Revert "Upgrade pkcs8 to 0.10.2" am: dcbba4d46d am: 24e1933ec4

Original change: https://android-review.googlesource.com/c/platform/external/rust/crates/pkcs8/+/2880482

Change-Id: I63d126c16d627688f9aedc18a58064fcd1786c44
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

17 files changed, 127 insertions, 178 deletions

diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json
index d445424..68186e0 100644
--- a/.cargo_vcs_info.json
+++ b/.cargo_vcs_info.json
@@ -1,6 +1,6 @@
 {
   "git": {
-    "sha1": "7736dd21389b8820dfeb396e8c4c932de93d3ddf"
+    "sha1": "974c2c7c88bc8d0541895a6e200c3ea9f91a33af"
   },
   "path_in_vcs": "pkcs8"
 }
\ No newline at end of file
diff --git a/Android.bp b/Android.bp
index cc61a68..005c9b5 100644
--- a/Android.bp
+++ b/Android.bp
@@ -35,7 +35,7 @@ rust_library_host {
     name: "libpkcs8",
     crate_name: "pkcs8",
     cargo_env_compat: true,
-    cargo_pkg_version: "0.10.2",
+    cargo_pkg_version: "0.9.0",
     srcs: ["src/lib.rs"],
     edition: "2021",
     features: ["alloc"],
@@ -49,7 +49,7 @@ rust_library_rlib {
     name: "libpkcs8_nostd",
     crate_name: "pkcs8",
     cargo_env_compat: true,
-    cargo_pkg_version: "0.10.2",
+    cargo_pkg_version: "0.9.0",
     srcs: ["src/lib.rs"],
     edition: "2021",
     features: ["alloc"],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1f754d5..15889d9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,30 +4,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## 0.10.2 (2023-04-04)
-### Changed
-- Bump `spki` to v0.7.1 ([#981])
-
-[#981]: https://github.com/RustCrypto/formats/pull/981
-
-## 0.10.1 (2023-03-05)
-### Added
-- `sha1-insecure` feature ([#913])
-
-[#913]: https://github.com/RustCrypto/formats/pull/913
-
-## 0.10.0 (2023-02-26) [YANKED]
-### Changed
-- Use blanket impls for `Decode*` traits ([#785])
-- Bump `der` dependency to v0.7 ([#899])
-- Bump `spki` dependency to v0.7 ([#900])
-- Bump `pkcs5` dependency to v0.7 ([#901])
-
-[#785]: https://github.com/RustCrypto/formats/pull/785
-[#899]: https://github.com/RustCrypto/formats/pull/899
-[#900]: https://github.com/RustCrypto/formats/pull/900
-[#901]: https://github.com/RustCrypto/formats/pull/901
-
 ## 0.9.0 (2022-05-08)
 ### Added
 - Error conversion support to `pkcs8::spki::Error` ([#335])
diff --git a/Cargo.toml b/Cargo.toml
index d836551..6de007a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,9 +11,9 @@
 
 [package]
 edition = "2021"
-rust-version = "1.65"
+rust-version = "1.57"
 name = "pkcs8"
-version = "0.10.2"
+version = "0.9.0"
 authors = ["RustCrypto Developers"]
 description = """
 Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8:
@@ -36,6 +36,7 @@ categories = [
 ]
 license = "Apache-2.0 OR MIT"
 repository = "https://github.com/RustCrypto/formats/tree/master/pkcs8"
+resolver = "2"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -45,11 +46,11 @@ rustdoc-args = [
 ]
 
 [dependencies.der]
-version = "0.7"
+version = "0.6"
 features = ["oid"]
 
 [dependencies.pkcs5]
-version = "0.7"
+version = "0.5"
 optional = true
 
 [dependencies.rand_core]
@@ -58,7 +59,7 @@ optional = true
 default-features = false
 
 [dependencies.spki]
-version = "0.7.1"
+version = "0.6"
 
