diff options
| author | Dragan Zuvic <dragan.zuvic@mercedes-benz.com> | 2023-05-17 08:10:46 +0200 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-05-22 08:43:00 +0200 |
| commit | f3afe15fb7d3a1ed4397252d7615e7d788be662a (patch) | |
| tree | 103083feb5731cb97d41680fa34351dd3d7aff40 | |
| parent | Update hkdf.c to avoid potentially vulnerable code pattern (diff) | |
| download | openssl-f3afe15fb7d3a1ed4397252d7615e7d788be662a.tar.xz openssl-f3afe15fb7d3a1ed4397252d7615e7d788be662a.zip | |
Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311
and changed hopefully all occurences for that OID
Signed-off-by: Dragan Zuvic <dragan.zuvic@mercedes-benz.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20986)
| -rw-r--r-- | crypto/objects/obj_dat.h | 32 | ||||
| -rw-r--r-- | crypto/objects/obj_mac.num | 4 | ||||
| -rw-r--r-- | crypto/objects/obj_xref.h | 2 | ||||
| -rw-r--r-- | crypto/objects/objects.txt | 32 | ||||
| -rw-r--r-- | fuzz/oids.txt | 6 | ||||
| -rw-r--r-- | include/openssl/obj_mac.h | 50 |
6 files changed, 91 insertions, 35 deletions
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 3f90b7765f..ea09cc94c0 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[8364] = { +static const unsigned char so[8401] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1153,9 +1153,13 @@ static const unsigned char so[8364] = { 0x60,0x86,0x48,0x01,0x86,0xF9,0x66,0xAD,0xCA,0x7B,0x01,0x01, /* [ 8332] OBJ_oracle_jdk_trustedkeyusage */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x32, /* [ 8344] OBJ_id_ct_signedTAL */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0A, /* [ 8355] OBJ_sm4_xts */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x19,0x02,0x01, /* [ 8363] OBJ_ms_ntds_obj_sid */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x19,0x02, /* [ 8373] OBJ_ms_ntds_sec_ext */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07, /* [ 8382] OBJ_ms_cert_templ */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x0A, /* [ 8391] OBJ_ms_app_policies */ }; -#define NUM_NID 1291 +#define NUM_NID 1295 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2448,9 +2452,13 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"brotli", "Brotli compression", NID_brotli}, {"zstd", "Zstandard compression", NID_zstd}, {"SM4-XTS", "sm4-xts", NID_sm4_xts, 8, &so[8355]}, + {"ms-ntds-obj-sid", "Microsoft NTDS AD objectSid", NID_ms_ntds_obj_sid, 10, &so[8363]}, + {"ms-ntds-sec-ext", "Microsoft NTDS CA Extension", NID_ms_ntds_sec_ext, 9, &so[8373]}, + {"ms-cert-templ", "Microsoft certificate template", NID_ms_cert_templ, 9, &so[8382]}, + {"ms-app-policies", "Microsoft Application Policies Extension", NID_ms_app_policies, 9, &so[8391]}, }; -#define NUM_SN 1282 +#define NUM_SN 1286 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -3379,6 +3387,10 @@ static const unsigned int sn_objs[NUM_SN] = { 1215, /* "modp_4096" */ 1216, /* "modp_6144" */ 1217, /* "modp_8192" */ + 1294, /* "ms-app-policies" */ + 1293, /* "ms-cert-templ" */ + 1291, /* "ms-ntds-obj-sid" */ + 1292, /* "ms-ntds-sec-ext" */ 136, /* "msCTLSign" */ 135, /* "msCodeCom" */ 134, /* "msCodeInd" */ @@ -3736,7 +3748,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1289, /* "zstd" */ }; -#define NUM_LN 1282 +#define NUM_LN 1286 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3852,16 +3864,20 @@ static const unsigned int ln_objs[NUM_LN] = { 504, /* "MIME MHS" */ 388, /* "Mail" */ 383, /* "Management" */ + 1294, /* "Microsoft Application Policies Extension" */ 417, /* "Microsoft CSP Name" */ 135, /* "Microsoft Commercial Code Signing" */ 138, /* "Microsoft Encrypted File System" */ 171, /* "Microsoft Extension Request" */ 134, /* "Microsoft Individual Code Signing" */ 856, /* "Microsoft Local Key set" */ + 1291, /* "Microsoft NTDS AD objectSid" */ + 1292, /* "Microsoft NTDS CA Extension" */ 137, /* "Microsoft Server Gated Crypto" */ 648, /* "Microsoft Smartcard Login" */ 136, /* "Microsoft Trust List Signing" */ 649, /* "Microsoft User Principal Name" */ + 1293, /* "Microsoft certificate template" */ 1211, /* "NAIRealm" */ 393, /* "NULL" */ 404, /* "NULL" */ @@ -5022,7 +5038,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1148 +#define NUM_OBJ 1152 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5851,6 +5867,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ 417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ 856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ + 1293, /* OBJ_ms_cert_templ 1 3 6 1 4 1 311 21 7 */ + 1294, /* OBJ_ms_app_policies 1 3 6 1 4 1 311 21 10 */ + 1292, /* OBJ_ms_ntds_sec_ext 1 3 6 1 4 1 311 25 2 */ 390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ 91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ 973, /* OBJ_id_scrypt 1 3 6 1 4 1 11591 4 11 */ @@ -6052,6 +6071,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ + 1291, /* OBJ_ms_ntds_obj_sid 1 3 6 1 4 1 311 25 2 1 */ 1201, /* OBJ_blake2bmac 1 3 6 1 4 1 1722 12 2 1 */ 1202, /* OBJ_blake2smac 1 3 6 1 4 1 1722 12 2 2 */ 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index f0fe5c64e5..ba3d57a5f3 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1288,3 +1288,7 @@ brainpoolP512r1tls13 1287 brotli 1288 zstd 1289 sm4_xts 1290 +ms_ntds_obj_sid 1291 +ms_ntds_sec_ext 1292 +ms_cert_templ 1293 +ms_app_policies 1294 diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index c08b5fc2ab..fff7040075 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index ed4746f462..c6155fe508 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -353,9 +353,10 @@ id-smime-cti 6 : id-smime-cti-ets-proofOfCreation pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID +!Alias ms-corp 1 3 6 1 4 1 311 !Cname ms-csp-name -1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name -1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set +ms-corp 17 1 : CSPName : Microsoft CSP Name +ms-corp 17 2 : LocalKeySet : Microsoft Local Key set !Alias certTypes pkcs9 22 certTypes 1 : : x509Certificate certTypes 2 : : sdsiCertificate @@ -435,21 +436,26 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc : RC5-OFB : rc5-ofb !Cname ms-ext-req -1 3 6 1 4 1 311 2 1 14 : msExtReq : Microsoft Extension Request +ms-corp 2 1 14 : msExtReq : Microsoft Extension Request !Cname ms-code-ind -1 3 6 1 4 1 311 2 1 21 : msCodeInd : Microsoft Individual Code Signing +ms-corp 2 1 21 : msCodeInd : Microsoft Individual Code Signing !Cname ms-code-com -1 3 6 1 4 1 311 2 1 22 : msCodeCom : Microsoft Commercial Code Signing +ms-corp 2 1 22 : msCodeCom : Microsoft Commercial Code Signing !Cname ms-ctl-sign -1 3 6 1 4 1 311 10 3 1 : msCTLSign : Microsoft Trust List Signing +ms-corp 10 3 1 : msCTLSign : Microsoft Trust List Signing !Cname ms-sgc -1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto +ms-corp 10 3 3 : msSGC : Microsoft Server Gated Crypto !Cname ms-efs -1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System +ms-corp 10 3 4 : msEFS : Microsoft Encrypted File System !Cname ms-smartcard-login -1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login +ms-corp 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login !Cname ms-upn -1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft User Principal Name +ms-corp 20 2 3 : msUPN : Microsoft User Principal Name + +ms-corp 25 2 : ms-ntds-sec-ext : Microsoft NTDS CA Extension +ms-corp 25 2 1 : ms-ntds-obj-sid : Microsoft NTDS AD objectSid +ms-corp 21 7 : ms-cert-templ : Microsoft certificate template +ms-corp 21 10 : ms-app-policies : Microsoft Application Policies Extension 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb @@ -1686,9 +1692,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme # CABForum EV SSL Certificate Guidelines # (see https://cabforum.org/extended-validation/) # OIDs for Subject Jurisdiction of Incorporation or Registration -1 3 6 1 4 1 311 60 2 1 1 : jurisdictionL : jurisdictionLocalityName -1 3 6 1 4 1 311 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName -1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName +ms-corp 60 2 1 1 : jurisdictionL : jurisdictionLocalityName +ms-corp 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName +ms-corp 60 2 1 3 : jurisdictionC : jurisdictionCountryName # SCRYPT algorithm !Cname id-scrypt diff --git a/fuzz/oids.txt b/fuzz/oids.txt index 02a8177486..be7feaaf3a 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1,7 +1,7 @@ # WARNING: do not edit! # Generated by fuzz/mkfuzzoids.pl # -# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1149,3 +1149,7 @@ OBJ_oracle="\x60\x86\x48\x01\x86\xF9\x66" OBJ_oracle_jdk_trustedkeyusage="\x60\x86\x48\x01\x86\xF9\x66\xAD\xCA\x7B\x01\x01" OBJ_id_ct_signedTAL="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x32" OBJ_sm4_xts="\x2A\x81\x1C\xCF\x55\x01\x68\x0A" +OBJ_ms_ntds_obj_sid="\x2B\x06\x01\x04\x01\x82\x37\x19\x02\x01" +OBJ_ms_ntds_sec_ext="\x2B\x06\x01\x04\x01\x82\x37\x19\x02" +OBJ_ms_cert_templ="\x2B\x06\x01\x04\x01\x82\x37\x15\x07" +OBJ_ms_app_policies="\x2B\x06\x01\x04\x01\x82\x37\x15\x0A" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 