python3-m2crypto: fix for CVE-2020-25657

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Narpat Mali <narpat.mali@windriver.com> 2023-06-01 17:52:55 +0000
committer: Armin Kuster <akuster808@gmail.com> 2023-06-03 07:55:37 -0400
commit: f95484417e3d3e65ca15b460ba71dfd35773f0e4 (patch)
tree: eca675c9c075bba486532784295906acecff1ff7 /meta-python
parent: c6ae6d504d1604d5302ef8e39eb7589d2e972ba0 (diff)
download: meta-openembedded-f95484417e3d3e65ca15b460ba71dfd35773f0e4.tar.gz
2 files changed, 176 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
new file mode 100644
index 0000000000..cc915f1478
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
@@ -0,0 +1,175 @@
+From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Thu, 1 Jun 2023 14:56:34 +0000
+Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
+ decryption API (CVE-2020-25657)
+Fixes #282
+CVE: CVE-2020-25657
+Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
+ src/SWIG/_rsa.i           | 20 ++++++++++++--------
+ tests/test_rsa.py         | 15 +++++++--------
+ 3 files changed, 31 insertions(+), 24 deletions(-)
+diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
+index 3db88b9..6aafe1f 100644
+--- a/src/SWIG/_m2crypto_wrap.c
+++ b/src/SWIG/_m2crypto_wrap.c
+@@ -7129,9 +7129,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7159,9 +7160,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7186,9 +7188,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7213,9 +7216,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
+index bc714e0..1377b8b 100644
+--- a/src/SWIG/_rsa.i
+++ b/src/SWIG/_rsa.i
+@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
+        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 7bb3af7..5e75d68 100644
+--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
+@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
+         # The other paddings.
+         for padding in self.s_padding_nok:
+             p = getattr(RSA, padding)
+-            with self.assertRaises(RSA.RSAError):
+-                priv.private_encrypt(self.data, p)
+            # Exception disabled as a part of mitigation against CVE-2020-25657
+            # with self.assertRaises(RSA.RSAError):
+            priv.private_encrypt(self.data, p)
+         # Type-check the data to be encrypted.
+         with self.assertRaises(TypeError):
+             priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
+             self.assertEqual(ptxt, self.data)
+         # no_padding
+-        with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+-            priv.public_encrypt(self.data, RSA.no_padding)
+        # Exception disabled as a part of mitigation against CVE-2020-25657
+        # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+        priv.public_encrypt(self.data, RSA.no_padding)
+         # Type-check the data to be encrypted.
+        # Exception disabled as a part of mitigation against CVE-2020-25657
+         with self.assertRaises(TypeError):
+             priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
+@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
+                          b'\000\000\000\003\001\000\001')  # aka 65537 aka 0xf4
+         with self.assertRaises(RSA.RSAError):
+             setattr(rsa, 'e', '\000\000\000\003\001\000\001')
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_encrypt(1)
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_decrypt(1)
+         assert rsa.check_key()
+     def test_loadpub_bad(self):
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
index 51a0dd676e..155a9066ca 100644
--- a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
+++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
           file://cross-compile-platform.patch \
           file://avoid-host-contamination.patch \
           file://0001-setup.py-address-openssl-3.x-build-issue.patch \
+           file://CVE-2020-25657.patch \
           "
 SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"
author	Narpat Mali <narpat.mali@windriver.com>	2023-06-01 17:52:55 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-06-03 07:55:37 -0400
commit	f95484417e3d3e65ca15b460ba71dfd35773f0e4 (patch)
tree	eca675c9c075bba486532784295906acecff1ff7 /meta-python
parent	c6ae6d504d1604d5302ef8e39eb7589d2e972ba0 (diff)
download	meta-openembedded-f95484417e3d3e65ca15b460ba71dfd35773f0e4.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch new file mode 100644 index 0000000000..cc915f1478 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
@@ -0,0 +1,175 @@
		1	From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
		3	Date: Thu, 1 Jun 2023 14:56:34 +0000
		4	Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
		5	decryption API (CVE-2020-25657)
		6
		7	Fixes #282
		8
		9	CVE: CVE-2020-25657
		10
		11	Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
		12
		13	Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
		14	---
		15	src/SWIG/_m2crypto_wrap.c \| 20 ++++++++++++--------
		16	src/SWIG/_rsa.i \| 20 ++++++++++++--------
		17	tests/test_rsa.py \| 15 +++++++--------
		18	3 files changed, 31 insertions(+), 24 deletions(-)
		19
		20	diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
		21	index 3db88b9..6aafe1f 100644
		22	--- a/src/SWIG/_m2crypto_wrap.c
		23	+++ b/src/SWIG/_m2crypto_wrap.c
		24	@@ -7129,9 +7129,10 @@ PyObject rsa_private_encrypt(RSA rsa, PyObject *from, int padding) {
		25	tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
		26	(unsigned char *)tbuf, rsa, padding);
		27	if (tlen == -1) {
		28	- m2_PyErr_Msg(_rsa_err);
		29	+ ERR_clear_error();
		30	+ PyErr_Clear();
		31	PyMem_Free(tbuf);
		32	- return NULL;
		33	+ Py_RETURN_NONE;
		34	}
		35
