packages/python-rsa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:63b367da53dae3febb1f2fdcd9bf3e1e67b3f28f
Branches Tags
packages:main
..
compare: packages:2ac15d178aa829c6bcd959f71560eb1ef4143d84
Branches Tags
packages:main

10 Commits
63b367da53 ... 2ac15d178a

Author SHA1 Message Date
openeuler-ci-bot
2ac15d178a
!21 [sync] PR-19: Update package rsa of version 4.8 
From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2022-10-25 07:25:30 +00:00
A_L_I_E_Z
c002a43a85 Update package rsa of version 4.8 
(cherry picked from commit 62aa2e03ba3b0b08f90253f064317930adf8d7bd)
 2022-10-25 09:38:07 +08:00
openeuler-ci-bot
88e6ad1dc1 !17 [sync] PR-16: init python-rsa package for openstack wallaby 
From: @openeuler-sync-bot
Reviewed-by: @yangzhao_kl
Signed-off-by: @yangzhao_kl
 2021-08-23 03:30:37 +00:00
liksh
8495d25d57 package update 
(cherry picked from commit b39f6e70f307c000fc9b7f2fd160d3b213aa4b96)
 2021-08-20 15:46:51 +08:00
openeuler-ci-bot
25a427ef5e !15 fix CVE-2020-25658 
From: @markeryang
Reviewed-by: @wubo009,@liuzhiqiang26,@small_leek
Signed-off-by: @small_leek
 2020-12-15 14:50:45 +08:00
markeryang
237d4427b7 fix CVE-2020-25658 2020-12-15 14:36:14 +08:00
openeuler-ci-bot
c5438fcdc8 !9 remove python2 dependency 
From: @xinghe_1
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2020-10-30 15:44:43 +08:00
jinzhimin369
ffd103636c remove python2 dependency 2020-10-30 14:28:32 +08:00
openeuler-ci-bot
88ab024267 !6 fix CVE-2020-13757 
Merge pull request !6 from Markeryang/master
 2020-08-04 19:08:28 +08:00
Markeryang
47ea1efbc9 Fix CVE-2020-13757 
Fix CVE-2020-13757
 2020-08-04 17:37:44 +08:00
5 changed files with 72 additions and 166 deletions
Show Stats Expand all files Collapse all files

