RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-28 22:49:47 +01:00
Code Releases Activity

pycrypto: use pycryptodome instead

Browse Source 
`pycrypto` is unmaintained [[1]] since v2.6.1 (released October 2013).
This version, however, has some severe vulnerabilities [[2]] [[3]].

The recommendation is to use the API-compatible `pycryptodome` library.

[1]: https://github.com/pycrypto/pycrypto/issues/173
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459
[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
This commit is contained in:
Martine Lenders 2021-11-02 13:28:42 +01:00
parent d14f559622
commit e38aec72b2
No known key found for this signature in database
GPG Key ID: 2134D77A5336DD80
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/tools/mcuboot/imgtool.md vendored
View File

@ -6,7 +6,7 @@ operations that are necessary to manage keys and sign images.
This program is written for Python3, and has several dependencies on
Python libraries. These can be installed using 'pip3' manually:
pip3 install --user pycrypto
pip3 install --user pycryptodome
pip3 install --user pyasn1
pip3 install --user ecdsa

2
dist/tools/packer/scripts/riot.sh vendored
View File

@ -17,7 +17,7 @@ sudo -u /${SSH_USERNAME} pip3 install --user iotlabwscli iotlabsshcli iotlabcli
# Python tools
sudo -u /${SSH_USERNAME} pip3 install --user aiocoap pyocd paho-mqtt pyserial flake8 tox \
pyasn1 ecdsa pexpect pycrypto ed25519 cbor cryptography \
pyasn1 ecdsa pexpect pycryptodome ed25519 cbor cryptography \
scapy codespell protobuf jupyterlab \
#

2
dist/tools/vagrant/freebsd/Vagrantfile vendored
View File

@ -1,7 +1,7 @@
$init_riot = <<-INIT_RIOT
# vim for xxd
pkg install -y bash git gmake gcc cmake afl afl++ \
python3 py37-pip py37-scipy py37-pycrypto py37-cython py37-scapy \
python3 py37-pip py37-scipy py37-pycryptodome py37-cython py37-scapy \
vim
chsh -s /usr/local/bin/bash vagrant
if ! [ -d /home/vagrant/RIOT ]; then

4
tests/mcuboot/README.md
View File

@ -15,14 +15,14 @@ system.
Before running the test, be sure that you meet the following Python3
dependencies:
- pycrypto
- pycryptodome
- ecdsa
- pyasn1
If you don't have one of those, you can install them with the commands:
```console
pip3 install --user pycrypto ecdsa pyasn1
pip3 install --user pycryptodome ecdsa pyasn1
```
This test can be called using `make mcuboot` to produce such ELF file,