On 4.6.2019 22.40, Paul Gevers wrote: > Ping... [adding the team] > > On 30-05-2019 22:18, Paul Gevers wrote: >> Hi Timo, >> >> On 30-05-2019 13:18, Timo Aaltonen wrote: >>> Hi, I don't know how much would have to be backported, but it's probably >>> better to just unblock freeipa 4.7.2-3 instead, because python-jwcrypto >>> is a dep of freeipa-server (which isn't built on sid/buster). >> >> Do I understand correctly that the code is present to build it, you just >> don't do that in Debian? Do you suggest to change this bug to "unblock: >> freeipa/4.7.2-3" instead then? (I would be willing to unblock it, but >> then python-jwcrypto would go). >> >>> That way >>> current client-only freeipa would remain on buster. Custodia is another >>> package which depends on -jwcrypto, but it's again a server thing so can >>> be removed from buster. >> >> These package are all from the same team, I guess the team agrees? >> >> Paul >>
The team (me) agrees ;) That said, fixing the python-jwcrypto test is a trivial commit, so maybe this could be pushed too. diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py index a6554b5..bbcd24c 100644 --- a/jwcrypto/jwa.py +++ b/jwcrypto/jwa.py @@ -141,7 +141,7 @@ class _RawEC(_RawJWS): def sign(self, key, payload): skey = key.get_op_key('sign', self._curve) signature = skey.sign(payload, ec.ECDSA(self.hashfn)) - r, s = ec_utils.decode_rfc6979_signature(signature) + r, s = ec_utils.decode_dss_signature(signature) size = key.get_curve(self._curve).key_size return _encode_int(r, size) + _encode_int(s, size) @@ -149,7 +149,7 @@ class _RawEC(_RawJWS): pkey = key.get_op_key('verify', self._curve) r = signature[:len(signature) // 2] s = signature[len(signature) // 2:] - enc_signature = ec_utils.encode_rfc6979_signature( + enc_signature = ec_utils.encode_dss_signature( int(hexlify(r), 16), int(hexlify(s), 16)) pkey.verify(enc_signature, payload, ec.ECDSA(self.hashfn)) -- t