All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
Use github distfile because pypi one is missing.
Revision 0.2.8, released 16-11-2019
-----------------------------------
- Improve test routines for modules that use certificate extensions
- Improve test for RFC3709 with a real world certificate
- Added RFC7633 providing TLS Features Certificate Extension
- Added RFC7229 providing OIDs for Test Certificate Policies
- Added tests for RFC3280, RFC3281, RFC3852, and RFC4211
- Added RFC6960 providing Online Certificate Status Protocol (OCSP)
- Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms
- Updated the handling of maps for use with openType for RFC 3279
- Added RFC6486 providing RPKI Manifests
- Added RFC6487 providing Profile for X.509 PKIX Resource Certificates
- Added RFC6170 providing Certificate Image in the Internet X.509 Public
Key Infrastructure, and import the object identifier into RFC3709.
- Added RFC6187 providing Certificates for Secure Shell Authentication
- Added RFC6482 providing RPKI Route Origin Authorizations (ROAs)
- Added RFC6664 providing S/MIME Capabilities for Public Keys
- Added RFC6120 providing Extensible Messaging and Presence Protocol
names in certificates
- Added RFC4985 providing Subject Alternative Name for expression of
service names in certificates
- Added RFC5924 providing Extended Key Usage for Session Initiation
Protocol (SIP) in X.509 certificates
- Added RFC5916 providing Device Owner Attribute
- Added RFC7508 providing Securing Header Fields with S/MIME
- Update RFC8226 to use ComponentPresentConstraint() instead of the
previous work around
- Add RFC2631 providing OtherInfo for Diffie-Hellman Key Agreement
- Add RFC3114 providing test values for the S/MIME Security Label
- Add RFC5755 providing Attribute Certificate Profile for Authorization
- Add RFC5913 providing Clearance Attribute and Authority Clearance
Constraints Certificate Extension
- Add RFC5917 providing Clearance Sponsor Attribute
- Add RFC4043 providing Internet X.509 PKI Permanent Identifier
- Add RFC7585 providing Network Access Identifier (NAI) Realm Name
for Certificates
- Update RFC3770 to support openType for attributes and reported errata
- Add RFC4334 providing Certificate Extensions and Attributes for
Authentication in PPP and Wireless LAN Networks
Revision 0.2.7:
- Added maps for use with openType to RFC 3565
- Added RFC2985 providing PKCS#9 Attributes
- Added RFC3770 providing Certificate Extensions and Attributes for
Authentication in PPP and Wireless LAN Networks
- Added RFC5914 providing Trust Anchor Format
- Added RFC6010 providing CMS Content Constraints (CCC) Extension
- Added RFC6031 providing CMS Symmetric Key Package Content Type
- Added RFC6032 providing CMS Encrypted Key Package Content Type
- Added RFC7030 providing Enrollment over Secure Transport (EST)
- Added RFC7292 providing PKCS #12, which is the Personal Information
Exchange Syntax v1.1
- Added RFC8018 providing PKCS #5, which is the Password-Based
Cryptography Specification, Version 2.1
- Automatically update the maps for use with openType for RFC3709,
RFC6402, RFC7191, and RFC8226 when the module is imported
- Added RFC6211 providing CMS Algorithm Identifier Protection Attribute
- Added RFC8449 providing Certificate Extension for Hash Of Root Key
- Updated RFC2459 and RFC5280 for TODO in the certificate extension map
- Added RFC7906 providing NSA's CMS Key Management Attributes
- Added RFC7894 providing EST Alternative Challenge Password Attributes
- Updated the handling of maps for use with openType so that just doing
an import of the modules is enough in most situations; updates to
RFC 2634, RFC 3274, RFC 3779, RFC 4073, RFC 4108, RFC 5035, RFC 5083,
RFC 5084, RFC 5480, RFC 5940, RFC 5958, RFC 6019, and RFC 8520
- Updated the handling of attribute maps for use with openType in
RFC 5958 to use the rfc5652.cmsAttributesMap
- Added RFC5990 providing RSA-KEM Key Transport Algorithm in the CMS
- Fixed malformed `rfc4210.RevRepContent` data structure layout
- Added RFC5934 providing Trust Anchor Management Protocol (TAMP)
- Added RFC6210 providing Experiment for Hash Functions with Parameters
- Added RFC5751 providing S/MIME Version 3.2 Message Specification
- Added RFC8494 providing Multicast Email (MULE) over ACP 142
- Added RFC8398 providing Internationalized Email Addresses in
X.509 Certificates
- Added RFC8419 providing Edwards-Curve Digital Signature Algorithm
(EdDSA) Signatures in the CMS
- Added RFC8479 providing Storing Validation Parameters in PKCS#8
- Added RFC8360 providing Resource Public Key Infrastructure (RPKI)
