File CVE-2020-25657-Bleichenbacher-attack.patch of Package python-M2Crypto.25024
---
M2Crypto/Err.py | 6 +++---
SWIG/_m2crypto_wrap.c | 10 ++++++----
SWIG/_rsa.i | 10 ++++++----
tests/test_rsa.py | 12 ++++++------
4 files changed, 21 insertions(+), 17 deletions(-)
--- a/M2Crypto/Err.py
+++ b/M2Crypto/Err.py
@@ -39,9 +39,9 @@ def get_error_func(err):
def get_error_reason(err):
- # type: (int) -> str
- return util.py3str(m2.err_reason_error_string(err))
-
+ # type: (Optional[int]) -> str
+ err_str = m2.err_reason_error_string(err)
+ return util.py3str(err_str) if err_str else ''
def get_error_message():
# type: () -> str
--- a/SWIG/_m2crypto_wrap.c
+++ b/SWIG/_m2crypto_wrap.c
@@ -6877,9 +6877,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, P
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -6931,9 +6932,10 @@ PyObject *rsa_private_decrypt(RSA *rsa,
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
--- a/SWIG/_rsa.i
+++ b/SWIG/_rsa.i
@@ -267,9 +267,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, P
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -321,9 +322,10 @@ PyObject *rsa_private_decrypt(RSA *rsa,
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -128,10 +128,12 @@ class RSATestCase(unittest.TestCase):
# sslv23_padding
ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
- with self.assertRaises(RSA.RSAError):
- priv.private_decrypt(ctxt, RSA.sslv23_padding)
- with self.assertRaises(RSA.RSAError):
- priv.private_decrypt(ctxt, RSA.sslv23_padding)
+ # Raising exception has been switched off as a mitigation against
+ # CVE-2020-25657 the Bleichenbacher timing attack
+ # with self.assertRaises(RSA.RSAError):
+ priv.private_decrypt(ctxt, RSA.sslv23_padding)
+ # with self.assertRaises(RSA.RSAError):
+ priv.private_decrypt(ctxt, RSA.sslv23_padding)
# no_padding
with self.assertRaises(RSA.RSAError):
@@ -154,8 +156,6 @@ class RSATestCase(unittest.TestCase):
with self.assertRaises(RSA.RSAError):
setattr(rsa, 'e', '\000\000\000\003\001\000\001')
with self.assertRaises(RSA.RSAError):
- rsa.private_encrypt(1)
- with self.assertRaises(RSA.RSAError):
rsa.private_decrypt(1)
assert rsa.check_key()
