Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311

and changed hopefully all occurences for that OID

Signed-off-by: Dragan Zuvic <dragan.zuvic@mercedes-benz.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20986)

4 files changed, 50 insertions, 20 deletions

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 3f90b7765f..ea09cc94c0 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/obj_dat.pl
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[8364] = {
+static const unsigned char so[8401] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1153,9 +1153,13 @@ static const unsigned char so[8364] = {
     0x60,0x86,0x48,0x01,0x86,0xF9,0x66,0xAD,0xCA,0x7B,0x01,0x01,  /* [ 8332] OBJ_oracle_jdk_trustedkeyusage */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x32,  /* [ 8344] OBJ_id_ct_signedTAL */
     0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0A,       /* [ 8355] OBJ_sm4_xts */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x19,0x02,0x01,  /* [ 8363] OBJ_ms_ntds_obj_sid */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x19,0x02,  /* [ 8373] OBJ_ms_ntds_sec_ext */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,  /* [ 8382] OBJ_ms_cert_templ */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x0A,  /* [ 8391] OBJ_ms_app_policies */
 };
 
-#define NUM_NID 1291
+#define NUM_NID 1295
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2448,9 +2452,13 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"brotli", "Brotli compression", NID_brotli},
     {"zstd", "Zstandard compression", NID_zstd},
     {"SM4-XTS", "sm4-xts", NID_sm4_xts, 8, &so[8355]},
+    {"ms-ntds-obj-sid", "Microsoft NTDS AD objectSid", NID_ms_ntds_obj_sid, 10, &so[8363]},
+    {"ms-ntds-sec-ext", "Microsoft NTDS CA Extension", NID_ms_ntds_sec_ext, 9, &so[8373]},
+    {"ms-cert-templ", "Microsoft certificate template", NID_ms_cert_templ, 9, &so[8382]},
+    {"ms-app-policies", "Microsoft Application Policies Extension", NID_ms_app_policies, 9, &so[8391]},
 };
 
-#define NUM_SN 1282
+#define NUM_SN 1286
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -3379,6 +3387,10 @@ static const unsigned int sn_objs[NUM_SN] = {
     1215,    /* "modp_4096" */
     1216,    /* "modp_6144" */
     1217,    /* "modp_8192" */
+    1294,    /* "ms-app-policies" */
+    1293,    /* "ms-cert-templ" */
+    1291,    /* "ms-ntds-obj-sid" */
+    1292,    /* "ms-ntds-sec-ext" */
      136,    /* "msCTLSign" */
      135,    /* "msCodeCom" */
      134,    /* "msCodeInd" */
@@ -3736,7 +3748,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1289,    /* "zstd" */
 };
 
-#define NUM_LN 1282
+#define NUM_LN 1286
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3852,16 +3864,20 @@ static const unsigned int ln_objs[NUM_LN] = {
      504,    /* "MIME MHS" */
      388,    /* "Mail" */
      383,    /* "Management" */
+    1294,    /* "Microsoft Application Policies Extension" */
      417,    /* "Microsoft CSP Name" */
      135,    /* "Microsoft Commercial Code Signing" */
      138,    /* "Microsoft Encrypted File System" */
      171,    /* "Microsoft Extension Request" */
      134,    /* "Microsoft Individual Code Signing" */
      856,    /* "Microsoft Local Key set" */
+    1291,    /* "Microsoft NTDS AD objectSid" */
+    1292,    /* "Microsoft NTDS CA Extension" */
      137,    /* "Microsoft Server Gated Crypto" */
      648,    /* "Microsoft Smartcard Login" */
      136,    /* "Microsoft Trust List Signing" */
      649,    /* "Microsoft User Principal Name" */
+    1293,    /* "Microsoft certificate template" */
     1211,    /* "NAIRealm" */
      393,    /* "NULL" */
      404,    /* "NULL" */
@@ -5022,7 +5038,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      125,    /* "zlib compression" */
 };
 
