|
|
|
|
Changelog for python311-ecdsa-0.18.0-38.3.noarch.rpm :
* Fri Apr 21 2023 Dirk Müller - add sle15_python_module_pythons (jsc#PED-68) * Thu Apr 13 2023 Matej Cepl - Make calling of %{sle15modernpython} optional. * Mon Oct 24 2022 Ben Greiner - Update to 0.18.0 * New features: + Support for EdDSA (Ed25519, Ed448) signature creation and verification. + Support for Ed25519 and Ed448 in PKCS#8 and public key files. + Support for point precomputation for EdDSA. * New API: + CurveEdTw class to represent the Twisted Edwards curve parameters. + PointEdwards class to represent points on Twisted Edwards curve and provide point arithmetic on it. + curve_by_name in curves module to get a Curve object by providing curve name. * Bug fix: + Accept private EdDSA keys that include public key in the ASN.1 structure. + Fix incompatibility with Python 3.3 in handling of memoryviews of empty strings. + Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator. + Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.- Also remove the conditional definition of python_module. * Tue Aug 31 2021 John Paul Adrian Glaubitz - Update to 0.17.0 * Keys that use explicit curve parameters can now be read and written. Reading of explicit curves can be disabled by using the `valid_curve_encodings` keyword argument in `VerifyingKey.from_pem()`, `VerifyingKey.from_der()`, `SigningKey.from_pem()`, and `SigningKey.from_der()`. * Keys can now be written with use of explicit curve parameters, use `curve_parameters_encoding` keyword argument of `VerifyingKey.to_pem()`, `VerifyingKey.to_der()`, `SigningKey.to_pem(), or `SigningKey.to_der()` to specify the format. By default `named_curve` will be used, unless the curve doesn\'t have an associated OID (as will be the case for an unsupported curve), then `explicit` encoding will be used. * Allow specifying acceptable point formats when loading public keys (this also fixes a minor bug where python-ecdsa would accept raw encoding for points in PKCS#8 files). Set of accepted encodings is controlled by `valid_encodings` keyword argument in `ECDH.load_received_public_key_bytes()`, `VerifyingKey.from_string()`, `VerifyingKey.from_pem()`, VerifyingKey.from_der()`. * `PointJacobi` and `Point` now inherit from `AbstractPoint` that implements the methods for parsing points. That added `from_bytes()` and `to_bytes()` methods to both of them. * Curve parameters can now be read and written to PEM and DER files. The `Curve` class supports new `to_der()`, `from_der()`, `to_pem()`, and `from_pem()` methods. * Describe in detail which methods can raise `RSZeroError`, and that `SigningKey.sign_deterministic()` won\'t raise it. * Correctly truncate hash values larger than the curve order (only impacted custom curves and the curves added in this release). * Correctly handle curves for which the order is larger than the prime (only impacted custom curves and the secp160r1 curve added in this release). * Fix the handling of `==` and `!=` for `Public_key`, `Private_key`, `Point`, `PointJacobi`, `VerifyingKey`, and `SigningKey` so that it behaves consistently and in the expected way both in Python 2 and Python 3. * Implement lock-less algorithm inside PointJacobi for keeping shared state so that when a calculation is aborted with KeyboardInterrupt, the state doesn\'t become corrupted (this fixes the occasional breakage of ecdsa in interactive shells). * The `speed.py` script now provides performance for signature verification without the use of precomputation. * New curves supported: secp112r1, secp112r2, secp128r1, secp160r1. * Use 2-ary Non-Adjacent Form for the combined multiply-add. This speeds up single-shot verify (i.e. without precomputation) by about 4 to 5%. * Use native Python 3.8 support for calculating multiplicative inverses. * Include Python 3.9 in PyPI keywords. * More realistic branch coverage counting (ignore Python version-specific branches). * Additional test coverage to many parts of the library. * Migrate to Github Actions for Continuous Testing. * Sun Dec 20 2020 Dirk Müller - update to to 0.16.1: * `VerifyingKey.precompute()` supports `lazy` argument to delay precomputation to the first time the key is used to verify a signature. * Make created signatures correct when the hash used is bigger than the curve order bit size and the curve order is not a multiple of 8 * Speed up library load time by calculating the generator point multiplication tables the first time the points are used, not when they are initialised. * Thu Sep 17 2020 Dirk Mueller - update to 0.16.0: * Support for reading and writing private keys in PKCS#8 format. * `to_pem` and `to_der` now accept new parameter, `format`, to specify * the format of the encoded files, either the dafault, legacy \"ssleay\", or * the new `pkcs8` to use PKCS#8. Note that only unencrypted PKCS#8 files are * supported. * Add `allow_truncate` to `verify` in `VerifyingKey`, it defaults to True, * when specified as False, use of large hashes smaller than curves will be * disallowed (as it was in 0.14.1 and earlier). * Correctly calculate signatures for private keys equal to n-1. * Make `PointJacobi` and thus `SigningKey` and `VerifyingKey` pickleable. * Mon Feb 24 2020 Ondřej Súkup - update to 0.15- fix fdupes usage * extra long changelog - see NEWS file * Mon Oct 14 2019 Robert Schweikert - updated to 0.13.3 (bsc#1153165) + CVE-2019-14853 DOS atack during signature decoding + CVE-2019-14859 signature malleability caused by insufficient checks of DER encoding * Tue May 14 2019 Ondřej Súkup - update to 0.13.2- enable tests- fix requires * python packaging fixes * Tue Dec 04 2018 Matej Cepl - Remove superfluous devel dependency for noarch package
|
|
|