From 11fad7ad118d49c869ff050951f386a0bf5358fc Mon Sep 17 00:00:00 2001
From: Mike Marcacci <mike.marcacci@gmail.com>
Date: Fri, 13 Mar 2026 09:58:13 -0700
Subject: [PATCH 1/5] Add rustcrypto as a backend

I have a need for a pure-rust toolchain, even if it comes with some performance penalty.

This adds a verify-rustcrypto feature that uses rustcrypto in place of ring or aws-lc-rs. The only meaningful changes are in verify.rs.

I used substantial AI to check these implementations for correctness against the corresponding RFC's, but I am NOT an expert. This is working well in my proof-of-concept, but needs careful scrutiny by a human who has more familiarity with these specs than me.

A couple notes:
- Both ring and aws-lc-rs don't appear to support arbetrary salt lengths, while rustcrypto does.
- The rustcrypto backend doesn't support ECDSA cross-pairings. It might be possible to work around this, but it's my understanding is this is rare in practice.
---
 Cargo.lock                                    | 837 +++++++++++-------
 Cargo.toml                                    |  11 +-
 assets/ecdsa_p256_sha256.der                  | Bin 0 -> 483 bytes
 assets/ecdsa_p384_sha384.der                  | Bin 0 -> 545 bytes
 .../rsa-pss/self_signed_sha256_saltlen42.der  | Bin 0 -> 983 bytes
 examples/print-cert.rs                        |   6 +-
 src/certificate.rs                            |  21 +-
 src/certification_request.rs                  |  21 +-
 src/lib.rs                                    |  19 +-
 src/revocation_list.rs                        |  27 +-
 src/verify.rs                                 | 226 +++++
 tests/readcrl.rs                              |   6 +-
 tests/readcsr.rs                              |   6 +-
 tests/verify.rs                               |  46 +-
 14 files changed, 907 insertions(+), 319 deletions(-)
 create mode 100644 assets/ecdsa_p256_sha256.der
 create mode 100644 assets/ecdsa_p384_sha384.der
 create mode 100644 assets/rsa-pss/self_signed_sha256_saltlen42.der

diff --git a/Cargo.lock b/Cargo.lock
index be67eae..b3f4df2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2,15 +2,6 @@
 # It is not intended for manual editing.
 version = 3
 
-[[package]]
-name = "aho-corasick"
-version = "1.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "asn1-rs"
 version = "0.7.1"
@@ -58,9 +49,9 @@ checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
 
 [[package]]
 name = "aws-lc-rs"
-version = "1.13.3"
+version = "1.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba"
+checksum = "94bffc006df10ac2a68c83692d734a465f8ee6c5b384d8545a636f81d858f4bf"
 dependencies = [
  "aws-lc-sys",
  "untrusted 0.7.1",
@@ -69,11 +60,10 @@ dependencies = [
 
 [[package]]
 name = "aws-lc-sys"
-version = "0.30.0"
+version = "0.38.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff"
+checksum = "4321e568ed89bb5a7d291a7f37997c2c0df89809d7b6d12062c81ddb54aa782e"
 dependencies = [
- "bindgen",
  "cc",
  "cmake",
  "dunce",
@@ -81,85 +71,133 @@ dependencies = [
 ]
 
 [[package]]
-name = "bindgen"
-version = "0.69.5"
+name = "base16ct"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
-dependencies = [
- "bitflags",
- "cexpr",
- "clang-sys",
- "itertools",
- "lazy_static",
- "lazycell",
- "log",
- "prettyplease",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash",
- "shlex",
- "syn",
- "which",
-]
+checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
 
 [[package]]
-name = "bitflags"
-version = "2.9.1"
+name = "base64ct"
+version = "1.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"
+checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06"
+
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
 
 [[package]]
 name = "cc"
-version = "1.2.32"
+version = "1.2.56"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2352e5597e9c544d5e6d9c95190d5d27738ade584fa8db0a16e130e5c2b5296e"
+checksum = "aebf35691d1bfb0ac386a69bac2fde4dd276fb618cf8bf4f5318fe285e821bb2"
 dependencies = [
+ "find-msvc-tools",
  "jobserver",
  "libc",
  "shlex",
 ]
 
 [[package]]
-name = "cexpr"
-version = "0.6.0"
+name = "cfg-if"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
+
+[[package]]
+name = "cmake"
+version = "0.1.57"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+checksum = "75443c44cd6b379beb8c5b45d85d0773baf31cce901fe7bb252f4eff3008ef7d"
 dependencies = [
- "nom",
+ "cc",
 ]
 
 [[package]]
-name = "cfg-if"
-version = "1.0.1"
+name = "const-oid"
+version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
 [[package]]
-name = "clang-sys"
-version = "1.8.1"
+name = "cpufeatures"
+version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
 dependencies = [
- "glob",
  "libc",
- "libloading",
 ]
 
 [[package]]
-name = "cmake"
-version = "0.1.54"
+name = "crypto-bigint"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0"
+checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
 dependencies = [
- "cc",
+ "generic-array",
+ "rand_core",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "4.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "digest",
+ "fiat-crypto",
+ "rustc_version",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
 ]
 
 [[package]]
 name = "data-encoding"
-version = "2.9.0"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476"
+checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea"
+
+[[package]]
+name = "der"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
+dependencies = [
+ "const-oid",
+ "pem-rfc7468",
+ "zeroize",
+]
 
 [[package]]
 name = "der-parser"
@@ -177,13 +215,25 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.4.0"
+version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
+checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
 dependencies = [
  "powerfmt",
 ]
 
+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "const-oid",
+ "crypto-common",
+ "subtle",
+]
+
 [[package]]
 name = "displaydoc"
 version = "0.2.5"
@@ -202,87 +252,168 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
 
 [[package]]
-name = "either"
-version = "1.15.0"
+name = "ecdsa"
+version = "0.16.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
+checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
+dependencies = [
+ "der",
+ "digest",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+ "spki",
+]
 
 [[package]]
-name = "errno"
-version = "0.3.13"
+name = "ed25519"
+version = "2.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad"
+checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
 dependencies = [
- "libc",
- "windows-sys 0.60.2",
+ "pkcs8",
+ "signature",
+]
+
+[[package]]
+name = "ed25519-dalek"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9"
+dependencies = [
+ "curve25519-dalek",
+ "ed25519",
+ "serde",
+ "sha2",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "elliptic-curve"
+version = "0.13.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
+dependencies = [
+ "base16ct",
+ "crypto-bigint",
+ "digest",
+ "ff",
+ "generic-array",
+ "group",
+ "hkdf",
+ "pem-rfc7468",
+ "pkcs8",
+ "rand_core",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "ff"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
+dependencies = [
+ "rand_core",
+ "subtle",
 ]
 
+[[package]]
+name = "fiat-crypto"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
+
+[[package]]
+name = "find-msvc-tools"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
+
 [[package]]
 name = "fs_extra"
 version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
 
+[[package]]
+name = "generic-array"
+version = "0.14.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2"
+dependencies = [
+ "typenum",
+ "version_check",
+ "zeroize",
+]
+
 [[package]]
 name = "getrandom"
-version = "0.2.16"
+version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592"
+checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
 dependencies = [
  "cfg-if",
  "libc",
- "wasi 0.11.1+wasi-snapshot-preview1",
+ "wasi",
 ]
 
 [[package]]
 name = "getrandom"
-version = "0.3.3"
+version = "0.3.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4"
+checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
 dependencies = [
  "cfg-if",
  "libc",
  "r-efi",
- "wasi 0.14.2+wasi-0.2.4",
+ "wasip2",
 ]
 
 [[package]]
-name = "glob"
-version = "0.3.3"
+name = "group"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
+dependencies = [
+ "ff",
+ "rand_core",
+ "subtle",
+]
 
 [[package]]
-name = "home"
-version = "0.5.11"
+name = "hkdf"
+version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf"
+checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
 dependencies = [
- "windows-sys 0.59.0",
+ "hmac",
 ]
 
 [[package]]
-name = "itertools"
+name = "hmac"
 version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
 dependencies = [
- "either",
+ "digest",
 ]
 
 [[package]]
 name = "itoa"
-version = "1.0.15"
+version = "1.0.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
+checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2"
 
 [[package]]
 name = "jobserver"
-version = "0.1.33"
+version = "0.1.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38f262f097c174adebe41eb73d66ae9c06b2844fb0da69969647bbddd9b0538a"
+checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33"
 dependencies = [
- "getrandom 0.3.3",
+ "getrandom 0.3.4",
  "libc",
 ]
 
@@ -291,46 +422,27 @@ name = "lazy_static"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
-
-[[package]]
-name = "lazycell"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
-
-[[package]]
-name = "libc"
-version = "0.2.175"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543"
-
-[[package]]
-name = "libloading"
-version = "0.8.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"
 dependencies = [
- "cfg-if",
- "windows-targets 0.53.3",
+ "spin",
 ]
 
 [[package]]
-name = "linux-raw-sys"
-version = "0.4.15"
+name = "libc"
+version = "0.2.183"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
+checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d"
 
 [[package]]
-name = "log"
-version = "0.4.27"
+name = "libm"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
+checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981"
 
