[openssl/openssl] 7dcee3: Add RFC 5755 attribute certificate support
Damian Hobson-Garcia
noreply at github.com
Wed Apr 24 13:18:32 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 7dcee34c8f921ad65277e9a75fca4a7337fbed6d
https://github.com/openssl/openssl/commit/7dcee34c8f921ad65277e9a75fca4a7337fbed6d
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M build.info
M crypto/asn1/asn1_item_list.c
M crypto/asn1/asn1_item_list.h
M crypto/x509/build.info
A crypto/x509/x509_acert.c
A crypto/x509/x509_acert.h
M crypto/x509/x_all.c
M doc/man3/PEM_read_bio_PrivateKey.pod
M doc/man3/X509_dup.pod
M doc/man3/d2i_X509.pod
A include/crypto/x509_acert.h
M include/openssl/pem.h
A include/openssl/x509_acert.h.in
M util/libcrypto.num
Log Message:
-----------
Add RFC 5755 attribute certificate support
Add support for attribute certificates (v2) as described
in RFC 5755 profile.
Attribute certificates provide a mechanism to manage authorization
information separately from the identity information provided by
public key certificates.
This initial patch adds the ASN.1 definitions
and I/O API. Accessor functions for the certificate fields
will be added in subsequent patches.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: 9e1a8b5ecce7bcf706f48805f2999bbc3d4ef09a
https://github.com/openssl/openssl/commit/9e1a8b5ecce7bcf706f48805f2999bbc3d4ef09a
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M crypto/x509/build.info
M crypto/x509/x509_acert.c
A crypto/x509/x509aset.c
M doc/build.info
A doc/man3/X509_ACERT_get0_holder_baseCertId.pod
M doc/man3/X509_get0_notBefore.pod
M doc/man3/X509_get0_signature.pod
M doc/man3/X509_get0_uids.pod
M doc/man3/X509_get_serialNumber.pod
M doc/man3/X509_get_subject_name.pod
M doc/man3/X509_get_version.pod
M include/openssl/x509_acert.h.in
M util/libcrypto.num
Log Message:
-----------
Attribute certificate getter and setter API
Only fields that are allowed by RFC 5755 are
accessible through this API. Fields that are only supported
in version 1 attribute certificates (e.g. the AttCertIssuer
v1Form fields) are not implemented.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: 6b167313f422b8744c1f4edc8688f7e6923a3a73
https://github.com/openssl/openssl/commit/6b167313f422b8744c1f4edc8688f7e6923a3a73
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M crypto/x509/build.info
A crypto/x509/t_acert.c
M doc/build.info
A doc/man3/X509_ACERT_print_ex.pod
M include/openssl/x509_acert.h.in
M util/libcrypto.num
Log Message:
-----------
Attribute certificate printing functions
Add functions to print an attribute certificate. Several
attribute value types defined by the RFC 5755 specification
are multi-field values (i.e ASN1_SEQUENCE rather than an ASN1_STRING
or similar format). Currently those values are printed using
`ASN1_item_print`. A more user-friendly output mechanism (maybe
similar to the i2r_ functions used for X509 extensions) could be
added in future.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: 62960b8710a39d58fe386a51dccbd35bd973220f
https://github.com/openssl/openssl/commit/62960b8710a39d58fe386a51dccbd35bd973220f
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M crypto/x509/x509_acert.c
M doc/build.info
A doc/man3/X509_ACERT_add1_attr.pod
A doc/man3/X509_ACERT_get_attr.pod
M include/openssl/x509_acert.h.in
M util/libcrypto.num
Log Message:
-----------
x509_acert: Add, remove and get attribute certificate attributes
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: b97fb22f596bfb528e69402b1bdcdf144a563918
https://github.com/openssl/openssl/commit/b97fb22f596bfb528e69402b1bdcdf144a563918
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M crypto/x509/x_all.c
M doc/man3/X509_sign.pod
M doc/man3/X509_verify.pod
M include/openssl/x509_acert.h.in
M util/libcrypto.num
Log Message:
-----------
x509_acert: Add API to sign and verify attribute certificates