 [dependencies.subtle]
 version = "2"
@@ -97,9 +98,9 @@ pem = [
     "der/pem",
     "spki/pem",
 ]
-sha1-insecure = [
+sha1 = [
     "encryption",
-    "pkcs5/sha1-insecure",
+    "pkcs5/sha1",
 ]
 std = [
     "alloc",
diff --git a/Cargo.toml.orig b/Cargo.toml.orig
index 9ffae2b..c5e821a 100644
--- a/Cargo.toml.orig
+++ b/Cargo.toml.orig
@@ -1,6 +1,6 @@
 [package]
 name = "pkcs8"
-version = "0.10.2"
+version = "0.9.0" # Also update html_root_url in lib.rs when bumping this
 description = """
 Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8:
 Private-Key Information Syntax Specification (RFC 5208), with additional
@@ -13,15 +13,15 @@ categories = ["cryptography", "data-structures", "encoding", "no-std", "parser-i
 keywords = ["crypto", "key", "pkcs", "private"]
 readme = "README.md"
 edition = "2021"
-rust-version = "1.65"
+rust-version = "1.57"
 
 [dependencies]
-der = { version = "0.7", features = ["oid"], path = "../der" }
-spki = { version = "0.7.1", path = "../spki" }
+der = { version = "0.6", features = ["oid"], path = "../der" }
+spki = { version = "0.6", path = "../spki" }
 
 # optional dependencies
 rand_core = { version = "0.6", optional = true, default-features = false }
-pkcs5 = { version = "0.7", optional = true, path = "../pkcs5" }
+pkcs5 = { version = "0.5", optional = true, path = "../pkcs5" }
 subtle = { version = "2", optional = true, default-features = false }
 
 [dev-dependencies]
@@ -30,14 +30,13 @@ tempfile = "3"
 
 [features]
 alloc = ["der/alloc", "der/zeroize", "spki/alloc"]
-std = ["alloc", "der/std", "spki/std"]
-
 3des = ["encryption", "pkcs5/3des"]
 des-insecure = ["encryption", "pkcs5/des-insecure"]
 encryption = ["alloc", "pkcs5/alloc", "pkcs5/pbes2", "rand_core"]
 getrandom = ["rand_core/getrandom"]
 pem = ["alloc", "der/pem", "spki/pem"]
-sha1-insecure = ["encryption", "pkcs5/sha1-insecure"]
+sha1 = ["encryption", "pkcs5/sha1"]
+std = ["alloc", "der/std", "spki/std"]
 
 [package.metadata.docs.rs]
 all-features = true
diff --git a/LICENSE-MIT b/LICENSE-MIT
deleted file mode 100644
index e0d0827..0000000
--- a/LICENSE-MIT
+++ /dev/null
@@ -1,25 +0,0 @@
-Copyright (c) 2020-2023 The RustCrypto Project Developers
-
-Permission is hereby granted, free of charge, to any
-person obtaining a copy of this software and associated
-documentation files (the "Software"), to deal in the
-Software without restriction, including without
-limitation the rights to use, copy, modify, merge,
-publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software
-is furnished to do so, subject to the following
-conditions:
-
-The above copyright notice and this permission notice
-shall be included in all copies or substantial portions
-of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
-ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
-TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
-PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
-SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
-IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
diff --git a/METADATA b/METADATA
index 3b0922c..38059a2 100644
--- a/METADATA
+++ b/METADATA
@@ -1,20 +1,20 @@
-# This project was upgraded with external_updater.
-# Usage: tools/external_updater/updater.sh update rust/crates/pkcs8
-# For more info, check https://cs.android.com/android/platform/superproject/+/main:tools/external_updater/README.md
-
 name: "pkcs8"
 description: "Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification (RFC 5208)."
 third_party {
+  url {
+    type: HOMEPAGE
+    value: "https://crates.io/crates/pkcs8"
+  }
+  url {
+    type: ARCHIVE
+    value: "https://static.crates.io/crates/pkcs8/pkcs8-0.9.0.crate"
+  }
+  version: "0.9.0"
+  # Dual-licensed, using the least restrictive per go/thirdpartylicenses#same.
   license_type: NOTICE
   last_upgrade_date {
-    year: 2023
-    month: 12
-    day: 15
-  }
-  homepage: "https://crates.io/crates/pkcs8"
-  identifier {
-    type: "Archive"
-    value: "https://static.crates.io/crates/pkcs8/pkcs8-0.10.2.crate"
-    version: "0.10.2"
+    year: 2022
+    month: 9
+    day: 6
   }
 }
diff --git a/README.md b/README.md
index c158543..2fa301c 100644
--- a/README.md
+++ b/README.md
@@ -54,7 +54,7 @@ algorithm, including the ones listed above or other algorithms.
 
