From 6cb405ce6f8e192b18fa3d4d0214e74b35cb8445 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Wed, 17 Aug 2022 16:44:43 +0800 Subject: [PATCH] Fix CVE-2020-25657 (cherry picked from commit b32f1d4be1dc6c88e8c2ae083740acce38bf44c2) --- CVE-2020-25657-pre1.patch | 25 ++++++ CVE-2020-25657-pre2.patch | 42 ++++++++++ CVE-2020-25657-pre3.patch | 26 ++++++ CVE-2020-25657-pre4.patch | 29 +++++++ CVE-2020-25657.patch | 170 ++++++++++++++++++++++++++++++++++++++ m2crypto.spec | 16 +++- 6 files changed, 307 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-25657-pre1.patch create mode 100644 CVE-2020-25657-pre2.patch create mode 100644 CVE-2020-25657-pre3.patch create mode 100644 CVE-2020-25657-pre4.patch create mode 100644 CVE-2020-25657.patch diff --git a/CVE-2020-25657-pre1.patch b/CVE-2020-25657-pre1.patch new file mode 100644 index 0000000..133cea1 --- /dev/null +++ b/CVE-2020-25657-pre1.patch @@ -0,0 +1,25 @@ +From 83d4d9bc3aa4466e540fa00f8cc6891c0301ec82 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 31 May 2019 17:00:14 +0200 +Subject: [PATCH] Remove duplicate call of the error code. + +--- + M2Crypto-0.30.1/tests/test_rsa.py | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/M2Crypto-0.30.1/tests/test_rsa.py b/M2Crypto-0.30.1/tests/test_rsa.py +index 308b1b18..875b59c6 100644 +--- a/M2Crypto-0.30.1/tests/test_rsa.py ++++ b/M2Crypto-0.30.1/tests/test_rsa.py +@@ -126,8 +126,6 @@ class RSATestCase(unittest.TestCase): + ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) + with self.assertRaises(RSA.RSAError): + priv.private_decrypt(ctxt, RSA.sslv23_padding) +- with self.assertRaises(RSA.RSAError): +- priv.private_decrypt(ctxt, RSA.sslv23_padding) + + # no_padding + with self.assertRaises(RSA.RSAError): +-- +GitLab + diff --git a/CVE-2020-25657-pre2.patch b/CVE-2020-25657-pre2.patch new file mode 100644 index 0000000..3d3489e --- /dev/null +++ b/CVE-2020-25657-pre2.patch @@ -0,0 +1,42 @@ +From 0b22d79082afd7c564b2ac07fb0ef5d76d692586 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 7 Jun 2019 11:43:03 +0200 +Subject: [PATCH] Limit tests.test_rsa.RSATestCase.test_public_encrypt just to + OpenSSL which sustains it. + +Fixes #258 +--- + M2Crypto-0.30.1/tests/test_rsa.py | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/M2Crypto-0.30.1/tests/test_rsa.py b/M2Crypto-0.30.1/tests/test_rsa.py +index 875b59c6..7028b608 100644 +--- a/M2Crypto-0.30.1/tests/test_rsa.py ++++ b/M2Crypto-0.30.1/tests/test_rsa.py +@@ -113,6 +113,8 @@ class RSATestCase(unittest.TestCase): + with self.assertRaises(TypeError): + priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) + ++ @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f, ++ 'Relies on fix which happened only in OpenSSL 1.1.1c') + def test_public_encrypt(self): + priv = RSA.load_key(self.privkey) + # pkcs1_padding, pkcs1_oaep_padding +@@ -124,11 +126,11 @@ class RSATestCase(unittest.TestCase): + + # sslv23_padding + ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) +- with self.assertRaises(RSA.RSAError): +- priv.private_decrypt(ctxt, RSA.sslv23_padding) ++ res = priv.private_decrypt(ctxt, RSA.sslv23_padding) ++ self.assertEqual(res, self.data) + + # no_padding +- with self.assertRaises(RSA.RSAError): ++ with six.assertRaisesRegex(self, TypeError, 