Null exts

crypto/objects/obj_dat.h

@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[8345] = {
+static const unsigned char so[8399] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1151,9 +1151,27 @@ static const unsigned char so[8345] = {
     0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,0x03,0x01,  /* [ 8315] OBJ_hmacWithSM3 */
     0x60,0x86,0x48,0x01,0x86,0xF9,0x66,            /* [ 8325] OBJ_oracle */
     0x60,0x86,0x48,0x01,0x86,0xF9,0x66,0xAD,0xCA,0x7B,0x01,0x01,  /* [ 8332] OBJ_oracle_jdk_trustedkeyusage */
+    0x55,0x1D,0x26,                                /* [ 8344] OBJ_authority_attribute_identifier */
+    0x55,0x1D,0x27,                                /* [ 8347] OBJ_role_spec_cert_identifier */
+    0x55,0x1D,0x29,                                /* [ 8350] OBJ_basic_att_constraints */
+    0x55,0x1D,0x2A,                                /* [ 8353] OBJ_delegated_name_constraints */
+    0x55,0x1D,0x2B,                                /* [ 8356] OBJ_time_specification */
+    0x55,0x1D,0x30,                                /* [ 8359] OBJ_attribute_descriptor */
+    0x55,0x1D,0x31,                                /* [ 8362] OBJ_user_notice */
+    0x55,0x1D,0x32,                                /* [ 8365] OBJ_soa_identifier */
+    0x55,0x1D,0x34,                                /* [ 8368] OBJ_acceptable_cert_policies */
+    0x55,0x1D,0x39,                                /* [ 8371] OBJ_acceptable_privilege_policies */
+    0x55,0x1D,0x3D,                                /* [ 8374] OBJ_indirect_issuer */
+    0x55,0x1D,0x3E,                                /* [ 8377] OBJ_no_assertion */
+    0x55,0x1D,0x40,                                /* [ 8380] OBJ_issued_on_behalf_of */
+    0x55,0x1D,0x41,                                /* [ 8383] OBJ_single_use */
+    0x55,0x1D,0x42,                                /* [ 8386] OBJ_group_ac */
+    0x55,0x1D,0x43,                                /* [ 8389] OBJ_allowed_attribute_assignments */
+    0x55,0x1D,0x44,                                /* [ 8392] OBJ_attribute_mappings */
+    0x55,0x1D,0x45,                                /* [ 8395] OBJ_holder_name_constraints */
 };
 
-#define NUM_NID 1284
+#define NUM_NID 1302
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2439,9 +2457,27 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"hmacWithSM3", "hmacWithSM3", NID_hmacWithSM3, 10, &so[8315]},
     {"oracle-organization", "Oracle organization", NID_oracle, 7, &so[8325]},
     {"oracle-jdk-trustedkeyusage", "Trusted key usage (Oracle)", NID_oracle_jdk_trustedkeyusage, 12, &so[8332]},
+    {"authorityAttributeIdentifier", "X509v3 Authority Attribute Identifier", NID_authority_attribute_identifier, 3, &so[8344]},
+    {"roleSpecCertIdentifier", "X509v3 Role Specification Certificate Identifier", NID_role_spec_cert_identifier, 3, &so[8347]},
+    {"basicAttConstraints", "X509v3 Basic Attribute Certificate Constraints", NID_basic_att_constraints, 3, &so[8350]},
+    {"delegatedNameConstraints", "X509v3 Delegated Name Constraints", NID_delegated_name_constraints, 3, &so[8353]},
+    {"timeSpecification", "X509v3 Time Specification", NID_time_specification, 3, &so[8356]},
+    {"attributeDescriptor", "X509v3 Attribute Descriptor", NID_attribute_descriptor, 3, &so[8359]},
+    {"userNotice", "X509v3 User Notice", NID_user_notice, 3, &so[8362]},
+    {"sOAIdentifier", "X509v3 Source of Authority Identifier", NID_soa_identifier, 3, &so[8365]},
+    {"acceptableCertPolicies", "X509v3 Acceptable Certification Policies", NID_acceptable_cert_policies, 3, &so[8368]},
+    {"acceptablePrivPolicies", "X509v3 Acceptable Privilege Policies", NID_acceptable_privilege_policies, 3, &so[8371]},
+    {"indirectIssuer", "X509v3 Indirect Issuer", NID_indirect_issuer, 3, &so[8374]},
+    {"noAssertion", "X509v3 No Assertion", NID_no_assertion, 3, &so[8377]},
+    {"issuedOnBehalfOf", "X509v3 Issued On Behalf Of", NID_issued_on_behalf_of, 3, &so[8380]},
+    {"singleUse", "X509v3 Single Use", NID_single_use, 3, &so[8383]},
+    {"groupAC", "X509v3 Group Attribute Certificate", NID_group_ac, 3, &so[8386]},
+    {"allowedAttributeAssignments", "X509v3 Allowed Attribute Assignments", NID_allowed_attribute_assignments, 3, &so[8389]},
+    {"attributeMappings", "X509v3 Attribute Mappings", NID_attribute_mappings, 3, &so[8392]},
+    {"holderNameConstraints", "X509v3 Holder Name Constraints", NID_holder_name_constraints, 3, &so[8395]},
 };
 