110
0001-Fix-CVE-2020-13757.patch
View File

@ -1,110 +0,0 @@
From 93af6f2f89a9bf28361e67716c4240e691520f30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Wed, 3 Jun 2020 14:39:23 +0200
Subject: [PATCH] Fix CVE-2020-13757: detect cyphertext modifications by
prepending zero bytes
Reject cyphertexts that have been modified by prepending zero bytes, by
checking the cyphertext length against the expected size (given the
decryption key). This resolves CVE-2020-13757.
The same approach is used when verifying a signature.
Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
---
rsa/pkcs1.py | 9 +++++++++
tests/test_pkcs1.py | 44 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
index 28f0dc5..cdf830b 100644
--- a/rsa/pkcs1.py
+++ b/rsa/pkcs1.py
@@ -232,6 +232,12 @@ def decrypt(crypto, priv_key):
decrypted = priv_key.blinded_decrypt(encrypted)
cleartext = transform.int2bytes(decrypted, blocksize)
+ # Detect leading zeroes in the crypto. These are not reflected in the
+ # encrypted value (as leading zeroes do not influence the value of an
+ # integer). This fixes CVE-2020-13757.
+ if len(crypto) > blocksize:
+ raise DecryptionError('Decryption failed')
+
# If we can't find the cleartext marker, decryption failed.
if cleartext[0:2] != b('\x00\x02'):
raise DecryptionError('Decryption failed')
@@ -310,6 +316,9 @@ def verify(message, signature, pub_key):
cleartext = HASH_ASN1[method_name] + message_hash
expected = _pad_for_signing(cleartext, keylength)
+ if len(signature) != keylength:
+ raise VerificationError('Verification failed')
+
# Compare with the signed one
if expected != clearsig:
raise VerificationError('Verification failed')
diff --git a/tests/test_pkcs1.py b/tests/test_pkcs1.py
index 39555f6..5ee5bd7 100644
--- a/tests/test_pkcs1.py
+++ b/tests/test_pkcs1.py
@@ -65,6 +65,32 @@ class BinaryTest(unittest.TestCase):
self.assertNotEqual(encrypted1, encrypted2)
+class ExtraZeroesTest(unittest.TestCase):
+ def setUp(self):
+ # Key, cyphertext, and plaintext taken from https://github.com/sybrenstuvel/python-rsa/issues/146
+ self.private_key = rsa.PrivateKey.load_pkcs1(
+ "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAs1EKK81M5kTFtZSuUFnhKy8FS2WNXaWVmi/fGHG4CLw98+Yo\n0nkuUarVwSS0O9pFPcpc3kvPKOe9Tv+6DLS3Qru21aATy2PRqjqJ4CYn71OYtSwM\n/ZfSCKvrjXybzgu+sBmobdtYm+sppbdL+GEHXGd8gdQw8DDCZSR6+dPJFAzLZTCd\nB+Ctwe/RXPF+ewVdfaOGjkZIzDoYDw7n+OHnsYCYozkbTOcWHpjVevipR+IBpGPi\n1rvKgFnlcG6d/tj0hWRl/6cS7RqhjoiNEtxqoJzpXs/Kg8xbCxXbCchkf11STA8u\ndiCjQWuWI8rcDwl69XMmHJjIQAqhKvOOQ8rYTQIDAQABAoIBABpQLQ7qbHtp4h1Y\nORAfcFRW7Q74UvtH/iEHH1TF8zyM6wZsYtcn4y0mxYE3Mp+J0xlTJbeVJkwZXYVH\nL3UH29CWHSlR+TWiazTwrCTRVJDhEoqbcTiRW8fb+o/jljVxMcVDrpyYUHNo2c6w\njBxhmKPtp66hhaDpds1Cwi0A8APZ8Z2W6kya/L/hRBzMgCz7Bon1nYBMak5PQEwV\nF0dF7Wy4vIjvCzO6DSqA415DvJDzUAUucgFudbANNXo4HJwNRnBpymYIh8mHdmNJ\n/MQ0YLSqUWvOB57dh7oWQwe3UsJ37ZUorTugvxh3NJ7Tt5ZqbCQBEECb9ND63gxo\n/a3YR/0CgYEA7BJc834xCi/0YmO5suBinWOQAF7IiRPU+3G9TdhWEkSYquupg9e6\nK9lC5k0iP+t6