The branch master has been updated via 856198aac784fc78b4588d2b409cec9f4ecf812d (commit) from 6514dee7264d30be1ab9ab07f9798071184e7b7a (commit)
- Log ----------------------------------------------------------------- commit 856198aac784fc78b4588d2b409cec9f4ecf812d Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Fri Feb 22 18:36:00 2019 +0300 Some OIDs used in Russian X.509 certificates. OBJ_OGRNIP denotes a specific legal status of the certificate owner. OBJ_classSignTool* denotes a level of certification of the software created the certificate. http://www.garant.ru/products/ipo/prime/doc/70033464/ is the relevant link (in Russian). Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8309) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.h | 50 +++++++++++++++++++++++++++--- crypto/objects/obj_mac.num | 8 +++++ crypto/objects/objects.txt | 8 +++++ fuzz/oids.txt | 8 +++++ include/openssl/obj_mac.h | 40 ++++++++++++++++++++++++ test/recipes/25-test_rusext_data/grfc.msb | 4 +-- test/recipes/25-test_rusext_data/grfc.utf8 | 4 +-- 7 files changed, 113 insertions(+), 9 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 0abd2a8d72..440fd1d6af 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7901] = { +static const unsigned char so[7947] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1093,9 +1093,17 @@ static const unsigned char so[7901] = { 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x11, /* [ 7876] OBJ_id_it_caCerts */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x12, /* [ 7884] OBJ_id_it_rootCaKeyUpdate */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x13, /* [ 7892] OBJ_id_it_certReqTemplate */ + 0x2A,0x85,0x03,0x64,0x05, /* [ 7900] OBJ_OGRNIP */ + 0x2A,0x85,0x03,0x64,0x71, /* [ 7905] OBJ_classSignTool */ + 0x2A,0x85,0x03,0x64,0x71,0x01, /* [ 7910] OBJ_classSignToolKC1 */ + 0x2A,0x85,0x03,0x64,0x71,0x02, /* [ 7916] OBJ_classSignToolKC2 */ + 0x2A,0x85,0x03,0x64,0x71,0x03, /* [ 7922] OBJ_classSignToolKC3 */ + 0x2A,0x85,0x03,0x64,0x71,0x04, /* [ 7928] OBJ_classSignToolKB1 */ + 0x2A,0x85,0x03,0x64,0x71,0x05, /* [ 7934] OBJ_classSignToolKB2 */ + 0x2A,0x85,0x03,0x64,0x71,0x06, /* [ 7940] OBJ_classSignToolKA1 */ }; -#define NUM_NID 1226 +#define NUM_NID 1234 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2323,9 +2331,17 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"id-it-caCerts", "id-it-caCerts", NID_id_it_caCerts, 8, &so[7876]}, {"id-it-rootCaKeyUpdate", "id-it-rootCaKeyUpdate", NID_id_it_rootCaKeyUpdate, 8, &so[7884]}, {"id-it-certReqTemplate", "id-it-certReqTemplate", NID_id_it_certReqTemplate, 8, &so[7892]}, + {"OGRNIP", "OGRNIP", NID_OGRNIP, 5, &so[7900]}, + {"classSignTool", "Class of Signing Tool", NID_classSignTool, 5, &so[7905]}, + {"classSignToolKC1", "Class of Signing Tool KC1", NID_classSignToolKC1, 6, &so[7910]}, + {"classSignToolKC2", "Class of Signing Tool KC2", NID_classSignToolKC2, 6, &so[7916]}, + {"classSignToolKC3", "Class of Signing Tool KC3", NID_classSignToolKC3, 6, &so[7922]}, + {"classSignToolKB1", "Class of Signing Tool KB1", NID_classSignToolKB1, 6, &so[7928]}, + {"classSignToolKB2", "Class of Signing Tool KB2", NID_classSignToolKB2, 6, &so[7934]}, + {"classSignToolKA1", "Class of Signing Tool KA1", NID_classSignToolKA1, 6, &so[7940]}, }; -#define NUM_SN 1217 +#define NUM_SN 1225 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2526,6 +2542,7 @@ static const unsigned int sn_objs[NUM_SN] = { 178, /* "OCSP" */ 180, /* "OCSPSigning" */ 1005, /* "OGRN" */ + 1226, /* "OGRNIP" */ 379, /* "ORG" */ 18, /* "OU" */ 749, /* "Oakley-EC2N-3" */ @@ -2704,6 +2721,13 @@ static const unsigned int sn_objs[NUM_SN] = { 883, /* "certificateRevocationList" */ 54, /* "challengePassword" */ 407, /* "characteristic-two-field" */ + 1227, /* "classSignTool" */ + 1233, /* "classSignToolKA1" */ + 1231, /* "classSignToolKB1" */ + 1232, /* "classSignToolKB2" */ + 