mackyle/libressl-tarball-2_5_4-ev-oids.patch

## libressl-tarball-2_5_4-ev-oids.patch
From: Kyle J. McKay <mackyle@gmail.com>
Subject: [PATCH] objects: add EV subject OID names

The "EV SSL Certificate Guidelines" available from:

  https://cabforum.org/extended-validation/

defines three OIDs commonly seen in leaf certificates:

  jurisdictionLocalityName
  1.3.6.1.4.1.311.60.2.1.1

  jurisdictionStateOrProvinceName
  1.3.6.1.4.1.311.60.2.1.2

  jurisdictionCountryName
  1.3.6.1.4.1.311.60.2.1.3

Add these OID names so that certificate subjects containing
them display nicely.

Note that prior to version 1.4.6 of the EV Guidelines (which
was adopted and effective on 2014-03-24) the OID names started
with "jurisdictionOfIncorporation" instead of just "jurisdiction".

The newer, shorter, names are used here.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

---
 crypto/objects/obj_dat.h  | 28 +++++++++++++++++++++++-----
 include/openssl/obj_mac.h | 14 ++++++++++++++
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 28ce22c6..605952f4 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */

-#define NUM_NID 956
-#define NUM_SN 949
-#define NUM_LN 949
-#define NUM_OBJ 890
+#define NUM_NID 959
+#define NUM_SN 952
+#define NUM_LN 952
+#define NUM_OBJ 893

-static const unsigned char lvalues[6217]={
+static const unsigned char lvalues[6250]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
@@ -952,6 +952,9 @@ static const unsigned char lvalues[6217]={
 0x2B,0x65,0x71,                              /* [6207] OBJ_Ed448 */
 0x2B,0x65,0x72,                              /* [6210] OBJ_Ed25519ph */
 0x2B,0x65,0x73,                              /* [6213] OBJ_Ed448ph */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6216] OBJ_jurisdictionLocalityName */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6227] OBJ_jurisdictionStateOrProvinceName */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6238] OBJ_jurisdictionCountryName */
 };

 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2495,6 +2498,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"Ed448","Ed448",NID_Ed448,3,&(lvalues[6207]),0},
 {"Ed25519ph","Ed25519ph",NID_Ed25519ph,3,&(lvalues[6210]),0},
 {"Ed448ph","Ed448ph",NID_Ed448ph,3,&(lvalues[6213]),0},
+{"jurisdictionLocalityName","jurisdictionLocalityName",
+	NID_jurisdictionLocalityName,11,&(lvalues[6216]),0},
+{"jurisdictionStateOrProvinceName","jurisdictionStateOrProvinceName",
+	NID_jurisdictionStateOrProvinceName,11,&(lvalues[6227]),0},
+{"jurisdictionCountryName","jurisdictionCountryName",
+	NID_jurisdictionCountryName,11,&(lvalues[6238]),0},
 };

 static const unsigned int sn_objs[NUM_SN]={
@@ -3106,6 +3115,9 @@ static const unsigned int sn_objs[NUM_SN]={
 86,	/* "issuerAltName" */
 770,	/* "issuingDistributionPoint" */
 492,	/* "janetMailbox" */
+958,	/* "jurisdictionCountryName" */
+956,	/* "jurisdictionLocalityName" */
+957,	/* "jurisdictionStateOrProvinceName" */
 150,	/* "keyBag" */
 83,	/* "keyUsage" */
 477,	/* "lastModifiedBy" */
@@ -4047,6 +4059,9 @@ static const unsigned int ln_objs[NUM_LN]={
 645,	/* "itu-t" */
 492,	/* "janetMailbox" */
 646,	/* "joint-iso-itu-t" */
+958,	/* "jurisdictionCountryName" */
+956,	/* "jurisdictionLocalityName" */
+957,	/* "jurisdictionStateOrProvinceName" */
 150,	/* "keyBag" */
 773,	/* "kisa" */
 477,	/* "lastModifiedBy" */
@@ -5292,5 +5307,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
 154,	/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
 155,	/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
 34,	/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+956,	/* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
+957,	/* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
+958,	/* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
 };

diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index e11e2832..753ef109 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2549,6 +2549,20 @@
 #define NID_dcObject		390
 #define OBJ_dcObject		OBJ_Enterprises,1466L,344L

+#define OBJ_extendedValidation		OBJ_Enterprises,311L,60L
+
+#define LN_jurisdictionLocalityName		"jurisdictionLocalityName"
+#define NID_jurisdictionLocalityName		956
+#define OBJ_jurisdictionLocalityName		OBJ_extendedValidation,2L,1L,1L
+
+#define LN_jurisdictionStateOrProvinceName		"jurisdictionStateOrProvinceName"
+#define NID_jurisdictionStateOrProvinceName		957
+#define OBJ_jurisdictionStateOrProvinceName		OBJ_extendedValidation,2L,1L,2L
+
+#define LN_jurisdictionCountryName		"jurisdictionCountryName"
+#define NID_jurisdictionCountryName		958
+#define OBJ_jurisdictionCountryName		OBJ_extendedValidation,2L,1L,3L
+
 #define SN_mime_mhs		"mime-mhs"
 #define LN_mime_mhs		"MIME MHS"
 #define NID_mime_mhs		504

--
tg: (a722b69f..) t/ev-names (depends on: t/release)
	From: Kyle J. McKay <mackyle@gmail.com>
	Subject: [PATCH] objects: add EV subject OID names

	The "EV SSL Certificate Guidelines" available from:

	https://cabforum.org/extended-validation/

	defines three OIDs commonly seen in leaf certificates:

	jurisdictionLocalityName
	1.3.6.1.4.1.311.60.2.1.1

	jurisdictionStateOrProvinceName
	1.3.6.1.4.1.311.60.2.1.2

	jurisdictionCountryName
	1.3.6.1.4.1.311.60.2.1.3

	Add these OID names so that certificate subjects containing
	them display nicely.

