2022-05-10 19:25:27 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asn1crypto: updated to 1.5.1
1.5.1
Handle RSASSA-PSS in keys.PrivateKeyInfo.bit_size and keys.PublicKeyInfo.bit_size
Handle RSASSA-PSS in keys.PrivateKeyInfo.wrap and keys.PublicKeyInfo.wrap
Updated docs for keys.PrivateKeyInfo.algorithm and keys.PublicKeyInfo.algorithm \
to reflect that they can return "rsassa_pss"
1.5.0
Fix tsp.TimeStampAndCRL to be a core.Sequence instead of a core.SequenceOf via \
@joernheissler
Added OIDs for Edwards curves from RFC 8410 - via @MatthiasValvekens
Fixed convenience attributes on algos.EncryptionAlgorithm when the algorithm is \
RC2 via @joernheissler
Added Microsoft OIDs microsoft_enrollment_csp_provider (1.3.6.1.4.1.311.13.2.2), \
microsoft_os_version (1.3.6.1.4.1.311.13.2.3) and microsoft_request_client_info \
(1.3.6.1.4.1.311.21.20) to csr.CSRAttributeType along with supporting extension \
structures via @qha
Added Microsoft OID microsoft_enroll_certtype (1.3.6.1.4.1.311.20.2) to \
x509.ExtensionId via @qha
Fixed a few bugs with parsing indefinite-length encodings via @davidben
Added various bounds checks to parsing engine via @davidben
Fixed a bug with tags not always being minimally encoded via @davidben
Fixed cms.RoleSyntax, cms.SecurityCategory and cms.AttCertIssuer to have \
explicit instead of implicit tagging via @MatthiasValvekens
Fixed tagging of, and default value for fields in cms.Clearance via \
@MatthiasValvekens
Fixed calling .dump(force=True) when the value has undefined/unknown \
core.Sequence fields. Previously the value would be truncated, now the existing \
encoding is preserved.
Added sMIME capabilities (1.2.840.113549.1.9.15) support from RFC 2633 to \
cms.CMSAttribute via Hellzed
|
2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message:
*: bump PKGREVISION for egg.mk users
They now have a tool dependency on py-setuptools instead of a DEPENDS
|
2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
|
2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message:
security: Remove SHA1 hashes for distfiles
|
2020-07-29 09:25:37 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asn1crypto: updated to 1.4.0
1.4.0
- `core.ObjectIdentifier` and all derived classes now obey X.660 ยง7.6 and
thus restrict the first arc to 0 to 2, and the second arc to less than
40 if the first arc is 0 or 1. This also fixes parsing of OIDs where the
first arc is 2 and the second arc is greater than 39.
- Fixed `keys.PublicKeyInfo.bit_size` to return an int rather than a float
on Python 3 when working with elliptic curve keys
- Fixed the `asn1crypto-tests` sdist on PyPi to work properly to generate a
.whl
|
2020-01-08 12:37:49 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asn1crypto: updated to 1.3.0
1.3.0
- Added `encrypt_key_pref` (`1.2.840.113549.1.9.16.2.11`) to
`cms.CMSAttributeType()`, along with related structures
- Added Brainpool curves from RFC 5639 to `keys.NamedCurve()`
- Fixed `x509.Certificate().subject_directory_attributes_value`
- Fixed some incorrectly computed minimum elliptic curve primary key
encoding sizes in `keys.NamedCurve()`
- Fixed a `TypeError` when trying to call `.untag()` or `.copy()` on a
`core.UTCTime()` or `core.GeneralizedTime()`, or a value containing one,
when using Python 2
|
2019-10-16 16:38:58 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asn1crypto: updated to 1.2.0
1.2.0
- Added `asn1crypto.load_order()`, which returns a `list` of unicode strings
of the names of the fully-qualified module names for all of submodules of
the package. The module names are listed in their dependency load order.
This is primarily intended for the sake of implementing hot reloading.
1.1.0
- Added User ID (`0.9.2342.19200300.100.1.1`) to `x509.NameType()`
- Added various EC named curves to `keys.NamedCurve()`
|
2019-10-11 18:16:45 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-asn1crypto: updated to 1.0.1
1.0.1
Fix an absolute import in keys to a relative import
1.0.0
Backwards Compatibility Breaks
cms.KeyEncryptionAlgorithmId().native now returns the value \
"rsaes_pkcs1v15" for OID 1.2.840.113549.1.1.1 instead of \
"rsa"
Removed functionality to calculate public key values from private key values. \
Alternatives have been added to oscrypto.
keys.PrivateKeyInfo().unwrap() is now oscrypto.asymmetric.PrivateKey().unwrap()
keys.PrivateKeyInfo().public_key is now \
oscrypto.asymmetric.PrivateKey().public_key.unwrap()
keys.PrivateKeyInfo().public_key_info is now \
oscrypto.asymmetric.PrivateKey().public_key.asn1
keys.PrivateKeyInfo().fingerprint is now oscrypto.asymmetric.PrivateKey().fingerprint
keys.PublicKeyInfo().unwrap() is now oscrypto.asymmetric.PublicKey().unwrap()
keys.PublicKeyInfo().fingerprint is now oscrypto.asymmetric.PublicKey().fingerprint
Enhancements
Significantly improved parsing of core.UTCTime() and core.GeneralizedTime() \
values that include timezones and fractional seconds
util.timezone has a more complete implementation
core.Choice() may now be constructed by a 2-element tuple or a 1-key dict
Added x509.Certificate().not_valid_before and x509.Certificate().not_valid_after
Added core.BitString().unused_bits
Added keys.NamedCurve.register() for non-mainstream curve OIDs
No longer try to load optional performance dependency, libcrypto, on Mac or Linux
ocsp.CertStatus().native will now return meaningful unicode string values when \
the status choice is "good" or "unknown". Previously both \
returned None due to the way the structure was designed.
