From P.J.Kershaw at RL.AC.UK Fri Aug 1 17:17:00 2008 From: P.J.Kershaw at RL.AC.UK (Kershaw, PJ (Philip)) Date: Fri, 1 Aug 2008 16:17:00 +0100 Subject: [PYTHON-CRYPTO] Segmentation Fault with RSA.RSA.public_encrypt Message-ID: Hi all, I've got a suspected problem with RSA.RSA.public_encrypt. If I load a public key from an X.509 cert. PEM file and then try and encrypt something I get a segmentation fault. If I comment out a call to check_key: def public_encrypt(self, data, padding): #assert self.check_key(), 'key is not initialised' return m2.rsa_public_encrypt(self.rsa, data, padding) ... all works OK. Here's the code I used to test: from M2Crypto import X509, RSA text = 'Hello world' x509Cert = X509.load_cert('./test.crt') rsaPubKey = x509Cert.get_pubkey().get_rsa() encrypted = rsaPubKey.public_encrypt(text, RSA.pkcs1_padding) priKey = RSA.load_key('./test.key') decrypted = priKey.private_decrypt(encrypted, RSA.pkcs1_padding) print decrypted Is it a bug or have I used the API wrongly? Cheers, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: From polatel at ITU.EDU.TR Thu Aug 21 12:19:36 2008 From: polatel at ITU.EDU.TR (Ali Polatel) Date: Thu, 21 Aug 2008 13:19:36 +0300 Subject: [PYTHON-CRYPTO] Licence Message-ID: <20080821101936.GC9658@trippin> Hi, We have a bug? about the pycrypto licence being wrong in our repository. The tarball states the source is public domain and the sourceforge page says it's cnri python. Which one is correct? I assume the one in the tarball is the correct one but I just want to be sure. ?: https://bugs.gentoo.org/show_bug.cgi?id=177815 -- Regards, Ali Polatel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From dlitz at DLITZ.NET Thu Aug 21 19:01:56 2008 From: dlitz at DLITZ.NET (Dwayne C. Litzenberger) Date: Thu, 21 Aug 2008 13:01:56 -0400 Subject: [PYTHON-CRYPTO] Licence In-Reply-To: <20080821101936.GC9658@trippin> References: <20080821101936.GC9658@trippin> Message-ID: <20080821170156.GA10554@rivest.dlitz.net> On Thu, Aug 21, 2008 at 01:19:36PM +0300, Ali Polatel wrote: >Hi, >We have a bug? about the pycrypto licence being wrong in our repository. >The tarball states the source is public domain and the sourceforge page >says it's cnri python. >Which one is correct? I assume the one in the tarball is the correct one >but I just want to be sure. > >?: https://bugs.gentoo.org/show_bug.cgi?id=177815 [PyCrypto has its own mailing list now. See http://www.pycrypto.org/. Please send any replies to that list.] I've filed a bug in PyCrypto's bug tracker: https://bugs.launchpad.net/pycrypto/+bug/260130 The PyCrypto licensing status is a bit of a mess. It looks like a bunch of reference implementations were simply copied-and-pasted into the source tree, and each has its own licensing statement. I recommend looking at each source file and making a judgment for yourself. I'm slowly working on a new release of PyCrypto (I've just taken over from Andrew Kuchling). In the next release, I'll try to document things better, and fix the most obvious problems (I've already written a replacement for RIPEMD.c). However, some of the software is unattributed. I assume that most of it was written by A.M. Kuchling, but I can't be totally sure. I'll try to contact Andrew and see if he can clear things up. - Dwayne -- Dwayne C. Litzenberger Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From shramov at MEXMAT.NET Fri Aug 22 22:07:21 2008 From: shramov at MEXMAT.NET (Pavel Shramov) Date: Sat, 23 Aug 2008 00:07:21 +0400 Subject: [PYTHON-CRYPTO] Plans for next M2Crypto release In-Reply-To: <488FF224.8050202@osafoundation.org> References: <488FF224.8050202@osafoundation.org> Message-ID: <20080822200720.GB9327@lebu.psha.org.ru> On Tue, Jul 29, 2008 at 09:46:28PM -0700, Heikki Toivonen wrote: > This is a wakeup call to anyone who has submitted patches for M2Crypto > and who I have asked to provide unit tests, modify the patches etc.: if > you want your change in the next release, please respond in Bugzilla. > > Btw, I am hoping the release after the soon-to-be-done release would > include all the big new features currently waiting finishing touches in > Bugzilla. Is it possible to include patches [1] for SSL engine(3SSL) functions? Or it's supposed to be 'big new feature'? :) Pavel -- [1] https://bugzilla.osafoundation.org/show_bug.cgi?id=7585 From heikki at OSAFOUNDATION.ORG Sat Aug 23 08:02:38 2008 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 22 Aug 2008 23:02:38 -0700 Subject: [PYTHON-CRYPTO] Segmentation Fault with RSA.RSA.public_encrypt In-Reply-To: References: Message-ID: <48AFA7FE.5060809@osafoundation.org> Kershaw, PJ (Philip) wrote: > Is it a bug or have I used the API wrongly? A bug. Ben Timby actually found it earlier [1], and provided the initial fix. It turned out to require a bit more work, but now all done, in r612. Thanks for reminding me about it! [1] https://bugzilla.osafoundation.org/show_bug.cgi?id=11686 -- Heikki Toivonen - http://heikkitoivonen.