 [[package]]
 name = "memchr"
-version = "2.7.5"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0"
+checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "minimal-lexical"
@@ -358,11 +470,27 @@ dependencies = [
  "num-traits",
 ]
 
+[[package]]
+name = "num-bigint-dig"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7"
+dependencies = [
+ "lazy_static",
+ "libm",
+ "num-integer",
+ "num-iter",
+ "num-traits",
+ "rand",
+ "smallvec",
+ "zeroize",
+]
+
 [[package]]
 name = "num-conv"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
 
 [[package]]
 name = "num-integer"
@@ -373,6 +501,17 @@ dependencies = [
  "num-traits",
 ]
 
+[[package]]
+name = "num-iter"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
 [[package]]
 name = "num-traits"
 version = "0.2.19"
@@ -380,6 +519,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
 dependencies = [
  "autocfg",
+ "libm",
 ]
 
 [[package]]
@@ -392,10 +532,58 @@ dependencies = [
 ]
 
 [[package]]
-name = "once_cell"
-version = "1.21.3"
+name = "p256"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "primeorder",
+ "sha2",
+]
+
+[[package]]
+name = "p384"
+version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
+checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "primeorder",
+ "sha2",
+]
+
+[[package]]
+name = "pem-rfc7468"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
+dependencies = [
+ "base64ct",
+]
+
+[[package]]
+name = "pkcs1"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
+dependencies = [
+ "der",
+ "pkcs8",
+ "spki",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
 
 [[package]]
 name = "powerfmt"
@@ -404,29 +592,37 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
 
 [[package]]
-name = "prettyplease"
-version = "0.2.36"
+name = "ppv-lite86"
+version = "0.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff24dfcda44452b9816fff4cd4227e1bb73ff5a2f1bc1105aa92fb8565ce44d2"
+checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
 dependencies = [
- "proc-macro2",
- "syn",
+ "zerocopy",
+]
+
+[[package]]
+name = "primeorder"
+version = "0.13.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
+dependencies = [
+ "elliptic-curve",
 ]
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.97"
+version = "1.0.106"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d61789d7719defeb74ea5fe81f2fdfdbd28a803847077cecce2ff14e1472f6f1"
+checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
 dependencies = [
  "unicode-ident",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.40"
+version = "1.0.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
+checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
 dependencies = [
  "proc-macro2",
 ]
@@ -438,33 +634,43 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
 
 [[package]]
-name = "regex"
-version = "1.11.1"
+name = "rand"
+version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
- "aho-corasick",
- "memchr",
- "regex-automata",
- "regex-syntax",
+ "rand_chacha",
+ "rand_core",
 ]
 
 [[package]]
-name = "regex-automata"
-version = "0.4.9"
+name = "rand_chacha"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
 dependencies = [
- "aho-corasick",
- "memchr",
- "regex-syntax",
+ "ppv-lite86",
+ "rand_core",
 ]
 
 [[package]]
-name = "regex-syntax"
-version = "0.8.5"
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.17",
+]
+
+[[package]]
+name = "rfc6979"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
+checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
+dependencies = [
+ "hmac",
+ "subtle",
+]
 
 [[package]]
 name = "ring"
@@ -474,17 +680,40 @@ checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
 dependencies = [
  "cc",
  "cfg-if",
- "getrandom 0.2.16",
+ "getrandom 0.2.17",
  "libc",
  "untrusted 0.9.0",
- "windows-sys 0.52.0",
+ "windows-sys",
 ]
 
 [[package]]
-name = "rustc-hash"
-version = "1.1.0"
+name = "rsa"
+version = "0.9.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d"
+dependencies = [
+ "const-oid",
+ "digest",
+ "num-bigint-dig",
+ "num-integer",
+ "num-traits",
+ "pkcs1",
+ "pkcs8",
+ "rand_core",
+ "signature",
+ "spki",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "rustc_version"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
+dependencies = [
+ "semver",
+]
 
 [[package]]
 name = "rusticata-macros"
@@ -496,49 +725,125 @@ dependencies = [
 ]
 
 [[package]]
-name = "rustix"
-version = "0.38.44"
+name = "sec1"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
+checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
 dependencies = [
- "bitflags",
- "errno",
- "libc",
- "linux-raw-sys",
- "windows-sys 0.59.0",
+ "base16ct",
+ "der",
+ "generic-array",
+ "pkcs8",
+ "subtle",
+ "zeroize",
 ]
 
+[[package]]
+name = "semver"
+version = "1.0.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2"
+
 [[package]]
 name = "serde"
-version = "1.0.219"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.219"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn",
 ]
 
+[[package]]
+name = "sha1"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
 [[package]]
 name = "shlex"
 version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
 
+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest",
+ "rand_core",
+]
+
+[[package]]
+name = "smallvec"
+version = "1.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
+
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
 [[package]]
 name = "syn"
-version = "2.0.105"
+version = "2.0.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7bc3fcb250e53458e712715cf74285c1f889686520d79294a9ef3bd7aa1fc619"
+checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -558,18 +863,18 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "2.0.14"
+version = "2.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b0949c3a6c842cbde3f1686d6eea5a010516deb7085f79db747562d4102f41e"
+checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.14"
+version = "2.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc5b44b4ab9c2fdd0e0512e6bece8388e214c0749f5862b114cc5b7a25daf227"
+checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -578,40 +883,46 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.41"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
 dependencies = [
  "deranged",
  "itoa",
  "num-conv",
  "powerfmt",
- "serde",
+ "serde_core",
  "time-core",
  "time-macros",
 ]
 
 [[package]]
 name = "time-core"
-version = "0.1.4"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
 
 [[package]]
 name = "time-macros"
-version = "0.2.22"
+version = "0.2.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
 dependencies = [
  "num-conv",
  "time-core",
 ]
 
+[[package]]
+name = "typenum"
+version = "1.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"
+
 [[package]]
 name = "unicode-ident"
-version = "1.0.18"
+version = "1.0.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
+checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
 
 [[package]]
 name = "untrusted"
@@ -626,63 +937,33 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
 [[package]]
-name = "wasi"
-version = "0.11.1+wasi-snapshot-preview1"
+name = "version_check"
+version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
 
 [[package]]
 name = "wasi"
-version = "0.14.2+wasi-0.2.4"
+version = "0.11.1+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
-dependencies = [
- "wit-bindgen-rt",
-]
+checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
 
 [[package]]
-name = "which"
-version = "4.4.2"
+name = "wasip2"
+version = "1.0.2+wasi-0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5"
 dependencies = [
- "either",
- "home",
- "once_cell",
- "rustix",
+ "wit-bindgen",
 ]
 
-[[package]]
-name = "windows-link"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
-
 [[package]]
 name = "windows-sys"
 version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
 dependencies = [
- "windows-targets 0.52.6",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.59.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
-dependencies = [
- "windows-targets 0.52.6",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.60.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
-dependencies = [
- "windows-targets 0.53.3",
+ "windows-targets",
 ]
 
 [[package]]
@@ -691,31 +972,14 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
 dependencies = [
- "windows_aarch64_gnullvm 0.52.6",
- "windows_aarch64_msvc 0.52.6",
- "windows_i686_gnu 0.52.6",
- "windows_i686_gnullvm 0.52.6",
- "windows_i686_msvc 0.52.6",
- "windows_x86_64_gnu 0.52.6",
- "windows_x86_64_gnullvm 0.52.6",
- "windows_x86_64_msvc 0.52.6",
-]
-
-[[package]]
-name = "windows-targets"
-version = "0.53.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91"
-dependencies = [
- "windows-link",
- "windows_aarch64_gnullvm 0.53.0",
- "windows_aarch64_msvc 0.53.0",
- "windows_i686_gnu 0.53.0",
- "windows_i686_gnullvm 0.53.0",
- "windows_i686_msvc 0.53.0",
- "windows_x86_64_gnu 0.53.0",
- "windows_x86_64_gnullvm 0.53.0",
- "windows_x86_64_msvc 0.53.0",
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
 ]
 
 [[package]]
@@ -724,84 +988,42 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
 
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.53.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764"
-
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
 
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.53.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c"
-
 [[package]]
 name = "windows_i686_gnu"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
 
-[[package]]
-name = "windows_i686_gnu"
-version = "0.53.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3"
-
 [[package]]
 name = "windows_i686_gnullvm"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
 
-[[package]]
-name = "windows_i686_gnullvm"
-version = "0.53.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11"
-
 [[package]]
 name = "windows_i686_msvc"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
 
-[[package]]
-name = "windows_i686_msvc"
-version = "0.53.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d"
-
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
 
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.53.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba"
-
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
 
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.53.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57"
-
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.52.6"
@@ -809,19 +1031,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
 [[package]]
-name = "windows_x86_64_msvc"
-version = "0.53.0"
+name = "wit-bindgen"
+version = "0.51.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"
-
-[[package]]
-name = "wit-bindgen-rt"
-version = "0.39.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
-dependencies = [
- "bitflags",
-]
+checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
 