-#define NUM_SN 1275
+#define NUM_SN 1293
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2755,20 +2791,27 @@ static const unsigned int sn_objs[NUM_SN] = {
      287,    /* "ac-auditEntity" */
      397,    /* "ac-proxying" */
      288,    /* "ac-targeting" */
+    1292,    /* "acceptableCertPolicies" */
+    1293,    /* "acceptablePrivPolicies" */
      368,    /* "acceptableResponses" */
      446,    /* "account" */
      363,    /* "ad_timestamping" */
      376,    /* "algorithm" */
+    1299,    /* "allowedAttributeAssignments" */
      405,    /* "ansi-X9-62" */
      910,    /* "anyExtendedKeyUsage" */
      746,    /* "anyPolicy" */
      370,    /* "archiveCutoff" */
      484,    /* "associatedDomain" */
      485,    /* "associatedName" */
+    1289,    /* "attributeDescriptor" */
+    1300,    /* "attributeMappings" */
      501,    /* "audio" */
+    1284,    /* "authorityAttributeIdentifier" */
      177,    /* "authorityInfoAccess" */
       90,    /* "authorityKeyIdentifier" */
      882,    /* "authorityRevocationList" */
+    1286,    /* "basicAttConstraints" */
       87,    /* "basicConstraints" */
      365,    /* "basicOCSPResponse" */
      285,    /* "biometricInfo" */
@@ -2856,6 +2899,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      495,    /* "dSAQuality" */
      434,    /* "data" */
      390,    /* "dcobject" */
+    1287,    /* "delegatedNameConstraints" */
      140,    /* "deltaCRL" */
      891,    /* "deltaRevocationList" */
      107,    /* "description" */
@@ -2943,6 +2987,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1010,    /* "gost89-ecb" */
      812,    /* "gost94" */
      850,    /* "gost94cc" */
+    1298,    /* "groupAC" */
     1156,    /* "hmacWithDstu34311" */
      797,    /* "hmacWithMD5" */
      163,    /* "hmacWithSHA1" */
@@ -2957,6 +3002,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      430,    /* "holdInstructionCode" */
      431,    /* "holdInstructionNone" */
      433,    /* "holdInstructionReject" */
+    1301,    /* "holderNameConstraints" */
      486,    /* "homePostalAddress" */
      473,    /* "homeTelephoneNumber" */
      466,    /* "host" */
@@ -3300,6 +3346,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      676,    /* "identified-organization" */
     1170,    /* "ieee" */
     1171,    /* "ieee-siswg" */
+    1294,    /* "indirectIssuer" */
      461,    /* "info" */
      748,    /* "inhibitAnyPolicy" */
      101,    /* "initials" */
@@ -3312,6 +3359,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1022,    /* "ipsecIKE" */
      295,    /* "ipsecTunnel" */
      296,    /* "ipsecUser" */
+    1296,    /* "issuedOnBehalfOf" */
       86,    /* "issuerAltName" */
     1008,    /* "issuerSignTool" */
      770,    /* "issuingDistributionPoint" */
@@ -3376,6 +3424,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      481,    /* "nSRecord" */
      173,    /* "name" */
      666,    /* "nameConstraints" */
+    1295,    /* "noAssertion" */
      369,    /* "noCheck" */
      403,    /* "noRevAvail" */
       72,    /* "nsBaseUrl" */
@@ -3459,6 +3508,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      870,    /* "registeredAddress" */
      400,    /* "role" */
      877,    /* "roleOccupant" */
+    1285,    /* "roleSpecCertIdentifier" */
      448,    /* "room" */
      463,    /* "roomNumber" */
     1243,    /* "rpkiManifest" */
@@ -3467,6 +3517,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      644,    /* "rsaOAEPEncryptionSET" */
      377,    /* "rsaSignature" */
        1,    /* "rsadsi" */
+    1291,    /* "sOAIdentifier" */
