Update asn1_der requirement from 0.6.1 to 0.7.1

[dependabot]

Updates the requirements on asn1_der to permit the latest version.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mxinden]

This is a lot more involved than I initially thought. My first approach:

[WIP] core: Adjust to asn_der 0.7

The asn1_der crate underwent a major refactoring between 0.6 and 0.7.
The FromDerObject and IntoDerObject as well as the Asn1Der derive
macro were replaced by leveraging serde instead with the additional
crate serde_asn1_der.

The asn1_der crate does not support ASN1 Object identifiers [1]
directly, but only through the hidden DerObject::write method. Without
direct support deriving Serialize and Deserialize through serde is
very verbose and more of a hack (see TODOs).

Code compiles and tests are passing even though serialization might be
wrong (see TODOs).

[1] KizzyCode/asn1_der-rust#4

I would suggest looking into alternatives (e.g. a different crate, contributing
OID support to asn_der, ...) before continuing on this path.

Suggestions are welcome!

[DemiMarie]

I wrote a simple DER encoder during my work on libp2p-quic, which you can find at https://github.com/DemiMarie/parity-der. I wrote it for work at Parity, but I haven’t pushed it to a Parity repository because I don’t have enough access.

[dependabot]

A newer version of asn1_der exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[koushiro]

@mxinden maybe the crate is a good alternative?

[KizzyCode]

Hey, I'm the author of asn1_der and saw this thread because it referenced one of the issues in my repo.

The jump from 6.* to 7.* is big, because I decided to use no_panic to prove the crate will never panic unless you use types that allocate memory dynamically. IMO this is an important feature, because panics are a security problem which can arise pretty easily if you work with untrusted input.
Of course asn1_der is not the only crate that supports this; there are also other crates that claim to be panic-free (e.g. untrusted).

I also decided to drop support for asn1_der_derive because obviously serde is a more complete solution. However it would be trivial to revive asn1_der_derive.

If you have questions or feedback, please open an issue :)

[romanb]

Superseded by #2000 which already has approval.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.