 [[package]]
 name = "x509-parser"
@@ -831,17 +1044,43 @@ dependencies = [
  "aws-lc-rs",
  "data-encoding",
  "der-parser",
+ "ed25519-dalek",
  "lazy_static",
  "nom",
  "oid-registry",
+ "p256",
+ "p384",
  "ring",
+ "rsa",
  "rusticata-macros",
+ "sha1",
+ "sha2",
  "thiserror",
  "time",
 ]
 
+[[package]]
+name = "zerocopy"
+version = "0.8.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2578b716f8a7a858b7f02d5bd870c14bf4ddbbcf3a4c05414ba6503640505e3"
+dependencies = [
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e6cc098ea4d3bd6246687de65af3f920c430e236bee1e3bf2e441463f08a02f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "zeroize"
-version = "1.8.1"
+version = "1.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
+checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
diff --git a/Cargo.toml b/Cargo.toml
index 9c9117c..c378432 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -40,18 +40,25 @@ rustdoc-args = ["--cfg", "docsrs"]
 default = []
 verify-aws = ["aws-lc-rs"]
 verify = ["ring"]
+verify-rustcrypto = ["dep:rsa", "dep:p256", "dep:p384", "dep:ed25519-dalek", "dep:sha1", "dep:sha2"]
 validate = []
 
 [dependencies]
 aws-lc-rs = { version = "1.0", optional = true }
 asn1-rs = { version = "0.7.0", features=["datetime"] }
 data-encoding = "2.2.1"
+der-parser = { version = "10.0", features=["bigint"] }
+ed25519-dalek = { version = "2", optional = true, default-features = false, features = ["std"] }
 lazy_static = "1.4"
 nom = "7.0"
 oid-registry = { version="0.8.1", features=["crypto", "x509", "x962"] }
-rusticata-macros = "4.0"
+p256 = { version = "0.13", optional = true, features = ["ecdsa"] }
+p384 = { version = "0.13", optional = true, features = ["ecdsa"] }
 ring = { version="0.17.12", optional=true }
-der-parser = { version = "10.0", features=["bigint"] }
+rsa = { version = "0.9", optional = true }
+rusticata-macros = "4.0"
+sha1 = { version = "0.10", optional = true, features = ["oid"] }
+sha2 = { version = "0.10", optional = true, features = ["oid"] }
 thiserror = "2.0"
 time = { version="0.3.35", features=["formatting"] }
 
diff --git a/assets/ecdsa_p256_sha256.der b/assets/ecdsa_p256_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..c5b65867ce5ecd75d79d67eda80903546b960913
GIT binary patch
literal 483
zcmXqLV!UtA#MruknTe5!NhJAl<;B!Z`c+)XuRE69OYr`ymKtur#m1r4=5fxJg_+5~
z)sWkOlZ`o)g-w{rG1O4lKoG>?;Nc3+&rQ`0E=ep&HB>Z^2MKcVNO<Ozq!#6+mMDa0
zrle<<6e|RjR4VwCq!`GF^BS2M7#kWJni-p!m_>oPCWb~(F14(QG!SNE2fLk#5$XwM
zMs{W=29~-T%m(#WKJ85Z%R80l3iq}tTu073dhT-JdpPZ{?)JrhJ(a~|Q~nuE^h<c{
zvwg`e)m>8^EF1PUt&CK^cIn~dZ_SH?4FU~hf!>tmV-aH!(d5-Uv*VzK>|gn$qIZ&0
zUvE{p{1O}rvdSzH24W4^74U=f3o|nQXJIv922#i&&FsNo;L4;R6Sn8G!$&C(HX$K_
z|DwN67&snh>&@7iZL6eqeu?1J)l7;EpC%UdtbTE4)wB86GJ{NJ28OdMvdH~gBlsXV
KIxW9w+DQN_`<lf7

literal 0
HcmV?d00001

diff --git a/assets/ecdsa_p384_sha384.der b/assets/ecdsa_p384_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..decf9521a64a7d2ef3469a3ce1230b9481d2ba27
GIT binary patch
literal 545
zcmXqLVv;pzVqCO<nTe5!Nu)y5!En=O{ydEk#v9&mWc)H$y5|^hv2kd%d7QIlVP-aP
zHRLwnWMd9xVH0L@3^f!s5Cm~Jc({V|b5nJLOA<>`4HXUKL4sU75}tV_sYQ9IB?{r0
zDe0Ld#R>r>l?py3DF$-lyhdgQ#)ig*X2xbFW>H|SiJ=jcOD${43<TKN!ER?_WMkEC
zWMNQZPGVqj7dS7~`j@?r^LUQ8=B;-tBeSk#ZO-fXq%mvXmL;3}9fAvjmnOt~VO_kW
zrBy?O*=VxIwEW$te}8xxRq=p<IZ;klEN$`r-LsRs&MsKLWFoi8j>}V9&+WfctXfxl
z`gotzmBqmZfd;a`Fp%YA5n~Yv=8-i0Xx(XPVq8+sH!HkBj%n{?a1hBVvq%_-HDFi3
z57IBp$oQXy)qojDAx8sqCWAp5lOaQAX3NW~xBN>lebREN+jJpo*DjH)?yYT)KZZY<
zb*S)d)f@do5?7C%{LW%7+I9N4(`=xYJ38$Tj~sWhxOC7|{kaqq=MKM~7mFiIMf9I>
bxxK2`;d@j5@Ty5i1*QL;?>tZwU$OxJ26DEU

literal 0
HcmV?d00001

diff --git a/assets/rsa-pss/self_signed_sha256_saltlen42.der b/assets/rsa-pss/self_signed_sha256_saltlen42.der
new file mode 100644
index 0000000000000000000000000000000000000000..355872f78040ed92cafd15d080e906019c70e322
GIT binary patch
literal 983
zcmXqLV!mw9#MHiknTe5!NyO-vld2Ufr}eA{hLgH~W(l=5EH^N4WaHFo^Jx3d%gD%O
zV6uSUfR~Lkq0NIam6?T!k(FVgjDZwF1qYh!BA~%q2CjzO2Apinp)72|Opc+3!UlpM
z4hIicaDHy8Zg5FrNvffufjmf%i$}sUuOzi7FSSG=JToOdv!qxdprlg4rzFKdPMp`s
z%)r>t*wD<_+{8Qz%r!AIf^w;4O%tOM$QLkA1O3R{#K_NJ(8S2a)Wpchu=x#ptzN{v
ze^x(cbFfT(R@t%Y{m+0c^Bmif?ymC@S>PF<Dz!81UfbOhW{2Ii->#^&O%@JGoqgh2
zw@{<Om(4DFBiv<nUW$ykFf04L<DYp8WOXO6UG?AY|1Xd4-VQsWc_){&J+1ROF1uV#
zi>>uezVC~(cCT;MNk>K*uR53SK1*`v>pHHyHKpgCWml+c#|1qyTJ!p$)TizDi?uz~
z6kbf*Hf!B+Qx;w!<446Oru8dCJrcF_dA;TB$@I(Ls+NW@s(5Fdut_`?*zxuA)~9=-
z4xjfadBJsi!Q-pq`{GXh-Y24QSy1f4YMFn3)Flf2MQ&evdrp3z+TIBdzkj~4h5K*Y
z>Yc3<nV1<F7#9Z{1RBT!V@#HhMT|w{5TAhkr+WXFHxld;3S3^YCbP<vgCkT{nMJ}t
ztO2_Mevp1)M#ldvtOm?LiVA5B7*&i6VcK5H%LMLjQ$4-J`JAf$?q6F%%{Xr~ma&FO
zuDD^~S^sQj;^N**e``fF#Fo#`WQr)S%(y2zf4jx5#-zr>6}u+ve_6z0Ym}-dVNx}B
z>DrKG`RpNv8kxL4t8enZ+`F|k<Hjwo44a3Il549|UN)Mxe2&jx|2S!tob-(oIwyNC
z>27|Pxp41(hZOl=2CW>6c)#ql%@kAWOZ=W1c{)wC_oH);wfg_8*pDXX`HyP;(pV(X
zIXC)v<+I1Tc=Y#*td8q7wRk*Nc)`XiGOVkl)V_W1dLCNMS$6hhNhM!smwe)+f@1;C
l^XJ{vN?R9hn9CnBja&B6wOMk^)n0e_Z9ElM*466X2LQ$rY1{w+

literal 0
HcmV?d00001

diff --git a/examples/print-cert.rs b/examples/print-cert.rs
index 46e9b63..2f51de4 100644
--- a/examples/print-cert.rs
+++ b/examples/print-cert.rs
@@ -208,7 +208,11 @@ fn print_x509_info(x509: &X509Certificate) -> io::Result<()> {
     {
         println!("Unknown (feature 'validate' not enabled)");
     }
-    #[cfg(any(feature = "verify", feature = "verify-aws"))]
+    #[cfg(any(
+        feature = "verify",
+        feature = "verify-aws",
+        feature = "verify-rustcrypto"
+    ))]
     {
         print!("Signature verification: ");
         if x509.subject() == x509.issuer() {
diff --git a/src/certificate.rs b/src/certificate.rs
index a954d92..80ba677 100644
--- a/src/certificate.rs
+++ b/src/certificate.rs
@@ -11,7 +11,11 @@ use crate::x509::{
     X509Version,
 };
 
