package update
This commit is contained in:
liksh
parent
25a427ef5e
commit
b39f6e70f3
@ -1,48 +0,0 @@
|
||||
From 93af6f2f89a9bf28361e67716c4240e691520f30 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
|
||||
Date: Wed, 3 Jun 2020 14:39:23 +0200
|
||||
Subject: [PATCH] Fix CVE-2020-13757: detect cyphertext modifications by
|
||||
prepending zero bytes
|
||||
|
||||
Reject cyphertexts that have been modified by prepending zero bytes, by
|
||||
checking the cyphertext length against the expected size (given the
|
||||
decryption key). This resolves CVE-2020-13757.
|
||||
|
||||
The same approach is used when verifying a signature.
|
||||
|
||||
Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
|
||||
---
|
||||
rsa/pkcs1.py | 9 +++++++++
|
||||
1 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
|
||||
index 28f0dc5..cdf830b 100644
|
||||
--- a/rsa/pkcs1.py
|
||||
+++ b/rsa/pkcs1.py
|
||||
@@ -232,6 +232,12 @@ def decrypt(crypto, priv_key):
|
||||
decrypted = priv_key.blinded_decrypt(encrypted)
|
||||
cleartext = transform.int2bytes(decrypted, blocksize)
|
||||
|
||||
+ # Detect leading zeroes in the crypto. These are not reflected in the
|
||||
+ # encrypted value (as leading zeroes do not influence the value of an
|
||||
+ # integer). This fixes CVE-2020-13757.
|
||||
+ if len(crypto) > blocksize:
|
||||
+ raise DecryptionError('Decryption failed')
|
||||
+
|
||||
# If we can't find the cleartext marker, decryption failed.
|
||||
if cleartext[0:2] != b('\x00\x02'):
|
||||
raise DecryptionError('Decryption failed')
|
||||
@@ -310,6 +316,9 @@ def verify(message, signature, pub_key):
|
||||
cleartext = HASH_ASN1[method_name] + message_hash
|
||||
expected = _pad_for_signing(cleartext, keylength)
|
||||
|
||||
+ if len(signature) != keylength:
|
||||
+ raise VerificationError('Verification failed')
|
||||
+
|
||||
# Compare with the signed one
|
||||
if expected != clearsig:
|
||||
raise VerificationError('Verification failed')
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,62 +0,0 @@
|
||||
From dae8ce0d85478e16f2368b2341632775313d41ed Mon Sep 17 00:00:00 2001
|
||||
From: sybrenstuvel <sybren@stuvel.eu>
|
||||
Date: Sun, 15 Nov 2020 15:18:38 +0100
|
||||
Subject: [PATCH] Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle
|
||||
|
||||
Use as many constant-time comparisons as practical in the
|
||||
`rsa.pkcs1.decrypt` function.
|
||||
|
||||
`cleartext.index(b'\x00', 2)` will still be non-constant-time. The
|
||||
alternative would be to iterate over all the data byte by byte in
|
||||
Python, which is several orders of magnitude slower. Given that a
|
||||
perfect constant-time implementation is very hard or even impossible to
|
||||
do in Python [1], I chose the more performant option here.
|
||||
|
||||
[1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
|
||||
source link:https://github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41ed
|
||||
|
||||
Signed-off-by: sybrenstuvel <sybren@stuvel.eu>
|
||||
---
|
||||
rsa/pkcs1.py | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
|
||||
index cdf830b..7b210a5 100644
|
||||
--- a/rsa/pkcs1.py
|
||||
+++ b/rsa/pkcs1.py
|
||||
@@ -30,6 +30,7 @@ to your users.