1228, /* "classSignToolKC1" */ + 1229, /* "classSignToolKC2" */ + 1230, /* "classSignToolKC3" */ 395, /* "clearance" */ 130, /* "clientAuth" */ 1222, /* "cmKGA" */ @@ -3546,7 +3570,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1217 +#define NUM_LN 1225 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3568,6 +3592,13 @@ static const unsigned int ln_objs[NUM_LN] = { 951, /* "CT Precertificate SCTs" */ 953, /* "CT Precertificate Signer" */ 1222, /* "Certificate Management Key Generation Authority" */ + 1227, /* "Class of Signing Tool" */ + 1233, /* "Class of Signing Tool KA1" */ + 1231, /* "Class of Signing Tool KB1" */ + 1232, /* "Class of Signing Tool KB2" */ + 1228, /* "Class of Signing Tool KC1" */ + 1229, /* "Class of Signing Tool KC2" */ + 1230, /* "Class of Signing Tool KC3" */ 131, /* "Code Signing" */ 1024, /* "Ctrl/Provision WAP Termination" */ 1023, /* "Ctrl/provision WAP Access" */ @@ -3688,6 +3719,7 @@ static const unsigned int ln_objs[NUM_LN] = { 371, /* "OCSP Service Locator" */ 180, /* "OCSP Signing" */ 1005, /* "OGRN" */ + 1226, /* "OGRNIP" */ 161, /* "PBES2" */ 69, /* "PBKDF2" */ 162, /* "PBMAC1" */ @@ -4767,7 +4799,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1088 +#define NUM_OBJ 1096 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5021,8 +5053,10 @@ static const unsigned int obj_objs[NUM_OBJ] = { 974, /* OBJ_id_tc26 1 2 643 7 1 */ 1005, /* OBJ_OGRN 1 2 643 100 1 */ 1006, /* OBJ_SNILS 1 2 643 100 3 */ + 1226, /* OBJ_OGRNIP 1 2 643 100 5 */ 1007, /* OBJ_subjectSignTool 1 2 643 100 111 */ 1008, /* OBJ_issuerSignTool 1 2 643 100 112 */ + 1227, /* OBJ_classSignTool 1 2 643 100 113 */ 184, /* OBJ_X9_57 1 2 840 10040 */ 405, /* OBJ_ansi_X9_62 1 2 840 10045 */ 389, /* OBJ_Enterprises 1 3 6 1 4 1 */ @@ -5111,6 +5145,12 @@ static const unsigned int obj_objs[NUM_OBJ] = { 818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ 977, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */ 994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */ + 1228, /* OBJ_classSignToolKC1 1 2 643 100 113 1 */ + 1229, /* OBJ_classSignToolKC2 1 2 643 100 113 2 */ + 1230, /* OBJ_classSignToolKC3 1 2 643 100 113 3 */ + 1231, /* OBJ_classSignToolKB1 1 2 643 100 113 4 */ + 1232, /* OBJ_classSignToolKB2 1 2 643 100 113 5 */ + 1233, /* OBJ_classSignToolKA1 1 2 643 100 113 6 */ 1, /* OBJ_rsadsi 1 2 840 113549 */ 185, /* OBJ_X9cm 1 2 840 10040 4 */ 1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index fb40663977..7d1d70ea28 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1223,3 +1223,11 @@ cmKGA 1222 id_it_caCerts 1223 id_it_rootCaKeyUpdate 1224 id_it_certReqTemplate 1225 +OGRNIP 1226 +classSignTool 1227 +classSignToolKC1 1228 +classSignToolKC2 1229 +classSignToolKC3 1230 +classSignToolKB1 1231 +classSignToolKB2 1232 +classSignToolKA1 1233 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 4aa6fc5854..8aef90d952 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1406,8 +1406,16 @@ id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 member-body 643 3 131 1 1 : INN : INN member-body 643 100 1 : OGRN : OGRN member-body 643 100 3 : SNILS : SNILS +member-body 643 100 5 : OGRNIP : OGRNIP member-body 643 100 111 : subjectSignTool : Signing Tool of Subject member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer +member-body 643 100 113 : classSignTool : Class of Signing Tool +member-body 643 100 113 1 : classSignToolKC1 : Class of Signing Tool KC1 +member-body 643 100 113 2 : classSignToolKC2 : Class of Signing Tool KC2 +member-body 643 100 113 3 : classSignToolKC3 : Class of Signing Tool KC3 +member-body 643 100 113 4 : classSignToolKB1 : Class of Signing Tool KB1 +member-body 643 100 113 5 : classSignToolKB2 : Class of Signing Tool KB2 +member-body 643 100 113 6 : classSignToolKA1 : Class of Signing Tool KA1 #GOST R34.13-2015 Grasshopper "Kuznechik" : kuznyechik-ecb diff --git a/fuzz/oids.txt