+#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+/* Addidional usage: Netscape */
+
+#define SN_ns_sgc			"nsSGC"
+#define LN_ns_sgc			"Netscape Server Gated Crypto"
+#define NID_ns_sgc			139
+#define OBJ_ns_sgc			OBJ_netscape,4L,1L
+
 #include "bio.h"
 #include "asn1.h"