      482,    /* "sOARecord" */
      155,    /* "safeContentsBag" */
      291,    /* "sbgp-autonomousSysNum" */
@@ -3656,6 +3707,7 @@ static const unsigned int sn_objs[NUM_SN] = {
       52,    /* "signingTime" */
      454,    /* "simpleSecurityObject" */
      496,    /* "singleLevelQuality" */
+    1297,    /* "singleUse" */
     1142,    /* "sm-scheme" */
      387,    /* "snmpv2" */
      660,    /* "street" */
@@ -3674,6 +3726,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      865,    /* "telexNumber" */
      459,    /* "textEncodedORAddress" */
      293,    /* "textNotice" */
+    1288,    /* "timeSpecification" */
      133,    /* "timeStamping" */
      106,    /* "title" */
     1020,    /* "tlsfeature" */
@@ -3697,6 +3750,7 @@ static const unsigned int sn_objs[NUM_SN] = {
       49,    /* "unstructuredName" */
      880,    /* "userCertificate" */
      465,    /* "userClass" */
+    1290,    /* "userNotice" */
      879,    /* "userPassword" */
      373,    /* "valid" */
      678,    /* "wap" */
@@ -3720,7 +3774,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1275
+#define NUM_LN 1293
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3922,29 +3976,47 @@ static const unsigned int ln_objs[NUM_LN] = {
     1035,    /* "X448" */
       12,    /* "X509" */
      402,    /* "X509v3 AC Targeting" */
+    1292,    /* "X509v3 Acceptable Certification Policies" */
+    1293,    /* "X509v3 Acceptable Privilege Policies" */
+    1299,    /* "X509v3 Allowed Attribute Assignments" */
      746,    /* "X509v3 Any Policy" */
+    1289,    /* "X509v3 Attribute Descriptor" */
+    1300,    /* "X509v3 Attribute Mappings" */
+    1284,    /* "X509v3 Authority Attribute Identifier" */
       90,    /* "X509v3 Authority Key Identifier" */
+    1286,    /* "X509v3 Basic Attribute Certificate Constraints" */
       87,    /* "X509v3 Basic Constraints" */
      103,    /* "X509v3 CRL Distribution Points" */
       88,    /* "X509v3 CRL Number" */
      141,    /* "X509v3 CRL Reason Code" */
      771,    /* "X509v3 Certificate Issuer" */
       89,    /* "X509v3 Certificate Policies" */
+    1287,    /* "X509v3 Delegated Name Constraints" */
      140,    /* "X509v3 Delta CRL Indicator" */
      126,    /* "X509v3 Extended Key Usage" */
      857,    /* "X509v3 Freshest CRL" */
+    1298,    /* "X509v3 Group Attribute Certificate" */
+    1301,    /* "X509v3 Holder Name Constraints" */
+    1294,    /* "X509v3 Indirect Issuer" */
      748,    /* "X509v3 Inhibit Any Policy" */
+    1296,    /* "X509v3 Issued On Behalf Of" */
       86,    /* "X509v3 Issuer Alternative Name" */
      770,    /* "X509v3 Issuing Distribution Point" */
       83,    /* "X509v3 Key Usage" */
      666,    /* "X509v3 Name Constraints" */
+    1295,    /* "X509v3 No Assertion" */
      403,    /* "X509v3 No Revocation Available" */
      401,    /* "X509v3 Policy Constraints" */
      747,    /* "X509v3 Policy Mappings" */
       84,    /* "X509v3 Private Key Usage Period" */
+    1285,    /* "X509v3 Role Specification Certificate Identifier" */
+    1297,    /* "X509v3 Single Use" */
+    1291,    /* "X509v3 Source of Authority Identifier" */
       85,    /* "X509v3 Subject Alternative Name" */
      769,    /* "X509v3 Subject Directory Attributes" */
       82,    /* "X509v3 Subject Key Identifier" */
+    1288,    /* "X509v3 Time Specification" */
+    1290,    /* "X509v3 User Notice" */
      920,    /* "X9.42 DH" */
      184,    /* "X9.57" */
      185,    /* "X9.57 CM ?" */
@@ -4999,7 +5071,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      125,    /* "zlib compression" */
 };
 