		36	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		37	@@ -7159,9 +7160,10 @@ PyObject rsa_public_decrypt(RSA rsa, PyObject *from, int padding) {
		38	tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
		39	(unsigned char *)tbuf, rsa, padding);
		40	if (tlen == -1) {
		41	- m2_PyErr_Msg(_rsa_err);
		42	+ ERR_clear_error();
		43	+ PyErr_Clear();
		44	PyMem_Free(tbuf);
		45	- return NULL;
		46	+ Py_RETURN_NONE;
		47	}
		48
		49	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		50	@@ -7186,9 +7188,10 @@ PyObject rsa_public_encrypt(RSA rsa, PyObject *from, int padding) {
		51	tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
		52	(unsigned char *)tbuf, rsa, padding);
		53	if (tlen == -1) {
		54	- m2_PyErr_Msg(_rsa_err);
		55	+ ERR_clear_error();
		56	+ PyErr_Clear();
		57	PyMem_Free(tbuf);
		58	- return NULL;
		59	+ Py_RETURN_NONE;
		60	}
		61
		62	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		63	@@ -7213,9 +7216,10 @@ PyObject rsa_private_decrypt(RSA rsa, PyObject *from, int padding) {
		64	tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
		65	(unsigned char *)tbuf, rsa, padding);
		66	if (tlen == -1) {
		67	- m2_PyErr_Msg(_rsa_err);
		68	+ ERR_clear_error();
		69	+ PyErr_Clear();
		70	PyMem_Free(tbuf);
		71	- return NULL;
		72	+ Py_RETURN_NONE;
		73	}
		74	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		75
		76	diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
		77	index bc714e0..1377b8b 100644
		78	--- a/src/SWIG/_rsa.i
		79	+++ b/src/SWIG/_rsa.i
		80	@@ -239,9 +239,10 @@ PyObject rsa_private_encrypt(RSA rsa, PyObject *from, int padding) {
		81	tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
		82	(unsigned char *)tbuf, rsa, padding);
		83	if (tlen == -1) {
		84	- m2_PyErr_Msg(_rsa_err);
		85	+ ERR_clear_error();
		86	+ PyErr_Clear();
		87	PyMem_Free(tbuf);
		88	- return NULL;
		89	+ Py_RETURN_NONE;
		90	}
		91
		92	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		93	@@ -269,9 +270,10 @@ PyObject rsa_public_decrypt(RSA rsa, PyObject *from, int padding) {
		94	tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
		95	(unsigned char *)tbuf, rsa, padding);
		96	if (tlen == -1) {
		97	- m2_PyErr_Msg(_rsa_err);
		98	+ ERR_clear_error();
		99	+ PyErr_Clear();
		100	PyMem_Free(tbuf);
		101	- return NULL;
		102	+ Py_RETURN_NONE;
		103	}
		104
		105	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		106	@@ -296,9 +298,10 @@ PyObject rsa_public_encrypt(RSA rsa, PyObject *from, int padding) {
		107	tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
		108	(unsigned char *)tbuf, rsa, padding);
		109	if (tlen == -1) {
		110	- m2_PyErr_Msg(_rsa_err);
		111	+ ERR_clear_error();
		112	+ PyErr_Clear();
		113	PyMem_Free(tbuf);
		114	- return NULL;
		115	+ Py_RETURN_NONE;
		116	}
		117
		118	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		119	@@ -323,9 +326,10 @@ PyObject rsa_private_decrypt(RSA rsa, PyObject *from, int padding) {
		120	tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
		121	(unsigned char *)tbuf, rsa, padding);
		122	if (tlen == -1) {
		123	- m2_PyErr_Msg(_rsa_err);
		124	+ ERR_clear_error();
		125	+ PyErr_Clear();
		126	PyMem_Free(tbuf);
		127	- return NULL;
		128	+ Py_RETURN_NONE;
		129	}
		130	ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
		131
		132	diff --git a/tests/test_rsa.py b/tests/test_rsa.py
		133	index 7bb3af7..5e75d68 100644
		134	--- a/tests/test_rsa.py
		135	+++ b/tests/test_rsa.py
		136	@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
		137	# The other paddings.
		138	for padding in self.s_padding_nok:
		139	p = getattr(RSA, padding)
		140	- with self.assertRaises(RSA.RSAError):
		141	- priv.private_encrypt(self.data, p)
		142	+ # Exception disabled as a part of mitigation against CVE-2020-25657
		143	+ # with self.assertRaises(RSA.RSAError):
		144	+ priv.private_encrypt(self.data, p)
		145	# Type-check the data to be encrypted.
		146	with self.assertRaises(TypeError):
		147	priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
		148	@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
		149	self.assertEqual(ptxt, self.data)
		150
		151	# no_padding
		152	- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
		153	- priv.public_encrypt(self.data, RSA.no_padding)
		154	+ # Exception disabled as a part of mitigation against CVE-2020-25657
		155	+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
		156	+ priv.public_encrypt(self.data, RSA.no_padding)
		157
		158	# Type-check the data to be encrypted.
		159	+ # Exception disabled as a part of mitigation against CVE-2020-25657
		160	with self.assertRaises(TypeError):
		161	priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
		162
		163	@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
		164	b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4
		165	with self.assertRaises(RSA.RSAError):
		166	setattr(rsa, 'e', '\000\000\000\003\001\000\001')
		167	- with self.assertRaises(RSA.RSAError):
		168	- rsa.private_encrypt(1)
		169	- with self.assertRaises(RSA.RSAError):
		170	- rsa.private_decrypt(1)
		171	assert rsa.check_key()
		172
		173	def test_loadpub_bad(self):
		174	--
		175	2.40.0


diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb index 51a0dd676e..155a9066ca 100644 --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
10	file://cross-compile-platform.patch \	10	file://cross-compile-platform.patch \
11	file://avoid-host-contamination.patch \	11	file://avoid-host-contamination.patch \
12	file://0001-setup.py-address-openssl-3.x-build-issue.patch \	12	file://0001-setup.py-address-openssl-3.x-build-issue.patch \
		13	file://CVE-2020-25657.patch \
13	"	14	"
14	SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"	15	SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"
15		16