 ## Minimum Supported Rust Version
 
-This crate requires **Rust 1.65** at a minimum.
+This crate requires **Rust 1.57** at a minimum.
 
 We may change the MSRV in the future, but it will be accompanied by a minor
 version bump.
@@ -81,7 +81,7 @@ dual licensed as above, without any additional terms or conditions.
 [docs-image]: https://docs.rs/pkcs8/badge.svg
 [docs-link]: https://docs.rs/pkcs8/
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.57+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats
 [build-image]: https://github.com/RustCrypto/formats/workflows/pkcs8/badge.svg?branch=master&event=push
diff --git a/src/encrypted_private_key_info.rs b/src/encrypted_private_key_info.rs
index d55949c..460e3f6 100644
--- a/src/encrypted_private_key_info.rs
+++ b/src/encrypted_private_key_info.rs
@@ -2,10 +2,7 @@
 
 use crate::{Error, Result};
 use core::fmt;
-use der::{
-    asn1::OctetStringRef, Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader,
-    Sequence, Writer,
-};
+use der::{asn1::OctetStringRef, Decode, DecodeValue, Encode, Header, Reader, Sequence};
 use pkcs5::EncryptionScheme;
 
 #[cfg(feature = "alloc")]
@@ -39,6 +36,7 @@ use der::pem::PemLabel;
 /// ```
 ///
 /// [RFC 5208 Section 6]: https://tools.ietf.org/html/rfc5208#section-6
+#[cfg_attr(docsrs, doc(cfg(feature = "pkcs5")))]
 #[derive(Clone, Eq, PartialEq)]
 pub struct EncryptedPrivateKeyInfo<'a> {
     /// Algorithm identifier describing a password-based symmetric encryption
@@ -53,6 +51,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> {
     /// Attempt to decrypt this encrypted private key using the provided
     /// password to derive an encryption key.
     #[cfg(feature = "encryption")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
     pub fn decrypt(&self, password: impl AsRef<[u8]>) -> Result<SecretDocument> {
         Ok(self
             .encryption_algorithm
@@ -63,6 +62,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> {
     /// Encrypt the given ASN.1 DER document using a symmetric encryption key
     /// derived from the provided password.
     #[cfg(feature = "encryption")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
     pub(crate) fn encrypt(
         mut rng: impl CryptoRng + RngCore,
         password: impl AsRef<[u8]>,
@@ -81,6 +81,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> {
     /// Encrypt this private key using a symmetric encryption key derived
     /// from the provided password and [`pbes2::Parameters`].
     #[cfg(feature = "encryption")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
     pub(crate) fn encrypt_with(
         pbes2_params: pbes2::Parameters<'a>,
         password: impl AsRef<[u8]>,
@@ -110,21 +111,18 @@ impl<'a> DecodeValue<'a> for EncryptedPrivateKeyInfo<'a> {
     }
 }
 
-impl EncodeValue for EncryptedPrivateKeyInfo<'_> {
-    fn value_len(&self) -> der::Result<Length> {
-        self.encryption_algorithm.encoded_len()?
-            + OctetStringRef::new(self.encrypted_data)?.encoded_len()?
-    }
-
-    fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> {
-        self.encryption_algorithm.encode(writer)?;
-        OctetStringRef::new(self.encrypted_data)?.encode(writer)?;
-        Ok(())
+impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> {
+    fn fields<F, T>(&self, f: F) -> der::Result<T>
+    where
+        F: FnOnce(&[&dyn Encode]) -> der::Result<T>,
+    {
+        f(&[
+            &self.encryption_algorithm,
+            &OctetStringRef::new(self.encrypted_data)?,
+        ])
     }
 }
 
-impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> {}
-
 impl<'a> TryFrom<&'a [u8]> for EncryptedPrivateKeyInfo<'a> {
     type Error = Error;
 
@@ -142,6 +140,7 @@ impl<'a> fmt::Debug for EncryptedPrivateKeyInfo<'a> {
 }
 
 #[cfg(feature = "alloc")]
+#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "pkcs5"))))]
 impl TryFrom<EncryptedPrivateKeyInfo<'_>> for SecretDocument {
     type Error = Error;
 
@@ -151,6 +150,7 @@ impl TryFrom<EncryptedPrivateKeyInfo<'_>> for SecretDocument {
 }
 
 #[cfg(feature = "alloc")]
+#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "pkcs5"))))]
 impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for SecretDocument {
     type Error = Error;
 
