From 9ee6d97c2883d42f204a533a8bc1f4562df778fb Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 16 Sep 2020 09:32:48 +0100 Subject: gentoo resync : 16.09.2020 --- dev-python/rsa/Manifest | 1 - .../rsa/files/rsa-3.4.2-cve-2020-13757.patch | 95 ---------------------- 2 files changed, 96 deletions(-) delete mode 100644 dev-python/rsa/files/rsa-3.4.2-cve-2020-13757.patch (limited to 'dev-python/rsa') diff --git a/dev-python/rsa/Manifest b/dev-python/rsa/Manifest index 0ea78b628b8f..bf31d2e2db3a 100644 --- a/dev-python/rsa/Manifest +++ b/dev-python/rsa/Manifest @@ -1,4 +1,3 @@ -AUX rsa-3.4.2-cve-2020-13757.patch 5806 BLAKE2B 45f87653e3c0cbe29054d0a2d4e4838dcd1e91aeb921b3abc540d1f9dec157a75559ffdd933ef406f053343721b0963e3e647ee1e71cccf28946b2a1a4a0f97d SHA512 075ce7a8c6a4eb3716e51c9fc1ca446f5a922d701158dab5beb745887083c04b9e434f2cd4c8468fb71c814a51e5b7d96161d44dddafc539fcb5dfec4bf2602b DIST python-rsa-version-4.2.gh.tar.gz 63280 BLAKE2B 1260fe2a0f34c16b3cd2e18bc642da2e9c6caad851920a4c010aaad31959d0baab397356cd2437eb4a9091b3f524760f45b8d46ff9a207be009b2613615681c1 SHA512 a4df2de41d252a42627e96298b044a50953c429b5062f02cc7b64a7e17f75b09bb8b0f9b371353e639d1daec7775c20f20348f45baf00f591514c54e1315f044 EBUILD rsa-4.2.ebuild 770 BLAKE2B 04113beba14d1c9756ac2977b54e2f5af7fb8c54d00ac5f6eeefe9e9f813f603b6035c56cc3c0d90c401b73501a931e2a279648849a2609e91ca8f281d41c50a SHA512 214b60d5718324085bcb94f1fb67ccd04ee7567a6cb42c876e335e7869e8364368dcf831cb55515c5f56fe807ed85f69cdacbc7fc1b8971427000f8c28e043f5 MISC metadata.xml 316 BLAKE2B fd1e4f7bdee45f5ab99e67cc3918634b9ac5ecfad75167aad5f2ee33cea308f99d8d03aab5b5e0c01e8c1bf41ca8a45f67146c5126f84af4b6d914f58af0ea38 SHA512 4d8c48ae8e4360727f5c4b83e426f42a597a175dfa2a965c9f966e5824a83291c78d3e8e636d21b4f28d73f7e912abc7db1b09078baaa0e3a1b25713abd3d0a1 diff --git a/dev-python/rsa/files/rsa-3.4.2-cve-2020-13757.patch b/dev-python/rsa/files/rsa-3.4.2-cve-2020-13757.patch deleted file mode 100644 index ccee6c0281bb..000000000000 --- a/dev-python/rsa/files/rsa-3.4.2-cve-2020-13757.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff -Nur rsa-3.4.2.orig/rsa/pkcs1.py rsa-3.4.2/rsa/pkcs1.py ---- rsa-3.4.2.orig/rsa/pkcs1.py 2020-07-05 10:28:57.622204136 +0200 -+++ rsa-3.4.2/rsa/pkcs1.py 2020-07-05 10:30:28.103672033 +0200 -@@ -232,6 +232,12 @@ - decrypted = priv_key.blinded_decrypt(encrypted) - cleartext = transform.int2bytes(decrypted, blocksize) - -+ # Detect leading zeroes in the crypto. These are not reflected in the -+ # encrypted value (as leading zeroes do not influence