[pycrypto] Any progress with pycrypto 2.7?
Legrandin
helderijs at gmail.com
Tue Mar 4 13:25:25 PST 2014
>> 2) Potential DoS when importing an RSA key (segfault of the interpreter)
> I assume you mean the floating-point exception that occurs when you pass an
> even modulus to RSA.construct?
Correct.
> https://bugs.launchpad.net/pycrypto/+bug/1193521
> https://github.com/dlitz/pycrypto/pull/50
>
> On pull request #50 ("Add checks to verify correctness of RSA/DSA/ElGamal
> keys"), it would be helpful if others could chime in about the potential for
> leaking private keys via timing side-channels.
In addition to fixing the DoS, PR #50 also replaced the custom
KeyFormatError exception with ValueError in the DSA code (I wrote it
before you expressed preference for not having custom exceptions at
all).
I would actually apply first this other PR:
https://github.com/dlitz/pycrypto/pull/71
Since there are 2 other exception types to fix.
Hopefully PR #50 still applies cleanly after it.
More information about the pycrypto
mailing list