@@ -160,6 +160,7 @@ impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for SecretDocument {
 }
 
 #[cfg(feature = "pem")]
+#[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 impl PemLabel for EncryptedPrivateKeyInfo<'_> {
     const PEM_LABEL: &'static str = "ENCRYPTED PRIVATE KEY";
 }
diff --git a/src/error.rs b/src/error.rs
index 70c60ae..bc4c2ea 100644
--- a/src/error.rs
+++ b/src/error.rs
@@ -26,7 +26,7 @@ pub enum Error {
     /// or [`SubjectPublicKeyInfo::subject_public_key`][`crate::SubjectPublicKeyInfo::subject_public_key`].
     KeyMalformed,
 
-    /// [`AlgorithmIdentifier::parameters`][`crate::AlgorithmIdentifierRef::parameters`]
+    /// [`AlgorithmIdentifier::parameters`][`crate::AlgorithmIdentifier::parameters`]
     /// is malformed or otherwise encoded in an unexpected manner.
     ParametersMalformed,
 
diff --git a/src/lib.rs b/src/lib.rs
index 53730d4..9fcae3a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,19 +1,13 @@
 #![no_std]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![doc(
-    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
-    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
-)]
-#![forbid(unsafe_code)]
-#![warn(
-    clippy::mod_module_files,
-    clippy::unwrap_used,
-    missing_docs,
-    rust_2018_idioms,
-    unused_lifetimes,
-    unused_qualifications
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
+    html_root_url = "https://docs.rs/pkcs8/0.9.0-pre"
 )]
+#![forbid(unsafe_code, clippy::unwrap_used)]
+#![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
 
 //! ## About this crate
 //! This library provides generalized PKCS#8 support designed to work with a
@@ -94,9 +88,7 @@ pub use crate::{
     version::Version,
 };
 pub use der::{self, asn1::ObjectIdentifier, oid::AssociatedOid};
-pub use spki::{
-    self, AlgorithmIdentifierRef, DecodePublicKey, SubjectPublicKeyInfo, SubjectPublicKeyInfoRef,
-};
+pub use spki::{self, AlgorithmIdentifier, DecodePublicKey, SubjectPublicKeyInfo};
 
 #[cfg(feature = "alloc")]
 pub use {
@@ -106,6 +98,7 @@ pub use {
 };
 
 #[cfg(feature = "pem")]
+#[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 pub use der::pem::LineEnding;
 
 #[cfg(feature = "pkcs5")]
diff --git a/src/private_key_info.rs b/src/private_key_info.rs
index ecae624..52f0878 100644
--- a/src/private_key_info.rs
+++ b/src/private_key_info.rs
@@ -1,11 +1,10 @@
 //! PKCS#8 `PrivateKeyInfo`.
 
-use crate::{AlgorithmIdentifierRef, Error, Result, Version};
+use crate::{AlgorithmIdentifier, Error, Result, Version};
 use core::fmt;
 use der::{
     asn1::{AnyRef, BitStringRef, ContextSpecific, OctetStringRef},
-    Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, Sequence, TagMode, TagNumber,
-    Writer,
+    Decode, DecodeValue, Encode, Header, Reader, Sequence, TagMode, TagNumber,
 };
 
 #[cfg(feature = "alloc")]
@@ -30,7 +29,7 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1;
 
 /// PKCS#8 `PrivateKeyInfo`.
 ///
-/// ASN.1 structure containing an `AlgorithmIdentifier`, private key
+/// ASN.1 structure containing an [`AlgorithmIdentifier`], private key
 /// data in an algorithm specific format, and optional attributes
 /// (ignored by this implementation).
 ///
@@ -91,8 +90,8 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1;
 /// [RFC 5958 Section 2]: https://datatracker.ietf.org/doc/html/rfc5958#section-2
 #[derive(Clone)]
 pub struct PrivateKeyInfo<'a> {
-    /// X.509 `AlgorithmIdentifier` for the private key type.
-    pub algorithm: AlgorithmIdentifierRef<'a>,
+    /// X.509 [`AlgorithmIdentifier`] for the private key type.
+    pub algorithm: AlgorithmIdentifier<'a>,
 