-#[cfg(any(feature = "verify", feature = "verify-aws"))]
+#[cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
 use crate::verify::verify_signature;
 use asn1_rs::{BitString, FromDer, OptTaggedImplicit};
 use core::ops::Deref;
@@ -92,8 +96,19 @@ impl<'a> X509Certificate<'a> {
     /// It is usually an intermediate authority.
     ///
     /// Not all algorithms are supported, this function is limited to what `ring` supports.
-    #[cfg(any(feature = "verify", feature = "verify-aws"))]
-    #[cfg_attr(docsrs, doc(cfg(any(feature = "verify", feature = "verify-aws"))))]
+    #[cfg(any(
+        feature = "verify",
+        feature = "verify-aws",
+        feature = "verify-rustcrypto"
+    ))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(
+            feature = "verify",
+            feature = "verify-aws",
+            feature = "verify-rustcrypto"
+        )))
+    )]
     pub fn verify_signature(
         &self,
         public_key: Option<&SubjectPublicKeyInfo>,
diff --git a/src/certification_request.rs b/src/certification_request.rs
index f832c09..eebb60a 100644
--- a/src/certification_request.rs
+++ b/src/certification_request.rs
@@ -5,7 +5,11 @@ use crate::x509::{
     parse_signature_value, AlgorithmIdentifier, SubjectPublicKeyInfo, X509Name, X509Version,
 };
 
-#[cfg(any(feature = "verify", feature = "verify-aws"))]
+#[cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
 use crate::verify::verify_signature;
 use asn1_rs::{BitString, FromDer};
 use der_parser::der::*;
@@ -50,8 +54,19 @@ impl<'a> X509CertificationRequest<'a> {
     ///
     /// Uses the public key contained in the CSR, which must be the one of the entity
     /// requesting the certification for this verification to succeed.
-    #[cfg(any(feature = "verify", feature = "verify-aws"))]
-    #[cfg_attr(docsrs, doc(cfg(any(feature = "verify", feature = "verify-aws"))))]
+    #[cfg(any(
+        feature = "verify",
+        feature = "verify-aws",
+        feature = "verify-rustcrypto"
+    ))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(
+            feature = "verify",
+            feature = "verify-aws",
+            feature = "verify-rustcrypto"
+        )))
+    )]
     pub fn verify_signature(&self) -> Result<(), X509Error> {
         let spki = &self.certification_request_info.subject_pki;
         verify_signature(
diff --git a/src/lib.rs b/src/lib.rs
index 24e9d9d..42ae74d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -93,10 +93,10 @@
 //!   to `X509Certificate`.
 //!
 //! ```rust
-//! # #[cfg(any(feature = "verify", feature = "verify-aws"))]
+//! # #[cfg(any(feature = "verify", feature = "verify-aws", feature = "verify-rustcrypto"))]
 //! # use x509_parser::certificate::X509Certificate;
 //! /// Cryptographic signature verification: returns true if certificate was signed by issuer
-//! #[cfg(any(feature = "verify", feature = "verify-aws"))]
+//! #[cfg(any(feature = "verify", feature = "verify-aws", feature = "verify-rustcrypto"))]
 //! pub fn check_signature(cert: &X509Certificate<'_>, issuer: &X509Certificate<'_>) -> bool {
 //!     let issuer_public_key = issuer.public_key();
 //!     cert
@@ -157,8 +157,19 @@ pub mod utils;
 #[cfg(feature = "validate")]
 #[cfg_attr(docsrs, doc(cfg(feature = "validate")))]
 pub mod validate;
-#[cfg(any(feature = "verify", feature = "verify-aws"))]
-#[cfg_attr(docsrs, doc(cfg(any(feature = "verify", feature = "verify-aws"))))]
+#[cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
+#[cfg_attr(
+    docsrs,
+    doc(cfg(any(
+        feature = "verify",
+        feature = "verify-aws",
+        feature = "verify-rustcrypto"
+    )))
+)]
 pub mod verify;
 pub mod visitor;
 pub mod x509;
diff --git a/src/revocation_list.rs b/src/revocation_list.rs
index 70da281..5e210b5 100644
--- a/src/revocation_list.rs
+++ b/src/revocation_list.rs
@@ -6,9 +6,17 @@ use crate::x509::{
     parse_serial, parse_signature_value, AlgorithmIdentifier, ReasonCode, X509Name, X509Version,
 };
 
-#[cfg(any(feature = "verify", feature = "verify-aws"))]
+#[cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
 use crate::verify::verify_signature;
-#[cfg(any(feature = "verify", feature = "verify-aws"))]
+#[cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
 use crate::x509::SubjectPublicKeyInfo;
 use asn1_rs::{BitString, FromDer};
 use der_parser::der::*;
@@ -114,8 +122,19 @@ impl<'a> CertificateRevocationList<'a> {
     /// `public_key` is the public key of the **signer**.
     ///
     /// Not all algorithms are supported, this function is limited to what `ring` supports.
-    #[cfg(any(feature = "verify", feature = "verify-aws"))]
-    #[cfg_attr(docsrs, doc(cfg(any(feature = "verify", feature = "verify-aws"))))]
+    #[cfg(any(
+        feature = "verify",
+        feature = "verify-aws",
+        feature = "verify-rustcrypto"
+    ))]
+    #[cfg_attr(
+        docsrs,
+        doc(cfg(any(
+            feature = "verify",
+            feature = "verify-aws",
+            feature = "verify-rustcrypto"
+        )))
+    )]
     pub fn verify_signature(&self, public_key: &SubjectPublicKeyInfo) -> Result<(), X509Error> {
         verify_signature(
             public_key,
diff --git a/src/verify.rs b/src/verify.rs
index 94a2fce..d714403 100644
--- a/src/verify.rs
+++ b/src/verify.rs
@@ -9,6 +9,8 @@ use oid_registry::{
 };
 use std::convert::TryFrom;
 