-#define NUM_OBJ 1146
+#define NUM_OBJ 1164
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -5112,10 +5184,28 @@ static const unsigned int obj_objs[NUM_OBJ] = {
       90,    /* OBJ_authority_key_identifier     2 5 29 35 */
      401,    /* OBJ_policy_constraints           2 5 29 36 */
      126,    /* OBJ_ext_key_usage                2 5 29 37 */
+    1284,    /* OBJ_authority_attribute_identifier 2 5 29 38 */
+    1285,    /* OBJ_role_spec_cert_identifier    2 5 29 39 */
+    1286,    /* OBJ_basic_att_constraints        2 5 29 41 */
+    1287,    /* OBJ_delegated_name_constraints   2 5 29 42 */
+    1288,    /* OBJ_time_specification           2 5 29 43 */
      857,    /* OBJ_freshest_crl                 2 5 29 46 */
+    1289,    /* OBJ_attribute_descriptor         2 5 29 48 */
+    1290,    /* OBJ_user_notice                  2 5 29 49 */
+    1291,    /* OBJ_soa_identifier               2 5 29 50 */
+    1292,    /* OBJ_acceptable_cert_policies     2 5 29 52 */
      748,    /* OBJ_inhibit_any_policy           2 5 29 54 */
      402,    /* OBJ_target_information           2 5 29 55 */
      403,    /* OBJ_no_rev_avail                 2 5 29 56 */
+    1293,    /* OBJ_acceptable_privilege_policies 2 5 29 57 */
+    1294,    /* OBJ_indirect_issuer              2 5 29 61 */
+    1295,    /* OBJ_no_assertion                 2 5 29 62 */
+    1296,    /* OBJ_issued_on_behalf_of          2 5 29 64 */
+    1297,    /* OBJ_single_use                   2 5 29 65 */
+    1298,    /* OBJ_group_ac                     2 5 29 66 */
+    1299,    /* OBJ_allowed_attribute_assignments 2 5 29 67 */
+    1300,    /* OBJ_attribute_mappings           2 5 29 68 */
+    1301,    /* OBJ_holder_name_constraints      2 5 29 69 */
      513,    /* OBJ_set_ctype                    2 23 42 0 */
      514,    /* OBJ_set_msgExt                   2 23 42 1 */
      515,    /* OBJ_set_attr                     2 23 42 3 */

