- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,

bsc#1178829), which mitigates the Bleichenbacher timing attacks
  in the RSA decryption API.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-M2Crypto?expand=0&rev=108

CVE-2020-25657-Bleichenbacher-attack.patch

@@ -0,0 +1,73 @@
+---
+ src/SWIG/_m2crypto_wrap.c |   10 ++++++----
+ src/SWIG/_rsa.i           |   10 ++++++----
+ tests/test_rsa.py         |    2 --
+ 3 files changed, 12 insertions(+), 10 deletions(-)
+
+--- a/src/SWIG/_m2crypto_wrap.c
++++ b/src/SWIG/_m2crypto_wrap.c
+@@ -7159,9 +7159,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, P
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7213,9 +7214,10 @@ PyObject *rsa_private_decrypt(RSA *rsa,
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+ 
+--- a/src/SWIG/_rsa.i
++++ b/src/SWIG/_rsa.i
+@@ -269,9 +269,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, P
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+ 
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -323,9 +324,10 @@ PyObject *rsa_private_decrypt(RSA *rsa,
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+ 
+--- a/tests/test_rsa.py
++++ b/tests/test_rsa.py
+@@ -147,8 +147,6 @@ class RSATestCase(unittest.TestCase):
+         with self.assertRaises(RSA.RSAError):
+             setattr(rsa, 'e', '\000\000\000\003\001\000\001')
+         with self.assertRaises(RSA.RSAError):
+-            rsa.private_encrypt(1)
+-        with self.assertRaises(RSA.RSAError):
+             rsa.private_decrypt(1)
+         assert rsa.check_key()
+ 

python-M2Crypto.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul 12 20:49:47 UTC 2022 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
+  bsc#1178829), which mitigates the Bleichenbacher timing attacks
+  in the RSA decryption API.
+
 -------------------------------------------------------------------
 Thu Apr  7 15:45:07 UTC 2022 - Matej Cepl <mcepl@suse.com>
 

python-M2Crypto.spec

@@ -27,6 +27,9 @@ Group:          Development/Languages/Python
 URL:            https://gitlab.com/m2crypto/m2crypto
 Source0:        https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
 Source1:        https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz.asc
+# PATCH-FIX-UPSTREAM CVE-2020-25657-Bleichenbacher-attack.patch bsc#1178829 mcepl@suse.com
+# Mitigate the Bleichenbacher timing attacks in the RSA decryption API
+Patch0:         CVE-2020-25657-Bleichenbacher-attack.patch
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module parameterized}
 BuildRequires:  %{python_module pytest}