[Pkg-freeipa-devel] unblock: python-jwcrypto/0.6.0-1

Timo Aaltonen tjaalton at debian.org
Tue Jun 4 21:54:24 BST 2019 

On 4.6.2019 22.40, Paul Gevers wrote:
> Ping... [adding the team]
> 
> On 30-05-2019 22:18, Paul Gevers wrote:
>> Hi Timo,
>>
>> On 30-05-2019 13:18, Timo Aaltonen wrote:
>>> Hi, I don't know how much would have to be backported, but it's probably
>>> better to just unblock freeipa 4.7.2-3 instead, because python-jwcrypto
>>> is a dep of freeipa-server (which isn't built on sid/buster).
>>
>> Do I understand correctly that the code is present to build it, you just
>> don't do that in Debian? Do you suggest to change this bug to "unblock:
>> freeipa/4.7.2-3" instead then? (I would be willing to unblock it, but
>> then python-jwcrypto would go).
>>
>>> That way
>>> current client-only freeipa would remain on buster. Custodia is another
>>> package which depends on -jwcrypto, but it's again a server thing so can
>>> be removed from buster.
>>
>> These package are all from the same team, I guess the team agrees?
>>
>> Paul
>>

The team (me) agrees ;)

That said, fixing the python-jwcrypto test is a trivial commit, so maybe
this could be pushed too.

diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py
index a6554b5..bbcd24c 100644
--- a/jwcrypto/jwa.py
+++ b/jwcrypto/jwa.py
@@ -141,7 +141,7 @@ class _RawEC(_RawJWS):
     def sign(self, key, payload):
         skey = key.get_op_key('sign', self._curve)
         signature = skey.sign(payload, ec.ECDSA(self.hashfn))
-        r, s = ec_utils.decode_rfc6979_signature(signature)
+        r, s = ec_utils.decode_dss_signature(signature)
         size = key.get_curve(self._curve).key_size
         return _encode_int(r, size) + _encode_int(s, size)

@@ -149,7 +149,7 @@ class _RawEC(_RawJWS):
         pkey = key.get_op_key('verify', self._curve)
         r = signature[:len(signature) // 2]
         s = signature[len(signature) // 2:]
-        enc_signature = ec_utils.encode_rfc6979_signature(
+        enc_signature = ec_utils.encode_dss_signature(
             int(hexlify(r), 16), int(hexlify(s), 16))
         pkey.verify(enc_signature, payload, ec.ECDSA(self.hashfn))


-- 
t

More information about the Pkg-freeipa-devel mailing list