I69NYF7+6mvXDTmv6Z01o6oV50oXaHeAk74O3UqNCbLe9tybZ/+F\ndkYlwuGSNttMQBzjCiVy0+y0+Wm3rRnFIsAtd0RlZ24aN3bFTWJINIsCgYEAwnQq\nvNmJe9SwtnH5c/yCqPhKv1cF/4jdQZSGI6/p3KYNxlQzkHZ/6uvrU5V27ov6YbX8\nvKlKfO91oJFQxUD6lpTdgAStI3GMiJBJIZNpyZ9EWNSvwUj28H34cySpbZz3s4Xd\nhiJBShgy+fKURvBQwtWmQHZJ3EGrcOI7PcwiyYcCgYEAlql5jSUCY0ALtidzQogW\nJ+B87N+RGHsBuJ/0cxQYinwg+ySAAVbSyF1WZujfbO/5+YBN362A/1dn3lbswCnH\nK/bHF9+fZNqvwprPnceQj5oK1n4g6JSZNsy6GNAhosT+uwQ0misgR8SQE4W25dDG\nkdEYsz+BgCsyrCcu8J5C+tUCgYAFVPQbC4f2ikVyKzvgz0qx4WUDTBqRACq48p6e\n+eLatv7nskVbr7QgN+nS9+Uz80ihR0Ev1yCAvnwmM/XYAskcOea87OPmdeWZlQM8\nVXNwINrZ6LMNBLgorfuTBK1UoRo1pPUHCYdqxbEYI2unak18mikd2WB7Fp3h0YI4\nVpGZnwKBgBxkAYnZv+jGI4MyEKdsQgxvROXXYOJZkWzsKuKxVkVpYP2V4nR2YMOJ\nViJQ8FUEnPq35cMDlUk4SnoqrrHIJNOvcJSCqM+bWHAioAsfByLbUPM8sm3CDdIk\nXVJl32HuKYPJOMIWfc7hIfxLRHnCN+coz2M6tgqMDs0E/OfjuqVZ\n-----END RSA PRIVATE KEY-----",
+ format='PEM')
+ self.cyphertext = bytes.fromhex(
+ "4501b4d669e01b9ef2dc800aa1b06d49196f5a09fe8fbcd037323c60eaf027bfb98432be4e4a26c567ffec718bcbea977dd26812fa071c33808b4d5ebb742d9879806094b6fbeea63d25ea3141733b60e31c6912106e1b758a7fe0014f075193faa8b4622bfd5d3013f0a32190a95de61a3604711bc62945f95a6522bd4dfed0a994ef185b28c281f7b5e4c8ed41176d12d9fc1b837e6a0111d0132d08a6d6f0580de0c9eed8ed105531799482d1e466c68c23b0c222af7fc12ac279bc4ff57e7b4586d209371b38c4c1035edd418dc5f960441cb21ea2bedbfea86de0d7861e81021b650a1de51002c315f1e7c12debe4dcebf790caaa54a2f26b149cf9e77d"
+ )
+ self.plaintext = bytes.fromhex("54657374")
+
+ def test_unmodified(self):
+ message = rsa.decrypt(self.cyphertext, self.private_key)
+ self.assertEqual(message, self.plaintext)
+
+ def test_prepend_zeroes(self):
+ cyphertext = bytes.fromhex("0000") + self.cyphertext
+ with self.assertRaises(rsa.DecryptionError):
+ rsa.decrypt(cyphertext, self.private_key)
+
+ def test_append_zeroes(self):
+ cyphertext = self.cyphertext + bytes.fromhex("0000")
+ with self.assertRaises(rsa.DecryptionError):
+ rsa.decrypt(cyphertext, self.private_key)
+
+
class SignatureTest(unittest.TestCase):
def setUp(self):
(self.pub, self.priv) = rsa.newkeys(512)
@@ -80,6 +106,24 @@ class SignatureTest(unittest.TestCase):
self.assertTrue(pkcs1.verify(message, signature, self.pub))
+ def test_prepend_zeroes(self):
+ """Prepending the signature with zeroes should be detected."""
+
+ message = b'je moeder'
+ signature = pkcs1.sign(message, self.priv, 'SHA-256')
+ signature = bytes.fromhex('0000') + signature
+ with self.assertRaises(rsa.VerificationError):
+ pkcs1.verify(message, signature, self.pub)
+
+ def test_apppend_zeroes(self):
+ """Apppending the signature with zeroes should be detected."""
+
+ message = b'je moeder'
+ signature = pkcs1.sign(message, self.priv, 'SHA-256')
+ signature = signature + bytes.fromhex('0000')
+ with self.assertRaises(rsa.VerificationError):
+ pkcs1.verify(message, signature, self.pub)
+
def test_alter_message(self):
"""Altering the message should let the verification fail."""
--
1.8.3.1