Add support for explicit RSA SSA PSS (1.2.840.113549.1.1.10) to \
keys.PublicKeyInfo() and keys.PrivateKeyInfo()
Added structures for nested SHA-256 Windows PE signatures to cms.CMSAttribute()
Added RC4 (1.2.840.113549.3.4) to algos.EncryptionAlgorithmId()
Added secp256k1 (1.3.132.0.10) to keys.NamedCurve()
Added SHA-3 and SHAKE OIDs to algos.DigestAlgorithmId() and algos.HmacAlgorithmId()
Added RSA ES OAEP (1.2.840.113549.1.1.7) to cms.KeyEncryptionAlgorithmId()
Add IKE Intermediate (1.3.6.1.5.5.8.2.2) to x509.KeyPurposeId()
x509.EmailAddress() and x509.DNSName() now handle invalidly-encoded values using \
tags for core.PrintableString() and core.UTF8String()
Add parameter structue from RFC 5084 for AES-CCM to algos.EncryptionAlgorithm()
Improved robustness of parsing broken core.Sequence() and core.SequenceOf() values
Bug Fixes
Fixed encoding of tag values over 30
core.IntegerBitString() and core.IntegerOctetString() now restrict values to \
non-negative integers since negative values are not implemented
When copying or dumping a BER-encoded indefinite-length value, automatically \
force re-encoding to DER. To ensure all nested values are always DER-encoded, \
.dump(True) must be called.
Fix UnboundLocalError when calling x509.IPAddress().native on an encoded value \
that has a length of zero
Fixed passing class_ via unicode string name to core.Asn1Value()
Fixed a bug where EC private keys with leading null bytes would be encoded in \
keys.ECPrivateKey() more narrowly than RFC 5915 requires
Fixed some edge-case bugs in util.int_to_bytes()
x509.URI() now only normalizes values when comparing
Fixed BER-decoding of indefinite length core.BitString()
Fixed DER-encoding of empty core.BitString()
Fixed a missing return value for core.Choice().parse()
Fixed core.Choice().contents working when the chosen alternative is a \
core.Choice() also
Fixed parsing and encoding of nested core.Choice() objects
Fixed a bug causing core.ObjectIdentifier().native to sometimes not map the OID
|
2017-12-17 17:54:02 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asn1crypto: updated to 0.24.0
0.24.0
- `x509.Certificate().self_signed` will no longer return `"yes"` under any
circumstances. This helps prevent confusion since the library does not
verify the signature. Instead a library like oscrypto should be used
to confirm if a certificate is self-signed.
- Added various OIDs to `x509.KeyPurposeId()`
- Added `x509.Certificate().private_key_usage_period_value`
- Added structures for parsing common subject directory attributes for
X.509 certificates, including `x509.SubjectDirectoryAttribute()`
- Added `algos.AnyAlgorithmIdentifier()` for situations where an
algorithm identifier may contain a digest, signed digest or encryption
algorithm OID
- Fixed a bug with `x509.Certificate().subject_directory_attributes_value`
not returning the correct value
- Fixed a bug where explicitly-tagged fields in a `core.Sequence()` would
not function properly when the field had a default value
- Fixed a bug with type checking in `pem.armor()`
|
2017-09-29 08:36:31 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asn1crypto: update to 0.23.0
0.23.0:
Backwards compatibility break: the tag_type, explicit_tag and explicit_class \
attributes on core.Asn1Value no longer exist and were replaced by the implicit \
and explicit attributes. Field param dicts may use the new explicit and implicit \
keys, or the old tag_type and tag keys. The attribute changes will likely to \
have little to no impact since they were primarily an implementation detail.
Teletex strings used inside of X.509 certificates are now interpreted using \
Windows-1252 (a superset of ISO-8859-1). This enables compatibility with \
certificates generated by OpenSSL. Strict parsing of Teletex strings can be \
retained by using the x509.strict_teletex() context manager.
Added support for nested explicit tagging, supporting values that are defined \
with explicit tagging and then added as a field of another structure using \
explicit tagging.
Fixed a UnicodeDecodeError when trying to find the (optional) dependency OpenSSL \
on Python 2
Fixed next_update field of crl.TbsCertList to be optional
Added the x509.Certificate.sha256_fingerprint property
x509.Certificate.ocsp_urls and x509.DistributionPoint.url will now return \
https://, ldap:// and ldaps:// URLs in addition to http://.
Added CMS Attribute Protection definitions from RFC 6211
Added OIDs from RFC 6962
|