     /// Private key data.
     pub private_key: &'a [u8],
@@ -106,7 +105,7 @@ impl<'a> PrivateKeyInfo<'a> {
     ///
     /// This is a helper method which initializes `attributes` and `public_key`
     /// to `None`, helpful if you aren't using those.
-    pub fn new(algorithm: AlgorithmIdentifierRef<'a>, private_key: &'a [u8]) -> Self {
+    pub fn new(algorithm: AlgorithmIdentifier<'a>, private_key: &'a [u8]) -> Self {
         Self {
             algorithm,
             private_key,
@@ -135,39 +134,28 @@ impl<'a> PrivateKeyInfo<'a> {
     ///   - p: 1
     /// - Cipher: AES-256-CBC (best available option for PKCS#5 encryption)
     #[cfg(feature = "encryption")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
     pub fn encrypt(
         &self,
         rng: impl CryptoRng + RngCore,
         password: impl AsRef<[u8]>,
     ) -> Result<SecretDocument> {
-        let der = Zeroizing::new(self.to_der()?);
+        let der = Zeroizing::new(self.to_vec()?);
         EncryptedPrivateKeyInfo::encrypt(rng, password, der.as_ref())
     }
 
     /// Encrypt this private key using a symmetric encryption key derived
     /// from the provided password and [`pbes2::Parameters`].
     #[cfg(feature = "encryption")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
     pub fn encrypt_with_params(
         &self,
         pbes2_params: pbes2::Parameters<'_>,
         password: impl AsRef<[u8]>,
     ) -> Result<SecretDocument> {
-        let der = Zeroizing::new(self.to_der()?);
+        let der = Zeroizing::new(self.to_vec()?);
         EncryptedPrivateKeyInfo::encrypt_with(pbes2_params, password, der.as_ref())
     }
-
-    /// Get a `BIT STRING` representation of the public key, if present.
-    fn public_key_bit_string(&self) -> der::Result<Option<ContextSpecific<BitStringRef<'a>>>> {
-        self.public_key
-            .map(|pk| {
-                BitStringRef::from_bytes(pk).map(|value| ContextSpecific {
-                    tag_number: PUBLIC_KEY_TAG,
-                    tag_mode: TagMode::Implicit,
-                    value,
-                })
-            })
-            .transpose()
-    }
 }
 
 impl<'a> DecodeValue<'a> for PrivateKeyInfo<'a> {
@@ -213,25 +201,29 @@ impl<'a> DecodeValue<'a> for PrivateKeyInfo<'a> {
     }
 }
 
-impl EncodeValue for PrivateKeyInfo<'_> {
-    fn value_len(&self) -> der::Result<Length> {
-        self.version().encoded_len()?
-            + self.algorithm.encoded_len()?
-            + OctetStringRef::new(self.private_key)?.encoded_len()?
-            + self.public_key_bit_string()?.encoded_len()?
-    }
-
-    fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> {
-        self.version().encode(writer)?;
-        self.algorithm.encode(writer)?;
-        OctetStringRef::new(self.private_key)?.encode(writer)?;
-        self.public_key_bit_string()?.encode(writer)?;
-        Ok(())
+impl<'a> Sequence<'a> for PrivateKeyInfo<'a> {
+    fn fields<F, T>(&self, f: F) -> der::Result<T>
+    where
+        F: FnOnce(&[&dyn Encode]) -> der::Result<T>,
+    {
+        f(&[
+            &u8::from(self.version()),
+            &self.algorithm,
+            &OctetStringRef::new(self.private_key)?,
+            &self
+                .public_key
+                .map(|pk| {
+                    BitStringRef::from_bytes(pk).map(|value| ContextSpecific {
+                        tag_number: PUBLIC_KEY_TAG,
+                        tag_mode: TagMode::Implicit,
+                        value,
+                    })
+                })
+                .transpose()?,
+        ])
     }
 }
 
-impl<'a> Sequence<'a> for PrivateKeyInfo<'a> {}
-
 impl<'a> TryFrom<&'a [u8]> for PrivateKeyInfo<'a> {
     type Error = Error;
 
@@ -251,6 +243,7 @@ impl<'a> fmt::Debug for PrivateKeyInfo<'a> {
 }
 
 #[cfg(feature = "alloc")]
+#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
 impl TryFrom<PrivateKeyInfo<'_>> for SecretDocument {
     type Error = Error;
 
@@ -260,6 +253,7 @@ impl TryFrom<PrivateKeyInfo<'_>> for SecretDocument {
 }
 
 #[cfg(feature = "alloc")]
+#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
 impl TryFrom<&PrivateKeyInfo<'_>> for SecretDocument {
     type Error = Error;
 