crypto/objects/obj_mac.num

@@ -1281,3 +1281,21 @@ id_aa_ets_archiveTimestampV2		1280
 hmacWithSM3		1281
 oracle		1282
 oracle_jdk_trustedkeyusage		1283
+authority_attribute_identifier		1284
+role_spec_cert_identifier		1285
+basic_att_constraints		1286
+delegated_name_constraints		1287
+time_specification		1288
+attribute_descriptor		1289
+user_notice		1290
+soa_identifier		1291
+acceptable_cert_policies		1292
+acceptable_privilege_policies		1293
+indirect_issuer		1294
+no_assertion		1295
+issued_on_behalf_of		1296
+single_use		1297
+group_ac		1298
+allowed_attribute_assignments		1299
+attribute_mappings		1300
+holder_name_constraints		1301

crypto/objects/objects.txt

@@ -872,14 +872,50 @@ id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
 id-ce 36		: policyConstraints	: X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
+!Cname authority-attribute-identifier
+id-ce 38		: authorityAttributeIdentifier : X509v3 Authority Attribute Identifier
+!Cname role-spec-cert-identifier
+id-ce 39		: roleSpecCertIdentifier	: X509v3 Role Specification Certificate Identifier
+!Cname basic-att-constraints
+id-ce 41		: basicAttConstraints		: X509v3 Basic Attribute Certificate Constraints
+!Cname delegated-name-constraints
+id-ce 42 		: delegatedNameConstraints	: X509v3 Delegated Name Constraints
+!Cname time-specification
+id-ce 43		: timeSpecification			: X509v3 Time Specification
 !Cname freshest-crl
 id-ce 46		: freshestCRL		: X509v3 Freshest CRL
+!Cname attribute-descriptor
+id-ce 48		: attributeDescriptor		: X509v3 Attribute Descriptor
+!Cname user-notice
+id-ce 49		: userNotice				: X509v3 User Notice
+!Cname soa-identifier
+id-ce 50        : sOAIdentifier     : X509v3 Source of Authority Identifier
+!Cname acceptable-cert-policies
+id-ce 52		: acceptableCertPolicies	: X509v3 Acceptable Certification Policies
 !Cname inhibit-any-policy
 id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
 !Cname target-information
 id-ce 55		: targetInformation	: X509v3 AC Targeting
 !Cname no-rev-avail
 id-ce 56		: noRevAvail		: X509v3 No Revocation Available
+!Cname acceptable-privilege-policies
+id-ce 57		: acceptablePrivPolicies	: X509v3 Acceptable Privilege Policies
+!Cname indirect-issuer
+id-ce 61		: indirectIssuer			: X509v3 Indirect Issuer
+!Cname no-assertion
+id-ce 62        : noAssertion       : X509v3 No Assertion
+!Cname issued-on-behalf-of
+id-ce 64		: issuedOnBehalfOf	: X509v3 Issued On Behalf Of
+!Cname single-use
+id-ce 65		: singleUse			: X509v3 Single Use
+!Cname group-ac
+id-ce 66		: groupAC			: X509v3 Group Attribute Certificate
+!Cname allowed-attribute-assignments
+id-ce 67		: allowedAttributeAssignments		: X509v3 Allowed Attribute Assignments
+!Cname attribute-mappings
+id-ce 68		: attributeMappings		: X509v3 Attribute Mappings
+!Cname holder-name-constraints
+id-ce 69		: holderNameConstraints	: X509v3 Holder Name Constraints
 
 # From RFC5280
 ext-key-usage 0		: anyExtendedKeyUsage	: Any Extended Key Usage

crypto/x509/build.info

@@ -15,7 +15,8 @@ SOURCE[../../libcrypto]=\
         v3_pcia.c v3_pci.c v3_ist.c \
         pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
         v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c \
-        x509_acert.c t_acert.c x509aset.c x_ietfatt.c
+        x509_acert.c t_acert.c x509aset.c x_ietfatt.c \
+        v3_no_rev_avail.c v3_soa_id.c v3_no_ass.c v3_group_ac.c
 
 IF[{- !$disabled{'deprecated-3.0'} -}]
   SOURCE[../../libcrypto]=x509type.c

crypto/x509/ext_dat.h

@@ -25,3 +25,7 @@ extern const X509V3_EXT_METHOD ossl_v3_tls_feature;
 extern const X509V3_EXT_METHOD ossl_v3_ext_admission;
 extern const X509V3_EXT_METHOD ossl_v3_utf8_list[1];
 extern const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool;
+extern const X509V3_EXT_METHOD ossl_v3_group_ac;
+extern const X509V3_EXT_METHOD ossl_v3_soa_identifier;
+extern const X509V3_EXT_METHOD ossl_v3_no_assertion;
+extern const X509V3_EXT_METHOD ossl_v3_no_rev_avail;

crypto/x509/standard_exts.h

@@ -53,6 +53,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #endif
     &ossl_v3_sinfo,
     &ossl_v3_policy_constraints,
+    &ossl_v3_no_rev_avail,
 #ifndef OPENSSL_NO_OCSP
     &ossl_v3_crl_hold,
 #endif
@@ -71,7 +72,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &ossl_v3_utf8_list[0],
     &ossl_v3_issuer_sign_tool,
     &ossl_v3_tls_feature,
-    &ossl_v3_ext_admission
+    &ossl_v3_ext_admission,
+    &ossl_v3_soa_identifier,
+    &ossl_v3_no_assertion,
+    &ossl_v3_group_ac,
 };
 
 /* Number of standard extensions */