|
||||
|
||||
import hashlib
|
||||
import os
|
||||
+from hmac import compare_digest
|
||||
|
||||
from rsa._compat import b
|
||||
from rsa import common, transform, core
|
||||
@@ -235,17 +236,20 @@ def decrypt(crypto, priv_key):
|
||||
# Detect leading zeroes in the crypto. These are not reflected in the
|
||||
# encrypted value (as leading zeroes do not influence the value of an
|
||||
# integer). This fixes CVE-2020-13757.
|
||||
- if len(crypto) > blocksize:
|
||||
- raise DecryptionError('Decryption failed')
|
||||
+ crypto_len_bad = len(crypto) > blocksize
|
||||
|
||||
# If we can't find the cleartext marker, decryption failed.
|
||||
- if cleartext[0:2] != b('\x00\x02'):
|
||||
- raise DecryptionError('Decryption failed')
|
||||
+ cleartext_marker_bad = not compare_digest(cleartext[:2], b'\x00\x02')
|
||||
|
||||
# Find the 00 separator between the padding and the message
|
||||
try:
|
||||
sep_idx = cleartext.index(b('\x00'), 2)
|
||||
except ValueError:
|
||||
+ sep_idx = -1
|
||||
+ sep_idx_bad = sep_idx < 0
|
||||
+
|
||||
+ anything_bad = crypto_len_bad | cleartext_marker_bad | sep_idx_bad
|
||||
+ if anything_bad:
|
||||
raise DecryptionError('Decryption failed')
|
||||
|
||||
return cleartext[sep_idx + 1:]
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,14 +1,12 @@
|
||||
Name: python-rsa
|
||||
Version: 3.4.2
|
||||
Release: 14
|
||||
Version: 4.7.2
|
||||
Release: 1
|
||||
Summary: Pure-Python RSA implementation
|
||||
License: ASL 2.0
|
||||
URL: http://stuvel.eu/rsa
|
||||
Source0: https://pypi.python.org/packages/source/r/rsa/rsa-%{version}.tar.gz
|
||||
BuildArch: noarch
|
||||
|
||||
Patch1: 0001-CVE-2020-13757.patch
|
||||
Patch2: 0002-CVE-2020-25658.patch
|
||||
|
||||
%description
|
||||
Python-RSA is a pure-Python RSA implementation. It supports
|
||||
@ -19,6 +17,7 @@ and key generation according to PKCS#1 version 1.5.
|
||||
%{?python_provide:%python_provide python3-rsa}
|
||||
Summary: Pure-Python RSA implementation
|
||||
BuildRequires: python3-devel, python3-setuptools, python3-pyasn1 >= 0.1.3, python3-unittest2
|
||||
BuildRequires: python3-mypy
|
||||
Requires: python3-pyasn1 >= 0.1.3, python3-setuptools
|
||||
|
||||
%description -n python3-rsa
|
||||
@ -40,8 +39,6 @@ mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt $RPM_BUILD_ROOT%{_bindir}/pyrsa-encry
|
||||
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-3
|
||||
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-sign $RPM_BUILD_ROOT%{_bindir}/pyrsa-sign-3
|
||||
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-verify $RPM_BUILD_ROOT%{_bindir}/pyrsa-verify-3
|
||||
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-bigfile-3
|
||||
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile-3
|
||||
|
||||
%files -n python3-rsa
|
||||
%doc README.md
|
||||
@ -53,6 +50,9 @@ mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyr
|
||||
%{__python3} setup.py test
|
||||
|
||||
%changelog
|
||||
* Mon Aug 09 2021 OpenStack_SIG <openstack@openeuler.org> - 4.7.2-1
|
||||
- Package update to 4.7.2
|
||||
|
||||
* Tue Dec 15 2020 yanglongkang <yanglongkang@huawei.com> - 3.4.2-14
|
||||
- fix CVE-2020-25658
|
||||
|
||||
@ -64,3 +64,4 @@ mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyr
|
||||
|
||||
* Mon Feb 10 2020 Ruijun Ge <geruijun@huawei.com> - 3.4.2-11
|
||||
- package init
|
||||
|
||||
|
||||
@ -2,3 +2,4 @@ version_control: github
|
||||
src_repo: sybrenstuevl/python-rsa
|
||||
tag_prefix: version-
|
||||
seperator: .
|
||||
|
||||
|
||||
BIN
rsa-3.4.2.tar.gz
BIN
rsa-3.4.2.tar.gz
Binary file not shown.
BIN
rsa-4.7.2.tar.gz
Normal file
BIN
rsa-4.7.2.tar.gz
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user