b/fuzz/oids.txt index 2b4cb110ce..efbcaa416c 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1080,3 +1080,11 @@ OBJ_cmKGA="\x2B\x06\x01\x05\x05\x07\x03\x20" OBJ_id_it_caCerts="\x2B\x06\x01\x05\x05\x07\x04\x11" OBJ_id_it_rootCaKeyUpdate="\x2B\x06\x01\x05\x05\x07\x04\x12" OBJ_id_it_certReqTemplate="\x2B\x06\x01\x05\x05\x07\x04\x13" +OBJ_OGRNIP="\x2A\x85\x03\x64\x05" +OBJ_classSignTool="\x2A\x85\x03\x64\x71" +OBJ_classSignToolKC1="\x2A\x85\x03\x64\x71\x01" +OBJ_classSignToolKC2="\x2A\x85\x03\x64\x71\x02" +OBJ_classSignToolKC3="\x2A\x85\x03\x64\x71\x03" +OBJ_classSignToolKB1="\x2A\x85\x03\x64\x71\x04" +OBJ_classSignToolKB2="\x2A\x85\x03\x64\x71\x05" +OBJ_classSignToolKA1="\x2A\x85\x03\x64\x71\x06" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 18fd0ec451..5af0024989 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4452,6 +4452,11 @@ #define NID_SNILS 1006 #define OBJ_SNILS OBJ_member_body,643L,100L,3L +#define SN_OGRNIP "OGRNIP" +#define LN_OGRNIP "OGRNIP" +#define NID_OGRNIP 1226 +#define OBJ_OGRNIP OBJ_member_body,643L,100L,5L + #define SN_subjectSignTool "subjectSignTool" #define LN_subjectSignTool "Signing Tool of Subject" #define NID_subjectSignTool 1007 @@ -4462,6 +4467,41 @@ #define NID_issuerSignTool 1008 #define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L +#define SN_classSignTool "classSignTool" +#define LN_classSignTool "Class of Signing Tool" +#define NID_classSignTool 1227 +#define OBJ_classSignTool OBJ_member_body,643L,100L,113L + +#define SN_classSignToolKC1 "classSignToolKC1" +#define LN_classSignToolKC1 "Class of Signing Tool KC1" +#define NID_classSignToolKC1 1228 +#define OBJ_classSignToolKC1 OBJ_member_body,643L,100L,113L,1L + +#define SN_classSignToolKC2 "classSignToolKC2" +#define LN_classSignToolKC2 "Class of Signing Tool KC2" +#define NID_classSignToolKC2 1229 +#define OBJ_classSignToolKC2 OBJ_member_body,643L,100L,113L,2L + +#define SN_classSignToolKC3 "classSignToolKC3" +#define LN_classSignToolKC3 "Class of Signing Tool KC3" +#define NID_classSignToolKC3 1230 +#define OBJ_classSignToolKC3 OBJ_member_body,643L,100L,113L,3L + +#define SN_classSignToolKB1 "classSignToolKB1" +#define LN_classSignToolKB1 "Class of Signing Tool KB1" +#define NID_classSignToolKB1 1231 +#define OBJ_classSignToolKB1 OBJ_member_body,643L,100L,113L,4L + +#define SN_classSignToolKB2 "classSignToolKB2" +#define LN_classSignToolKB2 "Class of Signing Tool KB2" +#define NID_classSignToolKB2 1232 +#define OBJ_classSignToolKB2 OBJ_member_body,643L,100L,113L,5L + +#define SN_classSignToolKA1 "classSignToolKA1" +#define LN_classSignToolKA1 "Class of Signing Tool KA1" +#define NID_classSignToolKA1 1233 +#define OBJ_classSignToolKA1 OBJ_member_body,643L,100L,113L,6L + #define SN_kuznyechik_ecb "kuznyechik-ecb" #define NID_kuznyechik_ecb 1012 diff --git a/test/recipes/25-test_rusext_data/grfc.msb b/test/recipes/25-test_rusext_data/grfc.msb index 68ebff6274..5184e4ff7a 100644 --- a/test/recipes/25-test_rusext_data/grfc.msb +++ b/test/recipes/25-test_rusext_data/grfc.msb @@ -26,8 +26,8 @@ Certificate: 1.3.6.1.4.1.311.21.1: ... X509v3 Certificate Policies: - Policy: 1.2.643.100.113.1 - Policy: 1.2.643.100.113.2 + Policy: Class of Signing Tool KC1 + Policy: Class of Signing Tool KC2 Policy: X509v3 Any Policy Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001 Signature Value: diff --git a/test/recipes/25-test_rusext_data/grfc.utf8 b/test/recipes/25-test_rusext_data/grfc.utf8 index ebca5d6b59..a709dcf67c 100644 --- a/test/recipes/25-test_rusext_data/grfc.utf8 +++ b/test/recipes/25-test_rusext_data/grfc.utf8 @@ -26,8 +26,8 @@ Certificate: 1.3.6.1.4.1.311.21.1: ... X509v3 Certificate Policies: - Policy: 1.2.643.100.113.1 - Policy: 1.2.643.100.113.2 + Policy: Class of Signing Tool KC1 + Policy: Class of Signing Tool KC2 Policy: X509v3 Any Policy Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001 Signature Value: