Workflow

Asn1crypto

Latest version: v1.5.1

Safety actively analyzes 628918 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 7

1.0.1

- Fix an absolute import in `keys` to a relative import

1.0.0

- Backwards Compatibility Breaks
- `cms.KeyEncryptionAlgorithmId().native` now returns the value
`"rsaes_pkcs1v15"` for OID `1.2.840.113549.1.1.1` instead of `"rsa"`
- Removed functionality to calculate public key values from private key
values. Alternatives have been added to oscrypto.
- `keys.PrivateKeyInfo().unwrap()` is now
`oscrypto.asymmetric.PrivateKey().unwrap()`
- `keys.PrivateKeyInfo().public_key` is now
`oscrypto.asymmetric.PrivateKey().public_key.unwrap()`
- `keys.PrivateKeyInfo().public_key_info` is now
`oscrypto.asymmetric.PrivateKey().public_key.asn1`
- `keys.PrivateKeyInfo().fingerprint` is now
`oscrypto.asymmetric.PrivateKey().fingerprint`
- `keys.PublicKeyInfo().unwrap()` is now
`oscrypto.asymmetric.PublicKey().unwrap()`
- `keys.PublicKeyInfo().fingerprint` is now
`oscrypto.asymmetric.PublicKey().fingerprint`
- Enhancements
- Significantly improved parsing of `core.UTCTime()` and
`core.GeneralizedTime()` values that include timezones and fractional
seconds
- `util.timezone` has a more complete implementation
- `core.Choice()` may now be constructed by a 2-element tuple or a 1-key
dict
- Added `x509.Certificate().not_valid_before` and
`x509.Certificate().not_valid_after`
- Added `core.BitString().unused_bits`
- Added `keys.NamedCurve.register()` for non-mainstream curve OIDs
- No longer try to load optional performance dependency, `libcrypto`,
on Mac or Linux
- `ocsp.CertStatus().native` will now return meaningful unicode string
values when the status choice is `"good"` or `"unknown"`. Previously
both returned `None` due to the way the structure was designed.
- Add support for explicit RSA SSA PSS (`1.2.840.113549.1.1.10`) to
`keys.PublicKeyInfo()` and `keys.PrivateKeyInfo()`
- Added structures for nested SHA-256 Windows PE signatures to
`cms.CMSAttribute()`
- Added RC4 (`1.2.840.113549.3.4`) to `algos.EncryptionAlgorithmId()`
- Added secp256k1 (`1.3.132.0.10`) to `keys.NamedCurve()`
- Added SHA-3 and SHAKE OIDs to `algos.DigestAlgorithmId()` and
`algos.HmacAlgorithmId()`
- Added RSA ES OAEP (`1.2.840.113549.1.1.7`) to
`cms.KeyEncryptionAlgorithmId()`
- Add IKE Intermediate (`1.3.6.1.5.5.8.2.2`) to `x509.KeyPurposeId()`
- `x509.EmailAddress()` and `x509.DNSName()` now handle invalidly-encoded
values using tags for `core.PrintableString()` and `core.UTF8String()`
- Add parameter structue from RFC 5084 for AES-CCM to
`algos.EncryptionAlgorithm()`
- Improved robustness of parsing broken `core.Sequence()` and
`core.SequenceOf()` values
- Bug Fixes
- Fixed encoding of tag values over 30
- `core.IntegerBitString()` and `core.IntegerOctetString()` now restrict
values to non-negative integers since negative values are not
implemented
- When copying or dumping a BER-encoded indefinite-length value,
automatically force re-encoding to DER. *To ensure all nested values are
always DER-encoded, `.dump(True)` must be called.*
- Fix `UnboundLocalError` when calling `x509.IPAddress().native` on an
encoded value that has a length of zero
- Fixed passing `class_` via unicode string name to `core.Asn1Value()`
- Fixed a bug where EC private keys with leading null bytes would be
encoded in `keys.ECPrivateKey()` more narrowly than RFC 5915 requires
- Fixed some edge-case bugs in `util.int_to_bytes()`
- `x509.URI()` now only normalizes values when comparing
- Fixed BER-decoding of indefinite length `core.BitString()`
- Fixed DER-encoding of empty `core.BitString()`
- Fixed a missing return value for `core.Choice().parse()`
- Fixed `core.Choice().contents` working when the chosen alternative is a
`core.Choice()` also
- Fixed parsing and encoding of nested `core.Choice()` objects
- Fixed a bug causing `core.ObjectIdentifier().native` to sometimes not
map the OID
- Packaging
- `wheel`, `sdist` and `bdist_egg` releases now all include LICENSE,
`sdist` includes docs
- Added `asn1crypto_tests` package to PyPi

