Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Mark version 4.7.1 as releasedversion-4.7.1 | Sybren A. Stüvel | 2021-02-15 | 1 | -1/+1 |
| | |||||
* | Bumped version to 4.7.1 | Sybren A. Stüvel | 2021-02-15 | 2 | -3/+3 |
| | |||||
* | Fix threading issue introduced in 4.7 | Sybren A. Stüvel | 2021-02-15 | 3 | -38/+55 |
| | | | | | | | | | Computing the blinding factor and its inverse was done in a thread-unsafe manner. Locking the computation & update of the blinding factors, and passing these around in frame- and stack-bound data, solves this. This fixes part of the issues reported in sybrenstuvel/python-rsa#173, but there is more going on in that particular report. | ||||
* | Fix link formatting in CHANGELOGmaster | Max Smolens | 2021-02-14 | 1 | -1/+1 |
| | |||||
* | Bumped version to 4.7.1-dev0 | Sybren A. Stüvel | 2021-02-14 | 2 | -3/+3 |
| | |||||
* | Bumped version to 4.7version-4.7 | Sybren A. Stüvel | 2021-01-10 | 2 | -3/+3 |
| | |||||
* | Marked version 4.7 as released | Sybren A. Stüvel | 2021-01-10 | 1 | -1/+1 |
| | |||||
* | Fix #170: mistake in examples of documentation | Sybren A. Stüvel | 2021-01-10 | 1 | -4/+4 |
| | | | | | Strings need to be encoded into bytes before the RSA module can operate on them. | ||||
* | Declare support for and test Python 3.9 | Hugo van Kemenade | 2021-01-10 | 4 | -1/+4 |
| | |||||
* | Fix #162: Blinding uses slow algorithm | Sybren A. Stüvel | 2020-11-15 | 3 | -24/+47 |
| | | | | | | | | | Store blinding factor + its inverse, so that they can be reused & updated on every blinding operation. This avoids expensive computations. The reuse of the previous blinding factor is done via squaring (mod n), as per section 9 of 'A Timing Attack against RSA with the Chinese Remainder Theorem' by Werner Schindler, https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf | ||||
* | Directly raise `DecryptionError` when crypto length is bad | Sybren A. Stüvel | 2020-11-15 | 1 | -2/+4 |
| | | | | | Crypto length and blocksize are public info, so don't need side-channel free comparison. | ||||
* | Use `bytes.find()` instead of `bytes.index()` | Sybren A. Stüvel | 2020-11-15 | 1 | -4/+2 |
| | | | | | Use `bytes.find()` instead of `bytes.index()`, as the former doesn't raise an exception when the to-be-found byte doesn't exist. | ||||
* | Add link to changelog | Sybren A. Stüvel | 2020-11-15 | 1 | -2/+3 |
| | |||||
* | Fix #164: Add padding length check as described by PKCS#1 v1.5 | Sybren A. Stüvel | 2020-11-15 | 3 | -1/+41 |
| | | | | | According to PKCS#1 v1.5, the padding should be at least 8 bytes long. See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3 for more info. | ||||
* | Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle | Sybren A. Stüvel | 2020-11-15 | 2 | -4/+13 |
| | | | | | | | | | | | | | Use as many constant-time comparisons as practical in the `rsa.pkcs1.decrypt` function. `cleartext.index(b'\x00', 2)` will still be non-constant-time. The alternative would be to iterate over all the data byte by byte in Python, which is several orders of magnitude slower. Given that a perfect constant-time implementation is very hard or even impossible to do in Python [1], I chose the more performant option here. [1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ | ||||
* | Add URL with more info to timing security issues | Sybren A. Stüvel | 2020-10-26 | 1 | -1/+1 |
| | |||||
* | Added security note to README.md | Sybren A. Stüvel | 2020-10-26 | 1 | -0/+6 |
| | |||||
* | Adds mention of 4.5 version in the headers. | tvalentyn | 2020-06-16 | 1 | -1/+1 |
| | |||||
* | Don't build universal wheels | Wyatt Anderson | 2020-06-15 | 1 | -3/+0 |
| | |||||
* | Fix exception cause in common.py | Ram Rachum | 2020-06-14 | 1 | -2/+2 |
| | |||||
* | Bumped version to 4.7-dev0 | Sybren A. Stüvel | 2020-06-12 | 2 | -2/+2 |
| | |||||
* | Updated documentation to use Pipenv instead of Poetry | Sybren A. Stüvel | 2020-06-12 | 1 | -3/+3 |
| | | | | See commit d15a7f3 for the reason why. | ||||
* | Retagged 4.4 as 4.6 and added bit of an explanation to CHANGELOG.mdversion-4.6 | Sybren A. Stüvel | 2020-06-12 | 3 | -14/+13 |
| | |||||
