summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix #173: threading issue introduced in 4.7test-threading-fix-173Sybren A. Stüvel2021-02-142-30/+48
| | | | | | Computing the blinding factor and its inverse was done in a thread-unsafe manner. Locking the computation & update of the blinding factors, and passing these around in frame- and stack-bound data, solves this.
* Fix link formatting in CHANGELOGmasterMax Smolens2021-02-141-1/+1
|
* Bumped version to 4.7.1-dev0Sybren A. Stüvel2021-02-142-3/+3
|
* Bumped version to 4.7version-4.7Sybren A. Stüvel2021-01-102-3/+3
|
* Marked version 4.7 as releasedSybren A. Stüvel2021-01-101-1/+1
|
* Fix #170: mistake in examples of documentationSybren A. Stüvel2021-01-101-4/+4
| | | | | Strings need to be encoded into bytes before the RSA module can operate on them.
* Declare support for and test Python 3.9Hugo van Kemenade2021-01-104-1/+4
|
* Fix #162: Blinding uses slow algorithmSybren A. Stüvel2020-11-153-24/+47
| | | | | | | | | Store blinding factor + its inverse, so that they can be reused & updated on every blinding operation. This avoids expensive computations. The reuse of the previous blinding factor is done via squaring (mod n), as per section 9 of 'A Timing Attack against RSA with the Chinese Remainder Theorem' by Werner Schindler, https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf
* Directly raise `DecryptionError` when crypto length is badSybren A. Stüvel2020-11-151-2/+4
| | | | | Crypto length and blocksize are public info, so don't need side-channel free comparison.
* Use `bytes.find()` instead of `bytes.index()`Sybren A. Stüvel2020-11-151-4/+2
| | | | | Use `bytes.find()` instead of `bytes.index()`, as the former doesn't raise an exception when the to-be-found byte doesn't exist.
* Add link to changelogSybren A. Stüvel2020-11-151-2/+3
|
* Fix #164: Add padding length check as described by PKCS#1 v1.5Sybren A. Stüvel2020-11-153-1/+41
| | | | | According to PKCS#1 v1.5, the padding should be at least 8 bytes long. See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3 for more info.
* Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracleSybren A. Stüvel2020-11-152-4/+13
| | | | | | | | | | | | | Use as many constant-time comparisons as practical in the `rsa.pkcs1.decrypt` function. `cleartext.index(b'\x00', 2)` will still be non-constant-time. The alternative would be to iterate over all the data byte by byte in Python, which is several orders of magnitude slower. Given that a perfect constant-time implementation is very hard or even impossible to do in Python [1], I chose the more performant option here. [1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
* Add URL with more info to timing security issuesSybren A. Stüvel2020-10-261-1/+1
|
* Added security note to README.mdSybren A. Stüvel2020-10-261-0/+6
|
* Adds mention of 4.5 version in the headers.tvalentyn2020-06-161-1/+1
|
* Don't build universal wheelsWyatt Anderson2020-06-151-3/+0
|
* Fix exception cause in common.pyRam Rachum2020-06-141-2/+2
|
* Bumped version to 4.7-dev0Sybren A. Stüvel2020-06-122-2/+2
|
* Updated documentation to use Pipenv instead of PoetrySybren A. Stüvel2020-06-121-3/+3
| | | | See commit d15a7f3 for the reason why.
* Retagged 4.4 as 4.6 and added bit of an explanation to CHANGELOG.mdversion-4.6Sybren A. Stüvel2020-06-123-14/+13
|
* Update CHANGELOG.mdSybren A. Stüvel2020-06-121-0/+6
|
* Bumped version to 4.4.1version-4.4.1Sybren A. Stüvel2020-06-122-2/+2
|
* Explicitly declare Python 3.8 as supportedSybren A. Stüvel2020-06-121-0/+2
|
* Bumped version to 4.4version-4.4Sybren A. Stüvel2020-06-122-3/+3
|
* Updated CHANGELOGSybren A. Stüvel2020-06-121-1/+24
| | | | | Note that version 4.3 will not appear on the master branch, but is available in the version-4.3-py27compatible branch only.