-#define NUM_OBJ 1148
+#define NUM_OBJ 1152
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -5851,6 +5867,9 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      683,    /* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
      417,    /* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
      856,    /* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
+    1293,    /* OBJ_ms_cert_templ                1 3 6 1 4 1 311 21 7 */
+    1294,    /* OBJ_ms_app_policies              1 3 6 1 4 1 311 21 10 */
+    1292,    /* OBJ_ms_ntds_sec_ext              1 3 6 1 4 1 311 25 2 */
      390,    /* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
       91,    /* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
      973,    /* OBJ_id_scrypt                    1 3 6 1 4 1 11591 4 11 */
@@ -6052,6 +6071,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      138,    /* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
      648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
      649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+    1291,    /* OBJ_ms_ntds_obj_sid              1 3 6 1 4 1 311 25 2 1 */
     1201,    /* OBJ_blake2bmac                   1 3 6 1 4 1 1722 12 2 1 */
     1202,    /* OBJ_blake2smac                   1 3 6 1 4 1 1722 12 2 2 */
      951,    /* OBJ_ct_precert_scts              1 3 6 1 4 1 11129 2 4 2 */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index f0fe5c64e5..ba3d57a5f3 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1288,3 +1288,7 @@ brainpoolP512r1tls13		1287
 brotli		1288
 zstd		1289
 sm4_xts		1290
+ms_ntds_obj_sid		1291
+ms_ntds_sec_ext		1292
+ms_cert_templ		1293
+ms_app_policies		1294
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index c08b5fc2ab..fff7040075 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index ed4746f462..c6155fe508 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -353,9 +353,10 @@ id-smime-cti 6		: id-smime-cti-ets-proofOfCreation
 
 pkcs9 20		:			: friendlyName
 pkcs9 21		:			: localKeyID
+!Alias ms-corp 1 3 6 1 4 1 311
 !Cname ms-csp-name
-1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name
-1 3 6 1 4 1 311 17 2	: LocalKeySet		: Microsoft Local Key set
+ms-corp 17 1	: CSPName		: Microsoft CSP Name
+ms-corp 17 2	: LocalKeySet		: Microsoft Local Key set
 !Alias certTypes pkcs9 22
 certTypes 1		:			: x509Certificate
 certTypes 2		:			: sdsiCertificate
@@ -435,21 +436,26 @@ rsadsi 3 8		: RC5-CBC		: rc5-cbc
 			: RC5-OFB		: rc5-ofb
 
 !Cname ms-ext-req
-1 3 6 1 4 1 311 2 1 14	: msExtReq		: Microsoft Extension Request
+ms-corp 2 1 14	: msExtReq		: Microsoft Extension Request
 !Cname ms-code-ind
-1 3 6 1 4 1 311 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
+ms-corp 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
 !Cname ms-code-com
-1 3 6 1 4 1 311 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
+ms-corp 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
 !Cname ms-ctl-sign
-1 3 6 1 4 1 311 10 3 1	: msCTLSign		: Microsoft Trust List Signing
+ms-corp 10 3 1	: msCTLSign		: Microsoft Trust List Signing
 !Cname ms-sgc
-1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+ms-corp 10 3 3	: msSGC			: Microsoft Server Gated Crypto
 !Cname ms-efs
-1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
+ms-corp 10 3 4	: msEFS			: Microsoft Encrypted File System
 !Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcard Login
+ms-corp 20 2 2	: msSmartcardLogin	: Microsoft Smartcard Login
 !Cname ms-upn
-1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft User Principal Name
+ms-corp 20 2 3	: msUPN			: Microsoft User Principal Name
+
+ms-corp 25 2	: ms-ntds-sec-ext	: Microsoft NTDS CA Extension
+ms-corp 25 2 1	: ms-ntds-obj-sid	: Microsoft NTDS AD objectSid
+ms-corp 21 7	: ms-cert-templ		: Microsoft certificate template
+ms-corp 21 10	: ms-app-policies	: Microsoft Application Policies Extension
 
 1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
 			: IDEA-ECB		: idea-ecb
@@ -1686,9 +1692,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 # CABForum EV SSL Certificate Guidelines
 # (see https://cabforum.org/extended-validation/)
 # OIDs for Subject Jurisdiction of Incorporation or Registration
-1 3 6 1 4 1 311 60 2 1 1	: jurisdictionL		: jurisdictionLocalityName
-1 3 6 1 4 1 311 60 2 1 2	: jurisdictionST	: jurisdictionStateOrProvinceName
-1 3 6 1 4 1 311 60 2 1 3	: jurisdictionC		: jurisdictionCountryName
+ms-corp 60 2 1 1	: jurisdictionL		: jurisdictionLocalityName
+ms-corp 60 2 1 2	: jurisdictionST	: jurisdictionStateOrProvinceName
+ms-corp 60 2 1 3	: jurisdictionC		: jurisdictionCountryName
 
 # SCRYPT algorithm
 !Cname id-scrypt