Fix CVE-2020-25657

(cherry picked from commit bd48e121bb090debc17ad55f5f6274a42525b365)
2022-08-17 18:15:07 +08:00 · 2022-08-17 18:15:07 +08:00 · 473a09ddd3
commit 473a09ddd3
parent 931b8e0cbb
2 changed files with 176 additions and 1 deletions
--- a/CVE-2020-25657.patch
+++ b/CVE-2020-25657.patch
@ -0,0 +1,170 @@
+From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Tue, 28 Jun 2022 21:17:01 +0200
+Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
+ decryption API (CVE-2020-25657)
+
+Fixes #282
+---
+ M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
+ M2Crypto-0.38.0/src/SWIG/_rsa.i           | 20 ++++++++++++--------
+ M2Crypto-0.38.0/tests/test_rsa.py         | 15 +++++++--------
+ 3 files changed, 31 insertions(+), 24 deletions(-)
+
+diff --git a/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c b/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c
+index aba9eb6d..a9f30da9 100644
+--- a/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c
+++ b/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c
+@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+ 
+diff --git a/M2Crypto-0.38.0/src/SWIG/_rsa.i b/M2Crypto-0.38.0/src/SWIG/_rsa.i
+index bc714e01..1377b8be 100644
+--- a/M2Crypto-0.38.0/src/SWIG/_rsa.i
+++ b/M2Crypto-0.38.0/src/SWIG/_rsa.i
+@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+ 
+diff --git a/M2Crypto-0.38.0/tests/test_rsa.py b/M2Crypto-0.38.0/tests/test_rsa.py
+index 7bb3af75..5e75d681 100644
+--- a/M2Crypto-0.38.0/tests/test_rsa.py
+++ b/M2Crypto-0.38.0/tests/test_rsa.py
+@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
+         # The other paddings.
+         for padding in self.s_padding_nok:
+             p = getattr(RSA, padding)
+-            with self.assertRaises(RSA.RSAError):
+-                priv.private_encrypt(self.data, p)
+            # Exception disabled as a part of mitigation against CVE-2020-25657
+            # with self.assertRaises(RSA.RSAError):
+            priv.private_encrypt(self.data, p)
+         # Type-check the data to be encrypted.
+         with self.assertRaises(TypeError):
+             priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
+             self.assertEqual(ptxt, self.data)
+ 
+         # no_padding
+-        with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+-            priv.public_encrypt(self.data, RSA.no_padding)
+        # Exception disabled as a part of mitigation against CVE-2020-25657
+        # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+        priv.public_encrypt(self.data, RSA.no_padding)
+ 
+         # Type-check the data to be encrypted.
+        # Exception disabled as a part of mitigation against CVE-2020-25657
+         with self.assertRaises(TypeError):
+             priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
+ 
+@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
+                          b'\000\000\000\003\001\000\001')  # aka 65537 aka 0xf4
+         with self.assertRaises(RSA.RSAError):
+             setattr(rsa, 'e', '\000\000\000\003\001\000\001')
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_encrypt(1)
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_decrypt(1)
+         assert rsa.check_key()
+ 
+     def test_loadpub_bad(self):
+-- 
+GitLab
+
--- a/m2crypto.spec
+++ b/m2crypto.spec
@ -1,10 +1,12 @@
 Name:          m2crypto
 Summary:       A crypto and SSL toolkit for Python
 Version:       0.38.0
-Release:       1
+Release:       2
 License:       MIT
 URL:           https://gitlab.com/m2crypto/m2crypto/
 Source0:       https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-0.38.0.tar.gz
+# https://gitlab.com/m2crypto/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a
+Patch0:        CVE-2020-25657.patch

 BuildRequires: openssl openssl-devel perl-interpreter pkgconfig  swig which
 BuildRequires: python3-devel python3-setuptools gcc
@ -51,6 +53,9 @@ cd M2Crypto-%{version}
 %{python3_sitearch}/M2Crypto-*.egg-info

 %changelog
+* Wed Aug 17 2022 yaoxin <yaoxin30@h-partners.com> - 0.38.0-2
+- Fix CVE-2020-25657
+
 * Wed Jan 19 2022 SimpleUpdate Robot <tc@openeuler.org> - 0.38.0-1
 - Upgrade to version 0.38.0