0.24.0

- `x509.Certificate().self_signed` will no longer return `"yes"` under any
circumstances. This helps prevent confusion since the library does not
verify the signature. Instead a library like oscrypto should be used
to confirm if a certificate is self-signed.
- Added various OIDs to `x509.KeyPurposeId()`
- Added `x509.Certificate().private_key_usage_period_value`
- Added structures for parsing common subject directory attributes for
X.509 certificates, including `x509.SubjectDirectoryAttribute()`
- Added `algos.AnyAlgorithmIdentifier()` for situations where an
algorithm identifier may contain a digest, signed digest or encryption
algorithm OID
- Fixed a bug with `x509.Certificate().subject_directory_attributes_value`
not returning the correct value
- Fixed a bug where explicitly-tagged fields in a `core.Sequence()` would
not function properly when the field had a default value
- Fixed a bug with type checking in `pem.armor()`

0.23.0

- Backwards compatibility break: the `tag_type`, `explicit_tag` and
`explicit_class` attributes on `core.Asn1Value` no longer exist and were
replaced by the `implicit` and `explicit` attributes. Field param dicts
may use the new `explicit` and `implicit` keys, or the old `tag_type` and
`tag` keys. The attribute changes will likely to have little to no impact
since they were primarily an implementation detail.
- Teletex strings used inside of X.509 certificates are now interpreted
using Windows-1252 (a superset of ISO-8859-1). This enables compatibility
with certificates generated by OpenSSL. Strict parsing of Teletex strings
can be retained by using the `x509.strict_teletex()` context manager.
- Added support for nested explicit tagging, supporting values that are
defined with explicit tagging and then added as a field of another
structure using explicit tagging.
- Fixed a `UnicodeDecodeError` when trying to find the (optional) dependency
OpenSSL on Python 2
- Fixed `next_update` field of `crl.TbsCertList` to be optional
- Added the `x509.Certificate.sha256_fingerprint` property
- `x509.Certificate.ocsp_urls` and `x509.DistributionPoint.url` will now
return `https://`, `ldap://` and `ldaps://` URLs in addition to `http://`.
- Added CMS Attribute Protection definitions from RFC 6211
- Added OIDs from RFC 6962

0.22.0

- Added `parser.peek()`
- Implemented proper support for BER-encoded indefinite length strings of
all kinds - `core.BitString`, `core.OctetString` and all of the `core`
classes that are natively represented as Python unicode strings
- Fixed a bug with encoding LDAP URLs in `x509.URI`
- Correct `x509.DNSName` to allow a leading `.`, such as when used with
`x509.NameConstraints`
- Fixed an issue with dumping the parsed contents of `core.Any` when
explicitly tagged
- Custom `setup.py clean` now accepts the short `-a` flag for compatibility

0.21.1

- Fixed a regression where explicit tagging of a field containing a
`core.Choice` would result in an incorrect header
- Fixed a bug where an `IndexError` was being raised instead of a `ValueError`
when a value was truncated to not include enough bytes for the header
- Corrected the spec for the `value` field of `pkcs12.Attribute`
- Added support for `2.16.840.1.113894.746875.1.1` OID to
`pkcs12.AttributeType`

Page 2 of 7

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.