Import key code is not compatible with GMP library
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Python-Crypto |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I have just noticed that a secret RSA key that was generated by an external tool (e.g. opensll) as DER/PEM
and that isimported via RSA.importKey() won't decrypt/sign correctly if the GMP library is installed.
The problem is that - in the standard representation - RSA key components include q^{-1} mod p, whereas
the code in _fastmath.c requires p^{-1} mod q instead.
You can verify that by importing a key from openssl, and - with GMP installed - by encrypting+
I have not noticed it in my tests so far because I didn't have GMP installed (my fault).
Moreover, _slowmath.py does not use CRT compoenents as _fastmath.c does.
There are no real security concerns here: the only problem is that a) signatures generated in this way cannot be verified b) data cannot be correctly decrypted. Verification and encryption done with import key is not affected.
I have already a very short patch ready: I will send it out in the coming days.
It also extends _slowmath.py to use CRT, which therefore does exactly what _fastmath.c does.
Affects: pycrypto 2.2 and 2.3
One patch is here:
https:/ /github. com/Legrandin/ pycrypto/ commit/ a2fdd4bada1ef39 f2bcf554e30c33d 1e4b027132