@@ -269,11 +263,13 @@ impl TryFrom<&PrivateKeyInfo<'_>> for SecretDocument {
 }
 
 #[cfg(feature = "pem")]
+#[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 impl PemLabel for PrivateKeyInfo<'_> {
     const PEM_LABEL: &'static str = "PRIVATE KEY";
 }
 
 #[cfg(feature = "subtle")]
+#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))]
 impl<'a> ConstantTimeEq for PrivateKeyInfo<'a> {
     fn ct_eq(&self, other: &Self) -> Choice {
         // NOTE: public fields are not compared in constant time
@@ -285,9 +281,11 @@ impl<'a> ConstantTimeEq for PrivateKeyInfo<'a> {
 }
 
 #[cfg(feature = "subtle")]
+#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))]
 impl<'a> Eq for PrivateKeyInfo<'a> {}
 
 #[cfg(feature = "subtle")]
+#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))]
 impl<'a> PartialEq for PrivateKeyInfo<'a> {
     fn eq(&self, other: &Self) -> bool {
         self.ct_eq(other).into()
diff --git a/src/traits.rs b/src/traits.rs
index b4f80b2..dd86b90 100644
--- a/src/traits.rs
+++ b/src/traits.rs
@@ -21,14 +21,17 @@ use der::pem::PemLabel;
 use std::path::Path;
 
 /// Parse a private key object from a PKCS#8 encoded document.
-pub trait DecodePrivateKey: Sized {
+pub trait DecodePrivateKey: for<'a> TryFrom<PrivateKeyInfo<'a>, Error = Error> + Sized {
     /// Deserialize PKCS#8 private key from ASN.1 DER-encoded data
     /// (binary format).
-    fn from_pkcs8_der(bytes: &[u8]) -> Result<Self>;
+    fn from_pkcs8_der(bytes: &[u8]) -> Result<Self> {
+        Self::try_from(PrivateKeyInfo::try_from(bytes)?)
+    }
 
     /// Deserialize encrypted PKCS#8 private key from ASN.1 DER-encoded data
     /// (binary format) and attempt to decrypt it using the provided password.
     #[cfg(feature = "encryption")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
     fn from_pkcs8_encrypted_der(bytes: &[u8], password: impl AsRef<[u8]>) -> Result<Self> {
         let doc = EncryptedPrivateKeyInfo::try_from(bytes)?.decrypt(password)?;
         Self::from_pkcs8_der(doc.as_bytes())
@@ -42,6 +45,7 @@ pub trait DecodePrivateKey: Sized {
     /// -----BEGIN PRIVATE KEY-----
     /// ```
     #[cfg(feature = "pem")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
     fn from_pkcs8_pem(s: &str) -> Result<Self> {
         let (label, doc) = SecretDocument::from_pem(s)?;
         PrivateKeyInfo::validate_pem_label(label)?;
@@ -57,6 +61,7 @@ pub trait DecodePrivateKey: Sized {
     /// -----BEGIN ENCRYPTED PRIVATE KEY-----
     /// ```
     #[cfg(all(feature = "encryption", feature = "pem"))]
+    #[cfg_attr(docsrs, doc(cfg(all(feature = "encryption", feature = "pem"))))]
     fn from_pkcs8_encrypted_pem(s: &str, password: impl AsRef<[u8]>) -> Result<Self> {
         let (label, doc) = SecretDocument::from_pem(s)?;
         EncryptedPrivateKeyInfo::validate_pem_label(label)?;
@@ -66,12 +71,15 @@ pub trait DecodePrivateKey: Sized {
     /// Load PKCS#8 private key from an ASN.1 DER-encoded file on the local
     /// filesystem (binary format).
     #[cfg(feature = "std")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     fn read_pkcs8_der_file(path: impl AsRef<Path>) -> Result<Self> {
         Self::from_pkcs8_der(SecretDocument::read_der_file(path)?.as_bytes())
     }
 
     /// Load PKCS#8 private key from a PEM-encoded file on the local filesystem.
     #[cfg(all(feature = "pem", feature = "std"))]
+    #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
+    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     fn read_pkcs8_pem_file(path: impl AsRef<Path>) -> Result<Self> {
         let (label, doc) = SecretDocument::read_pem_file(path)?;
         PrivateKeyInfo::validate_pem_label(&label)?;
@@ -79,17 +87,9 @@ pub trait DecodePrivateKey: Sized {
     }
 }
 
