ppad-secp256k1 0.5.3 → 0.5.4
raw patch · 3 files changed
+23/−14 lines, 3 filesdep ~ppad-hmac-drbgdep ~ppad-sha256PVP ok
version bump matches the API change (PVP)
Dependency ranges changed: ppad-hmac-drbg, ppad-sha256
API changes (from Hackage documentation)
Files
- CHANGELOG +9/−0
- lib/Crypto/Curve/Secp256k1.hs +11/−11
- ppad-secp256k1.cabal +3/−3
CHANGELOG view
@@ -1,5 +1,14 @@ # Changelog +- 0.5.4 (2026-02-04)+ * Nonce generation for ECDSA is now more secure due to recent+ improvements in ppad-hmac-drbg. The DRBG state is now guaranteed+ to live in only one location on the heap, and it is now wiped+ explicitly after use.++ * ECDSA signing now allocates about 1.5 orders of magnitude less than+ it did previously.+ - 0.5.3 (2026-01-10) * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies.
lib/Crypto/Curve/Secp256k1.hs view
@@ -105,7 +105,7 @@ import Control.Monad (guard) import Control.Monad.ST-import qualified Crypto.DRBG.HMAC as DRBG+import qualified Crypto.DRBG.HMAC.SHA256 as DRBG import qualified Crypto.Hash.SHA256 as SHA256 import qualified Data.Bits as B import qualified Data.ByteString as BS@@ -1261,13 +1261,10 @@ -- RFC6979 sec 3.3a let entropy = int2octets _SECRET nonce = bits2octets h- drbg <- DRBG.new hmac entropy nonce mempty+ drbg <- DRBG.new entropy nonce mempty -- RFC6979 sec 2.4 sign_loop drbg where- hmac k b = case SHA256.hmac k b of- SHA256.MAC mac -> mac- d = S.to _SECRET hm = S.to (bits2int h) h = case hf of@@ -1283,21 +1280,24 @@ s = (hm + d * r) * ki pure $! (S.retr r, S.retr s) case mpair of- Nothing -> pure Nothing+ Nothing -> do+ DRBG.wipe g+ pure Nothing Just (r, s) | W.eq_vartime r 0 -> sign_loop g -- negligible probability- | otherwise ->+ | otherwise -> do+ DRBG.wipe g let !sig = Just $! ECDSA r s- in case ty of- Unrestricted -> pure sig- LowS -> pure (fmap low sig)+ pure $ case ty of+ Unrestricted -> sig+ LowS -> fmap low sig {-# INLINE _sign_ecdsa #-} -- RFC6979 sec 3.3b gen_k :: DRBG.DRBG s -> ST s Wider gen_k g = loop g where loop drbg = do- bytes <- DRBG.gen mempty (fi _CURVE_Q_BYTES) drbg+ bytes <- DRBG.gen drbg mempty (fi _CURVE_Q_BYTES) case bytes of Left {} -> error "ppad-secp256k1: internal error (please report a bug!)" Right bs -> do
ppad-secp256k1.cabal view
@@ -1,6 +1,6 @@ cabal-version: 3.0 name: ppad-secp256k1-version: 0.5.3+version: 0.5.4 synopsis: Schnorr signatures, ECDSA, and ECDH on the elliptic curve secp256k1 license: MIT@@ -36,8 +36,8 @@ build-depends: base >= 4.9 && < 5 , bytestring >= 0.9 && < 0.13- , ppad-hmac-drbg >= 0.2.1 && < 0.3- , ppad-sha256 >= 0.3 && < 0.4+ , ppad-hmac-drbg >= 0.3.1 && < 0.4+ , ppad-sha256 >= 0.3.2 && < 0.4 , ppad-fixed >= 0.1.3 && < 0.2 , primitive >= 0.8 && < 0.10