From d3372c2f35495d0c61ab09daf7fba3ecbbb595aa Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Sun, 24 Jan 2021 14:00:02 +0000 Subject: [PATCH] Add some PKIX-RPKI objects References: RFC6482 - A Profile for Route Origin Authorizations (ROAs) RFC6484 - Certificate Policy (CP) for the RPKI RFC6493 - The RPKI Ghostbusters Record RFC8182 - The RPKI Repository Delta Protocol (RRDP) RFC8360 - RPKI Validation Reconsidered draft-ietf-sidrops-rpki-rta - A profile for RTAs CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13948) --- crypto/objects/obj_dat.h | 70 +++++++++++++++++++++++++++++++++++--- crypto/objects/obj_mac.num | 12 +++++++ crypto/objects/objects.txt | 15 +++++++- fuzz/oids.txt | 12 +++++++ include/openssl/obj_mac.h | 51 +++++++++++++++++++++++++++ 5 files changed, 154 insertions(+), 6 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 1b852e6dfa..697cd527b3 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7947] = { +static const unsigned char so[8054] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1101,9 +1101,21 @@ static const unsigned char so[7947] = { 0x2A,0x85,0x03,0x64,0x71,0x04, /* [ 7928] OBJ_classSignToolKB1 */ 0x2A,0x85,0x03,0x64,0x71,0x05, /* [ 7934] OBJ_classSignToolKB2 */ 0x2A,0x85,0x03,0x64,0x71,0x06, /* [ 7940] OBJ_classSignToolKA1 */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x18, /* [ 7946] OBJ_id_ct_routeOriginAuthz */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1A, /* [ 7957] OBJ_id_ct_rpkiManifest */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x23, /* [ 7968] OBJ_id_ct_rpkiGhostbusters */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x24, /* [ 7979] OBJ_id_ct_resourceTaggedAttest */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E, /* [ 7990] OBJ_id_cp */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1C, /* [ 7997] OBJ_sbgp_ipAddrBlockv2 */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1D, /* [ 8005] OBJ_sbgp_autonomousSysNumv2 */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x02, /* [ 8013] OBJ_ipAddr_asNumber */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x03, /* [ 8021] OBJ_ipAddr_asNumberv2 */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0A, /* [ 8029] OBJ_rpkiManifest */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0B, /* [ 8037] OBJ_signedObject */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0D, /* [ 8045] OBJ_rpkiNotify */ }; -#define NUM_NID 1234 +#define NUM_NID 1246 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2339,9 +2351,21 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"classSignToolKB1", "Class of Signing Tool KB1", NID_classSignToolKB1, 6, &so[7928]}, {"classSignToolKB2", "Class of Signing Tool KB2", NID_classSignToolKB2, 6, &so[7934]}, {"classSignToolKA1", "Class of Signing Tool KA1", NID_classSignToolKA1, 6, &so[7940]}, + {"id-ct-routeOriginAuthz", "id-ct-routeOriginAuthz", NID_id_ct_routeOriginAuthz, 11, &so[7946]}, + {"id-ct-rpkiManifest", "id-ct-rpkiManifest", NID_id_ct_rpkiManifest, 11, &so[7957]}, + {"id-ct-rpkiGhostbusters", "id-ct-rpkiGhostbusters", NID_id_ct_rpkiGhostbusters, 11, &so[7968]}, + {"id-ct-resourceTaggedAttest", "id-ct-resourceTaggedAttest", NID_id_ct_resourceTaggedAttest, 