-impl<T> DecodePrivateKey for T
-where
-    T: for<'a> TryFrom<PrivateKeyInfo<'a>, Error = Error>,
-{
-    fn from_pkcs8_der(bytes: &[u8]) -> Result<Self> {
-        Self::try_from(PrivateKeyInfo::try_from(bytes)?)
-    }
-}
-
 /// Serialize a private key object to a PKCS#8 encoded document.
 #[cfg(feature = "alloc")]
+#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
 pub trait EncodePrivateKey {
     /// Serialize a [`SecretDocument`] containing a PKCS#8-encoded private key.
     fn to_pkcs8_der(&self) -> Result<SecretDocument>;
@@ -97,6 +97,7 @@ pub trait EncodePrivateKey {
     /// Create an [`SecretDocument`] containing the ciphertext of
     /// a PKCS#8 encoded private key encrypted under the given `password`.
     #[cfg(feature = "encryption")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
     fn to_pkcs8_encrypted_der(
         &self,
         rng: impl CryptoRng + RngCore,
@@ -107,6 +108,7 @@ pub trait EncodePrivateKey {
 
     /// Serialize this private key as PEM-encoded PKCS#8 with the given [`LineEnding`].
     #[cfg(feature = "pem")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
     fn to_pkcs8_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> {
         let doc = self.to_pkcs8_der()?;
         Ok(doc.to_pem(PrivateKeyInfo::PEM_LABEL, line_ending)?)
@@ -115,6 +117,7 @@ pub trait EncodePrivateKey {
     /// Serialize this private key as an encrypted PEM-encoded PKCS#8 private
     /// key using the `provided` to derive an encryption key.
     #[cfg(all(feature = "encryption", feature = "pem"))]
+    #[cfg_attr(docsrs, doc(cfg(all(feature = "encryption", feature = "pem"))))]
     fn to_pkcs8_encrypted_pem(
         &self,
         rng: impl CryptoRng + RngCore,
@@ -127,12 +130,14 @@ pub trait EncodePrivateKey {
 
     /// Write ASN.1 DER-encoded PKCS#8 private key to the given path
     #[cfg(feature = "std")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     fn write_pkcs8_der_file(&self, path: impl AsRef<Path>) -> Result<()> {
         Ok(self.to_pkcs8_der()?.write_der_file(path)?)
     }
 
     /// Write ASN.1 DER-encoded PKCS#8 private key to the given path
     #[cfg(all(feature = "pem", feature = "std"))]
+    #[cfg_attr(docsrs, doc(cfg(all(feature = "pem", feature = "std"))))]
     fn write_pkcs8_pem_file(&self, path: impl AsRef<Path>, line_ending: LineEnding) -> Result<()> {
         let doc = self.to_pkcs8_der()?;
         Ok(doc.write_pem_file(path, PrivateKeyInfo::PEM_LABEL, line_ending)?)
diff --git a/src/version.rs b/src/version.rs
index 0ca80bc..3393683 100644
--- a/src/version.rs
+++ b/src/version.rs
@@ -6,7 +6,7 @@ use der::{Decode, Encode, FixedTag, Reader, Tag, Writer};
 /// Version identifier for PKCS#8 documents.
 ///
 /// (RFC 5958 designates `0` and `1` as the only valid versions for PKCS#8 documents)
-#[derive(Clone, Debug, Copy, PartialEq, Eq)]
+#[derive(Clone, Debug, Copy, PartialEq)]
 pub enum Version {
     /// Denotes PKCS#8 v1: no public key field.
     V1 = 0,
@@ -36,7 +36,7 @@ impl Encode for Version {
         der::Length::from(1u8).for_tlv()
     }
 
