New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace PyCrypto with tinyaes for encryption support #4652
Replace PyCrypto with tinyaes for encryption support #4652
Conversation
2187fd2
to
a8410a7
Compare
The new code is much simpler to read, and after so many months there is finally a possible replacement for that critical code part (that I failed to do it myself, twice ^^). 💪 |
Do we need a similar PR for the master too? |
a8410a7
to
ce127b9
Compare
Hmm, I'll wait a bit more, I'm adding some test to the library, I'd prefer to point a stable release in |
Nope, target |
@naufraghi will review this later today when on PC. This looks good at the moment. I will point out that I can't actually merge this - you need @bjones1 for that. Oh and don't target master. Only stable releases get pushed to that branch. We want develop. |
Sorry for the review requests, I was just inspecting the the GitHub gui 🙄 |
@naufraghi not a problem. I've got to say, this looks good. I'm going to suggest that seeing as you said you don't want the bounty, it goes to the PyInstaller team to fund @htgoebel. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to add a changelog entry, as per https://pyinstaller.readthedocs.io/en/stable/development/changelog-entries.html. It can be a bit confusing - see the news
folder for some examples. Also:
- edit the README
- And the docs. Remove PyCrypto references
bd95389
to
3c52c69
Compare
Added |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to change the requirements version spec - https://travis-ci.org/pyinstaller/pyinstaller/jobs/651427755#L480.
As to your last comment, the when you push to origin, the CI runs automatically.
I use to let the reviewer resolve the discussions, but I can close myself the ones I think I have resolved, let me know the preferred workflow. |
Sorry, I lack the time to review this. |
@htgoebel Can you please review? |
5b7c14e
to
ff6f3f5
Compare
Rebased, just to check everything still works, and we have some unrelated error on macOS and nightly. |
@naufraghi I've restarted the failing build. It's running. FYI we're just waiting for @htgoebel to review and merge. |
@htgoebel can you look at this PR now? It should be ready to merge, we just need final review. |
This re-enables encrypting the Python bytecode (option ``--key``). `tinyaes <https://github.com/naufraghi/tinyaes-py>`_ is a minimal AES-only library that wraps the C library `tiny-AES-c <https://github.com/kokke/tiny-AES-c>`_. Currently the library wraps only the CTR mode that can be used in PyInstaller instead of the CFB mode used before. Reading various sources, CFB is `somewhat similar to CBC <https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Feedback_(CFB)>`_ and CTR is suggested as a go-to stream cipher (see <https://crypto.stackexchange.com/questions/6029> and links) that can be used instead of CBC. Closes pyinstaller#2365.
ff6f3f5
to
455c57f
Compare
@htgoebel, can I merge this? |
@naufraghi thanks for this feature/bugfix! |
pyinstaller#4652) This re-enables encrypting the Python bytecode (`--key`) by replacing PyCrypto with tinyaes. tinyaes is a minimal AES-only library that wraps the C library tiny-AES-c. See https://github.com/naufraghi/tinyaes-py for source code. Closes pyinstaller#2365.
tinyaes is a minimal AES-only library that wraps the C library tiny-AES-c.
Currently the library wraps only the CTR mode that can be used in PyInstaller instead of the CFB mode used before.
Reading various sources, CFB is somewhat similar to CBC and CTR is suggested as a go-to stream cipher (https://crypto.stackexchange.com/questions/6029/aes-cbc-mode-or-aes-ctr-mode-recommended and links) that can be used instead of CBC.
See the issue comments for more discussion #2365 (comment)
Closes #2365