RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

pycrypto: use pycryptodome instead

Browse Source 
`pycrypto` is unmaintained [[1]] since v2.6.1 (released October 2013).
This version, however, has some severe vulnerabilities [[2]] [[3]].

The recommendation is to use the API-compatible `pycryptodome` library.

[1]: https://github.com/pycrypto/pycrypto/issues/173
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459
[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
This commit is contained in:
Martine Lenders 2021-11-02 13:28:42 +01:00
parent d14f559622
commit e38aec72b2
No known key found for this signature in database
GPG Key ID: 2134D77A5336DD80
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/tools/mcuboot/imgtool.md vendored
View File

@ -6,7 +6,7 @@ operations that are necessary to manage keys and sign images.
This program is written for Python3, and has several dependencies on This program is written for Python3, and has several dependencies on
Python libraries. These can be installed using 'pip3' manually: Python libraries. These can be installed using 'pip3' manually:
pip3 install --user pycrypto pip3 install --user pycryptodome
pip3 install --user pyasn1 pip3 install --user pyasn1
pip3 install --user ecdsa pip3 install --user ecdsa

2
dist/tools/packer/scripts/riot.sh vendored
View File

@ -17,7 +17,7 @@ sudo -u /${SSH_USERNAME} pip3 install --user iotlabwscli iotlabsshcli iotlabcli
# Python tools # Python tools
sudo -u /${SSH_USERNAME} pip3 install --user aiocoap pyocd paho-mqtt pyserial flake8 tox \ sudo -u /${SSH_USERNAME} pip3 install --user aiocoap pyocd paho-mqtt pyserial flake8 tox \
pyasn1 ecdsa pexpect pycrypto ed25519 cbor cryptography \ pyasn1 ecdsa pexpect pycryptodome ed25519 cbor cryptography \
scapy codespell protobuf jupyterlab \ scapy codespell protobuf jupyterlab \
# #

2
dist/tools/vagrant/freebsd/Vagrantfile vendored
View File

@ -1,7 +1,7 @@
$init_riot = <<-INIT_RIOT $init_riot = <<-INIT_RIOT
# vim for xxd # vim for xxd
pkg install -y bash git gmake gcc cmake afl afl++ \ pkg install -y bash git gmake gcc cmake afl afl++ \
python3 py37-pip py37-scipy py37-pycrypto py37-cython py37-scapy \ python3 py37-pip py37-scipy py37-pycryptodome py37-cython py37-scapy \
vim vim
chsh -s /usr/local/bin/bash vagrant chsh -s /usr/local/bin/bash vagrant
if ! [ -d /home/vagrant/RIOT ]; then if ! [ -d /home/vagrant/RIOT ]; then

4
tests/mcuboot/README.md
View File

@ -15,14 +15,14 @@ system.
Before running the test, be sure that you meet the following Python3 Before running the test, be sure that you meet the following Python3
dependencies: dependencies:
- pycrypto - pycryptodome
- ecdsa - ecdsa
- pyasn1 - pyasn1
If you don't have one of those, you can install them with the commands: If you don't have one of those, you can install them with the commands:
```console ```console
pip3 install --user pycrypto ecdsa pyasn1 pip3 install --user pycryptodome ecdsa pyasn1
``` ```
This test can be called using `make mcuboot` to produce such ELF file, This test can be called using `make mcuboot` to produce such ELF file,