RT2353: Add ipsec IKE OID

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

crypto/objects/obj_dat.h

@@ -60,12 +60,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 1022
+#define NUM_NID 1023
-#define NUM_SN 1015
+#define NUM_SN 1016
-#define NUM_LN 1015
+#define NUM_LN 1016
-#define NUM_OBJ 937
+#define NUM_OBJ 938
 
-static const unsigned char lvalues[6612]={
+static const unsigned char lvalues[6620]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
@@ -997,6 +997,7 @@ static const unsigned char lvalues[6612]={
 0x2A,0x85,0x03,0x64,0x6F,                    /* [6593] OBJ_subjectSignTool */
 0x2A,0x85,0x03,0x64,0x70,                    /* [6598] OBJ_issuerSignTool */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,     /* [6603] OBJ_tlsfeature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,     /* [6611] OBJ_ipsec_IKE */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2670,6 +2671,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"ChaCha20","chacha20",NID_chacha20,0,NULL,0},
 {"tlsfeature","TLS Feature",NID_tlsfeature,8,&(lvalues[6603]),0},
 {"TLS1-PRF","tls1-prf",NID_tls1_prf,0,NULL,0},
+{"ipsecIKE","ipsec Internet Key Exchange",NID_ipsec_IKE,8,
+	&(lvalues[6611]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -3337,6 +3340,7 @@ static const unsigned int sn_objs[NUM_SN]={
 869,	/* "internationaliSDNNumber" */
 142,	/* "invalidityDate" */
 294,	/* "ipsecEndSystem" */
+1022,	/* "ipsecIKE" */
 295,	/* "ipsecTunnel" */
 296,	/* "ipsecUser" */
 86,	/* "issuerAltName" */
@@ -4344,6 +4348,7 @@ static const unsigned int ln_objs[NUM_LN]={
 461,	/* "info" */
 101,	/* "initials" */
 869,	/* "internationaliSDNNumber" */
+1022,	/* "ipsec Internet Key Exchange" */
 749,	/* "ipsec3" */
 750,	/* "ipsec4" */
 181,	/* "iso" */
@@ -5263,6 +5268,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 133,	/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
 180,	/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
 297,	/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+1022,	/* OBJ_ipsec_IKE                    1 3 6 1 5 5 7 3 17 */
 298,	/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
 299,	/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
 300,	/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */

crypto/objects/obj_mac.num

@@ -1019,3 +1019,4 @@ chacha20_poly1305		1018
 chacha20		1019
 tlsfeature		1020
 tls1_prf		1021
+ipsec_IKE		1022

crypto/objects/objects.txt

@@ -497,6 +497,8 @@ id-kp 8			: timeStamping		: Time Stamping
 !Cname OCSP-sign
 id-kp 9			: OCSPSigning		: OCSP Signing
 id-kp 10		: DVCS			: dvcs
+!Cname ipsec-IKE
+id-kp 17                : ipsecIKE              : ipsec Internet Key Exchange
 
 # CMP information types
 id-it 1			: id-it-caProtEncCert

doc/apps/x509v3_config.pod

@@ -115,6 +115,8 @@ following PKIX, NS and MS values are meaningful:
  codeSigning		Code signing.
  emailProtection	E-mail Protection (S/MIME).
  timeStamping		Trusted Timestamping
+ OCSPSigning		OCSP Signing
+ ipsecIKE		ipsec Internet Key Exchnage
  msCodeInd		Microsoft Individual Code Signing (authenticode)
  msCodeCom		Microsoft Commercial Code Signing (authenticode)
  msCTLSign		Microsoft Trust List Signing

include/openssl/obj_mac.h

@@ -1557,6 +1557,11 @@
 #define NID_dvcs                297
 #define OBJ_dvcs                OBJ_id_kp,10L
 
+#define SN_ipsec_IKE            "ipsecIKE"
+#define LN_ipsec_IKE            "ipsec Internet Key Exchange"
+#define NID_ipsec_IKE           1022
+#define OBJ_ipsec_IKE           OBJ_id_kp,17L
+
 #define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
 #define NID_id_it_caProtEncCert         298
 #define OBJ_id_it_caProtEncCert         OBJ_id_it,1L