+// ---- Ring / aws-lc-rs backend ----
+
 // Since the `signature` object is similar in ring and in aws-lc-rs, we just use simple logic
 // to determine which one to use.
 // If both verify and verify-aws features are enabled, aws will be used.
@@ -22,6 +24,7 @@ use ring::signature;
 /// `public_key` is the public key of the **signer**.
 ///
 /// Not all algorithms are supported, this function is limited to what `aws_lc_rs` or `ring` supports.
+#[cfg(any(feature = "verify-aws", feature = "verify"))]
 pub fn verify_signature(
     public_key: &SubjectPublicKeyInfo,
     signature_algorithm: &AlgorithmIdentifier,
@@ -70,6 +73,7 @@ pub fn verify_signature(
 /// Find the verification algorithm for the given EC curve and SHA digest size
 ///
 /// Not all algorithms are supported, we are limited to what `aws_lc_rs`  or `ring`supports.
+#[cfg(any(feature = "verify-aws", feature = "verify"))]
 fn get_ec_curve_sha(
     pubkey_alg: &AlgorithmIdentifier,
     sha_len: usize,
@@ -97,6 +101,7 @@ fn get_ec_curve_sha(
 ///
 /// Not all algorithms are supported, we are limited to what `aws_lc_rs` or `ring` supports.
 /// Notably, the SHA-1 hash algorithm is not supported.
+#[cfg(any(feature = "verify-aws", feature = "verify"))]
 fn get_rsa_pss_verification_algo(
     params: &Option<Any>,
 ) -> Option<&'static dyn signature::VerificationAlgorithm> {
@@ -114,3 +119,224 @@ fn get_rsa_pss_verification_algo(
         None
     }
 }
+
+// ---- RustCrypto backend ----
+
+/// Verify the cryptographic signature of the raw data (can be a certificate, a CRL or a CSR).
+///
+/// `public_key` is the public key of the **signer**.
+///
+/// Not all algorithms are supported, this function is limited to what the RustCrypto crates support.
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
+pub fn verify_signature(
+    public_key: &SubjectPublicKeyInfo,
+    signature_algorithm: &AlgorithmIdentifier,
+    signature_value: &BitString,
+    raw_data: &[u8],
+) -> Result<(), X509Error> {
+    let AlgorithmIdentifier {
+        algorithm: sig_alg,
+        parameters: sig_params,
+    } = &signature_algorithm;
+
+    let key_bytes: &[u8] = public_key.subject_public_key.as_ref();
+    let sig_bytes: &[u8] = signature_value.as_ref();
+
+    if *sig_alg == OID_PKCS1_SHA1WITHRSA || *sig_alg == OID_SHA1_WITH_RSA {
+        rc_verify_rsa_pkcs1v15::<sha1::Sha1>(key_bytes, sig_bytes, raw_data)
+    } else if *sig_alg == OID_PKCS1_SHA256WITHRSA {
+        rc_verify_rsa_pkcs1v15::<sha2::Sha256>(key_bytes, sig_bytes, raw_data)
+    } else if *sig_alg == OID_PKCS1_SHA384WITHRSA {
+        rc_verify_rsa_pkcs1v15::<sha2::Sha384>(key_bytes, sig_bytes, raw_data)
+    } else if *sig_alg == OID_PKCS1_SHA512WITHRSA {
+        rc_verify_rsa_pkcs1v15::<sha2::Sha512>(key_bytes, sig_bytes, raw_data)
+    } else if *sig_alg == OID_PKCS1_RSASSAPSS {
+        rc_verify_rsa_pss(key_bytes, sig_params, sig_bytes, raw_data)
+    } else if *sig_alg == OID_SIG_ECDSA_WITH_SHA256 {
+        rc_verify_ecdsa(&public_key.algorithm, key_bytes, sig_bytes, raw_data, 256)
+    } else if *sig_alg == OID_SIG_ECDSA_WITH_SHA384 {
+        rc_verify_ecdsa(&public_key.algorithm, key_bytes, sig_bytes, raw_data, 384)
+    } else if *sig_alg == OID_SIG_ED25519 {
+        rc_verify_ed25519(key_bytes, sig_bytes, raw_data)
+    } else {
+        Err(X509Error::SignatureUnsupportedAlgorithm)
+    }
+}
+
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
+fn rc_verify_rsa_pkcs1v15<D>(
+    key_bytes: &[u8],
+    sig_bytes: &[u8],
+    data: &[u8],
+) -> Result<(), X509Error>
+where
+    D: sha2::digest::Digest + sha2::digest::const_oid::AssociatedOid,
+{
+    use core::convert::TryFrom;
+    use rsa::pkcs1::DecodeRsaPublicKey;
+    use rsa::signature::Verifier;
+
+    let rsa_key = rsa::RsaPublicKey::from_pkcs1_der(key_bytes)
+        .map_err(|_| X509Error::SignatureVerificationError)?;
+    let verifying_key = rsa::pkcs1v15::VerifyingKey::<D>::new(rsa_key);
+    let sig = rsa::pkcs1v15::Signature::try_from(sig_bytes)
+        .map_err(|_| X509Error::SignatureVerificationError)?;
+    verifying_key
+        .verify(data, &sig)
+        .map_err(|_| X509Error::SignatureVerificationError)
+}
+
+/// Verify an RSA-PSS signature using RustCrypto.
+///
+/// Validates the full RSASSA-PSS-params: hash algorithm, mask generation algorithm,
+/// salt length, and trailer field. The SHA-1 hash algorithm is not supported.
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
+fn rc_verify_rsa_pss(
+    key_bytes: &[u8],
+    params: &Option<Any>,
+    sig_bytes: &[u8],
+    data: &[u8],
+) -> Result<(), X509Error> {
+    let params = params
+        .as_ref()
+        .ok_or(X509Error::SignatureUnsupportedAlgorithm)?;
+    let params =
+        RsaSsaPssParams::try_from(params).map_err(|_| X509Error::SignatureUnsupportedAlgorithm)?;
+
+    // RFC 4055: trailerField must be 1
+    if params.trailer_field() != 1 {
+        return Err(X509Error::SignatureUnsupportedAlgorithm);
+    }
+
+    let hash_oid = params.hash_algorithm_oid();
+
+    // Validate that the MGF1 hash matches the signature hash.
+    // The rsa crate uses the same digest for both, so we must reject mismatches.
+    let mgf = params
+        .mask_gen_algorithm()
+        .map_err(|_| X509Error::SignatureUnsupportedAlgorithm)?;
+    // id-mgf1 OID: 1.2.840.113549.1.1.8
+    if mgf.mgf != asn1_rs::oid!(1.2.840 .113549 .1 .1 .8) {
+        return Err(X509Error::SignatureUnsupportedAlgorithm);
+    }
+    if mgf.hash != *hash_oid {
+        return Err(X509Error::SignatureUnsupportedAlgorithm);
+    }
+
+    let salt_len = params.salt_length() as usize;
+
+    if *hash_oid == OID_NIST_HASH_SHA256 {
+        rc_verify_rsa_pss_with_hash::<sha2::Sha256>(key_bytes, sig_bytes, data, salt_len)
+    } else if *hash_oid == OID_NIST_HASH_SHA384 {
+        rc_verify_rsa_pss_with_hash::<sha2::Sha384>(key_bytes, sig_bytes, data, salt_len)
+    } else if *hash_oid == OID_NIST_HASH_SHA512 {
+        rc_verify_rsa_pss_with_hash::<sha2::Sha512>(key_bytes, sig_bytes, data, salt_len)
+    } else {
+        Err(X509Error::SignatureUnsupportedAlgorithm)
+    }
+}
+
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
+fn rc_verify_rsa_pss_with_hash<D>(
+    key_bytes: &[u8],
+    sig_bytes: &[u8],
+    data: &[u8],
+    salt_len: usize,
+) -> Result<(), X509Error>
+where
+    D: sha2::digest::Digest + sha2::digest::FixedOutputReset,
+{
+    use core::convert::TryFrom;
+    use rsa::pkcs1::DecodeRsaPublicKey;
+    use rsa::signature::Verifier;
+
+    let rsa_key = rsa::RsaPublicKey::from_pkcs1_der(key_bytes)
+        .map_err(|_| X509Error::SignatureVerificationError)?;
+    let verifying_key = rsa::pss::VerifyingKey::<D>::new_with_salt_len(rsa_key, salt_len);
+    let sig = rsa::pss::Signature::try_from(sig_bytes)
+        .map_err(|_| X509Error::SignatureVerificationError)?;
+    verifying_key
+        .verify(data, &sig)
+        .map_err(|_| X509Error::SignatureVerificationError)
+}
+
+/// Find the verification function for the given EC curve and SHA digest size.
+///
+/// Only the standard curve/hash pairings (P-256/SHA-256, P-384/SHA-384) are supported.
+/// Cross-pairings (P-256/SHA-384, P-384/SHA-256) are not supported by the RustCrypto backend.
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
+fn rc_verify_ecdsa(
+    pubkey_alg: &AlgorithmIdentifier,
+    key_bytes: &[u8],
+    sig_bytes: &[u8],
+    data: &[u8],
+    sha_len: usize,
+) -> Result<(), X509Error> {
+    let curve_oid = pubkey_alg
+        .parameters
+        .as_ref()
+        .and_then(|p| p.as_oid().ok())
+        .ok_or(X509Error::SignatureUnsupportedAlgorithm)?;
+
+    if curve_oid == OID_EC_P256 && sha_len == 256 {
+        use p256::ecdsa::signature::Verifier;
+        let vk = p256::ecdsa::VerifyingKey::from_sec1_bytes(key_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        let sig = p256::ecdsa::DerSignature::from_bytes(sig_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        vk.verify(data, &sig)
+            .map_err(|_| X509Error::SignatureVerificationError)
+    } else if curve_oid == OID_NIST_EC_P384 && sha_len == 384 {
+        use p384::ecdsa::signature::Verifier;
+        let vk = p384::ecdsa::VerifyingKey::from_sec1_bytes(key_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        let sig = p384::ecdsa::DerSignature::from_bytes(sig_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        vk.verify(data, &sig)
+            .map_err(|_| X509Error::SignatureVerificationError)
+    } else {
+        Err(X509Error::SignatureUnsupportedAlgorithm)
+    }
+}
+
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
+fn rc_verify_ed25519(key_bytes: &[u8], sig_bytes: &[u8], data: &[u8]) -> Result<(), X509Error> {
+    use core::convert::TryInto;
+    use ed25519_dalek::Verifier;
+
+    let key_array: [u8; 32] = key_bytes
+        .try_into()
+        .map_err(|_| X509Error::SignatureVerificationError)?;
+    let vk = ed25519_dalek::VerifyingKey::from_bytes(&key_array)
+        .map_err(|_| X509Error::SignatureVerificationError)?;
+    let sig_array: [u8; 64] = sig_bytes
+        .try_into()
+        .map_err(|_| X509Error::SignatureVerificationError)?;
+    let sig = ed25519_dalek::Signature::from_bytes(&sig_array);
+    vk.verify(data, &sig)
+        .map_err(|_| X509Error::SignatureVerificationError)
+}
diff --git a/tests/readcrl.rs b/tests/readcrl.rs
index 18a30a5..812526b 100644
--- a/tests/readcrl.rs
+++ b/tests/readcrl.rs
@@ -1,6 +1,10 @@
 use x509_parser::prelude::*;
 
-#[cfg(any(feature = "verify", feature = "verify-aws"))]
+#[cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
 #[test]
 fn read_crl_verify() {
     const CA_DATA: &[u8] = include_bytes!("../assets/ca_minimalcrl.der");
diff --git a/tests/readcsr.rs b/tests/readcsr.rs
index 777753c..92ce7b4 100644
--- a/tests/readcsr.rs
+++ b/tests/readcsr.rs
@@ -106,7 +106,11 @@ fn read_csr_with_challenge_password() {
     assert!(found_san);
 }
 
-#[cfg(any(feature = "verify", feature = "verify-aws"))]
+#[cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
 #[test]
 fn read_csr_verify() {
     let pem = pem::parse_x509_pem(CSR_DATA).unwrap().1;
diff --git a/tests/verify.rs b/tests/verify.rs
index d376aee..041dd26 100644
--- a/tests/verify.rs
+++ b/tests/verify.rs
@@ -1,4 +1,8 @@
-#![cfg(any(feature = "verify", feature = "verify-aws"))]
+#![cfg(any(
+    feature = "verify",
+    feature = "verify-aws",
+    feature = "verify-rustcrypto"
+))]
 
 use x509_parser::parse_x509_certificate;
 