Validation Reconsidered
- Added RFC8358 providing Digital Signatures on Internet-Draft Documents
- Added RFC8209 providing BGPsec Router PKI Profile
- Added RFC8017 providing PKCS #1 Version 2.2
- Added RFC7914 providing scrypt Password-Based Key Derivation Function
- Added RFC7773 providing Authentication Context Certificate Extension
Revision 0.2.6:
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
in CMS
- Added RFC6019 providing BinaryTime - an alternate format
for representing Date and Time
- RFC3565 superseded by RFC5649
- Added RFC5480 providng Elliptic Curve Cryptography Subject
Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support
- Added RFC3709 providing Logotypes in X.509 Certificates
- Added RFC3274 providing CMS Compressed Data Content Type
- Added RFC4073 providing Multiple Contents protection with CMS
- Added RFC2634 providing Enhanced Security Services for S/MIME
- Added RFC5915 providing Elliptic Curve Private Key
- Added RFC5940 providing CMS Revocation Information Choices
- Added RFC7296 providing IKEv2 Certificate Bundle
- Added RFC8619 providing HKDF Algorithm Identifiers
- Added RFC7191 providing CMS Key Package Receipt and Error Content
Types
- Added openType support for ORAddress Extension Attributes and
Algorithm Identifiers in the RFC5280 module
- Added RFC5035 providing Update to Enhanced Security Services for
S/MIME
- Added openType support for CMS Content Types and CMS Attributes
in the RFC5652 module
- Added openType support to RFC 2986 by importing definitions from
the RFC 5280 module so that the same maps are used.
- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709,
RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480,
RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226,
and RFC 8520
- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf`
and `SetOf` objects via `subtypeConstraint` attribute to be applied
via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint
objects as `subtypeConstraint`, the former is only verified on
de/serialization i.e. when the [constructed] object at hand is fully
populated, while the latter is applied to [scalar] types at the moment
of instantiation.
Revision 0.2.5:
- Added module RFC5958 providing Asymmetric Key Packages,
which is essentially version 2 of the PrivateKeyInfo
structure in PKCS#8 in RFC 5208
- Added module RFC8410 providing algorithm Identifiers for
Ed25519, Ed448, X25519, and X448
- Added module RFC8418 providing Elliptic Curve Diffie-Hellman
(ECDH) Key Agreement Algorithm with X25519 and X448
- Added module RFC3565 providing Elliptic Curve Diffie-Hellman
Key Agreement Algorithm use with X25519 and X448 in the
Cryptographic Message Syntax (CMS)
- Added module RFC4108 providing CMS Firmware Wrapper
- Added module RFC3779 providing X.509 Extensions for IP
Addresses and AS Identifiers
- Added module RFC4055 providing additional Algorithms and
Identifiers for RSA Cryptography for use in Certificates
and CRLs
Revision 0.2.4:
- Added modules for RFC8226 implementing JWT Claim Constraints
and TN Authorization List for X.509 certificate extensions
- Fixed bug in rfc5280.AlgorithmIdentifier ANY type definition
Revision 0.2.1, released 23-11-2017
- Allow ANY DEFINED BY objects expanding automatically if requested
- Imports PEP8'ed
Revision 0.1.5, released 10-10-2017
- OCSP response blob fixed in test
- Fixed wrong OCSP ResponderID components tagging
Revision 0.1.4, released 07-09-2017
- Typo fixed in the dependency spec
Revision 0.1.3, released 07-09-2017
- Apparently, pip>=1.5.6 is still widely used and it is not PEP440
compliant. Had to replace the `~=` version dependency spec with a
sequence of simple comparisons to remain compatible with the aging pip.
Revision 0.1.2, released 07-09-2017
- Pinned to pyasn1 ~0.3.4
Revision 0.1.1, released 27-08-2017
- Tests refactored into proper unit tests
- pem.readBase64fromText() convenience function added
- Pinned to pyasn1 0.3.3
- Wheel distribution format now supported
- Fix to misspelled rfc2459.id_at_sutname variable
- Fix to misspelled rfc2459.NameConstraints component tag ID
- Fix to misspelled rfc2459.GeneralSubtree component default status
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Revision 0.0.6
--------------
- Typo fix to id_kp_serverAuth object value
- A test case for indefinite length encoding eliminated as it's
forbidden in DER.
This is a small but growing collection of ASN.1 data structures
expressed in Python terms using the pyasn1 data model.
It's thought to be useful to protocol developers and testers.