Accepting request 352100 from home:rjschwei:branches:devel:languages:python

- Fix CVE 2016-1494 (bsc#960680) - Add patch cve_2016-1494.diff OBS-URL: https://build.opensuse.org/request/show/352100 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-rsa?expand=0&rev=18
2016-01-05 21:40:57 +00:00 · 2016-01-05 21:40:57 +00:00 · c45d4d1a46
commit c45d4d1a46
parent bf2a54df7b
3 changed files with 112 additions and 1 deletions
--- a/cve_2016-1494.diff
+++ b/cve_2016-1494.diff
@ -0,0 +1,103 @@
 # HG changeset patch
 # User Filippo Valsorda <hi@filippo.io>
 # Date 1450226563 0
 # Node ID 0cbcc529926afd61c6df4f50cfc29971beafd2c2
 # Parent  2baab06c8b867b01ec82b02118d4872a931a0437
 Fix BB'06 attack in verify() by switching from parsing to comparison
 diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
 --- a/rsa/pkcs1.py
 +++ b/rsa/pkcs1.py
@@ -22,10 +22,10 @@
 At least 8 bytes of random padding is used when encrypting a message. This makes
 these methods much more secure than the ones in the ``rsa`` module.
 -WARNING: this module leaks information when decryption or verification fails.
 -The exceptions that are raised contain the Python traceback information, which
 -can be used to deduce where in the process the failure occurred. DO NOT PASS
 -SUCH INFORMATION to your users.
 +WARNING: this module leaks information when decryption fails. The exceptions
 +that are raised contain the Python traceback information, which can be used to
 +deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION
 +to your users.
 '''
 import hashlib
@@ -288,37 +288,23 @@
     :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message.
     :raise VerificationError: when the signature doesn't match the message.
 -    .. warning::
 -
 -        Never display the stack trace of a
 -        :py:class:`rsa.pkcs1.VerificationError` exception. It shows where in
 -        the code the exception occurred, and thus leaks information about the
 -        key. It's only a tiny bit of information, but every bit makes cracking
 -        the keys easier.
 -
     '''
 -    blocksize = common.byte_size(pub_key.n)
 +    keylength = common.byte_size(pub_key.n)
     encrypted = transform.bytes2int(signature)
     decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n)
 -    clearsig = transform.int2bytes(decrypted, blocksize)
 -
 -    # If we can't find the signature  marker, verification failed.
 -    if clearsig[0:2] != b('\x00\x01'):
 -        raise VerificationError('Verification failed')
 +    clearsig = transform.int2bytes(decrypted, keylength)
 -    # Find the 00 separator between the padding and the payload
 -    try:
 -        sep_idx = clearsig.index(b('\x00'), 2)
 -    except ValueError:
 -        raise VerificationError('Verification failed')
 -    
 -    # Get the hash and the hash method
 -    (method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:])
 +    # Get the hash method
 +    method_name = _find_method_hash(clearsig)
     message_hash = _hash(message, method_name)
 -    # Compare the real hash to the hash in the signature
 -    if message_hash != signature_hash:
 +    # Reconstruct the expected padded hash
 +    cleartext = HASH_ASN1[method_name] + message_hash
 +    expected = _pad_for_signing(cleartext, keylength)
 +
 +    # Compare with the signed one
 +    if expected != clearsig:
         raise VerificationError('Verification failed')
     return True
@@ -351,24 +337,20 @@
     return hasher.digest()
 -def _find_method_hash(method_hash):
 -    '''Finds the hash method and the hash itself.
 +def _find_method_hash(clearsig):
 +    '''Finds the hash method.
 -    :param method_hash: ASN1 code for the hash method concatenated with the
 -        hash itself.
 +    :param clearsig: full padded ASN1 and hash.
 -    :return: tuple (method, hash) where ``method`` is the used hash method, and
 -        ``hash`` is the hash itself.
 +    :return: the used hash method.
     :raise VerificationFailed: when the hash method cannot be found
     '''
     for (hashname, asn1code) in HASH_ASN1.items():
 -        if not method_hash.startswith(asn1code):
 -            continue
 -        
 -        return (hashname, method_hash[len(asn1code):])
 +        if asn1code in clearsig:
 +            return hashname
     raise VerificationError('Verification failed')
--- a/python-rsa.changes
+++ b/python-rsa.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Tue Jan  5 18:39:56 UTC 2016 - rjschwei@suse.com
 - Fix CVE 2016-1494 (bsc#960680)
  - Add patch cve_2016-1494.diff
 -------------------------------------------------------------------
 Tue Dec  1 15:02:09 UTC 2015 - rjschwei@suse.com
--- a/python-rsa.spec
+++ b/python-rsa.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-rsa
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -24,6 +24,7 @@ Summary:        Pure-Python RSA Implementation
 License:        Apache-2.0
 Group:          Development/Languages/Python
 Source:         http://pypi.python.org/packages/source/r/rsa/rsa-%{version}.tar.gz
 Patch0:         cve_2016-1494.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  python-devel
 BuildRequires:  python-pyasn1
@ -55,6 +56,7 @@ sed -i "s/pyrsa-sign/pyrsa-sign-%{py_ver}/" setup.py
 sed -i "s/pyrsa-verify/pyrsa-verify-%{py_ver}/" setup.py
 sed -i "s/pyrsa-encrypt-bigfile =/pyrsa-encrypt-bigfile-%{py_ver} =/" setup.py
 sed -i "s/pyrsa-decrypt-bigfile =/pyrsa-decrypt-bigfile-%{py_ver} =/" setup.py
 %patch0 -p1
 %build
 python setup.py build