- May 04, 2024
-
-
Alex Gaynor authored
* Upgrade openssl package for libressl 3.9.1 support * Ensure a good error message when cffi module fails to import * CHANGELOG * Bump version for 42.0.6 release * It's not FIPS anymore * Resolve new clippy warnings (#10755) The fixes themselves are of marginal value
🙃 * fix warning from latest nightly rust (#10486) * fix warning from latest nightly rust * Update lib.rs
-
- Feb 24, 2024
-
-
Alex Gaynor authored
-
Alex Gaynor authored
-
Paul Kehrer authored
Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.20.2 to 0.20.3. - [Release notes](https://github.com/pyo3/pyo3/releases) - [Changelog](https://github.com/PyO3/pyo3/blob/v0.20.3/CHANGELOG.md) - [Commits](https://github.com/pyo3/pyo3/compare/v0.20.2...v0.20.3 ) --- updated-dependencies: - dependency-name: pyo3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Feb 21, 2024
-
-
Alex Gaynor authored
-
Alex Gaynor authored
* Fix ASN.1 for S/MIME capabilities. The current implementation defines the SMIMECapabilities attribute so that its value is a SEQUENCE of all the algorithm OIDs that are supported. However, the S/MIME v3 spec (RFC 2633) specifies that each algorithm should be specified in its own SEQUENCE: SMIMECapabilities ::= SEQUENCE OF SMIMECapability SMIMECapability ::= SEQUENCE { capabilityID OBJECT IDENTIFIER, parameters ANY DEFINED BY capabilityID OPTIONAL } (RFC 2633, Appendix A) This commit changes the implementation so that each algorithm is inside its own SEQUENCE. This also matches the OpenSSL implementation. * Fix the RSA OID used for signing PKCS#7/SMIME The current implementation computes the algorithm identifier used in the `digest_encryption_algorithm` PKCS#7 field (or `SignatureAlgorithmIdentifier` in S/MIME) based on both the algorithm used to sign (e.g. RSA) and the digest algorithm (e.g. SHA512). This is correct for ECDSA signatures, where the OIDs used include the digest algorithm (e.g: ecdsa-with-SHA512). However, due to historical reasons, when signing with RSA the OID specified should be the one corresponding to just RSA ("1.2.840.113549.1.1.1" rsaEncryption), rather than OIDs which also include the digest algorithm (such as "1.2.840.113549.1.1.13", sha512WithRSAEncryption). This means that the logic to compute the algorithm identifier is the same except when signing with RSA, in which case the OID will always be `rsaEncryption`. This is consistent with the OpenSSL implementation, and the RFCs that define PKCS#7 and S/MIME. See RFC 3851 (section 2.2), and RFC 3370 (section 3.2) for more details. * Add tests for the changes in PKCS7 signing * PKCS7 fixes from code review * Update CHANGELOG Co-authored-by: Facundo Tuesca <facundo.tuesca@trailofbits.com>
-
- Feb 20, 2024
-
-
Alex Gaynor authored
-
- Feb 18, 2024
-
-
Paul Kehrer authored
* Check to see if we can use the hosted M1 runners (#10340) * Stop pretending to be x64 on M1 in CI (#10341) --------- Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
-
- Feb 16, 2024
-
-
Paul Kehrer authored
-
Paul Kehrer authored
we previously hoisted this into rust, but we used the try_load feature which supposedly retains fallbacks. Something about that doesn't behave the way we expect though and the machinery in providers is sufficiently complex that we are just going to load the default provider explicitly. this matches our behavior pre-rust.
-
- Feb 04, 2024
-
-
Paul Kehrer authored
* initialize openssl's legacy provider in rust (#10323) * initialize openssl's legacy provider in rust as we oxidize we need to do this here to ensure it actually happens * alex is a comment format pedant * remove the memleak tests (#10322) they are fragile, haven't caught regressions, and increasingly pointless as we oxidize.
-
- Jan 31, 2024
-
-
Paul Kehrer authored
-
Paul Kehrer authored
-
- Jan 30, 2024
-
-
Alex Gaynor authored
-
- Jan 27, 2024
-
-
Paul Kehrer authored
and update our docs to show it as well
-
- Jan 26, 2024
-
-
Paul Kehrer authored
this was never documented but previously worked in <42. we now also document that this is supported to confuse ourselves less.
-
- Jan 25, 2024
-
-
Paul Kehrer authored
we removed version as an arg, but didn't remove it from the click decorator
-
Paul Kehrer authored
* 42.0.1 bump * Update CHANGELOG.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> --------- Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
-
Paul Kehrer authored
* allow SPKI RSA keys to be parsed even if they have an incorrect delimiter This allows RSA SPKI keys (typically delimited with PUBLIC KEY) to be parsed even if they are using the RSA PUBLIC KEY delimiter. * formatting * use original error if nothing parses, don't let it parse non-RSA
-
- Jan 23, 2024
-
-
Paul Kehrer authored
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
-
Paul Kehrer authored
-
Paul Kehrer authored
* we'll ship 3.2.0 for 42 * invalidate the caches, sigh
-
pyca-boringbot[bot] authored
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
-
pyca-boringbot[bot] authored
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
-
William Woodruff authored
* verification: add test_verify_tz_aware Signed-off-by: William Woodruff <william@trailofbits.com> * py_to_datetime handles tzinfo, add test Signed-off-by: William Woodruff <william@trailofbits.com> * Update src/rust/src/x509/common.rs Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * x509/common: coverage for the coverage god Signed-off-by: William Woodruff <william@trailofbits.com> --------- Signed-off-by: William Woodruff <william@trailofbits.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
-
Facundo Tuesca authored
* Migrate PKCS7 backend to Rust * Disable PKCS7 functions under BoringSSL * Misc PKCS7 fixes
-
- Jan 22, 2024
-
-
Alex Gaynor authored
-
Alex Gaynor authored
-
Alex Gaynor authored
-
Alex Gaynor authored
-
Alex Gaynor authored
-
- Jan 21, 2024
-
-
Alex Gaynor authored
-
Alex Gaynor authored
-
Alex Gaynor authored
-
Alex Gaynor authored
-
dependabot[bot] authored
Bumps [dnspython](https://github.com/rthalley/dnspython) from 2.4.2 to 2.5.0. - [Release notes](https://github.com/rthalley/dnspython/releases) - [Changelog](https://github.com/rthalley/dnspython/blob/master/doc/whatsnew.rst) - [Commits](https://github.com/rthalley/dnspython/compare/v2.4.2...v2.5.0 ) --- updated-dependencies: - dependency-name: dnspython dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.76 to 1.0.78. - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.76...1.0.78 ) --- updated-dependencies: - dependency-name: proc-macro2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Jan 20, 2024
-
-
dependabot[bot] authored
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.62 to 0.10.63. - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63 ) --- updated-dependencies: - dependency-name: openssl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
pyca-boringbot[bot] authored
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [openssl-sys](https://github.com/sfackler/rust-openssl) from 0.9.98 to 0.9.99. - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.98...openssl-sys-v0.9.99 ) --- updated-dependencies: - dependency-name: openssl-sys dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-