packages/m2crypto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to 0.39.0

Browse Source 
Signed-off-by: cherry530 <707078654@qq.com>
This commit is contained in:
cherry530 2023-07-22 14:26:05 +08:00
parent e96cdb36a6
commit f3c84c5b6f
5 changed files with 6 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
CVE-2020-25657.patch
View File

@ -1,170 +0,0 @@
From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 28 Jun 2022 21:17:01 +0200
Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
decryption API (CVE-2020-25657)
Fixes #282
---
M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
M2Crypto-0.38.0/src/SWIG/_rsa.i | 20 ++++++++++++--------
M2Crypto-0.38.0/tests/test_rsa.py | 15 +++++++--------
3 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c b/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c
index aba9eb6d..a9f30da9 100644
--- a/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c
+++ b/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c
@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/M2Crypto-0.38.0/src/SWIG/_rsa.i b/M2Crypto-0.38.0/src/SWIG/_rsa.i
index bc714e01..1377b8be 100644
--- a/M2Crypto-0.38.0/src/SWIG/_rsa.i
+++ b/M2Crypto-0.38.0/src/SWIG/_rsa.i
@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/M2Crypto-0.38.0/tests/test_rsa.py b/M2Crypto-0.38.0/tests/test_rsa.py
index 7bb3af75..5e75d681 100644
--- a/M2Crypto-0.38.0/tests/test_rsa.py
+++ b/M2Crypto-0.38.0/tests/test_rsa.py
@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
# The other paddings.
for padding in self.s_padding_nok:
p = getattr(RSA, padding)
- with self.assertRaises(RSA.RSAError):
- priv.private_encrypt(self.data, p)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with self.assertRaises(RSA.RSAError):
+ priv.private_encrypt(self.data, p)
# Type-check the data to be encrypted.
with self.assertRaises(TypeError):
priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
self.assertEqual(ptxt, self.data)
# no_padding
- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
- priv.public_encrypt(self.data, RSA.no_padding)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+ priv.public_encrypt(self.data, RSA.no_padding)
# Type-check the data to be encrypted.
+ # Exception disabled as a part of mitigation against CVE-2020-25657
with self.assertRaises(TypeError):
priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4
with self.assertRaises(RSA.RSAError):
setattr(rsa, 'e', '\000\000\000\003\001\000\001')
- with self.assertRaises(RSA.RSAError):
- rsa.private_encrypt(1)
- with self.assertRaises(RSA.RSAError):
- rsa.private_decrypt(1)
assert rsa.check_key()
def test_loadpub_bad(self):
--
GitLab

BIN
M2Crypto-0.38.0.tar.gz
View File

Binary file not shown.

6
M2Crypto-0.38.0.tar.gz.asc
View File

@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQSJ70vGKIq/QxurJcPgn+8l2WSErAUCYMfDmAAKCRDgn+8l2WSE
rJjeAJ9020kzL4u/p/KNnH3ei4EKFeJJhQCfcHKVJ0exSXSIj8/xbAdSKRvl8uQ=
=Q+r2
-----END PGP SIGNATURE-----

BIN
M2Crypto-0.39.0.tar.gz Normal file
View File

Binary file not shown.

12
m2crypto.spec
View File

@ -1,13 +1,10 @@
Name: m2crypto Name: m2crypto
Summary: A crypto and SSL toolkit for Python Summary: A crypto and SSL toolkit for Python
Version: 0.38.0 Version: 0.39.0
Release: 2 Release: 1
License: MIT License: MIT
URL: https://gitlab.com/m2crypto/m2crypto/ URL: https://gitlab.com/m2crypto/m2crypto/
Source0: https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-0.38.0.tar.gz Source0: %{pypi_source M2Crypto}
Source1: https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-0.38.0.tar.gz.asc
# https://gitlab.com/m2crypto/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a
Patch0: CVE-2020-25657.patch
BuildRequires: openssl openssl-devel perl-interpreter pkgconfig swig which BuildRequires: openssl openssl-devel perl-interpreter pkgconfig swig which
BuildRequires: python3-devel python3-setuptools gcc BuildRequires: python3-devel python3-setuptools gcc
@ -54,6 +51,9 @@ cd M2Crypto-%{version}
%{python3_sitearch}/M2Crypto-*.egg-info %{python3_sitearch}/M2Crypto-*.egg-info
%changelog %changelog
* Sat Jul 22 2023 xu_ping <707078654@qq.com> - 0.39.0-1
- Upgrade to 0.39.0
* Wed Aug 17 2022 yaoxin <yaoxin30@h-partners.com> - 0.38.0-2 * Wed Aug 17 2022 yaoxin <yaoxin30@h-partners.com> - 0.38.0-2
- Fix CVE-2020-25657 - Fix CVE-2020-25657