11, &so[7979]}, + {"id-cp", "id-cp", NID_id_cp, 7, &so[7990]}, + {"sbgp-ipAddrBlockv2", "sbgp-ipAddrBlockv2", NID_sbgp_ipAddrBlockv2, 8, &so[7997]}, + {"sbgp-autonomousSysNumv2", "sbgp-autonomousSysNumv2", NID_sbgp_autonomousSysNumv2, 8, &so[8005]}, + {"ipAddr-asNumber", "ipAddr-asNumber", NID_ipAddr_asNumber, 8, &so[8013]}, + {"ipAddr-asNumberv2", "ipAddr-asNumberv2", NID_ipAddr_asNumberv2, 8, &so[8021]}, + {"rpkiManifest", "RPKI Manifest", NID_rpkiManifest, 8, &so[8029]}, + {"signedObject", "Signed Object", NID_signedObject, 8, &so[8037]}, + {"rpkiNotify", "RPKI Notify", NID_rpkiNotify, 8, &so[8045]}, }; -#define NUM_SN 1225 +#define NUM_SN 1237 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2951,7 +2975,12 @@ static const unsigned int sn_objs[NUM_SN] = { 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ + 1238, /* "id-cp" */ 787, /* "id-ct-asciiTextWithCRLF" */ + 1237, /* "id-ct-resourceTaggedAttest" */ + 1234, /* "id-ct-routeOriginAuthz" */ + 1236, /* "id-ct-rpkiGhostbusters" */ + 1235, /* "id-ct-rpkiManifest" */ 1060, /* "id-ct-xml" */ 1108, /* "id-dsa-with-sha3-224" */ 1109, /* "id-dsa-with-sha3-256" */ @@ -3167,6 +3196,8 @@ static const unsigned int sn_objs[NUM_SN] = { 647, /* "international-organizations" */ 869, /* "internationaliSDNNumber" */ 142, /* "invalidityDate" */ + 1241, /* "ipAddr-asNumber" */ + 1242, /* "ipAddr-asNumberv2" */ 294, /* "ipsecEndSystem" */ 1022, /* "ipsecIKE" */ 295, /* "ipsecTunnel" */ @@ -3317,6 +3348,8 @@ static const unsigned int sn_objs[NUM_SN] = { 877, /* "roleOccupant" */ 448, /* "room" */ 463, /* "roomNumber" */ + 1243, /* "rpkiManifest" */ + 1245, /* "rpkiNotify" */ 6, /* "rsaEncryption" */ 644, /* "rsaOAEPEncryptionSET" */ 377, /* "rsaSignature" */ @@ -3324,7 +3357,9 @@ static const unsigned int sn_objs[NUM_SN] = { 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ + 1240, /* "sbgp-autonomousSysNumv2" */ 290, /* "sbgp-ipAddrBlock" */ + 1239, /* "sbgp-ipAddrBlockv2" */ 292, /* "sbgp-routerIdentifier" */ 159, /* "sdsiCertificate" */ 859, /* "searchGuide" */ @@ -3503,6 +3538,7 @@ static const unsigned int sn_objs[NUM_SN] = { 604, /* "setext-pinAny" */ 603, /* "setext-pinSecure" */ 605, /* "setext-track2" */ + 1244, /* "signedObject" */ 52, /* "signingTime" */ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ @@ -3570,7 +3606,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1225 +#define NUM_LN 1237 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3731,6 +3767,8 @@ static const unsigned int ln_objs[NUM_LN] = { 385, /* "Private" */ 1093, /* "Professional Information or basis for Admission" */ 663, /* "Proxy Certificate Information" */ + 1243, /* "RPKI Manifest" */ + 1245, /* "RPKI Notify" */ 1, /* "RSA Data Security, Inc." */ 2, /* "RSA Data Security, Inc. PKCS" */ 1116, /* "RSA-SHA3-224" */ @@ -3752,6 +3790,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1030, /* "Send Proxied Owner" */ 1028, /* "Send Proxied Router" */ 1027, /* "Send Router" */ + 1244, /* "Signed Object" */ 1033, /* "Signing KDC Response" */ 1008, /* "Signing Tool of Issuer" */ 1007, /* "Signing Tool of Subject" */ @@ -4195,7 +4234,12 @@ static const unsigned int ln_objs[NUM_LN] = { 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ + 1238, /* "id-cp" */ 787, /* "id-ct-asciiTextWithCRLF" */ + 1237, /* "id-ct-resourceTaggedAttest" */ + 1234, /* "id-ct-routeOriginAuthz" */ + 1236, /* "id-ct-rpkiGhostbusters" */ + 1235, /* "id-ct-rpkiManifest" */ 1060, /* "id-ct-xml" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ @@ -4366,6 +4410,8 @@ static const unsigned int ln_objs[NUM_LN] = { 461, /* "info" */ 101, /* "initials" */ 869, /* "internationaliSDNNumber" */ + 1241, /* "ipAddr-asNumber" */ + 1242, /* "ipAddr-asNumberv2" */ 1022, /* "ipsec Internet Key Exchange" */ 749, /* "ipsec3" */ 750, /* "ipsec4" */ @@ -4547,7 +4593,9 @@ static const unsigned int ln_objs[NUM_LN] = { 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ + 1240, /* "sbgp-autonomousSysNumv2" */ 290, /* "sbgp-ipAddrBlock" */ + 1239, /* "sbgp-ipAddrBlockv2" */ 292, /* "sbgp-routerIdentifier" */ 973, /* "scrypt" */ 159, /* "sdsiCertificate" */ @@ -4799,7 +4847,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1096 +#define NUM_OBJ 1108 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5241,6 +5289,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ 267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ 268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ + 1238, /* OBJ_id_cp 1 3 6 1 5 5 7 14 */ 662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ 176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ 507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ @@ -5389,6 +5438,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ 1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ + 1239, /* OBJ_sbgp_ipAddrBlockv2 1 3 6 1 5 5 7 1 28 */ + 1240, /* OBJ_sbgp_autonomousSysNumv2 1 3 6 1 5 5 7 1 29 */ 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ @@ -5483,6 +5534,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ 361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ 362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ + 1241, /* OBJ_ipAddr_asNumber 1 3 6 1 5 5 7 14 2 */ + 1242, /* OBJ_ipAddr_asNumberv2 1 3 6 1 5 5 7 14 3 */ 664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ 665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ 667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ @@ -5491,6 +5544,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ 364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ + 1243, /* OBJ_rpkiManifest 1 3 6 1 5 5 7 48 10 */ + 1244, /* OBJ_signedObject 1 3 6 1 5 5 7 48 11 */ + 1245, /* OBJ_rpkiNotify 1 3 6 1 5 5 7 48 13 */ 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ 913, /* OBJ_aes_128_xts 1 3 111 2 1619 0 1 1 */ @@ -5824,8 +5880,12 @@ static const unsigned int obj_objs[NUM_OBJ] = { 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ 1058, /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */ 1059, /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */ + 1234, /* OBJ_id_ct_routeOriginAuthz 1 2 840 113549 1 9 16 1 24 */ + 1235, /* OBJ_id_ct_rpkiManifest 1 2 840 113549 1 9 16 1 26 */ 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ 1060, /* OBJ_id_ct_xml 1 2 840 113549 1 9 16 1 28 */ + 1236, /* OBJ_id_ct_rpkiGhostbusters 1 2 840 113549 1 9 16 1 35 */ + 1237, /* OBJ_id_ct_resourceTaggedAttest 1 2 840 113549 1 9 16 1 36 */ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 7d1d70ea28..9f9636f818 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1231,3 +1231,15 @@ classSignToolKC3 1230 classSignToolKB1 1231 classSignToolKB2 1232 classSignToolKA1 1233 +id_ct_routeOriginAuthz 1234 +id_ct_rpkiManifest 1235 +id_ct_rpkiGhostbusters 1236 +id_ct_resourceTaggedAttest 1237 +id_cp 1238 +sbgp_ipAddrBlockv2 1239 +sbgp_autonomousSysNumv2 1240 +ipAddr_asNumber 1241 +ipAddr_asNumberv2 1242 +rpkiManifest 1243 +signedObject 1244 +rpkiNotify 1245 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 8aef90d952..62bc8c1a8e 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -274,8 +274,12 @@ id-smime-ct 8 : id-smime-ct-DVCSResponseData id-smime-ct 9 : id-smime-ct-compressedData id-smime-ct 19 : id-smime-ct-contentCollection id-smime-ct 23 : id-smime-ct-authEnvelopedData +id-smime-ct 24 : id-ct-routeOriginAuthz +id-smime-ct 26 : id-ct-rpkiManifest id-smime-ct 27 : id-ct-asciiTextWithCRLF id-smime-ct 28 : id-ct-xml +id-smime-ct 35 : id-ct-rpkiGhostbusters +id-smime-ct 36 : id-ct-resourceTaggedAttest # S/MIME Attributes id-smime-aa 1 : id-smime-aa-receiptRequest @@ -465,6 +469,7 @@ id-pkix 8 : id-on id-pkix 9 : id-pda id-pkix 10 : id-aca id-pkix 11 : id-qcs +id-pkix 14 : id-cp id-pkix 12 : id-cct id-pkix 21 : id-ppl id-pkix 48 : id-ad @@ -503,6 +508,8 @@ id-pe 10 : ac-proxying id-pe 11 : subjectInfoAccess : Subject Information Access id-pe 14 : proxyCertInfo : Proxy Certificate Information id-pe 24 : tlsfeature : TLS Feature +id-pe 28 : sbgp-ipAddrBlockv2 +id-pe 29 : sbgp-autonomousSysNumv2 # PKIX policyQualifiers for Internet policy qualifiers id-qt 1 : id-qt-cps : Policy Qualifier CPS @@ -642,6 +649,10 @@ id-aca 6 : id-aca-encAttrs # qualified certificate statements id-qcs 1 : id-qcs-pkixQCSyntax-v1 +# PKIX Certificate Policies +id-cp 2 : ipAddr-asNumber +id-cp 3 : ipAddr-asNumberv2 + # CMC content types id-cct 1 : id-cct-crs id-cct 2 : id-cct-PKIData @@ -662,7 +673,9 @@ id-ad 3 : ad_timestamping : AD Time Stamping !Cname ad-dvcs id-ad 4 : AD_DVCS : ad dvcs id-ad 5 : caRepository : CA Repository - +id-ad 10 : rpkiManifest : RPKI Manifest +id-ad 11 : signedObject : Signed Object +id-ad 13 : rpkiNotify : RPKI Notify !Alias id-pkix-OCSP ad-OCSP !module id-pkix-OCSP diff --git a/fuzz/oids.txt b/fuzz/oids.txt index efbcaa416c..cc3f1f1401 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1088,3 +1088,15 @@ OBJ_classSignToolKC3="\x2A\x85\x03\x64\x71\x03" OBJ_classSignToolKB1="\x2A\x85\x03\x64\x71\x04" OBJ_classSignToolKB2="\x2A\x85\x03\x64\x71\x05" OBJ_classSignToolKA1="\x2A\x85\x03\x64\x71\x06" +OBJ_id_ct_routeOriginAuthz="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x18" +OBJ_id_ct_rpkiManifest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1A" +OBJ_id_ct_rpkiGhostbusters="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x23" +OBJ_id_ct_resourceTaggedAttest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x24" +OBJ_id_cp="\x2B\x06\x01\x05\x05\x07\x0E" +OBJ_sbgp_ipAddrBlockv2="\x2B\x06\x01\x05\x05\x07\x01\x1C" +OBJ_sbgp_autonomousSysNumv2="\x2B\x06\x01\x05\x05\x07\x01\x1D" +OBJ_ipAddr_asNumber="\x2B\x06\x01\x05\x05\x07\x0E\x02" +OBJ_ipAddr_asNumberv2="\x2B\x06\x01\x05\x05\x07\x0E\x03" +OBJ_rpkiManifest="\x2B\x06\x01\x05\x05\x07\x30\x0A" +OBJ_signedObject="\x2B\x06\x01\x05\x05\x07\x30\x0B" +OBJ_rpkiNotify="\x2B\x06\x01\x05\x05\x07\x30\x0D" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 