	Note that prior to version 1.4.6 of the EV Guidelines (which
	was adopted and effective on 2014-03-24) the OID names started
	with "jurisdictionOfIncorporation" instead of just "jurisdiction".

	The newer, shorter, names are used here.

	Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

	---
	crypto/objects/obj_dat.h \| 28 +++++++++++++++++++++++-----
	include/openssl/obj_mac.h \| 14 ++++++++++++++
	2 files changed, 37 insertions(+), 5 deletions(-)

	diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
	index 28ce22c6..605952f4 100644
	--- a/crypto/objects/obj_dat.h
	+++ b/crypto/objects/obj_dat.h
	@@ -62,12 +62,12 @@
	* [including the GNU Public Licence.]
	*/

	-#define NUM_NID 956
	-#define NUM_SN 949
	-#define NUM_LN 949
	-#define NUM_OBJ 890
	+#define NUM_NID 959
	+#define NUM_SN 952
	+#define NUM_LN 952
	+#define NUM_OBJ 893

	-static const unsigned char lvalues[6217]={
	+static const unsigned char lvalues[6250]={
	0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
	0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
	0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
	@@ -952,6 +952,9 @@ static const unsigned char lvalues[6217]={
	0x2B,0x65,0x71, /* [6207] OBJ_Ed448 */
	0x2B,0x65,0x72, /* [6210] OBJ_Ed25519ph */
	0x2B,0x65,0x73, /* [6213] OBJ_Ed448ph */
	+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6216] OBJ_jurisdictionLocalityName */
	+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6227] OBJ_jurisdictionStateOrProvinceName */
	+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6238] OBJ_jurisdictionCountryName */
	};

	static const ASN1_OBJECT nid_objs[NUM_NID]={
	@@ -2495,6 +2498,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
	{"Ed448","Ed448",NID_Ed448,3,&(lvalues[6207]),0},
	{"Ed25519ph","Ed25519ph",NID_Ed25519ph,3,&(lvalues[6210]),0},
	{"Ed448ph","Ed448ph",NID_Ed448ph,3,&(lvalues[6213]),0},
	+{"jurisdictionLocalityName","jurisdictionLocalityName",
	+ NID_jurisdictionLocalityName,11,&(lvalues[6216]),0},
	+{"jurisdictionStateOrProvinceName","jurisdictionStateOrProvinceName",
	+ NID_jurisdictionStateOrProvinceName,11,&(lvalues[6227]),0},
	+{"jurisdictionCountryName","jurisdictionCountryName",
	+ NID_jurisdictionCountryName,11,&(lvalues[6238]),0},
	};

	static const unsigned int sn_objs[NUM_SN]={
	@@ -3106,6 +3115,9 @@ static const unsigned int sn_objs[NUM_SN]={
	86, /* "issuerAltName" */
	770, /* "issuingDistributionPoint" */
	492, /* "janetMailbox" */
	+958, /* "jurisdictionCountryName" */
	+956, /* "jurisdictionLocalityName" */
	+957, /* "jurisdictionStateOrProvinceName" */
	150, /* "keyBag" */
	83, /* "keyUsage" */
	477, /* "lastModifiedBy" */
	@@ -4047,6 +4059,9 @@ static const unsigned int ln_objs[NUM_LN]={
	645, /* "itu-t" */
	492, /* "janetMailbox" */
	646, /* "joint-iso-itu-t" */
	+958, /* "jurisdictionCountryName" */
	+956, /* "jurisdictionLocalityName" */
	+957, /* "jurisdictionStateOrProvinceName" */
	150, /* "keyBag" */
	773, /* "kisa" */
	477, /* "lastModifiedBy" */
	@@ -5292,5 +5307,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
	154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */
	155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */
	34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */
	+956, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */
	+957, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
	+958, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
	};

	diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
	index e11e2832..753ef109 100644
	--- a/include/openssl/obj_mac.h
	+++ b/include/openssl/obj_mac.h
	@@ -2549,6 +2549,20 @@
	#define NID_dcObject 390
	#define OBJ_dcObject OBJ_Enterprises,1466L,344L

	+#define OBJ_extendedValidation OBJ_Enterprises,311L,60L
	+
	+#define LN_jurisdictionLocalityName "jurisdictionLocalityName"
	+#define NID_jurisdictionLocalityName 956
	+#define OBJ_jurisdictionLocalityName OBJ_extendedValidation,2L,1L,1L
	+
	+#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName"
	+#define NID_jurisdictionStateOrProvinceName 957
	+#define OBJ_jurisdictionStateOrProvinceName OBJ_extendedValidation,2L,1L,2L
	+
	+#define LN_jurisdictionCountryName "jurisdictionCountryName"
	+#define NID_jurisdictionCountryName 958
	+#define OBJ_jurisdictionCountryName OBJ_extendedValidation,2L,1L,3L
	+
	#define SN_mime_mhs "mime-mhs"
	#define LN_mime_mhs "MIME MHS"
	#define NID_mime_mhs 504

	--
	tg: (a722b69f..) t/ev-names (depends on: t/release)