rusticata · 2ndDerivative · May 19, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -10,7 +10,7 @@ repository = "https://github.com/rusticata/x509-parser.git"
 categories = ["parser-implementations", "cryptography"]
 readme = "README.md"
 edition = "2018"
-rust-version = "1.67.1"
+rust-version = "1.80.0"
 
 include = [
   "CHANGELOG.md",
@@ -44,7 +44,6 @@ validate = []
 [dependencies]
 asn1-rs = { version = "0.8.0-beta.1", features=["bigint", "datetime"] }
 data-encoding = "2.2.1"
-lazy_static = "1.4"
 nom = "8.0"
 oid-registry = { version="0.9.0-beta.1", features=["crypto", "x509", "x962"] }
 rusticata-macros = "5.0"

diff --git a/src/cri_attributes.rs b/src/cri_attributes.rs
@@ -120,33 +120,32 @@ pub enum ParsedCriAttribute<'a> {
 }
 
 pub(crate) mod parser {
+    use std::sync::LazyLock;
+
     use crate::cri_attributes::*;
     use crate::x509::DirectoryString;
     use asn1_rs::{DerParser, Input};
-    use lazy_static::lazy_static;
     use nom::combinator::map;
 
     type AttrParser =
         for<'a> fn(Input<'a>) -> IResult<Input<'a>, ParsedCriAttribute<'a>, X509Error>;
 
-    lazy_static! {
-        static ref ATTRIBUTE_PARSERS: HashMap<Oid<'static>, AttrParser> = {
-            macro_rules! add {
-                ($m:ident, $oid:ident, $p:ident) => {
-                    $m.insert($oid, $p as AttrParser);
-                };
-            }
-
-            let mut m = HashMap::new();
-            add!(m, OID_PKCS9_EXTENSION_REQUEST, parse_extension_request_attr);
-            add!(
-                m,
-                OID_PKCS9_CHALLENGE_PASSWORD,
-                parse_challenge_password_attr
-            );
-            m
-        };
-    }
+    static ATTRIBUTE_PARSERS: LazyLock<HashMap<Oid<'static>, AttrParser>> = LazyLock::new(|| {
+        macro_rules! add {
+            ($m:ident, $oid:ident, $p:ident) => {
+                $m.insert($oid, $p as AttrParser);
+            };
+        }
+
+        let mut m = HashMap::new();
+        add!(m, OID_PKCS9_EXTENSION_REQUEST, parse_extension_request_attr);
+        add!(
+            m,
+            OID_PKCS9_CHALLENGE_PASSWORD,
+            parse_challenge_password_attr
+        );
+        m
+    });
 
     /// Look into the parser map if the extension is known, and parse it,
     /// otherwise leave it as UnsupportedExtension

diff --git a/src/extensions/mod.rs b/src/extensions/mod.rs
@@ -331,94 +331,93 @@ impl ParsedExtension<'_> {
 }
 
 pub(crate) mod parser {
+    use std::sync::LazyLock;
+
     use crate::extensions::*;
     use asn1_rs::{GeneralizedTime, Integer};
-    use lazy_static::lazy_static;
 
     type ExtParser = fn(Input) -> IResult<Input, ParsedExtension, X509Error>;
 
-    lazy_static! {
-        static ref EXTENSION_PARSERS: HashMap<Oid<'static>, ExtParser> = {
-            macro_rules! add {
-                ($m:ident, $oid:ident, $p:ident) => {
-                    $m.insert($oid, $p as ExtParser);
-                };
-            }
+    static EXTENSION_PARSERS: LazyLock<HashMap<Oid<'static>, ExtParser>> = LazyLock::new(|| {
+        macro_rules! add {
+            ($m:ident, $oid:ident, $p:ident) => {
+                $m.insert($oid, $p as ExtParser);
+            };
+        }
 