'data too small'): + priv.public_encrypt(self.data, RSA.no_padding) + + # Type-check the data to be encrypted. +-- +GitLab + diff --git a/CVE-2020-25657-pre3.patch b/CVE-2020-25657-pre3.patch new file mode 100644 index 0000000..9d9ce6c --- /dev/null +++ b/CVE-2020-25657-pre3.patch @@ -0,0 +1,26 @@ +From 3ee65bd56e92f8f3c465947b6752d92d5986dc81 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Sat, 8 Jun 2019 14:13:59 +0000 +Subject: [PATCH] tests.test_rsa: Fix typo to match for proper exception + +Signed-off-by: Sebastian Andrzej Siewior +--- + M2Crypto-0.30.1/tests/test_rsa.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/M2Crypto-0.30.1/tests/test_rsa.py b/M2Crypto-0.30.1/tests/test_rsa.py +index 7028b608..a1d0805f 100644 +--- a/M2Crypto-0.30.1/tests/test_rsa.py ++++ b/M2Crypto-0.30.1/tests/test_rsa.py +@@ -130,7 +130,7 @@ class RSATestCase(unittest.TestCase): + self.assertEqual(res, self.data) + + # no_padding +- with six.assertRaisesRegex(self, TypeError, 'data too small'): ++ with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): + priv.public_encrypt(self.data, RSA.no_padding) + + # Type-check the data to be encrypted. +-- +GitLab + diff --git a/CVE-2020-25657-pre4.patch b/CVE-2020-25657-pre4.patch new file mode 100644 index 0000000..a568fb7 --- /dev/null +++ b/CVE-2020-25657-pre4.patch @@ -0,0 +1,29 @@ +From d06eaa88a5f491827733f32027c46de3557fbd05 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 19 Feb 2021 15:53:02 +0100 +Subject: [PATCH] Use of RSA_SSLV23_PADDING has been deprecated. + +Fixes #293. +--- + M2Crypto-0.30.1/tests/test_rsa.py | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/M2Crypto-0.30.1/tests/test_rsa.py b/M2Crypto-0.30.1/tests/test_rsa.py +index 3de5016a..7299785f 100644 +--- a/M2Crypto-0.30.1/tests/test_rsa.py ++++ b/M2Crypto-0.30.1/tests/test_rsa.py +@@ -124,11 +124,6 @@ class RSATestCase(unittest.TestCase): + ptxt = priv.private_decrypt(ctxt, p) + self.assertEqual(ptxt, self.data) + +- # sslv23_padding +- ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) +- res = priv.private_decrypt(ctxt, RSA.sslv23_padding) +- self.assertEqual(res, self.data) +- + # no_padding + with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): + priv.public_encrypt(self.data, RSA.no_padding) +-- +GitLab + diff --git a/CVE-2020-25657.patch b/CVE-2020-25657.patch new file mode 100644 index 0000000..1f32043 --- /dev/null +++ b/CVE-2020-25657.patch @@ -0,0 +1,170 @@ +From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Tue, 28 Jun 2022 21:17:01 +0200 +Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA + decryption API (CVE-2020-25657) + +Fixes #282 +--- + M2Crypto-0.30.1/SWIG/_m2crypto_wrap.c | 20 ++++++++++++-------- + M2Crypto-0.30.1/SWIG/_rsa.i | 20 ++++++++++++-------- + M2Crypto-0.30.1/tests/test_rsa.py | 15 +++++++-------- + 3 files changed, 31 insertions(+), 24 deletions(-) + +diff --git a/M2Crypto-0.30.1/SWIG/_m2crypto_wrap.c b/M2Crypto-0.30.1/SWIG/_m2crypto_wrap.c +index aba9eb6d..a9f30da9 100644 +--- a/M2Crypto-0.30.1/SWIG/_m2crypto_wrap.c ++++ b/M2Crypto-0.30.1/SWIG/_m2crypto_wrap.c +@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); + +diff --git a/M2Crypto-0.30.1/SWIG/_rsa.i b/M2Crypto-0.30.1/SWIG/_rsa.i +index bc714e01..1377b8be 100644 +--- a/M2Crypto-0.30.1/SWIG/_rsa.i ++++ b/M2Crypto-0.30.1/SWIG/_rsa.i +@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); + +diff --git a/M2Crypto-0.30.1/tests/test_rsa.py b/M2Crypto-0.30.1/tests/test_rsa.py +index 7bb3af75..5e75d681 100644 +--- a/M2Crypto-0.30.1/tests/test_rsa.py ++++ b/M2Crypto-0.30.1/tests/test_rsa.py +@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase): + # The other paddings. + for padding in self.s_padding_nok: + p = getattr(RSA, padding) +- with self.assertRaises(RSA.RSAError): +- priv.private_encrypt(self.data, p) ++ # Exception disabled as a part of mitigation against CVE-2020-25657 ++ # with self.assertRaises(RSA.RSAError): ++ priv.private_encrypt(self.data, p) + # Type-check the data to be encrypted. + with self.assertRaises(TypeError): + priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) +@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase): + self.assertEqual(ptxt, self.data) + + # no_padding +- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): +- priv.public_encrypt(self.data, RSA.no_padding) ++ # Exception disabled as a part of mitigation against CVE-2020-25657 ++ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): ++ priv.public_encrypt(self.data, RSA.no_padding) + + # Type-check the data to be encrypted. ++ # Exception disabled as a part of mitigation against CVE-2020-25657 + with self.assertRaises(TypeError): + priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) + +@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase): + b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4 + with self.assertRaises(RSA.RSAError): + setattr(rsa, 'e', '\000\000\000\003\001\000\001') +- with self.assertRaises(RSA.RSAError): +- rsa.private_encrypt(1) +- with self.assertRaises(RSA.RSAError): +- rsa.private_decrypt(1) + assert rsa.check_key() + + def test_loadpub_bad(self): +-- +GitLab + diff --git a/m2crypto.spec b/m2crypto.spec index 805b989..98f0604 100644 --- a/m2crypto.spec +++ b/m2crypto.spec @@ -1,11 +1,22 @@ Name: m2crypto Summary: A crypto and SSL toolkit for Python Version: 0.30.1 -Release: 4 +Release: 5 License: MIT URL: https://gitlab.com/m2crypto/m2crypto/ Source0: https://files.pythonhosted.org/packages/41/50/7d85dc99b1c4f29eca83873d851ec29a8e484a66b31351e62e30be9db7d1/M2Crypto-0.30.1.tar.gz Source1: https://files.pythonhosted.org/packages/41/50/7d85dc99b1c4f29eca83873d851ec29a8e484a66b31351e62e30be9db7d1/M2Crypto-0.30.1.tar.gz.asc +# https://gitlab.com/m2crypto/m2crypto/commit/83d4d9bc3aa4466e540fa00f8cc6891c0301ec82 +Patch0: CVE-2020-25657-pre1.patch +# https://gitlab.com/m2crypto/m2crypto/commit/0b22d79082afd7c564b2ac07fb0ef5d76d692586 +Patch1: CVE-2020-25657-pre2.patch +# https://gitlab.com/m2crypto/m2crypto/commit/3ee65bd56e92f8f3c465947b6752d92d5986dc81 +Patch2: CVE-2020-25657-pre3.patch +# https://gitlab.com/m2crypto/m2crypto/commit/d06eaa88a5f491827733f32027c46de3557fbd05 +Patch3: CVE-2020-25657-pre4.patch +# https://gitlab.com/m2crypto/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a +Patch4: CVE-2020-25657.patch + Requires: python2-typing @@ -66,6 +77,9 @@ cd ../M2Crypto-python3 %{python3_sitearch}/M2Crypto-*.egg-info %changelog +* Wed Aug 17 2022 yaoxin - 0.30.1-5 +- Fix CVE-2020-25657 + * Thu Aug 18 2020 xinghe - 0.30.1-4 - add release version for update