1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Thu, 1 Jun 2023 14:56:34 +0000
Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
decryption API (CVE-2020-25657)
Fixes #282
CVE: CVE-2020-25657
Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
---
src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
src/SWIG/_rsa.i | 20 ++++++++++++--------
tests/test_rsa.py | 15 +++++++--------
3 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
index 3db88b9..6aafe1f 100644
--- a/src/SWIG/_m2crypto_wrap.c
+++ b/src/SWIG/_m2crypto_wrap.c
@@ -7129,9 +7129,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7159,9 +7160,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7186,9 +7188,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7213,9 +7216,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
index bc714e0..1377b8b 100644
--- a/src/SWIG/_rsa.i
+++ b/src/SWIG/_rsa.i
@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/tests/test_rsa.py b/tests/test_rsa.py
index 7bb3af7..5e75d68 100644
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
# The other paddings.
for padding in self.s_padding_nok:
p = getattr(RSA, padding)
- with self.assertRaises(RSA.RSAError):
- priv.private_encrypt(self.data, p)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with self.assertRaises(RSA.RSAError):
+ priv.private_encrypt(self.data, p)
# Type-check the data to be encrypted.
with self.assertRaises(TypeError):
priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
self.assertEqual(ptxt, self.data)
# no_padding
- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
- priv.public_encrypt(self.data, RSA.no_padding)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+ priv.public_encrypt(self.data, RSA.no_padding)
# Type-check the data to be encrypted.
+ # Exception disabled as a part of mitigation against CVE-2020-25657
with self.assertRaises(TypeError):
priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4
with self.assertRaises(RSA.RSAError):
setattr(rsa, 'e', '\000\000\000\003\001\000\001')
- with self.assertRaises(RSA.RSAError):
- rsa.private_encrypt(1)
- with self.assertRaises(RSA.RSAError):
- rsa.private_decrypt(1)
assert rsa.check_key()
def test_loadpub_bad(self):
--
2.40.0
|