@@ -34,12 +38,35 @@ fn test_signature_verification_ed25519() {
     assert!(res.is_ok());
 }
 
+static ECDSA_P256_SHA256_DER: &[u8] = include_bytes!("../assets/ecdsa_p256_sha256.der");
+static ECDSA_P384_SHA384_DER: &[u8] = include_bytes!("../assets/ecdsa_p384_sha384.der");
+
+#[test]
+fn test_signature_verification_ecdsa_p256_sha256() {
+    let (_, x509) =
+        parse_x509_certificate(ECDSA_P256_SHA256_DER).expect("could not parse certificate");
+    let res = x509.verify_signature(None);
+    eprintln!("Verification: {res:?}");
+    assert!(res.is_ok());
+}
+
+#[test]
+fn test_signature_verification_ecdsa_p384_sha384() {
+    let (_, x509) =
+        parse_x509_certificate(ECDSA_P384_SHA384_DER).expect("could not parse certificate");
+    let res = x509.verify_signature(None);
+    eprintln!("Verification: {res:?}");
+    assert!(res.is_ok());
+}
+
 static RSA_PSS_SELF_SIGNED_SHA256: &[u8] =
     include_bytes!("../assets/rsa-pss/self_signed_sha256.der");
 static RSA_PSS_SELF_SIGNED_SHA384: &[u8] =
     include_bytes!("../assets/rsa-pss/self_signed_sha384.der");
 static RSA_PSS_SELF_SIGNED_SHA512: &[u8] =
     include_bytes!("../assets/rsa-pss/self_signed_sha512.der");
+static RSA_PSS_SELF_SIGNED_SHA256_SALTLEN42: &[u8] =
+    include_bytes!("../assets/rsa-pss/self_signed_sha256_saltlen42.der");
 
 #[test]
 fn test_signature_verification_rsa_pss_sha256() {
@@ -67,3 +94,20 @@ fn test_signature_verification_rsa_pss_sha512() {
     eprintln!("Verification: {res:?}");
     assert!(res.is_ok());
 }
+
+/// This test exercises non-default PSS salt length (42 bytes instead of hash-length 32).
+/// Only the RustCrypto backend honors the full RSASSA-PSS-params including salt length;
+/// ring and aws-lc-rs use fixed params (salt_len = hash_len) that cannot represent this.
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
+#[test]
+fn test_signature_verification_rsa_pss_custom_salt_len() {
+    let (_, x509) = parse_x509_certificate(RSA_PSS_SELF_SIGNED_SHA256_SALTLEN42)
+        .expect("could not parse certificate");
+    let res = x509.verify_signature(None);
+    eprintln!("Verification: {res:?}");
+    assert!(res.is_ok());
+}

From e825258a0580b615dddfbcaf698364b7fda7615e Mon Sep 17 00:00:00 2001
From: Mike Marcacci <mike.marcacci@gmail.com>
Date: Tue, 17 Mar 2026 19:06:32 -0700
Subject: [PATCH 2/5] Support ECDSA with non-default curve/hash combinations

- Use PrehashVerifier in the RustCrypto backend to support P-256 with SHA-384 and P-384 with SHA-256
- Add tests for these ECDSA curve/hash combinations across backends
- Tidy up comments
---
 assets/ecdsa_p256_sha384.der | Bin 0 -> 389 bytes
 assets/ecdsa_p384_sha256.der | Bin 0 -> 450 bytes
 src/verify.rs                |  29 ++++++++++++++++++++++++++---
 tests/verify.rs              |  25 +++++++++++++++++++++++++
 4 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 assets/ecdsa_p256_sha384.der
 create mode 100644 assets/ecdsa_p384_sha256.der

diff --git a/assets/ecdsa_p256_sha384.der b/assets/ecdsa_p256_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..1040d1084e2df5ed66622eed3052cd5ed1f47541
GIT binary patch
literal 389
zcmXqLVr(>MVpLzi%*4pVB;u}eaK+xKjNg8!Jx~6$_iB9G%X?c4xY#(f+C0wLvM@6n
zh#86)2(dATvM}>-2N;=}DFk~s8e5nc$cghBnHd-xS{N7^7#f>J0lDT#T%7tM4TRa)
z!KO1YLakwDWM_6_U@^82J{9z^+$&N~Ml_^L$Ntjf4F<yIadV8BHl+W2k$claNnI_m
z`++#?wRopW!T<lBd^oJH^zWNrk+A>u3wN>`76%&y8pr~jD$B<r#v<Z)?V=g;<=iW;
z-@klw)M$sZ=#hgv4CF!5$}AEFVhz|8@PiZxGcx{XVKra|QpjP!?7?8*%B0BfbXON+
zgpk5coh;U!MqwETU*%`*n!H_LfAa<@g{5BWOqmqI-JJBl?Ec~3{yiYwp>fMhjdyAH
R4qH~8l6t<%yO8HU2LM3bgT4R&

literal 0
HcmV?d00001

diff --git a/assets/ecdsa_p384_sha256.der b/assets/ecdsa_p384_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..e962a9d974e9bd890610dc7b23bd2e7971dfafd3
GIT binary patch
literal 450
zcmXqLV%%rY#OShsnTe5!Nu*Xv_XPj0is@7OCP!B#&d$6mXY$&Bi;Y98&EuRc3p0~}
zn4yS)5F2wS3o{RQfU$*%La>LUk*S%1oH(zMnSrsPg@KWQp|M#MkZX>_#i_5%K!A-M
zY&sJo8>@CB3xg7K5(5h(kHbm+-~~qZ%DTR~m0S-eY%!Tv)5k7SD&Z#ka8uC5c@LPv
z`=`E54{4m^uu7u-`*}$_=f>*YSrHN^V_qlETp+PmwP$f%t5m+T;F{wGj8$vD9$mKi
z{JG?b;&pyExaZd|4mJohkOlffmXAe@MWjsC;+5L2)Aby)bCMM;d%snu>`*n32T3cl
zNEnDUU{}BoQXtI8_@9N<fEh?32NZJ#gFz~jA;WW~$<=?PuK4q@nPhPYty!4LeE)+d
zquQ0-ZtvD?7igW<{OSLE&u@*-zt%+uMAe;H!DNs$<&~dIMQ7J%L!V<JITz%77RrU~
hP0sCLx)dGw=*XRU!FE+M!`-7ke3O0MtJ)lN4*+H0n3Dhi

literal 0
HcmV?d00001

diff --git a/src/verify.rs b/src/verify.rs
index d714403..e28373f 100644
--- a/src/verify.rs
+++ b/src/verify.rs
@@ -167,6 +167,7 @@ pub fn verify_signature(
     }
 }
 
+/// Verify an RSA PKCS#1 v1.5 signature using the selected digest.
 #[cfg(all(
     feature = "verify-rustcrypto",
     not(feature = "verify"),
@@ -248,6 +249,7 @@ fn rc_verify_rsa_pss(
     }
 }
 
+/// Verify an RSA-PSS signature using the selected digest and salt length.
 #[cfg(all(
     feature = "verify-rustcrypto",
     not(feature = "verify"),
@@ -276,10 +278,11 @@ where
         .map_err(|_| X509Error::SignatureVerificationError)
 }
 
-/// Find the verification function for the given EC curve and SHA digest size.
+/// Verify an ECDSA signature using the curve from the signer's SPKI and the hash
+/// implied by the signature algorithm.
 ///
-/// Only the standard curve/hash pairings (P-256/SHA-256, P-384/SHA-384) are supported.
-/// Cross-pairings (P-256/SHA-384, P-384/SHA-256) are not supported by the RustCrypto backend.
+/// RustCrypto's `Verifier` trait uses the curve's default digest, so non-default
+/// curve/hash pairings are handled via `verify_prehash`.
 #[cfg(all(
     feature = "verify-rustcrypto",
     not(feature = "verify"),
@@ -306,6 +309,16 @@ fn rc_verify_ecdsa(
             .map_err(|_| X509Error::SignatureVerificationError)?;
         vk.verify(data, &sig)
             .map_err(|_| X509Error::SignatureVerificationError)
+    } else if curve_oid == OID_EC_P256 && sha_len == 384 {
+        use p256::ecdsa::signature::hazmat::PrehashVerifier;
+        use sha2::Digest;
+        let vk = p256::ecdsa::VerifyingKey::from_sec1_bytes(key_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        let sig = p256::ecdsa::DerSignature::from_bytes(sig_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        let digest = sha2::Sha384::digest(data);
+        vk.verify_prehash(&digest, &sig)
+            .map_err(|_| X509Error::SignatureVerificationError)
     } else if curve_oid == OID_NIST_EC_P384 && sha_len == 384 {
         use p384::ecdsa::signature::Verifier;
         let vk = p384::ecdsa::VerifyingKey::from_sec1_bytes(key_bytes)
@@ -314,6 +327,16 @@ fn rc_verify_ecdsa(
             .map_err(|_| X509Error::SignatureVerificationError)?;
         vk.verify(data, &sig)
             .map_err(|_| X509Error::SignatureVerificationError)
+    } else if curve_oid == OID_NIST_EC_P384 && sha_len == 256 {
+        use p384::ecdsa::signature::hazmat::PrehashVerifier;
+        use sha2::Digest;
+        let vk = p384::ecdsa::VerifyingKey::from_sec1_bytes(key_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        let sig = p384::ecdsa::DerSignature::from_bytes(sig_bytes)
+            .map_err(|_| X509Error::SignatureVerificationError)?;
+        let digest = sha2::Sha256::digest(data);
+        vk.verify_prehash(&digest, &sig)
+            .map_err(|_| X509Error::SignatureVerificationError)
     } else {
         Err(X509Error::SignatureUnsupportedAlgorithm)
     }
diff --git a/tests/verify.rs b/tests/verify.rs
index 041dd26..7674a79 100644
--- a/tests/verify.rs
+++ b/tests/verify.rs
@@ -39,6 +39,8 @@ fn test_signature_verification_ed25519() {
 }
 
 static ECDSA_P256_SHA256_DER: &[u8] = include_bytes!("../assets/ecdsa_p256_sha256.der");
+static ECDSA_P256_SHA384_DER: &[u8] = include_bytes!("../assets/ecdsa_p256_sha384.der");
+static ECDSA_P384_SHA256_DER: &[u8] = include_bytes!("../assets/ecdsa_p384_sha256.der");
 static ECDSA_P384_SHA384_DER: &[u8] = include_bytes!("../assets/ecdsa_p384_sha384.der");
 
