Import key code is not compatible with GMP library
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Python-Crypto |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
I have just noticed that a secret RSA key that was generated by an external tool (e.g. opensll) as DER/PEM
and that isimported via RSA.importKey() won't decrypt/sign correctly if the GMP library is installed.
The problem is that - in the standard representation - RSA key components include q^{-1} mod p, whereas
the code in _fastmath.c requires p^{-1} mod q instead.
You can verify that by importing a key from openssl, and - with GMP installed - by encrypting+
I have not noticed it in my tests so far because I didn't have GMP installed (my fault).
Moreover, _slowmath.py does not use CRT compoenents as _fastmath.c does.
There are no real security concerns here: the only problem is that a) signatures generated in this way cannot be verified b) data cannot be correctly decrypted. Verification and encryption done with import key is not affected.
I have already a very short patch ready: I will send it out in the coming days.
It also extends _slowmath.py to use CRT, which therefore does exactly what _fastmath.c does.
Affects: pycrypto 2.2 and 2.3
| Legrandin (gooksankoo) wrote | #1 |
| Darsey Litzenberger (dlitz) wrote | #2 |
| Changed in pycrypto: | |
| status: | New → Fix Released |
One patch is here:
https:/