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: 1eeec94f1fd7de60248d1093d5552dc1f05c2fc9
https://github.com/openssl/openssl/commit/1eeec94f1fd7de60248d1093d5552dc1f05c2fc9
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M crypto/x509/x509_acert.c
M doc/man3/X509V3_get_d2i.pod
M include/openssl/x509_acert.h.in
M util/libcrypto.num
Log Message:
-----------
x509_acert: Add and retrieve certificate extensions
Add API to manage attribute certificate extensions
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: 0e8020a45b2f24e85769cd2c66c41f0b7ffa21e4
https://github.com/openssl/openssl/commit/0e8020a45b2f24e85769cd2c66c41f0b7ffa21e4
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M crypto/x509/build.info
A crypto/x509/x_ietfatt.c
M doc/build.info
A doc/man3/OSSL_IETF_ATTR_SYNTAX.pod
A doc/man3/OSSL_IETF_ATTR_SYNTAX_print.pod
M doc/man3/X509_dup.pod
M doc/man3/d2i_X509.pod
M include/openssl/x509_acert.h.in
M util/libcrypto.num
M util/other.syms
Log Message:
-----------
Add IETFAttrSyntax type support
The IETFAtrrSyntax type is used for the values of several attributes
defined in RFC 5755 for use with attribute certificates.
Specifically this type is used with the "Charging Identity" and
"Group" attributes.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: f90d97caab451a49613742c09d3ec1e4e2dcf6bc
https://github.com/openssl/openssl/commit/f90d97caab451a49613742c09d3ec1e4e2dcf6bc
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M test/build.info
A test/certs/acert.pem
A test/certs/acert_ietf.pem
A test/recipes/60-test_x509_acert.t
A test/x509_acert_test.c
Log Message:
-----------
x509_acert: Add simple API tests
Add a some simple API tests for reading, printing, signing
and verifying attribute certificates.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: d10b020e2e389f4e5f5c84ce8d4512536dd3027a
https://github.com/openssl/openssl/commit/d10b020e2e389f4e5f5c84ce8d4512536dd3027a
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
A fuzz/acert.c
M fuzz/build.info
M fuzz/corpora
A test/recipes/99-test_fuzz_acert.t
Log Message:
-----------
fuzz: Add attribute certificate fuzz test
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: dab96a4f60f12b162f02ce2ddf4f70bb1e24bd5b
https://github.com/openssl/openssl/commit/dab96a4f60f12b162f02ce2ddf4f70bb1e24bd5b
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M crypto/x509/x509_acert.c
M doc/build.info
A doc/man3/X509_ACERT_add_attr_nconf.pod
M include/openssl/x509_acert.h.in
M util/libcrypto.num
Log Message:
-----------
x509_acert: Load attributes from config file section
Several of the attribute values defined for use by attribute certificates
use multi-valued data in an ASN.1 SEQUENCE. Allow reading of these values
from a configuration file, similar to how generic X.509 extensions are
handled.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: 11cd18c60d08d512cc897f7f800efa2d2e194313
https://github.com/openssl/openssl/commit/11cd18c60d08d512cc897f7f800efa2d2e194313
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
A test/certs/acert_bc1.pem
A test/certs/acert_bc2.pem
M test/recipes/60-test_x509_acert.t
Log Message:
-----------
x509_acert: Add more parsing and printing tests
These have been extracted from the boucycastle test code.
Make sure that these certificates can be safely and correctly parsed
and printed.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Commit: f892397c52ab6db813f40a0e8de3b89bffd93f66
https://github.com/openssl/openssl/commit/f892397c52ab6db813f40a0e8de3b89bffd93f66
Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M CHANGES.md
M NEWS.md
Log Message:
-----------
Add Attribute Certificate suport comments to CHANGES and NEWS
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Compare: https://github.com/openssl/openssl/compare/0339382abad5...f892397c52ab
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list