 #[test]
@@ -59,12 +61,35 @@ fn test_signature_verification_ecdsa_p384_sha384() {
     assert!(res.is_ok());
 }
 
+#[test]
+fn test_signature_verification_ecdsa_p256_sha384() {
+    let (_, x509) =
+        parse_x509_certificate(ECDSA_P256_SHA384_DER).expect("could not parse certificate");
+    let res = x509.verify_signature(None);
+    eprintln!("Verification: {res:?}");
+    assert!(res.is_ok());
+}
+
+#[test]
+fn test_signature_verification_ecdsa_p384_sha256() {
+    let (_, x509) =
+        parse_x509_certificate(ECDSA_P384_SHA256_DER).expect("could not parse certificate");
+    let res = x509.verify_signature(None);
+    eprintln!("Verification: {res:?}");
+    assert!(res.is_ok());
+}
+
 static RSA_PSS_SELF_SIGNED_SHA256: &[u8] =
     include_bytes!("../assets/rsa-pss/self_signed_sha256.der");
 static RSA_PSS_SELF_SIGNED_SHA384: &[u8] =
     include_bytes!("../assets/rsa-pss/self_signed_sha384.der");
 static RSA_PSS_SELF_SIGNED_SHA512: &[u8] =
     include_bytes!("../assets/rsa-pss/self_signed_sha512.der");
+#[cfg(all(
+    feature = "verify-rustcrypto",
+    not(feature = "verify"),
+    not(feature = "verify-aws")
+))]
 static RSA_PSS_SELF_SIGNED_SHA256_SALTLEN42: &[u8] =
     include_bytes!("../assets/rsa-pss/self_signed_sha256_saltlen42.der");
 

From 93a36f78f82fed4c7a729151df664074d56d6ee1 Mon Sep 17 00:00:00 2001
From: Mike Marcacci <mike.marcacci@gmail.com>
Date: Tue, 17 Mar 2026 19:30:39 -0700
Subject: [PATCH 3/5] Test verify-rustcrypto feature in CI

---
 .github/workflows/rust.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index 6330417..102246a 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -71,6 +71,7 @@ jobs:
           - --all-features
           - --features=verify
           - --features=verify-aws
+          - --features=verify-rustcrypto
           - --features=validate
     steps:
       - uses: actions/checkout@v4

From 4fcb3aac946063c62fc11499ecd33bff4e4c3b28 Mon Sep 17 00:00:00 2001
From: Mike Marcacci <mike.marcacci@gmail.com>
Date: Tue, 17 Mar 2026 19:33:22 -0700
Subject: [PATCH 4/5] Fix stale comments

---
 src/certificate.rs     | 2 +-
 src/revocation_list.rs | 2 +-
 src/verify.rs          | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/certificate.rs b/src/certificate.rs
index 80ba677..1c29750 100644
--- a/src/certificate.rs
+++ b/src/certificate.rs
@@ -95,7 +95,7 @@ impl<'a> X509Certificate<'a> {
     /// For a leaf certificate, this is the public key of the certificate that signed it.
     /// It is usually an intermediate authority.
     ///
-    /// Not all algorithms are supported, this function is limited to what `ring` supports.
+    /// Not all algorithms are supported, this function is limited to what the selected backend supports.
     #[cfg(any(
         feature = "verify",
         feature = "verify-aws",
diff --git a/src/revocation_list.rs b/src/revocation_list.rs
index 5e210b5..75ccd6d 100644
--- a/src/revocation_list.rs
+++ b/src/revocation_list.rs
@@ -121,7 +121,7 @@ impl<'a> CertificateRevocationList<'a> {
     ///
     /// `public_key` is the public key of the **signer**.
     ///
-    /// Not all algorithms are supported, this function is limited to what `ring` supports.
+    /// Not all algorithms are supported, this function is limited to what the selected backend supports.
     #[cfg(any(
         feature = "verify",
         feature = "verify-aws",
diff --git a/src/verify.rs b/src/verify.rs
index e28373f..59c83a4 100644
--- a/src/verify.rs
+++ b/src/verify.rs
@@ -79,7 +79,6 @@ fn get_ec_curve_sha(
     sha_len: usize,
 ) -> Option<&'static dyn signature::VerificationAlgorithm> {
     let curve_oid = pubkey_alg.parameters.as_ref()?.as_oid().ok()?;
-    // let curve_oid = pubkey_alg.parameters.as_ref()?.as_oid().ok()?;
     if curve_oid == OID_EC_P256 {
         match sha_len {
             256 => Some(&signature::ECDSA_P256_SHA256_ASN1),

From b4d332b7b02f6bc52915a062c29cdf612b3e10c0 Mon Sep 17 00:00:00 2001
From: Mike Marcacci <mike.marcacci@gmail.com>
Date: Tue, 17 Mar 2026 20:24:35 -0700
Subject: [PATCH 5/5] Fix CI for rustc 1.67.1

Restores Cargo.lock to the base and selectively updates crates introduced by this PR.
---
 Cargo.lock | 469 ++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 374 insertions(+), 95 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b3f4df2..a9654e5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2,6 +2,15 @@
 # It is not intended for manual editing.
 version = 3
 
+[[package]]
+name = "aho-corasick"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "asn1-rs"
 version = "0.7.1"
@@ -49,9 +58,9 @@ checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
 
 [[package]]
 name = "aws-lc-rs"
-version = "1.16.1"
+version = "1.13.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94bffc006df10ac2a68c83692d734a465f8ee6c5b384d8545a636f81d858f4bf"
+checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba"
 dependencies = [
  "aws-lc-sys",
  "untrusted 0.7.1",
@@ -60,10 +69,11 @@ dependencies = [
 
 [[package]]
 name = "aws-lc-sys"
-version = "0.38.0"
+version = "0.30.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4321e568ed89bb5a7d291a7f37997c2c0df89809d7b6d12062c81ddb54aa782e"
+checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff"
 dependencies = [
+ "bindgen",
  "cc",
  "cmake",
  "dunce",
@@ -78,9 +88,38 @@ checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
 
 [[package]]
 name = "base64ct"
-version = "1.8.3"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
+[[package]]
+name = "bindgen"
+version = "0.69.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
+dependencies = [
+ "bitflags",
+ "cexpr",
+ "clang-sys",
+ "itertools",
+ "lazy_static",
+ "lazycell",
+ "log",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "syn",
+ "which",
+]
+
+[[package]]
+name = "bitflags"
+version = "2.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"
 
 [[package]]
 name = "block-buffer"
@@ -93,27 +132,46 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.2.56"
+version = "1.2.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aebf35691d1bfb0ac386a69bac2fde4dd276fb618cf8bf4f5318fe285e821bb2"
+checksum = "2352e5597e9c544d5e6d9c95190d5d27738ade584fa8db0a16e130e5c2b5296e"
 dependencies = [
- "find-msvc-tools",
  "jobserver",
  "libc",
  "shlex",
 ]
 
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
 [[package]]
 name = "cfg-if"
-version = "1.0.4"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268"
+
+[[package]]
+name = "clang-sys"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
 
 [[package]]
 name = "cmake"
-version = "0.1.57"
+version = "0.1.54"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75443c44cd6b379beb8c5b45d85d0773baf31cce901fe7bb252f4eff3008ef7d"
+checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0"
 dependencies = [
  "cc",
 ]
@@ -184,9 +242,9 @@ dependencies = [
 
 [[package]]
 name = "data-encoding"
-version = "2.10.0"
+version = "2.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea"
+checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476"
 
 [[package]]
 name = "der"
@@ -215,9 +273,9 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.5.8"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
+checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
 dependencies = [
  "powerfmt",
 ]
@@ -277,9 +335,9 @@ dependencies = [
 
