All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
1.4.0
- `core.ObjectIdentifier` and all derived classes now obey X.660 §7.6 and
thus restrict the first arc to 0 to 2, and the second arc to less than
40 if the first arc is 0 or 1. This also fixes parsing of OIDs where the
first arc is 2 and the second arc is greater than 39.
- Fixed `keys.PublicKeyInfo.bit_size` to return an int rather than a float
on Python 3 when working with elliptic curve keys
- Fixed the `asn1crypto-tests` sdist on PyPi to work properly to generate a
.whl
1.3.0
- Added `encrypt_key_pref` (`1.2.840.113549.1.9.16.2.11`) to
`cms.CMSAttributeType()`, along with related structures
- Added Brainpool curves from RFC 5639 to `keys.NamedCurve()`
- Fixed `x509.Certificate().subject_directory_attributes_value`
- Fixed some incorrectly computed minimum elliptic curve primary key
encoding sizes in `keys.NamedCurve()`
- Fixed a `TypeError` when trying to call `.untag()` or `.copy()` on a
`core.UTCTime()` or `core.GeneralizedTime()`, or a value containing one,
when using Python 2
1.2.0
- Added `asn1crypto.load_order()`, which returns a `list` of unicode strings
of the names of the fully-qualified module names for all of submodules of
the package. The module names are listed in their dependency load order.
This is primarily intended for the sake of implementing hot reloading.
1.1.0
- Added User ID (`0.9.2342.19200300.100.1.1`) to `x509.NameType()`
- Added various EC named curves to `keys.NamedCurve()`
1.0.1
Fix an absolute import in keys to a relative import
1.0.0
Backwards Compatibility Breaks
cms.KeyEncryptionAlgorithmId().native now returns the value "rsaes_pkcs1v15" for OID 1.2.840.113549.1.1.1 instead of "rsa"
Removed functionality to calculate public key values from private key values. Alternatives have been added to oscrypto.
keys.PrivateKeyInfo().unwrap() is now oscrypto.asymmetric.PrivateKey().unwrap()
keys.PrivateKeyInfo().public_key is now oscrypto.asymmetric.PrivateKey().public_key.unwrap()
keys.PrivateKeyInfo().public_key_info is now oscrypto.asymmetric.PrivateKey().public_key.asn1
keys.PrivateKeyInfo().fingerprint is now oscrypto.asymmetric.PrivateKey().fingerprint
keys.PublicKeyInfo().unwrap() is now oscrypto.asymmetric.PublicKey().unwrap()
keys.PublicKeyInfo().fingerprint is now oscrypto.asymmetric.PublicKey().fingerprint
Enhancements
Significantly improved parsing of core.UTCTime() and core.GeneralizedTime() values that include timezones and fractional seconds
util.timezone has a more complete implementation
core.Choice() may now be constructed by a 2-element tuple or a 1-key dict
Added x509.Certificate().not_valid_before and x509.Certificate().not_valid_after
Added core.BitString().unused_bits
Added keys.NamedCurve.register() for non-mainstream curve OIDs
No longer try to load optional performance dependency, libcrypto, on Mac or Linux
ocsp.CertStatus().native will now return meaningful unicode string values when the status choice is "good" or "unknown". Previously both returned None due to the way the structure was designed.
Add support for explicit RSA SSA PSS (1.2.840.113549.1.1.10) to keys.PublicKeyInfo() and keys.PrivateKeyInfo()
Added structures for nested SHA-256 Windows PE signatures to cms.CMSAttribute()
Added RC4 (1.2.840.113549.3.4) to algos.EncryptionAlgorithmId()
Added secp256k1 (1.3.132.0.10) to keys.NamedCurve()
Added SHA-3 and SHAKE OIDs to algos.DigestAlgorithmId() and algos.HmacAlgorithmId()
Added RSA ES OAEP (1.2.840.113549.1.1.7) to cms.KeyEncryptionAlgorithmId()
Add IKE Intermediate (1.3.6.1.5.5.8.2.2) to x509.KeyPurposeId()
x509.EmailAddress() and x509.DNSName() now handle invalidly-encoded values using tags for core.PrintableString() and core.UTF8String()
Add parameter structue from RFC 5084 for AES-CCM to algos.EncryptionAlgorithm()
Improved robustness of parsing broken core.Sequence() and core.SequenceOf() values
Bug Fixes
Fixed encoding of tag values over 30
core.IntegerBitString() and core.IntegerOctetString() now restrict values to non-negative integers since negative values are not implemented
When copying or dumping a BER-encoded indefinite-length value, automatically force re-encoding to DER. To ensure all nested values are always DER-encoded, .dump(True) must be called.