8e3ff0fd51..4f3650ee3e 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -1102,15 +1102,17 @@ #define NID_localKeyID 157 #define OBJ_localKeyID OBJ_pkcs9,21L +#define OBJ_ms_corp 1L,3L,6L,1L,4L,1L,311L + #define SN_ms_csp_name "CSPName" #define LN_ms_csp_name "Microsoft CSP Name" #define NID_ms_csp_name 417 -#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L +#define OBJ_ms_csp_name OBJ_ms_corp,17L,1L #define SN_LocalKeySet "LocalKeySet" #define LN_LocalKeySet "Microsoft Local Key set" #define NID_LocalKeySet 856 -#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L +#define OBJ_LocalKeySet OBJ_ms_corp,17L,2L #define OBJ_certTypes OBJ_pkcs9,22L @@ -1328,42 +1330,62 @@ #define SN_ms_ext_req "msExtReq" #define LN_ms_ext_req "Microsoft Extension Request" #define NID_ms_ext_req 171 -#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L +#define OBJ_ms_ext_req OBJ_ms_corp,2L,1L,14L #define SN_ms_code_ind "msCodeInd" #define LN_ms_code_ind "Microsoft Individual Code Signing" #define NID_ms_code_ind 134 -#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L +#define OBJ_ms_code_ind OBJ_ms_corp,2L,1L,21L #define SN_ms_code_com "msCodeCom" #define LN_ms_code_com "Microsoft Commercial Code Signing" #define NID_ms_code_com 135 -#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L +#define OBJ_ms_code_com OBJ_ms_corp,2L,1L,22L #define SN_ms_ctl_sign "msCTLSign" #define LN_ms_ctl_sign "Microsoft Trust List Signing" #define NID_ms_ctl_sign 136 -#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L +#define OBJ_ms_ctl_sign OBJ_ms_corp,10L,3L,1L #define SN_ms_sgc "msSGC" #define LN_ms_sgc "Microsoft Server Gated Crypto" #define NID_ms_sgc 137 -#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L +#define OBJ_ms_sgc OBJ_ms_corp,10L,3L,3L #define SN_ms_efs "msEFS" #define LN_ms_efs "Microsoft Encrypted File System" #define NID_ms_efs 138 -#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L +#define OBJ_ms_efs OBJ_ms_corp,10L,3L,4L #define SN_ms_smartcard_login "msSmartcardLogin" #define LN_ms_smartcard_login "Microsoft Smartcard Login" #define NID_ms_smartcard_login 648 -#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L +#define OBJ_ms_smartcard_login OBJ_ms_corp,20L,2L,2L #define SN_ms_upn "msUPN" #define LN_ms_upn "Microsoft User Principal Name" #define NID_ms_upn 649 -#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L +#define OBJ_ms_upn OBJ_ms_corp,20L,2L,3L + +#define SN_ms_ntds_sec_ext "ms-ntds-sec-ext" +#define LN_ms_ntds_sec_ext "Microsoft NTDS CA Extension" +#define NID_ms_ntds_sec_ext 1292 +#define OBJ_ms_ntds_sec_ext OBJ_ms_corp,25L,2L + +#define SN_ms_ntds_obj_sid "ms-ntds-obj-sid" +#define LN_ms_ntds_obj_sid "Microsoft NTDS AD objectSid" +#define NID_ms_ntds_obj_sid 1291 +#define OBJ_ms_ntds_obj_sid OBJ_ms_corp,25L,2L,1L + +#define SN_ms_cert_templ "ms-cert-templ" +#define LN_ms_cert_templ "Microsoft certificate template" +#define NID_ms_cert_templ 1293 +#define OBJ_ms_cert_templ OBJ_ms_corp,21L,7L + +#define SN_ms_app_policies "ms-app-policies" +#define LN_ms_app_policies "Microsoft Application Policies Extension" +#define NID_ms_app_policies 1294 +#define OBJ_ms_app_policies OBJ_ms_corp,21L,10L #define SN_idea_cbc "IDEA-CBC" #define LN_idea_cbc "idea-cbc" @@ -5286,17 +5308,17 @@ #define SN_jurisdictionLocalityName "jurisdictionL" #define LN_jurisdictionLocalityName "jurisdictionLocalityName" #define NID_jurisdictionLocalityName 955 -#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L +#define OBJ_jurisdictionLocalityName OBJ_ms_corp,60L,2L,1L,1L #define SN_jurisdictionStateOrProvinceName "jurisdictionST" #define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" #define NID_jurisdictionStateOrProvinceName 956 -#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L +#define OBJ_jurisdictionStateOrProvinceName OBJ_ms_corp,60L,2L,1L,2L #define SN_jurisdictionCountryName "jurisdictionC" #define LN_jurisdictionCountryName "jurisdictionCountryName" #define NID_jurisdictionCountryName 957 -#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L +#define OBJ_jurisdictionCountryName OBJ_ms_corp,60L,2L,1L,3L #define SN_id_scrypt "id-scrypt" #define LN_id_scrypt "scrypt" |