 [[package]]
 name = "ed25519-dalek"
-version = "2.2.0"
+version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9"
+checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
 dependencies = [
  "curve25519-dalek",
  "ed25519",
@@ -289,6 +347,12 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "either"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
+
 [[package]]
 name = "elliptic-curve"
 version = "0.13.8"
@@ -310,6 +374,16 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "errno"
+version = "0.3.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad"
+dependencies = [
+ "libc",
+ "windows-sys 0.60.2",
+]
+
 [[package]]
 name = "ff"
 version = "0.13.1"
@@ -326,12 +400,6 @@ version = "0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
 
-[[package]]
-name = "find-msvc-tools"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
-
 [[package]]
 name = "fs_extra"
 version = "1.3.0"
@@ -351,27 +419,33 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.2.17"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
+checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592"
 dependencies = [
  "cfg-if",
  "libc",
- "wasi",
+ "wasi 0.11.1+wasi-snapshot-preview1",
 ]
 
 [[package]]
 name = "getrandom"
-version = "0.3.4"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
+checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4"
 dependencies = [
  "cfg-if",
  "libc",
  "r-efi",
- "wasip2",
+ "wasi 0.14.2+wasi-0.2.4",
 ]
 
+[[package]]
+name = "glob"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+
 [[package]]
 name = "group"
 version = "0.13.0"
@@ -401,19 +475,37 @@ dependencies = [
  "digest",
 ]
 
+[[package]]
+name = "home"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
+[[package]]
+name = "itertools"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
+dependencies = [
+ "either",
+]
+
 [[package]]
 name = "itoa"
-version = "1.0.17"
+version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2"
+checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
 [[package]]
 name = "jobserver"
-version = "0.1.34"
+version = "0.1.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33"
+checksum = "38f262f097c174adebe41eb73d66ae9c06b2844fb0da69969647bbddd9b0538a"
 dependencies = [
- "getrandom 0.3.4",
+ "getrandom 0.3.3",
  "libc",
 ]
 
@@ -426,11 +518,27 @@ dependencies = [
  "spin",
 ]
 
+[[package]]
+name = "lazycell"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+
 [[package]]
 name = "libc"
-version = "0.2.183"
+version = "0.2.175"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d"
+checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543"
+
+[[package]]
+name = "libloading"
+version = "0.8.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"
+dependencies = [
+ "cfg-if",
+ "windows-targets 0.53.3",
+]
 
 [[package]]
 name = "libm"
@@ -438,11 +546,23 @@ version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981"
 
+[[package]]
+name = "linux-raw-sys"
+version = "0.4.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
+
+[[package]]
+name = "log"
+version = "0.4.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
+
 [[package]]
 name = "memchr"
-version = "2.8.0"
+version = "2.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
+checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0"
 
 [[package]]
 name = "minimal-lexical"
@@ -488,9 +608,9 @@ dependencies = [
 
 [[package]]
 name = "num-conv"
-version = "0.2.0"
+version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 
 [[package]]
 name = "num-integer"
@@ -531,6 +651,12 @@ dependencies = [
  "asn1-rs",
 ]
 
+[[package]]
+name = "once_cell"
+version = "1.21.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
+
 [[package]]
 name = "p256"
 version = "0.13.2"
@@ -600,6 +726,16 @@ dependencies = [
  "zerocopy",
 ]
 
+[[package]]
+name = "prettyplease"
+version = "0.2.36"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff24dfcda44452b9816fff4cd4227e1bb73ff5a2f1bc1105aa92fb8565ce44d2"
+dependencies = [
+ "proc-macro2",
+ "syn",
+]
+
 [[package]]
 name = "primeorder"
 version = "0.13.6"
@@ -611,18 +747,18 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.106"
+version = "1.0.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
+checksum = "d61789d7719defeb74ea5fe81f2fdfdbd28a803847077cecce2ff14e1472f6f1"
 dependencies = [
  "unicode-ident",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.45"
+version = "1.0.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
 dependencies = [
  "proc-macro2",
 ]
@@ -659,9 +795,38 @@ version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
 dependencies = [
- "getrandom 0.2.17",
+ "getrandom 0.2.16",
 ]
 
+[[package]]
+name = "regex"
+version = "1.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.4.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
+
 [[package]]
 name = "rfc6979"
 version = "0.4.0"
@@ -680,10 +845,10 @@ checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
 dependencies = [
  "cc",
  "cfg-if",
- "getrandom 0.2.17",
+ "getrandom 0.2.16",
  "libc",
  "untrusted 0.9.0",
- "windows-sys",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -706,6 +871,12 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
 [[package]]
 name = "rustc_version"
 version = "0.4.1"
@@ -724,6 +895,19 @@ dependencies = [
  "nom",
 ]
 
+[[package]]
+name = "rustix"
+version = "0.38.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
+dependencies = [
+ "bitflags",
+ "errno",
+ "libc",
+ "linux-raw-sys",
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "sec1"
 version = "0.7.3"
@@ -746,27 +930,18 @@ checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2"
 
 [[package]]
 name = "serde"
-version = "1.0.228"
+version = "1.0.219"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
-dependencies = [
- "serde_core",
-]
-
-[[package]]
-name = "serde_core"
-version = "1.0.228"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.228"
+version = "1.0.219"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -841,9 +1016,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
 [[package]]
 name = "syn"
-version = "2.0.117"
+version = "2.0.105"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
+checksum = "7bc3fcb250e53458e712715cf74285c1f889686520d79294a9ef3bd7aa1fc619"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -863,18 +1038,18 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "2.0.18"
+version = "2.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"
+checksum = "0b0949c3a6c842cbde3f1686d6eea5a010516deb7085f79db747562d4102f41e"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.18"
+version = "2.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
+checksum = "cc5b44b4ab9c2fdd0e0512e6bece8388e214c0749f5862b114cc5b7a25daf227"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -883,30 +1058,30 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.47"
+version = "0.3.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
+checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
 dependencies = [
  "deranged",
  "itoa",
  "num-conv",
  "powerfmt",
- "serde_core",
+ "serde",
  "time-core",
  "time-macros",
 ]
 
 [[package]]
 name = "time-core"
-version = "0.1.8"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
+checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
 
 [[package]]
 name = "time-macros"
-version = "0.2.27"
+version = "0.2.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
+checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
 dependencies = [
  "num-conv",
  "time-core",
@@ -920,9 +1095,9 @@ checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.24"
+version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
+checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
 
 [[package]]
 name = "untrusted"
@@ -949,21 +1124,57 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
 
 [[package]]
-name = "wasip2"
-version = "1.0.2+wasi-0.2.9"
+name = "wasi"
+version = "0.14.2+wasi-0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
+dependencies = [
+ "wit-bindgen-rt",
+]
+
+[[package]]
+name = "which"
+version = "4.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
 dependencies = [
- "wit-bindgen",
+ "either",
+ "home",
+ "once_cell",
+ "rustix",
 ]
 
+[[package]]
+name = "windows-link"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
+
 [[package]]
 name = "windows-sys"
 version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
 dependencies = [
- "windows-targets",
+ "windows-targets 0.52.6",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.59.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
+dependencies = [
+ "windows-targets 0.52.6",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.60.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
+dependencies = [
+ "windows-targets 0.53.3",
 ]
 
 [[package]]
@@ -972,14 +1183,31 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
 dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_gnullvm",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
+ "windows_aarch64_gnullvm 0.52.6",
+ "windows_aarch64_msvc 0.52.6",
+ "windows_i686_gnu 0.52.6",
+ "windows_i686_gnullvm 0.52.6",
+ "windows_i686_msvc 0.52.6",
+ "windows_x86_64_gnu 0.52.6",
+ "windows_x86_64_gnullvm 0.52.6",
+ "windows_x86_64_msvc 0.52.6",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.53.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91"
+dependencies = [
+ "windows-link",
+ "windows_aarch64_gnullvm 0.53.0",
+ "windows_aarch64_msvc 0.53.0",
+ "windows_i686_gnu 0.53.0",
+ "windows_i686_gnullvm 0.53.0",
+ "windows_i686_msvc 0.53.0",
+ "windows_x86_64_gnu 0.53.0",
+ "windows_x86_64_gnullvm 0.53.0",
+ "windows_x86_64_msvc 0.53.0",
 ]
 
 [[package]]
@@ -988,42 +1216,84 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
 
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764"
+
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
 
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c"
+
 [[package]]
 name = "windows_i686_gnu"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
 
+[[package]]
+name = "windows_i686_gnu"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3"
+
 [[package]]
 name = "windows_i686_gnullvm"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
 
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11"
+
 [[package]]
 name = "windows_i686_msvc"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
 
+[[package]]
+name = "windows_i686_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d"
+
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
 
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba"
+
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
 
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57"
+
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.52.6"
@@ -1031,10 +1301,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
 [[package]]
-name = "wit-bindgen"
-version = "0.51.0"
+name = "windows_x86_64_msvc"
+version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
+checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"
+
+[[package]]
+name = "wit-bindgen-rt"
+version = "0.39.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
+dependencies = [
+ "bitflags",
+]
 
 [[package]]
 name = "x509-parser"
@@ -1081,6 +1360,6 @@ dependencies = [
 
 [[package]]
 name = "zeroize"
-version = "1.8.2"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
+checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"