packages feed

ppad-secp256k1 0.5.3 → 0.5.4

raw patch · 3 files changed

+23/−14 lines, 3 filesdep ~ppad-hmac-drbgdep ~ppad-sha256PVP ok

version bump matches the API change (PVP)

Dependency ranges changed: ppad-hmac-drbg, ppad-sha256

API changes (from Hackage documentation)

Files

CHANGELOG view
@@ -1,5 +1,14 @@ # Changelog +- 0.5.4 (2026-02-04)+  * Nonce generation for ECDSA is now more secure due to recent+    improvements in ppad-hmac-drbg. The DRBG state is now guaranteed+    to live in only one location on the heap, and it is now wiped+    explicitly after use.++  * ECDSA signing now allocates about 1.5 orders of magnitude less than+    it did previously.+ - 0.5.3 (2026-01-10)   * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies. 
lib/Crypto/Curve/Secp256k1.hs view
@@ -105,7 +105,7 @@  import Control.Monad (guard) import Control.Monad.ST-import qualified Crypto.DRBG.HMAC as DRBG+import qualified Crypto.DRBG.HMAC.SHA256 as DRBG import qualified Crypto.Hash.SHA256 as SHA256 import qualified Data.Bits as B import qualified Data.ByteString as BS@@ -1261,13 +1261,10 @@     -- RFC6979 sec 3.3a     let entropy = int2octets _SECRET         nonce   = bits2octets h-    drbg <- DRBG.new hmac entropy nonce mempty+    drbg <- DRBG.new entropy nonce mempty     -- RFC6979 sec 2.4     sign_loop drbg   where-    hmac k b = case SHA256.hmac k b of-      SHA256.MAC mac -> mac-     d  = S.to _SECRET     hm = S.to (bits2int h)     h  = case hf of@@ -1283,21 +1280,24 @@                 s  = (hm + d * r) * ki             pure $! (S.retr r, S.retr s)       case mpair of-        Nothing -> pure Nothing+        Nothing -> do+          DRBG.wipe g+          pure Nothing         Just (r, s)           | W.eq_vartime r 0 -> sign_loop g -- negligible probability-          | otherwise ->+          | otherwise -> do+              DRBG.wipe g               let !sig = Just $! ECDSA r s-              in  case ty of-                    Unrestricted -> pure sig-                    LowS -> pure (fmap low sig)+              pure $ case ty of+                Unrestricted -> sig+                LowS -> fmap low sig {-# INLINE _sign_ecdsa #-}  -- RFC6979 sec 3.3b gen_k :: DRBG.DRBG s -> ST s Wider gen_k g = loop g where   loop drbg = do-    bytes <- DRBG.gen mempty (fi _CURVE_Q_BYTES) drbg+    bytes <- DRBG.gen drbg mempty (fi _CURVE_Q_BYTES)     case bytes of       Left {}  -> error "ppad-secp256k1: internal error (please report a bug!)"       Right bs -> do
ppad-secp256k1.cabal view
@@ -1,6 +1,6 @@ cabal-version:      3.0 name:               ppad-secp256k1-version:            0.5.3+version:            0.5.4 synopsis:           Schnorr signatures, ECDSA, and ECDH on the elliptic curve                     secp256k1 license:            MIT@@ -36,8 +36,8 @@   build-depends:       base >= 4.9 && < 5     , bytestring >= 0.9 && < 0.13-    , ppad-hmac-drbg >= 0.2.1 && < 0.3-    , ppad-sha256 >= 0.3 && < 0.4+    , ppad-hmac-drbg >= 0.3.1 && < 0.4+    , ppad-sha256 >= 0.3.2 && < 0.4     , ppad-fixed >= 0.1.3 && < 0.2     , primitive >= 0.8 && < 0.10