* Bumped version to 4.2version-4.2Sybren A. Stüvel2020-06-112-3/+3
|
* Limit SHA3 support to Python 3.6+Sybren A. Stüvel2020-06-115-41/+27
| | | | | | | The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
* Tox: fix after removal of PoetrySybren A. Stüvel2020-06-111-1/+0
|
* Moving back to Pipenv to manage dependenciesSybren A. Stüvel2020-06-1110-1071/+666
| | | | | | | | | | | | | Poetry breaks no-binary installations of the RSA library, which defeats the purpose of this library. See https://github.com/sybrenstuvel/python-rsa/issues/148 Among other changes, this reverts commit fcf5b7457c70426a242b17db20dd4e34e1055f69. I also added a workaround for an `ImportError` importing `zipp` on Python 3.5.
* Compatibility with newer MyPy versionsSybren A. Stüvel2020-06-111-1/+1
| | | | The newer versions always have a message, even on success.
* Merge branch 'version-4.1-name-fix'Sybren A. Stüvel2020-06-101-1/+1
|\
| * Fixed project name in `pyproject.toml`Sybren A. Stüvel2020-06-101-1/+1
| | | | | | | | | | This resolves the issue that the files are uploaded to the wrong project on pypi.org.
* | Bumped version to 4.2-dev0Sybren A. Stüvel2020-06-102-2/+2
|/
* Bumped version to 4.1version-4.1Sybren A. Stüvel2020-06-102-3/+3
|
* Marked version 4.1 as releasedSybren A. Stüvel2020-06-101-1/+1
|
* Add support for Python 3.8Sybren A. Stüvel2020-06-104-163/+577
| | | | | | Supporting Python 3.8 not only required configuring Tox and Travis to run the tests on that version, but also required updating the dependencies. Without that update, `pluggy` wouldn't work properly.
* Fixed credit for reportSybren A. Stüvel2020-06-031-1/+1
|
* Fix CVE-2020-13757: detect cyphertext modifications by prepending zero bytesSybren A. Stüvel2020-06-033-0/+56
| | | | | | | | | | Reject cyphertexts that have been modified by prepending zero bytes, by checking the cyphertext length against the expected size (given the decryption key). This resolves CVE-2020-13757. The same approach is used when verifying a signature. Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
* Add more type hintsAndrey Semakin2020-06-039-26/+31
|
* Drop character encoding markers for Python 2.xAndrey Semakin2020-06-0327-54/+0
|
* Choose blinding factor relatively prime to NSybren A. Stüvel2020-04-142-2/+10
| | | | This is a requirement for RSA blinding, but wasn't implemented yet.
* Updated Code Climate badge in README.mdSybren A. Stüvel2019-08-041-1/+1
|
* Configured CodeClimateSybren A. Stüvel2019-08-041-0/+10
| | | | | | I've overridden the default configuration in such a way that the code as it is now passes all the code smells checks. Especially the default code complexity threshold is extremely low.
* Configured flask8 to use max_complexity=10Sybren A. Stüvel2019-08-042-23/+30
| | | | Also reorganised the only function that had a higher complexity.
* Link changelog from README.mdSybren A. Stüvel2019-08-041-1/+1
|
* Converted changelog from txt to MarkdownSybren A. Stüvel2019-08-041-42/+19
|
* Bumped copyright in documentation to 2011-2019Sybren A. Stüvel2019-08-041-1/+1
|
* Added flake8 as development dependency and fixed reported issuesSybren A. Stüvel2019-08-048-15/+65
|
* Add support for SHA3 hashingSybren A. Stüvel2019-08-046-3/+33
| | | | | | | | | | This is based on https://github.com/sybrenstuvel/python-rsa/pull/96, with a few improvements: - The minimum of one use of SHA3 in a unit test, to at least touch it at some point. - Documented the support of SHA3. - Only install the third-party library required by Python 3.5 when we're running on Python 3.5. Newer Python versions support SHA3 natively.
View Lorry Controller Status