89b449037f..9bf4e3b86f 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -850,6 +850,14 @@ #define NID_id_smime_ct_authEnvelopedData 1059 #define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L +#define SN_id_ct_routeOriginAuthz "id-ct-routeOriginAuthz" +#define NID_id_ct_routeOriginAuthz 1234 +#define OBJ_id_ct_routeOriginAuthz OBJ_id_smime_ct,24L + +#define SN_id_ct_rpkiManifest "id-ct-rpkiManifest" +#define NID_id_ct_rpkiManifest 1235 +#define OBJ_id_ct_rpkiManifest OBJ_id_smime_ct,26L + #define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" #define NID_id_ct_asciiTextWithCRLF 787 #define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L @@ -858,6 +866,14 @@ #define NID_id_ct_xml 1060 #define OBJ_id_ct_xml OBJ_id_smime_ct,28L +#define SN_id_ct_rpkiGhostbusters "id-ct-rpkiGhostbusters" +#define NID_id_ct_rpkiGhostbusters 1236 +#define OBJ_id_ct_rpkiGhostbusters OBJ_id_smime_ct,35L + +#define SN_id_ct_resourceTaggedAttest "id-ct-resourceTaggedAttest" +#define NID_id_ct_resourceTaggedAttest 1237 +#define OBJ_id_ct_resourceTaggedAttest OBJ_id_smime_ct,36L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -1395,6 +1411,10 @@ #define NID_id_qcs 267 #define OBJ_id_qcs OBJ_id_pkix,11L +#define SN_id_cp "id-cp" +#define NID_id_cp 1238 +#define OBJ_id_cp OBJ_id_pkix,14L + #define SN_id_cct "id-cct" #define NID_id_cct 268 #define OBJ_id_cct OBJ_id_pkix,12L @@ -1528,6 +1548,14 @@ #define NID_tlsfeature 1020 #define OBJ_tlsfeature OBJ_id_pe,24L +#define SN_sbgp_ipAddrBlockv2 "sbgp-ipAddrBlockv2" +#define NID_sbgp_ipAddrBlockv2 1239 +#define OBJ_sbgp_ipAddrBlockv2 OBJ_id_pe,28L + +#define SN_sbgp_autonomousSysNumv2 "sbgp-autonomousSysNumv2" +#define NID_sbgp_autonomousSysNumv2 1240 +#define OBJ_sbgp_autonomousSysNumv2 OBJ_id_pe,29L + #define SN_id_qt_cps "id-qt-cps" #define LN_id_qt_cps "Policy Qualifier CPS" #define NID_id_qt_cps 164 @@ -1956,6 +1984,14 @@ #define NID_id_qcs_pkixQCSyntax_v1 359 #define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L +#define SN_ipAddr_asNumber "ipAddr-asNumber" +#define NID_ipAddr_asNumber 1241 +#define OBJ_ipAddr_asNumber OBJ_id_cp,2L + +#define SN_ipAddr_asNumberv2 "ipAddr-asNumberv2" +#define NID_ipAddr_asNumberv2 1242 +#define OBJ_ipAddr_asNumberv2 OBJ_id_cp,3L + #define SN_id_cct_crs "id-cct-crs" #define NID_id_cct_crs 360 #define OBJ_id_cct_crs OBJ_id_cct,1L @@ -2008,6 +2044,21 @@ #define NID_caRepository 785 #define OBJ_caRepository OBJ_id_ad,5L +#define SN_rpkiManifest "rpkiManifest" +#define LN_rpkiManifest "RPKI Manifest" +#define NID_rpkiManifest 1243 +#define OBJ_rpkiManifest OBJ_id_ad,10L + +#define SN_signedObject "signedObject" +#define LN_signedObject "Signed Object" +#define NID_signedObject 1244 +#define OBJ_signedObject OBJ_id_ad,11L + +#define SN_rpkiNotify "rpkiNotify" +#define LN_rpkiNotify "RPKI Notify" +#define NID_rpkiNotify 1245 +#define OBJ_rpkiNotify OBJ_id_ad,13L + #define OBJ_id_pkix_OCSP OBJ_ad_OCSP #define SN_id_pkix_OCSP_basic "basicOCSPResponse" -- GitLab