Up to [cvs.NetBSD.org] / pkgsrc / security / py-ecdsa
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
py-ecdsa: updated to 0.19.0 ecdsa 0.19.0 New API: to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini) New features: Support for twisted Brainpool curves Doc fix: Fix curve equation in glossary Documentation for signature encoding and signature decoding functions Maintenance: Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected) Fixes aroung hypothesis parameters Officially support Python 3.11 and 3.12 Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies Dropped the internal _rwlock module as it's unused Added mutation testing to CI, lots of speed-ups to the test suite to make it happen Removal of unnecessary six.b literals (Alexandre Detiste) Deprecations: int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release
py-ecdsa: updated to 0.18.0 Release 0.18.0 (09 Jul 2022) New API: * `curve_by_name` in `curves` module to get a `Curve` object by providing curve name. Bug fix: * Make the `VerifyingKey` encoded with explicit parameters use the same kind of point encoding for public key and curve generator. * Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise `MalformedPointError` instead of `AssertionError`. Doc fix: * Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic. * Make object names more consistent, make them into hyperlinks on the readthedocs documentation. * Make security note more explicit (Ian Rodney) * Fix the `explicit` vs `named_curve` confusion in `VerifyingKey` docs. Maintenance: * Updated black version; slight changes to formatting * Include interoperability tests for Ed25519 and Ed448 with OpenSSL.
py-ecdsa: updated to 0.17.0 Relase 0.17.0 (27 May 2021) New API: * Keys that use explicit curve parameters can now be read and written. Reading of explicit curves can be disabled by using the `valid_curve_encodings` keyword argument in `VerifyingKey.from_pem()`, `VerifyingKey.from_der()`, `SigningKey.from_pem()`, and `SigningKey.from_der()`. * Keys can now be written with use of explicit curve parameters, use `curve_parameters_encoding` keyword argument of `VerifyingKey.to_pem()`, `VerifyingKey.to_der()`, `SigningKey.to_pem(), or `SigningKey.to_der()` to specify the format. By default `named_curve` will be used, unless the curve doesn't have an associated OID (as will be the case for an unsupported curve), then `explicit` encoding will be used. * Allow specifying acceptable point formats when loading public keys (this also fixes a minor bug where python-ecdsa would accept raw encoding for points in PKCS#8 files). Set of accepted encodings is controlled by `valid_encodings` keyword argument in `ECDH.load_received_public_key_bytes()`, `VerifyingKey.from_string()`, `VerifyingKey.from_pem()`, VerifyingKey.from_der()`. * `PointJacobi` and `Point` now inherit from `AbstractPoint` that implements the methods for parsing points. That added `from_bytes()` and `to_bytes()` methods to both of them. * Curve parameters can now be read and written to PEM and DER files. The `Curve` class supports new `to_der()`, `from_der()`, `to_pem()`, and `from_pem()` methods. Doc fix: * Describe in detail which methods can raise `RSZeroError`, and that `SigningKey.sign_deterministic()` won't raise it. Bug fix: * Correctly truncate hash values larger than the curve order (only impacted custom curves and the curves added in this release). * Correctly handle curves for which the order is larger than the prime (only impacted custom curves and the secp160r1 curve added in this release). * Fix the handling of `==` and `!=` for `Public_key`, `Private_key`, `Point`, `PointJacobi`, `VerifyingKey`, and `SigningKey` so that it behaves consistently and in the expected way both in Python 2 and Python 3. * Implement lock-less algorithm inside PointJacobi for keeping shared state so that when calculation is aborted with KeyboardInterrupt, the state doesn't become corrupted (this fixes the occasional breakage of ecdsa in interactive shells). New features: * The `speed.py` script now provides performance for signature verification without use of precomputation. * New curves supported: secp112r1, secp112r2, secp128r1, secp160r1. Performance: * Use 2-ary Non-Adjacent Form for the combined multiply-add. This speeds up single-shot verify (i.e. without precomputation) by about 4 to 5%. * Use native Python 3.8 support for calculating multiplicative inverses. Maintenace: * Include Python 3.9 in PyPI keywords. * More realistic branch coverage counting (ignore Python version-specific branches). * Additional test coverage to many parts of the library. * Migrate to Github Actions for Continuous Testing.
Update py-ecdsa to 0.15. Patch from Jonathan Schleifer via PR pkg/54883. Contains a fix for broken signature verification.
Update security/py-ecdsa to 0.13 -------------------------------- pkgsrc changes: - Adjust EGG_NAME Upstream changes: * Release 0.13 (07 Feb 2015) Fix the argument order for Curve constructor (put openssl_name= at the end, with a default value) to unbreak compatibility with external callers who used the 0.11 convention. * Release 0.12 (06 Feb 2015) Switch to Versioneer for version-string management (fixing the broken `ecdsa.__version__` attribute). Add Curve.openssl_name property. Mention secp256k1 in README, test against OpenSSL. Produce "wheel" distributions. Add py3.4 and pypy3 compatibility testing. Other minor fixes.
Install as egg to fix the 2.6 installation.
Added security/py-ecdsa to the NetBSD packages collection. py-ecdsa is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python, released under the MIT license. With this library, you can quickly create keypairs (signing key and verifying key), sign messages, and verify the signatures. The keys and signatures are very short, making them easy to handle and incorporate into other protocols.