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From heikki at OSAFOUNDATION.ORG Sat Aug 23 08:10:57 2008 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 22 Aug 2008 23:10:57 -0700 Subject: [PYTHON-CRYPTO] Plans for next M2Crypto release In-Reply-To: <20080822200720.GB9327@lebu.psha.org.ru> References: <488FF224.8050202@osafoundation.org> <20080822200720.GB9327@lebu.psha.org.ru> Message-ID: <48AFA9F1.6090001@osafoundation.org> Pavel Shramov wrote: > Is it possible to include patches [1] for SSL engine(3SSL) functions? > Or it's supposed to be 'big new feature'? :) Hmm, it is kind of big, but it seems like it is totally isolated from the old code, with the possible caveat regarding compilation problems. I'll go and read the patch in more detail and add some comments. -- Heikki Toivonen - http://heikkitoivonen.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From yanagisawa at CSG.IS.TITECH.AC.JP Sun Aug 24 16:55:30 2008 From: yanagisawa at CSG.IS.TITECH.AC.JP (Yoshisato YANAGISAWA) Date: Sun, 24 Aug 2008 23:55:30 +0900 Subject: [PYTHON-CRYPTO] Add support for Camellia block cipher to pycrypto 2.0.1. Message-ID: <48B17662.4010500@csg.is.titech.ac.jp> Hi, I implemented a patch to add support for Camellia block cipher to Python Cryptography Toolkit (aka. pycrypto). Camellia is one of the approved encryption methods by European Union (one of the finalist of NESSIE) and has specified in several RFCs. It is also included in some open source softwares such as Linux, OpenSSL, Firefox 3, and so on. I put the patch at: http://www.csg.is.titech.ac.jp/~yanagisawa/Sites/text/camellia/pycrypto-2.0.1.patch in http://www.csg.is.titech.ac.jp/~yanagisawa/Sites/text/camellia-e.html I have already posted the patch to the bug tracking system: https://bugs.launchpad.net/pycrypto/+bug/258561 Will you please review and test it? I hope pycrypto will include the patch. Since I did not know which mailing list is working, I also posted the same message to pycrypto at lists.dlitz.net. I am sorry for that. Thank you in advance, -- Yoshisato Yanagisawa From dlitz at DLITZ.NET Thu Aug 28 02:42:54 2008 From: dlitz at DLITZ.NET (Dwayne C. Litzenberger) Date: Wed, 27 Aug 2008 20:42:54 -0400 Subject: [PYTHON-CRYPTO] PyCrypto TSU NOTIFICATION Message-ID: <20080828004254.GA31214@rivest.dlitz.net> -----BEGIN PGP SIGNED MESSAGE----- ######################################################## # # This is a proof of posting certificate from # stamper.itconsult.co.uk certifying that a user # claiming to be:- # dlitz at dlitz.net # requested that this message be sent to:- # crypt at bis.doc.gov # enc at nsa.gov # web_site at bis.doc.gov # pycrypto at lists.dlitz.net # PYTHON-CRYPTO at NIC.SURFNET.NL # dlitz at dlitz.net # # This certificate was issued at 00:45 (GMT) # on Thursday 28 August 2008 with reference 0520978 # # CAUTION: while the message may well be from the sender # indicated in the "From:" header, the sender # has NOT been authenticated by this service # # For information about the Stamper service see # http://www.itconsult.co.uk/stamper.htm # ######################################################## SUBMISSION TYPE: TSU SUBMITTED BY: Dwayne C. Litzenberger SUBMITTED FOR: Dwayne C. Litzenberger POINT OF CONTACT: Dwayne C. Litzenberger PHONE and/or FAX: +1-613-693-1296 MANUFACTURER: n/a PRODUCT NAME/MODEL #: The Python Cryptography Toolkit ("PyCrypto") ECCN: 5D002 NOTIFICATION: http://www.pycrypto.org/ Note: I am a Canadian citizen posting software to my website located in Canada. I am not certain whether PyCrypto contains enough US-origin cryptography to be covered by U.S. export controls, but I am submitting this anyway. (Sorry for spamming the lists, but I want there to be a record of this.) - -- Dwayne C. Litzenberger Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Stamper Reference Id: 0520978 iQEVAgUBSLX1DYGVnbVwth+BAQEcuwf9EWnXLqSO5bPzR9K9QnTPcsKbTljKjPxr d+q0E7eE8VtnvvijUcTAR9o27yvzOPxdFT864MQA7OTSbPK39aGAgA4fgAgvYH9t UNjJ/kv8QLz/aq2fi/HNjyrwnqFnUl0uqwpOrQGbz8Y+SGpVh1gKqy1Ju45L+doq sxbzCOpjgRv2zDdNR/2SnFmDWQXv8dSeonwIHpQDft8/LVA/gHiTDmteQlOhJQ6o XYhY+HbRjsD741/GSpOt9IlN5ln0UgshFoLIndnNSAvWf4aPyh5KCN7ho+/BC0v/ W/pqSSlPkwmbhlPHoOltTkNc0qKLAHXqMGJNhO8AkrYZOyJksb0HsA== =3oIX -----END PGP SIGNATURE-----