delta/python-packages/cryptography.git/src/rust/cryptography-x509, branch alex-patch-2 github.com: pyca/cryptography.git support X.509 certificate PSS signing (#8888) 2023-05-11T01:09:56+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2023-05-11T01:09:56+00:00 1ef3cdb616c7a304e75c89ad458e49c1fbd5943f * support X.509 certificate PSS signing no CSR, CRL, etc * handle PSS.(MAX_LENGTH, DIGEST_LENGTH), review feedback * name the kwarg * test improvements * skip if sha3 isn't supported 
* support X.509 certificate PSS signing

no CSR, CRL, etc

* handle PSS.(MAX_LENGTH, DIGEST_LENGTH), review feedback

* name the kwarg

* test improvements

* skip if sha3 isn't supported
 Make Extensions contain an optional RawExtensions (#8900) 2023-05-10T19:20:23+00:00 Alex Gaynor alex.gaynor@gmail.com 2023-05-10T19:20:23+00:00 a8aaf19c3eb8d2ee7855d6b2c09ebe32f86aa7d5 This matter models how x.509 represents these things, and will make it easier to make Extensions an iterator in the future 
This matter models how x.509 represents these things, and will make it easier to make Extensions an iterator in the future
 certificate: add a `get_extension` helper (#8892) 2023-05-10T11:14:49+00:00 William Woodruff william@trailofbits.com 2023-05-10T11:14:49+00:00 1ff6208ec739b27ae2826d866f4d2bd3db77fd87 * certificate: add a `get_extension` helper Signed-off-by: William Woodruff <william@trailofbits.com> * certificate: OID by ref Signed-off-by: William Woodruff <william@trailofbits.com> * certificate: syntax Signed-off-by: William Woodruff <william@trailofbits.com> * x509, src: `check_duplicate_extensions` Signed-off-by: William Woodruff <william@trailofbits.com> * src: simplify Signed-off-by: William Woodruff <william@trailofbits.com> * src: everyone loves newtypes Signed-off-by: William Woodruff <william@trailofbits.com> * rust: refactor-o-rama Signed-off-by: William Woodruff <william@trailofbits.com> * src: look upon my works Signed-off-by: William Woodruff <william@trailofbits.com> * src: continue blasting the code Signed-off-by: William Woodruff <william@trailofbits.com> * src/rust: actually commit my changes Signed-off-by: William Woodruff <william@trailofbits.com> * src: clippage Signed-off-by: William Woodruff <william@trailofbits.com> * relocate Signed-off-by: William Woodruff <william@trailofbits.com> * src: dedupe Signed-off-by: William Woodruff <william@trailofbits.com> * src: cleanup Signed-off-by: William Woodruff <william@trailofbits.com> * clippage Signed-off-by: William Woodruff <william@trailofbits.com> * src: dedupe Signed-off-by: William Woodruff <william@trailofbits.com> * common: cleanup Signed-off-by: William Woodruff <william@trailofbits.com> * src: unused impls Signed-off-by: William Woodruff <william@trailofbits.com> * more deletion Signed-off-by: William Woodruff <william@trailofbits.com> * clippage Signed-off-by: William Woodruff <william@trailofbits.com> * extensions: add a `get_extension` test Signed-off-by: William Woodruff <william@trailofbits.com> * extensions: unused derives Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: dup ext check for tbs_precertificate_bytes Signed-off-by: William Woodruff <william@trailofbits.com> * certificate: remove `extensions()` Signed-off-by: William Woodruff <william@trailofbits.com> * extensions: docs Signed-off-by: William Woodruff <william@trailofbits.com> * extensions: newtype Signed-off-by: William Woodruff <william@trailofbits.com> * rust: better error types, dedupe Signed-off-by: William Woodruff <william@trailofbits.com> extensions: unwrap -> expect Signed-off-by: William Woodruff <william@trailofbits.com> * Revert "rust: better error types, dedupe" This reverts commit 212b75ff2f69a3b3cfc9d6a55949f23877f8f618. --------- Signed-off-by: William Woodruff <william@trailofbits.com> 
* certificate: add a `get_extension` helper

Signed-off-by: William Woodruff <william@trailofbits.com>

* certificate: OID by ref

Signed-off-by: William Woodruff <william@trailofbits.com>

* certificate: syntax

Signed-off-by: William Woodruff <william@trailofbits.com>

* x509, src: `check_duplicate_extensions`

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: simplify

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: everyone loves newtypes

Signed-off-by: William Woodruff <william@trailofbits.com>

* rust: refactor-o-rama

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: look upon my works

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: continue blasting the code