127
python-rsa.spec
View File

@ -1,88 +1,103 @@
%global _empty_manifest_terminate_build 0
Name: python-rsa Name: python-rsa
Version: 3.4.2 Version: 4.8
Release: 12 Release: 1
Summary: Pure-Python RSA implementation Summary: Pure-Python RSA implementation
License: ASL 2.0 License: Apache-2.0
URL: http://stuvel.eu/rsa URL: https://stuvel.eu/rsa
Source0: https://pypi.python.org/packages/source/r/rsa/rsa-%{version}.tar.gz Source0: https://files.pythonhosted.org/packages/8c/ee/4022542e0fed77dd6ddade38e1e4dea3299f873b7fd4e6d78319953b0f83/rsa-4.8.tar.gz
BuildArch: noarch BuildArch: noarch
Patch1: 0001-Fix-CVE-2020-13757.patch
%description %description
Python-RSA is a pure-Python RSA implementation. It supports Python-RSA is a pure-Python RSA implementation. It supports
encryption and decryption, signing and verifying signatures, encryption and decryption, signing and verifying signatures,
and key generation according to PKCS#1 version 1.5. and key generation according to PKCS#1 version 1.5.
%package -n python2-rsa %package -n python3-rsa
%{?python_provide:%python_provide python2-rsa}
Summary: Pure-Python RSA implementation Summary: Pure-Python RSA implementation
BuildRequires: python2-devel, python2-setuptools, python2-pyasn1 >= 0.1.3 Provides: python-rsa
Requires: python2-pyasn1 >= 0.1.3, python2-setuptools # Base build requires
BuildRequires: python3-devel
%description -n python2-rsa BuildRequires: python3-setuptools
Python-RSA is a pure-Python RSA implementation. It supports BuildRequires: python3-pbr
encryption and decryption, signing and verifying signatures, BuildRequires: python3-pip
and key generation according to PKCS#1 version 1.5. BuildRequires: python3-wheel
# General requires
%package -n python3-rsa BuildRequires: python3-pyasn1
%{?python_provide:%python_provide python3-rsa} # General requires
Summary: Pure-Python RSA implementation Requires: python3-pyasn1
BuildRequires: python3-devel, python3-setuptools, python3-pyasn1 >= 0.1.3, python3-unittest2
Requires: python3-pyasn1 >= 0.1.3, python3-setuptools
%description -n python3-rsa %description -n python3-rsa
Python-RSA is a pure-Python RSA implementation. It supports Python-RSA is a pure-Python RSA implementation. It supports
encryption and decryption, signing and verifying signatures, encryption and decryption, signing and verifying signatures,
and key generation according to PKCS#1 version 1.5. and key generation according to PKCS#1 version 1.5.
%package help
Summary: Pure-Python RSA implementation
Provides: python3-rsa-doc
%description help
Python-RSA is a pure-Python RSA implementation. It supports
encryption and decryption, signing and verifying signatures,
and key generation according to PKCS#1 version 1.5.
%prep %prep
%autosetup -n rsa-%{version} -p1 %autosetup -n rsa-%{version}
%build %build
%py2_build
%py3_build %py3_build
%install %install
%py2_install
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-priv2pub $RPM_BUILD_ROOT%{_bindir}/pyrsa-priv2pub-2
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-keygen $RPM_BUILD_ROOT%{_bindir}/pyrsa-keygen-2
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-2
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-2
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-sign $RPM_BUILD_ROOT%{_bindir}/pyrsa-sign-2
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-verify $RPM_BUILD_ROOT%{_bindir}/pyrsa-verify-2
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-bigfile-2
cp $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile-2
%py3_install %py3_install
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-priv2pub $RPM_BUILD_ROOT%{_bindir}/pyrsa-priv2pub-3
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-keygen $RPM_BUILD_ROOT%{_bindir}/pyrsa-keygen-3
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-3
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-3
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-sign $RPM_BUILD_ROOT%{_bindir}/pyrsa-sign-3
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-verify $RPM_BUILD_ROOT%{_bindir}/pyrsa-verify-3
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyrsa-encrypt-bigfile-3
mv $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile $RPM_BUILD_ROOT%{_bindir}/pyrsa-decrypt-bigfile-3
%files -n python2-rsa install -d -m755 %{buildroot}/%{_pkgdocdir}
%doc README.md if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
%license LICENSE if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
%{_bindir}/pyrsa-*-2 if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
%{python2_sitelib}/* if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
%files -n python3-rsa if [ -d usr/lib ]; then
%doc README.md find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
%license LICENSE fi
%{_bindir}/pyrsa-*-3 if [ -d usr/lib64 ]; then
%{python3_sitelib}/* find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .
%check %check
%{__python2} setup.py test
%{__python3} setup.py test %{__python3} setup.py test
%files -n python3-rsa -f filelist.lst
%dir %{python3_sitelib}/*
%files help -f doclist.lst
%{_docdir}/*
%changelog %changelog
* Tue May 31 2022 OpenStack_SIG <openstack@openeuler.org> - 4.8-1
- Upgrade package python3-rsa to version 4.8
* Mon Aug 09 2021 OpenStack_SIG <openstack@openeuler.org> - 4.7.2-1
- Package update to 4.7.2
* Tue Dec 15 2020 yanglongkang <yanglongkang@huawei.com> - 3.4.2-14
- fix CVE-2020-25658
* Fri Oct 30 2020 yanglongkang <yanglongkang@huawei.com> - 3.4.2-13
- remove python2 dependency
* Tue Aug 4 2020 yanglongkang <yanglongkang@huawei.com> - 3.4.2-12 * Tue Aug 4 2020 yanglongkang <yanglongkang@huawei.com> - 3.4.2-12
- fix CVE-2020-13757 - fix CVE-2020-13757
* Mon Feb 10 2020 Ruijun Ge <geruijun@huawei.com> - 3.4.2-11 * Mon Feb 10 2020 Ruijun Ge <geruijun@huawei.com> - 3.4.2-11
- package init - package init

1
python-rsa.yaml
View File

@ -2,3 +2,4 @@ version_control: github
src_repo: sybrenstuevl/python-rsa src_repo: sybrenstuevl/python-rsa
tag_prefix: version- tag_prefix: version-
seperator: . seperator: .

BIN
rsa-3.4.2.tar.gz
View File

Binary file not shown.

BIN
rsa-4.8.tar.gz Normal file
View File

Binary file not shown.