search

ZenGo-X / curv

Rust language general purpose elliptic curve cryptography.
MIT License
264 stars 111 forks source link

Bump p256 to 0.11.1 #166

Closed vnermolaev closed 1 year ago

vnermolaev commented 2 years ago

I have encountered a problem have such a setup

kzen-curv = 0.9.0
dsa = 0.3.0

Producing the following error

/Users/user/.cargo/bin/cargo metadata --verbose --format-version 1 --all-features
stdout :     Updating crates.io index
error: failed to select a version for `signature`.
    ... required by package `ecdsa v0.12.1`
    ... which satisfies dependency `ecdsa-core = "^0.12"` of package `p256 v0.9.0`
    ... which satisfies dependency `p256 = "^0.9"` of package `curv-kzen v0.9.0`
    ... which satisfies dependency `curv-kzen = "^0.9.0"` of package `---`
versions that meet the requirements `>=1.3.0, <1.4.0` are: 1.3.2, 1.3.1, 1.3.0

This seems to be the reason

├ curv-kzen v0.9.0
|  ├ p256 v0.9.0
│  |  ├ ecdsa v0.12.4
│  │  └ signature v1.3.2

and all versions of dsa require

├ dsa v0.2.0
│   ├── signature v1.5.0
Be-P commented 2 years ago

@vnermolaev I've opened the above PR to fix your issue, hopefully it will get merged

vnermolaev commented 2 years ago

Great! the ultimate test is of course a possibility to include both 

kzen-curv = 0.9.0
dsa = 0.3.0

as deps in the same project.

Be-P commented 2 years ago

You may try overriding the curv dependency (cargo overriding dependencies) with the PR code and see if it works