-            let mut m = HashMap::new();
-            add!(
-                m,
-                OID_X509_EXT_SUBJECT_KEY_IDENTIFIER,
-                parse_keyidentifier_ext
-            );
-            add!(m, OID_X509_EXT_KEY_USAGE, parse_keyusage_ext);
-            add!(
-                m,
-                OID_X509_EXT_SUBJECT_ALT_NAME,
-                parse_subjectalternativename_ext
-            );
-            add!(
-                m,
-                OID_X509_EXT_ISSUER_ALT_NAME,
-                parse_issueralternativename_ext
-            );
-            add!(
-                m,
-                OID_X509_EXT_BASIC_CONSTRAINTS,
-                parse_basicconstraints_ext
-            );
-            add!(m, OID_X509_EXT_NAME_CONSTRAINTS, parse_nameconstraints_ext);
-            add!(
-                m,
-                OID_X509_EXT_CERTIFICATE_POLICIES,
-                parse_certificatepolicies_ext
-            );
-            add!(m, OID_X509_EXT_POLICY_MAPPINGS, parse_policymappings_ext);
-            add!(
-                m,
-                OID_X509_EXT_POLICY_CONSTRAINTS,
-                parse_policyconstraints_ext
-            );
-            add!(
-                m,
-                OID_X509_EXT_EXTENDED_KEY_USAGE,
-                parse_extendedkeyusage_ext
-            );
-            add!(
-                m,
-                OID_X509_EXT_CRL_DISTRIBUTION_POINTS,
-                parse_crldistributionpoints_ext
-            );
-            add!(
-                m,
-                OID_X509_EXT_INHIBIT_ANY_POLICY,
-                parse_inhibitanypolicy_ext
-            );
-            add!(
-                m,
-                OID_PKIX_AUTHORITY_INFO_ACCESS,
-                parse_authorityinfoaccess_ext
-            );
-            add!(m, OID_PKIX_SUBJECT_INFO_ACCESS, parse_subjectinfoaccess_ext);
-            add!(
-                m,
-                OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
-                parse_authoritykeyidentifier_ext
-            );
-            add!(m, OID_CT_LIST_SCT, parse_sct_ext);
-            add!(m, OID_X509_EXT_CERT_TYPE, parse_nscerttype_ext);
-            add!(m, OID_X509_EXT_CERT_COMMENT, parse_nscomment_ext);
-            add!(m, OID_X509_EXT_CRL_NUMBER, parse_crl_number);
-            add!(m, OID_X509_EXT_REASON_CODE, parse_reason_code);
-            add!(m, OID_X509_EXT_INVALIDITY_DATE, parse_invalidity_date);
-            add!(
-                m,
-                OID_X509_EXT_ISSUER_DISTRIBUTION_POINT,
-                parse_issuingdistributionpoint_ext
-            );
-            m
-        };
-    }
+        let mut m = HashMap::new();
+        add!(
+            m,
+            OID_X509_EXT_SUBJECT_KEY_IDENTIFIER,
+            parse_keyidentifier_ext
+        );
+        add!(m, OID_X509_EXT_KEY_USAGE, parse_keyusage_ext);
+        add!(
+            m,
+            OID_X509_EXT_SUBJECT_ALT_NAME,
+            parse_subjectalternativename_ext
+        );
+        add!(
+            m,
+            OID_X509_EXT_ISSUER_ALT_NAME,
+            parse_issueralternativename_ext
+        );
+        add!(
+            m,
+            OID_X509_EXT_BASIC_CONSTRAINTS,
+            parse_basicconstraints_ext
+        );
+        add!(m, OID_X509_EXT_NAME_CONSTRAINTS, parse_nameconstraints_ext);
+        add!(
+            m,
+            OID_X509_EXT_CERTIFICATE_POLICIES,
+            parse_certificatepolicies_ext
+        );
+        add!(m, OID_X509_EXT_POLICY_MAPPINGS, parse_policymappings_ext);
+        add!(
+            m,
+            OID_X509_EXT_POLICY_CONSTRAINTS,
+            parse_policyconstraints_ext
+        );
+        add!(
+            m,
+            OID_X509_EXT_EXTENDED_KEY_USAGE,
+            parse_extendedkeyusage_ext
+        );
+        add!(
+            m,
+            OID_X509_EXT_CRL_DISTRIBUTION_POINTS,
+            parse_crldistributionpoints_ext
+        );
+        add!(
+            m,
+            OID_X509_EXT_INHIBIT_ANY_POLICY,
+            parse_inhibitanypolicy_ext
+        );
+        add!(
+            m,
+            OID_PKIX_AUTHORITY_INFO_ACCESS,
+            parse_authorityinfoaccess_ext
+        );
+        add!(m, OID_PKIX_SUBJECT_INFO_ACCESS, parse_subjectinfoaccess_ext);
+        add!(
+            m,
+            OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
+            parse_authoritykeyidentifier_ext
+        );
+        add!(m, OID_CT_LIST_SCT, parse_sct_ext);
+        add!(m, OID_X509_EXT_CERT_TYPE, parse_nscerttype_ext);
+        add!(m, OID_X509_EXT_CERT_COMMENT, parse_nscomment_ext);
+        add!(m, OID_X509_EXT_CRL_NUMBER, parse_crl_number);
+        add!(m, OID_X509_EXT_REASON_CODE, parse_reason_code);
+        add!(m, OID_X509_EXT_INVALIDITY_DATE, parse_invalidity_date);
+        add!(
+            m,
+            OID_X509_EXT_ISSUER_DISTRIBUTION_POINT,
+            parse_issuingdistributionpoint_ext
+        );
+        m
+    });
 
