| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix the include key to apply to sdist format only. Otherwise, the
listed files are added to the top directory of wheel as well and end up
being installed in top-level site-packages directory, e.g.:
* FILES:+usr/lib/python3.9/site-packages/CHANGELOG.md
* FILES:+usr/lib/python3.9/site-packages/LICENSE
* FILES:+usr/lib/python3.9/site-packages/README.md
|
|
|
|
| |
I forgot to mark version 4.8 with "released on yyyy-mm-dd".
|
| |
|
| |
|
|
|
|
|
|
|
| |
Use the Chinese Remainder Theorem when decrypting with private key, as that
makes the decryption 2-4x faster.
This fixes #163.
|
| |
|
| |
|
|
|
|
| |
Ref: 1a5b2d166fc95e5f3f07fdfec075acdf4d0eda921
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Computing the blinding factor and its inverse was done in a thread-unsafe
manner. Locking the computation & update of the blinding factors, and
passing these around in frame- and stack-bound data, solves this.
This fixes part of the issues reported in sybrenstuvel/python-rsa#173,
but there is more going on in that particular report.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Store blinding factor + its inverse, so that they can be reused & updated
on every blinding operation. This avoids expensive computations.
The reuse of the previous blinding factor is done via squaring (mod n), as
per section 9 of 'A Timing Attack against RSA with the Chinese Remainder
Theorem' by Werner Schindler, https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf
|
| |
|
|
|
|
|
| |
According to PKCS#1 v1.5, the padding should be at least 8 bytes long.
See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3 for more info.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use as many constant-time comparisons as practical in the
`rsa.pkcs1.decrypt` function.
`cleartext.index(b'\x00', 2)` will still be non-constant-time. The
alternative would be to iterate over all the data byte by byte in
Python, which is several orders of magnitude slower. Given that a
perfect constant-time implementation is very hard or even impossible to
do in Python [1], I chose the more performant option here.
[1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Note that version 4.3 will not appear on the master branch, but is
available in the version-4.3-py27compatible branch only.
|
|
|
|
|
|
|
| |
The third-party library that adds support for this to Python 3.5 is a
binary package, and thus breaks the pure-Python nature of Python-RSA.
This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Poetry breaks no-binary installations of the RSA library, which defeats
the purpose of this library.
See https://github.com/sybrenstuvel/python-rsa/issues/148
Among other changes, this reverts commit
fcf5b7457c70426a242b17db20dd4e34e1055f69.
I also added a workaround for an `ImportError` importing `zipp` on
Python 3.5.
|
| |
|
|
|
|
|
|
| |
Supporting Python 3.8 not only required configuring Tox and Travis to
run the tests on that version, but also required updating the
dependencies. Without that update, `pluggy` wouldn't work properly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reject cyphertexts that have been modified by prepending zero bytes, by
checking the cyphertext length against the expected size (given the
decryption key). This resolves CVE-2020-13757.
The same approach is used when verifying a signature.
Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
|
|
|
|
| |
This is a requirement for RSA blinding, but wasn't implemented yet.
|
|
|