Fix UnboundLocalError when calling x509.IPAddress().native on an encoded value that has a length of zero
Fixed passing class_ via unicode string name to core.Asn1Value()
Fixed a bug where EC private keys with leading null bytes would be encoded in keys.ECPrivateKey() more narrowly than RFC 5915 requires
Fixed some edge-case bugs in util.int_to_bytes()
x509.URI() now only normalizes values when comparing
Fixed BER-decoding of indefinite length core.BitString()
Fixed DER-encoding of empty core.BitString()
Fixed a missing return value for core.Choice().parse()
Fixed core.Choice().contents working when the chosen alternative is a core.Choice() also
Fixed parsing and encoding of nested core.Choice() objects
Fixed a bug causing core.ObjectIdentifier().native to sometimes not map the OID
0.24.0
- `x509.Certificate().self_signed` will no longer return `"yes"` under any
circumstances. This helps prevent confusion since the library does not
verify the signature. Instead a library like oscrypto should be used
to confirm if a certificate is self-signed.
- Added various OIDs to `x509.KeyPurposeId()`
- Added `x509.Certificate().private_key_usage_period_value`
- Added structures for parsing common subject directory attributes for
X.509 certificates, including `x509.SubjectDirectoryAttribute()`
- Added `algos.AnyAlgorithmIdentifier()` for situations where an
algorithm identifier may contain a digest, signed digest or encryption
algorithm OID
- Fixed a bug with `x509.Certificate().subject_directory_attributes_value`
not returning the correct value
- Fixed a bug where explicitly-tagged fields in a `core.Sequence()` would
not function properly when the field had a default value
- Fixed a bug with type checking in `pem.armor()`
0.23.0:
Backwards compatibility break: the tag_type, explicit_tag and explicit_class attributes on core.Asn1Value no longer exist and were replaced by the implicit and explicit attributes. Field param dicts may use the new explicit and implicit keys, or the old tag_type and tag keys. The attribute changes will likely to have little to no impact since they were primarily an implementation detail.
Teletex strings used inside of X.509 certificates are now interpreted using Windows-1252 (a superset of ISO-8859-1). This enables compatibility with certificates generated by OpenSSL. Strict parsing of Teletex strings can be retained by using the x509.strict_teletex() context manager.
Added support for nested explicit tagging, supporting values that are defined with explicit tagging and then added as a field of another structure using explicit tagging.
Fixed a UnicodeDecodeError when trying to find the (optional) dependency OpenSSL on Python 2
Fixed next_update field of crl.TbsCertList to be optional
Added the x509.Certificate.sha256_fingerprint property
x509.Certificate.ocsp_urls and x509.DistributionPoint.url will now return https://, ldap:// and ldaps:// URLs in addition to http://.
Added CMS Attribute Protection definitions from RFC 6211
Added OIDs from RFC 6962
Added parser.peek()
Implemented proper support for BER-encoded indefinite length strings of all kinds - core.BitString, core.OctetString and all of the core classes that are natively represented as Python unicode strings
Fixed a bug with encoding LDAP URLs in x509.URI
Correct x509.DNSName to allow a leading ., such as when used with x509.NameConstraints
Fixed an issue with dumping the parsed contents of core.Any when explicitly tagged
Custom setup.py clean now accepts the short -a flag for compatibility
Fast ASN.1 parser and serializer with definitions for private keys,
public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, PKCS#8,
PKCS#12, PKCS#5, X.509 and TSP.
