ANNOUNCE: M2Crypto 0.01

Ng Pheng Siong ngps at madcap.dyn.ml.org
Fri Aug 20 11:15:34 EDT 1999 

Hello,

I am pleased to announce the release of M2Crypto 0.01;
the package is available at http://www.post1.com/home/ngps

Following is the README:

 The M2 Python Crypto Toolkit 0.01
-----------------------------------

The M2 Python Crypto Toolkit (M2Crypto) ==
	Python		www.python.org
+	OpenSSL		www.openssl.org
+	SWIG		www.swig.org

Python is an interpreted, dynamic-typing, object-oriented programming 
language that is often compared to Perl, Scheme, Tcl or Java. SWIG -
Simplified Wrapper and Interface Generator - provides glue to link C/C++
libraries with the above-mentioned languages.

M2Crypto presents a Python interface to OpenSSL, via SWIG.

M2 stands for "me, too!"*

This release includes the following: DH, RSA, DSA, RC4, MD5, SHA1,
RIPEMD160, and the EVP interfaces for message digests, HMACs, and 
symmetric ciphers. It requires Python 1.5.2, OpenSSL 0.9.4, and,
optionally, SWIG 1.1p5 or later. It has been tested under FreeBSD 
2.x, Redhat Linux 5.2, and WinNT4. It should run anywhere Python 
and OpenSSL run.

M2Crypto is released under a license similar to Python's. See LICENSE
for details.


For now, M2Crypto is intended to be a prototyping tool; it is _not_ 
for writing production crypto software.

In particular, note the following caveats:

1. There will be memory leaks, because of pointer ownership contention
between Python and SWIG. (These would be due to my misprogramming.)

2. There is no memory locking/clearing for keys, passphrases, etc.

3. The PRNG has no interface for CS**; it is unlikely to be CS***.

4. AFAIK, Python and OpenSSL have not been subjected to the full attention 
of the Bugtraq crowd. M2Crypto's handling of active hostile input is 
probably suspect.

Of course, I hope to address these in future.

Meanwhile, have fun! Your feedback is welcome.


Ng Pheng Siong
ngps at post1.com


* Similar software are Marc-Andre Lemburg's mxCrypto, and two (?)
Python interfaces to the SSL portion of SSLeay/OpenSSL.

** Continuous seeding.

*** Cryptographically strong.

-- 
Ng Pheng Siong <ngps at post1.com>

More information about the Python-list mailing list