-    fn encode(&self, writer: &mut impl Writer) -> der::Result<()> {
+    fn encode(&self, writer: &mut dyn Writer) -> der::Result<()> {
         u8::from(*self).encode(writer)
     }
 }
diff --git a/tests/encrypted_private_key.rs b/tests/encrypted_private_key.rs
index dbe0a18..2bd72ae 100644
--- a/tests/encrypted_private_key.rs
+++ b/tests/encrypted_private_key.rs
@@ -183,7 +183,7 @@ fn encrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() {
 #[test]
 fn encrypt_ed25519_der_encpriv_aes256_scrypt() {
     let scrypt_params = pkcs5::pbes2::Parameters::scrypt_aes256cbc(
-        pkcs5::scrypt::Params::new(15, 8, 1, 32).unwrap(),
+        Default::default(),
         &hex!("E6211E2348AD69E0"),
         &hex!("9BD0A6251F2254F9FD5963887C27CF01"),
     )
@@ -203,7 +203,7 @@ fn encode_ed25519_encpriv_aes256_pbkdf2_sha256_der() {
     let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap();
     assert_eq!(
         ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE,
-        &pk.to_der().unwrap()
+        &pk.to_vec().unwrap()
     );
 }
 
diff --git a/tests/private_key.rs b/tests/private_key.rs
index 1ef0f73..15d6694 100644
--- a/tests/private_key.rs
+++ b/tests/private_key.rs
@@ -1,6 +1,5 @@
 //! PKCS#8 private key tests
 
-use der::asn1::ObjectIdentifier;
 use hex_literal::hex;
 use pkcs8::{PrivateKeyInfo, Version};
 
@@ -49,11 +48,7 @@ fn decode_ec_p256_der() {
     assert_eq!(pk.algorithm.oid, "1.2.840.10045.2.1".parse().unwrap());
 
     assert_eq!(
-        pk.algorithm
-            .parameters
-            .unwrap()
-            .decode_as::<ObjectIdentifier>()
-            .unwrap(),
+        pk.algorithm.parameters.unwrap().oid().unwrap(),
         "1.2.840.10045.3.1.7".parse().unwrap()
     );
 
@@ -129,7 +124,7 @@ fn decode_x25519_der() {
 #[cfg(feature = "alloc")]
 fn encode_ec_p256_der() {
     let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap();
-    let pk_encoded = pk.to_der().unwrap();
+    let pk_encoded = pk.to_vec().unwrap();
     assert_eq!(EC_P256_DER_EXAMPLE, pk_encoded);
 }
 
@@ -137,14 +132,14 @@ fn encode_ec_p256_der() {
 #[cfg(feature = "alloc")]
 fn encode_ed25519_der_v1() {
     let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap();
-    assert_eq!(ED25519_DER_V1_EXAMPLE, pk.to_der().unwrap());
+    assert_eq!(ED25519_DER_V1_EXAMPLE, pk.to_vec().unwrap());
 }
 
 #[test]
 #[cfg(all(feature = "alloc", feature = "subtle"))]
 fn encode_ed25519_der_v2() {
     let private_key = PrivateKeyInfo::try_from(ED25519_DER_V2_EXAMPLE).unwrap();
-    let private_der = private_key.to_der().unwrap();
+    let private_der = private_key.to_vec().unwrap();
     assert_eq!(
         private_key,
         PrivateKeyInfo::try_from(private_der.as_ref()).unwrap()
@@ -155,7 +150,7 @@ fn encode_ed25519_der_v2() {
 #[cfg(feature = "alloc")]
 fn encode_rsa_2048_der() {
     let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap();
-    assert_eq!(RSA_2048_DER_EXAMPLE, &pk.to_der().unwrap());
+    assert_eq!(RSA_2048_DER_EXAMPLE, &pk.to_vec().unwrap());
 }
 
 #[test]
diff --git a/tests/traits.rs b/tests/traits.rs
index 4a603bb..1c8a969 100644
--- a/tests/traits.rs
+++ b/tests/traits.rs
@@ -30,6 +30,12 @@ impl AsRef<[u8]> for MockKey {
     }
 }
 
+impl DecodePrivateKey for MockKey {
+    fn from_pkcs8_der(bytes: &[u8]) -> Result<MockKey> {
+        Ok(MockKey(bytes.to_vec()))
+    }
+}
+
 impl EncodePrivateKey for MockKey {
     fn to_pkcs8_der(&self) -> Result<SecretDocument> {
         Ok(SecretDocument::try_from(self.as_ref())?)
@@ -40,7 +46,7 @@ impl TryFrom<PrivateKeyInfo<'_>> for MockKey {
     type Error = Error;
 
     fn try_from(pkcs8: PrivateKeyInfo<'_>) -> Result<MockKey> {
-        Ok(MockKey(pkcs8.to_der()?))
+        Ok(MockKey(pkcs8.to_vec()?))
     }
 }