     // look into the parser map if the extension is known, and parse it
     // otherwise, leave it as UnsupportedExtension

diff --git a/src/objects.rs b/src/objects.rs
@@ -20,31 +20,28 @@
 
 use crate::error::NidError;
 use asn1_rs::oid;
-use lazy_static::lazy_static;
 use oid_registry::*;
-use std::collections::HashMap;
+use std::{collections::HashMap, sync::LazyLock};
 
-lazy_static! {
-    static ref OID_REGISTRY: OidRegistry<'static> = {
-        let mut reg = OidRegistry::default().with_all_crypto().with_x509();
-        // OIDs not in the default registry can be added here
-        let entry = OidEntry::new("id-mgf1", "Mask Generator Function 1 (MGF1)");
-        reg.insert(oid! {1.2.840.113549.1.1.8}, entry);
-        reg
-    };
-    static ref ABBREV_MAP: HashMap<Oid<'static>, &'static str> = {
-        let mut m = HashMap::new();
-        m.insert(OID_X509_COMMON_NAME, "CN");
-        m.insert(OID_X509_COUNTRY_NAME, "C");
-        m.insert(OID_X509_LOCALITY_NAME, "L");
-        m.insert(OID_X509_STATE_OR_PROVINCE_NAME, "ST");
-        m.insert(OID_X509_ORGANIZATION_NAME, "O");
-        m.insert(OID_X509_ORGANIZATIONAL_UNIT, "OU");
-        m.insert(OID_DOMAIN_COMPONENT, "DC");
-        m.insert(OID_PKCS9_EMAIL_ADDRESS, "Email");
-        m
-    };
-}
+static OID_REGISTRY: LazyLock<OidRegistry<'static>> = LazyLock::new(|| {
+    let mut reg = OidRegistry::default().with_all_crypto().with_x509();
+    // OIDs not in the default registry can be added here
+    let entry = OidEntry::new("id-mgf1", "Mask Generator Function 1 (MGF1)");
+    reg.insert(oid! {1.2.840.113549.1.1.8}, entry);
+    reg
+});
+static ABBREV_MAP: LazyLock<HashMap<Oid<'static>, &'static str>> = LazyLock::new(|| {
+    let mut m = HashMap::new();
+    m.insert(OID_X509_COMMON_NAME, "CN");
+    m.insert(OID_X509_COUNTRY_NAME, "C");
+    m.insert(OID_X509_LOCALITY_NAME, "L");
+    m.insert(OID_X509_STATE_OR_PROVINCE_NAME, "ST");
+    m.insert(OID_X509_ORGANIZATION_NAME, "O");
+    m.insert(OID_X509_ORGANIZATIONAL_UNIT, "OU");
+    m.insert(OID_DOMAIN_COMPONENT, "DC");
+    m.insert(OID_PKCS9_EMAIL_ADDRESS, "Email");
+    m
+});
 
 /// Return the abbreviation (for ex. CN for Common Name), or if not found, the OID short name
 pub fn oid2abbrev<'a>(oid: &'a Oid, registry: &'a OidRegistry) -> Result<&'a str, NidError> {