* | Update CHANGELOG.md | Sybren A. Stüvel | 2020-06-12 | 1 | -0/+6 |
| | |||||
* | Bumped version to 4.4.1version-4.4.1 | Sybren A. Stüvel | 2020-06-12 | 2 | -2/+2 |
| | |||||
* | Explicitly declare Python 3.8 as supported | Sybren A. Stüvel | 2020-06-12 | 1 | -0/+2 |
| | |||||
* | Bumped version to 4.4version-4.4 | Sybren A. Stüvel | 2020-06-12 | 2 | -3/+3 |
| | |||||
* | Updated CHANGELOG | Sybren A. Stüvel | 2020-06-12 | 1 | -1/+24 |
| | | | | | Note that version 4.3 will not appear on the master branch, but is available in the version-4.3-py27compatible branch only. | ||||
* | Bumped version to 4.2version-4.2 | Sybren A. Stüvel | 2020-06-11 | 2 | -3/+3 |
| | |||||
* | Limit SHA3 support to Python 3.6+ | Sybren A. Stüvel | 2020-06-11 | 5 | -41/+27 |
| | | | | | | | The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147). | ||||
* | Tox: fix after removal of Poetry | Sybren A. Stüvel | 2020-06-11 | 1 | -1/+0 |
| | |||||
* | Moving back to Pipenv to manage dependencies | Sybren A. Stüvel | 2020-06-11 | 10 | -1071/+666 |
| | | | | | | | | | | | | | Poetry breaks no-binary installations of the RSA library, which defeats the purpose of this library. See https://github.com/sybrenstuvel/python-rsa/issues/148 Among other changes, this reverts commit fcf5b7457c70426a242b17db20dd4e34e1055f69. I also added a workaround for an `ImportError` importing `zipp` on Python 3.5. | ||||
* | Compatibility with newer MyPy versions | Sybren A. Stüvel | 2020-06-11 | 1 | -1/+1 |
| | | | | The newer versions always have a message, even on success. | ||||
* | Merge branch 'version-4.1-name-fix' | Sybren A. Stüvel | 2020-06-10 | 1 | -1/+1 |
|\ | |||||
| * | Fixed project name in `pyproject.toml` | Sybren A. Stüvel | 2020-06-10 | 1 | -1/+1 |
| | | | | | | | | | | This resolves the issue that the files are uploaded to the wrong project on pypi.org. | ||||
* | | Bumped version to 4.2-dev0 | Sybren A. Stüvel | 2020-06-10 | 2 | -2/+2 |
|/ | |||||
* | Bumped version to 4.1version-4.1 | Sybren A. Stüvel | 2020-06-10 | 2 | -3/+3 |
| | |||||
* | Marked version 4.1 as released | Sybren A. Stüvel | 2020-06-10 | 1 | -1/+1 |
| | |||||
* | Add support for Python 3.8 | Sybren A. Stüvel | 2020-06-10 | 4 | -163/+577 |
| | | | | | | Supporting Python 3.8 not only required configuring Tox and Travis to run the tests on that version, but also required updating the dependencies. Without that update, `pluggy` wouldn't work properly. | ||||
* | Fixed credit for report | Sybren A. Stüvel | 2020-06-03 | 1 | -1/+1 |
| | |||||
* | Fix CVE-2020-13757: detect cyphertext modifications by prepending zero bytes | Sybren A. Stüvel | 2020-06-03 | 3 | -0/+56 |
| | | | | | | | | | | Reject cyphertexts that have been modified by prepending zero bytes, by checking the cyphertext length against the expected size (given the decryption key). This resolves CVE-2020-13757. The same approach is used when verifying a signature. Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146 | ||||
* | Add more type hints | Andrey Semakin | 2020-06-03 | 9 | -26/+31 |
| | |||||
* | Drop character encoding markers for Python 2.x | Andrey Semakin | 2020-06-03 | 27 | -54/+0 |
| | |||||
* | Choose blinding factor relatively prime to N | Sybren A. Stüvel | 2020-04-14 | 2 | -2/+10 |
| | | | | This is a requirement for RSA blinding, but wasn't implemented yet. | ||||
* | Updated Code Climate badge in README.md | Sybren A. Stüvel | 2019-08-04 | 1 | -1/+1 |
| | |||||
* | Configured CodeClimate | Sybren A. Stüvel | 2019-08-04 | 1 | -0/+10 |
| | | | | | | I've overridden the default configuration in such a way that the code as it is now passes all the code smells checks. Especially the default code complexity threshold is extremely low. | ||||
* | Configured flask8 to use max_complexity=10 | Sybren A. Stüvel | 2019-08-04 | 2 | -23/+30 |
| | | | | Also reorganised the only function that had a higher complexity. | ||||
* | Link changelog from README.md | Sybren A. Stüvel | 2019-08-04 | 1 | -1/+1 |
| | |||||
* | Converted changelog from txt to Markdown | Sybren A. Stüvel | 2019-08-04 | 1 | -42/+19 |
| | |||||
* | Bumped copyright in documentation to 2011-2019 | Sybren A. Stüvel | 2019-08-04 | 1 | -1/+1 |
| |