Signed-off-by: William Woodruff <william@trailofbits.com>

* src/rust: actually commit my changes

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: clippage

Signed-off-by: William Woodruff <william@trailofbits.com>

* relocate

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: dedupe

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: cleanup

Signed-off-by: William Woodruff <william@trailofbits.com>

* clippage

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: dedupe

Signed-off-by: William Woodruff <william@trailofbits.com>

* common: cleanup

Signed-off-by: William Woodruff <william@trailofbits.com>

* src: unused impls

Signed-off-by: William Woodruff <william@trailofbits.com>

* more deletion

Signed-off-by: William Woodruff <william@trailofbits.com>

* clippage

Signed-off-by: William Woodruff <william@trailofbits.com>

* extensions: add a `get_extension` test

Signed-off-by: William Woodruff <william@trailofbits.com>

* extensions: unused derives

Signed-off-by: William Woodruff <william@trailofbits.com>

* tests/x509: dup ext check for tbs_precertificate_bytes

Signed-off-by: William Woodruff <william@trailofbits.com>

* certificate: remove `extensions()`

Signed-off-by: William Woodruff <william@trailofbits.com>

* extensions: docs

Signed-off-by: William Woodruff <william@trailofbits.com>

* extensions: newtype

Signed-off-by: William Woodruff <william@trailofbits.com>

* rust: better error types, dedupe

Signed-off-by: William Woodruff <william@trailofbits.com>

extensions: unwrap -> expect

Signed-off-by: William Woodruff <william@trailofbits.com>

* Revert "rust: better error types, dedupe"

This reverts commit 212b75ff2f69a3b3cfc9d6a55949f23877f8f618.

---------

Signed-off-by: William Woodruff <william@trailofbits.com>
 add signature_algorithm_parameters to certificate (#8795) 2023-05-07T20:26:45+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2023-05-07T20:26:45+00:00 b436fafa7cf43c96f66d50162ac495c99ade1f39 this allows easier verification of cert signatures, but more specifically allows PSS signature verification 
this allows easier verification of cert signatures, but more
specifically allows PSS signature verification
 Bump asn1 from 0.15.1 to 0.15.2 in /src/rust (#8886) 2023-05-07T20:03:37+00:00 dependabot[bot] 49699333+dependabot[bot]@users.noreply.github.com 2023-05-07T20:03:37+00:00 e129a1ddbcb359393bb2e45e00d2cfcf64336e39 Bumps [asn1](https://github.com/alex/rust-asn1) from 0.15.1 to 0.15.2. - [Commits](https://github.com/alex/rust-asn1/compare/0.15.1...0.15.2) --- updated-dependencies: - dependency-name: asn1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
Bumps [asn1](https://github.com/alex/rust-asn1) from 0.15.1 to 0.15.2.
- [Commits](https://github.com/alex/rust-asn1/compare/0.15.1...0.15.2)

---
updated-dependencies:
- dependency-name: asn1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 invalid visible string support (#8884) 2023-05-07T16:01:33+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2023-05-07T16:01:33+00:00 0f2b72bb12b698e5787241a54ea9132837a1ec9c * invalid visible string support this allows utf8 in visiblestring, which is not valid DER. we raise a warning when this happens, but allow it since belgian eIDs, among others, have encoding errors. Belgium fixed this by 2021 (and possibly earlier), but their eID certificates have 10 year validity. * review comments * clippy 
* invalid visible string support

this allows utf8 in visiblestring, which is not valid DER. we raise a
warning when this happens, but allow it since belgian eIDs, among
others, have encoding errors. Belgium fixed this by 2021 (and possibly
earlier), but their eID certificates have 10 year validity.

* review comments

* clippy
 Use parameters instead of oids in another place (#8880) 2023-05-07T13:27:29+00:00 Alex Gaynor alex.gaynor@gmail.com 2023-05-07T13:27:29+00:00 d60796a38fe7b08b84e62203e91945c87b6d1a8e 






Use defined_by for hash AlgorithmIdentifiers (#8876)
2023-05-05T21:25:04+00:00

Alex Gaynor
alex.gaynor@gmail.com

2023-05-05T21:25:04+00:00

4da2e580a9cb6544cdaf32787677f16513bb6f6d












Use defined_by for (EC)DSA signature AlgorithmIdentifiers (#8875)
2023-05-05T20:19:29+00:00

Alex Gaynor
alex.gaynor@gmail.com

2023-05-05T20:19:29+00:00

10688d1ba27e0899812f2eb12be0d8a2a352ba85

Also fix a test that had an incorrect parameters for an OID. The test had deliberately been constructed to be invalid, but in a _different_ respect.




Also fix a test that had an incorrect parameters for an OID. The test had deliberately been constructed to be invalid, but in a _different_ respect.






Use defined_by for RSA signature AlgorithmIdentifiers (#8874)
2023-05-05T19:57:50+00:00

Alex Gaynor
alex.gaynor@gmail.com

2023-05-05T19:57:50+00:00

141bcc588098773690c04917da654f1d475c4939

I had hoped the parameters would just be Null (no Option<>), but a review of the RFC (3447, 4055) indicates that both should be allowed, though the WebPKI enforces greater constraints.




I had hoped the parameters would just be Null (no Option<>), but a review of the RFC (3447, 4055) indicates that both should be allowed, though the WebPKI enforces greater constraints.