From 842064dd6b315f00ab925c81383c383526ece17b Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Mon, 4 Nov 2019 00:45:11 +0100 Subject: [PATCH 1/2] add 0.14 changes to NEWS --- NEWS | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/NEWS b/NEWS index 1b248bdc..59978de9 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,97 @@ +* Release 0.14 (06 Nov 2019) + +Bug fixes: +Strict checking of DER requirements when parsing SEQUENCE, INTEGER, +OBJECT IDENTIFIER and BITSTRING objects. +DER parsers now consistently raise `UnexpectedDER` exception on malformed DER +encoded byte strings. +Make sure that both malformed and invalid signatures raise `BadSignatureError`. +Ensure that all `SigningKey` and `VerifyingKey` methods that should accept +bytes-like objects actually do accept them (also avoid copying input strings). +Make `SigningKey.sign_digest_deterministic` use default object hashfunc when +none was provided. +`encode_integer` now works for large integers. +Make `encode_oid` and `remove_object` correctly handle OBJECT IDENTIFIERs +with large second subidentifier and padding in encoded subidentifiers. + +New features: +Deterministic signature methods now accept `extra_entropy` parameter to further +randomise the selection of `k` (the nonce) for signature, as specified in +RFC6979. +Recovery of public key from signature is now supported. +Support for SEC1/X9.62 formatted keys, all three encodings are supported: +"uncompressed", "compressed" and "hybrid". Both string, and PEM/DER will +automatically accept them, if the size of the key matches the curve. +Benchmarking application now provides performance numbers that are easier to +compare against OpenSSL. +Support for all Brainpool curves (non-twisted). + +New API: +`CurveFp`: `__str__` is now supported. +`SigningKey.sign_deterministic`, `SigningKey.sign_digest_deterministic` and +`generate_k`: extra_entropy parameter was added +`Signature.recover_public_keys` was added +`VerifyingKey.from_public_key_recovery` and +`VerifyingKey.from_public_key_recovery_with_digest` were added +`VerifyingKey.to_string`: `encoding` parameter was added +`VerifyingKey.to_der` and `SigningKey.to_der`: `point_encoding` parameter was +added. +`encode_bitstring`: `unused` parameter was added +`remove_bitstring`: `expect_unused` parameter was added +`SECP256k1` is now part of `curves` `*` import +`Curves`: `__repr__` is now supported +`VerifyingKey`: `__repr__` is now supported + +Deprecations: +Python 2.5 is not supported any more - dead code removal. +`from keys import *` will now import only objects defined in that module. +Trying to decode a malformed point using `VerifyingKey.from_string` +will rise now the `MalformedPointError` exception (that inherits from +`AssertionError` but is not it). +Multiple functions in `numbertheory` are considered deprecated: `phi`, +`carmichael`, `carmichael_of_factorized`, `carmichael_of_ppower`, +`order_mod`, `largest_factor_relatively_prime`, `kinda_order_mod`. They will +now emit `DeprecationWarning` when used. Run the application or test suite +with `-Wd` option or with `PYTHONWARNINGS=default` environment variable to +verify if those methods are not used. They will be removed completely in a +future release. +`encode_bitstring` and `decode_bitstring` expect the number of unused +bits to be passed as an argument now. They will emit `DeprecationWarning` +if they are used in the deprecated way. +modular_exp: will emit `DeprecationWarning` + +Hardening: +Deterministic signatures now verify that the signature won't leak private +key through very unlikely selection of `k` value (the nonce). +Nonce bit size hiding was added (hardening against Minerva attack). Please +note that it DOES NOT make library secure against side channel attacks (timing +attacks). + +Performance: +The public key in key generation is not verified twice now, making key +generation and private key reading about 33% faster. +Microoptimisation to `inverse_mod` function, increasing performance by about +40% for all operations. + +Maintenance: +Extended test coverage to newer python versions. +Fixes to examples in README.md: correct commands, more correct code (now works +on Python 3). +Stopped bundling `six` +Moved sources into `src` subdirectory +Made benchmarking script standalone (runnable either with `tox -e speed`, or +after installation, with `python speed.py`) +Now test coverage reported to coveralls is branch coverage, not line coverage +Autodetection of curves supported by OpenSSL (test suite compatibility with +Fedora OpenSSL package). +More readable error messages (exceptions) in `der` module. +Documentation to `VerifyingKey`, `SigningKey` and signature encoder/decoder +functions added. +Added measuring and verifying condition coverage to Continuous Integration. +Big clean-up of the test suite, use pytest parametrisation and hypothesis +for better test coverage and more precise failure reporting. +Use platform-provided `math.gcd`, when provided. + * Release 0.13.3 (07 Oct 2019) Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding and From 270fd9fe6cbe0a931e085a5e1cb198496d4d9e54 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Wed, 6 Nov 2019 02:25:41 +0100 Subject: [PATCH 2/2] update versioneer paths --- .gitattributes | 2 +- MANIFEST.in | 2 +- src/ecdsa/_version.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitattributes b/.gitattributes index b3955b09..6569461e 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1 @@ -ecdsa/_version.py export-subst +src/ecdsa/_version.py export-subst diff --git a/MANIFEST.in b/MANIFEST.in index 6a80c886..a728ebd8 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,3 +1,3 @@ # basic metadata include MANIFEST.in LICENSE NEWS README.md versioneer.py -include ecdsa/_version.py +include src/ecdsa/_version.py diff --git a/src/ecdsa/_version.py b/src/ecdsa/_version.py index 70a91304..a539b3a2 100644 --- a/src/ecdsa/_version.py +++ b/src/ecdsa/_version.py @@ -43,7 +43,7 @@ def get_config(): cfg.style = "pep440" cfg.tag_prefix = "python-ecdsa-" cfg.parentdir_prefix = "ecdsa-" - cfg.versionfile_source = "ecdsa/_version.py" + cfg.versionfile_source = "src/ecdsa/_version.py" cfg.verbose = False return cfg