the value of an -+ # integer). This fixes CVE-2020-13757. -+ if len(crypto) > blocksize: -+ raise DecryptionError('Decryption failed') -+ - # If we can't find the cleartext marker, decryption failed. - if cleartext[0:2] != b('\x00\x02'): - raise DecryptionError('Decryption failed') -@@ -310,6 +316,9 @@ - cleartext = HASH_ASN1[method_name] + message_hash - expected = _pad_for_signing(cleartext, keylength) - -+ if len(signature) != keylength: -+ raise VerificationError('Verification failed') -+ - # Compare with the signed one - if expected != clearsig: - raise VerificationError('Verification failed') -diff -Nur rsa-3.4.2.orig/tests/test_pkcs1.py rsa-3.4.2/tests/test_pkcs1.py ---- rsa-3.4.2.orig/tests/test_pkcs1.py 2020-07-05 10:28:57.621204131 +0200 -+++ rsa-3.4.2/tests/test_pkcs1.py 2020-07-05 10:32:26.858286153 +0200 -@@ -17,6 +17,7 @@ - """Tests string operations.""" - - import struct -+import sys - import unittest - - import rsa -@@ -64,6 +65,35 @@ - - self.assertNotEqual(encrypted1, encrypted2) - -+class ExtraZeroesTest(unittest.TestCase): -+ def setUp(self): -+ # Key, cyphertext, and plaintext taken from https://github.com/sybrenstuvel/python-rsa/issues/146 -+ self.private_key = rsa.PrivateKey.load_pkcs1( -+ "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAs1EKK81M5kTFtZSuUFnhKy8FS2WNXaWVmi/fGHG4CLw98+Yo\n0nkuUarVwSS0O9pFPcpc3kvPKOe9Tv+6DLS3Qru21aATy2PRqjqJ4CYn71OYtSwM\n/ZfSCKvrjXybzgu+sBmobdtYm+sppbdL+GEHXGd8gdQw8DDCZSR6+dPJFAzLZTCd\nB+Ctwe/RXPF+ewVdfaOGjkZIzDoYDw7n+OHnsYCYozkbTOcWHpjVevipR+IBpGPi\n1rvKgFnlcG6d/tj0hWRl/6cS7RqhjoiNEtxqoJzpXs/Kg8xbCxXbCchkf11STA8u\ndiCjQWuWI8rcDwl69XMmHJjIQAqhKvOOQ8rYTQIDAQABAoIBABpQLQ7qbHtp4h1Y\nORAfcFRW7Q74UvtH/iEHH1TF8zyM6wZsYtcn4y0mxYE3Mp+J0xlTJbeVJkwZXYVH\nL3UH29CWHSlR+TWiazTwrCTRVJDhEoqbcTiRW8fb+o/jljVxMcVDrpyYUHNo2c6w\njBxhmKPtp66hhaDpds1Cwi0A8APZ8Z2W6kya/L/hRBzMgCz7Bon1nYBMak5PQEwV\nF0dF7Wy4vIjvCzO6DSqA415DvJDzUAUucgFudbANNXo4HJwNRnBpymYIh8mHdmNJ\n/MQ0YLSqUWvOB57dh7oWQwe3UsJ37ZUorTugvxh3NJ7Tt5ZqbCQBEECb9ND63gxo\n/a3YR/0CgYEA7BJc834xCi/0YmO5suBinWOQAF7IiRPU+3G9TdhWEkSYquupg9e6\nK9lC5k0iP+t6I69NYF7+6mvXDTmv6Z01o6oV50oXaHeAk74O3UqNCbLe9tybZ/+F\ndkYlwuGSNttMQBzjCiVy0+y0+Wm3rRnFIsAtd0RlZ24aN3bFTWJINIsCgYEAwnQq\nvNmJe9SwtnH5c/yCqPhKv1cF/4jdQZSGI6/p3KYNxlQzkHZ/6uvrU5V27ov6YbX8\nvKlKfO91oJFQxUD6lpTdgAStI3GMiJBJIZNpyZ9EWNSvwUj28H34cySpbZz3s4Xd\nhiJBShgy+fKURvBQwtWmQHZJ3EGrcOI7PcwiyYcCgYEAlql5jSUCY0ALtidzQogW\nJ+B87N+RGHsBuJ/0cxQYinwg+ySAAVbSyF1WZujfbO/5+YBN362A/1dn3lbswCnH\nK/bHF9+fZNqvwprPnceQj5oK1n4g6JSZNsy6GNAhosT+uwQ0misgR8SQE4W25dDG\nkdEYsz+BgCsyrCcu8J5C+tUCgYAFVPQbC4f2ikVyKzvgz0qx4WUDTBqRACq48p6e\n+eLatv7nskVbr7QgN+nS9+Uz80ihR0Ev1yCAvnwmM/XYAskcOea87OPmdeWZlQM8\nVXNwINrZ6LMNBLgorfuTBK1UoRo1pPUHCYdqxbEYI2unak18mikd2WB7Fp3h0YI4\nVpGZnwKBgBxkAYnZv+jGI4MyEKdsQgxvROXXYOJZkWzsKuKxVkVpYP2V4nR2YMOJ\nViJQ8FUEnPq35cMDlUk4SnoqrrHIJNOvcJSCqM+bWHAioAsfByLbUPM8sm3CDdIk\nXVJl32HuKYPJOMIWfc7hIfxLRHnCN+coz2M6tgqMDs0E/OfjuqVZ\n-----END RSA PRIVATE KEY-----", -+ format='PEM') -+ cyphertext = "4501b4d669e01b9ef2dc800aa1b06d49196f5a09fe8fbcd037323c60eaf027bfb98432be4e4a26c567ffec718bcbea977dd26812fa071c33808b4d5ebb742d9879806094b6fbeea63d25ea3141733b60e31c6912106e1b758a7fe0014f075193faa8b4622bfd5d3013f0a32190a95de61a3604711bc62945f95a6522bd4dfed0a994ef185b28c281f7b5e4c8ed41176d12d9fc1b837e6a0111d0132d08a6d6f0580de0c9eed8ed105531799482d1e466c68c23b0c222af7fc12ac279bc4ff57e7b4586d209371b38c4c1035edd418dc5f960441cb21ea2bedbfea86de0d7861e81021b650a1de51002c315f1e7c12debe4dcebf790caaa54a2f26b149cf9e77d" -+ plaintext = "54657374" -+ -+ if sys.version_info < (3, 0): -+ self.cyphertext = cyphertext.decode("hex") -+ self.plaintext = plaintext.decode('hex') -+ else: -+ self.cyphertext = bytes.fromhex(cyphertext) -+ self.plaintext = bytes.fromhex(plaintext) -+ -+ def test_unmodified(self): -+ message = rsa.decrypt(self.cyphertext, self.private_key) -+ self.assertEqual(message, self.plaintext) -+ -+ def test_prepend_zeroes(self): -+ cyphertext = b'\00\00' + self.cyphertext -+ with self.assertRaises(rsa.DecryptionError): -+ rsa.decrypt(cyphertext, self.private_key) -+ -+ def test_append_zeroes(self): -+ cyphertext = self.cyphertext + b'\00\00' -+ with self.assertRaises(rsa.DecryptionError): -+ rsa.decrypt(cyphertext, self.private_key) - - class SignatureTest(unittest.TestCase): - def setUp(self): -@@ -105,3 +135,21 @@ - signature2 = pkcs1.sign(message, self.priv, 'SHA-1') - - self.assertEqual(signature1, signature2) -+ -+ def test_prepend_zeroes(self): -+ """Prepending the signature with zeroes should be detected.""" -+ -+ message = b'je moeder' -+ signature = pkcs1.sign(message, self.priv, 'SHA-256') -+ signature = b'\00\00' + signature -+ with self.assertRaises(rsa.VerificationError): -+ pkcs1.verify(message, signature, self.pub) -+ -+ def test_apppend_zeroes(self): -+ """Apppending the signature with zeroes should be detected.""" -+ -+ message = b'je moeder' -+ signature = pkcs1.sign(message, self.priv, 'SHA-256') -+ signature = signature + b'\00\00' -+ with self.assertRaises(rsa.VerificationError): -+ pkcs1.verify(message, signature, self.pub) -- cgit v1.2.3