PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
							From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 28 Jun 2022 21:17:01 +0200
Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
 decryption API (CVE-2020-25657)

Fixes #282

[Retrieved from:
https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
 src/SWIG/_rsa.i           | 20 ++++++++++++--------
 tests/test_rsa.py         | 15 +++++++--------
 3 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
index aba9eb6d..a9f30da9 100644
--- a/src/SWIG/_m2crypto_wrap.c
+++ b/src/SWIG/_m2crypto_wrap.c
@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
 
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
 
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
 
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
 
diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
index bc714e01..1377b8be 100644
--- a/src/SWIG/_rsa.i
+++ b/src/SWIG/_rsa.i
@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
 
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
 
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
 
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
         (unsigned char *)tbuf, rsa, padding);
     if (tlen == -1) {
-        m2_PyErr_Msg(_rsa_err);
+        ERR_clear_error();
+        PyErr_Clear();
         PyMem_Free(tbuf);
-        return NULL;
+        Py_RETURN_NONE;
     }
     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
 
diff --git a/tests/test_rsa.py b/tests/test_rsa.py
index 7bb3af75..5e75d681 100644
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
         # The other paddings.
         for padding in self.s_padding_nok:
             p = getattr(RSA, padding)
-            with self.assertRaises(RSA.RSAError):
-                priv.private_encrypt(self.data, p)
+            # Exception disabled as a part of mitigation against CVE-2020-25657
+            # with self.assertRaises(RSA.RSAError):
+            priv.private_encrypt(self.data, p)
         # Type-check the data to be encrypted.
         with self.assertRaises(TypeError):
             priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
             self.assertEqual(ptxt, self.data)
 
         # no_padding
-        with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
-            priv.public_encrypt(self.data, RSA.no_padding)
+        # Exception disabled as a part of mitigation against CVE-2020-25657
+        # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+        priv.public_encrypt(self.data, RSA.no_padding)
 
         # Type-check the data to be encrypted.
+        # Exception disabled as a part of mitigation against CVE-2020-25657
         with self.assertRaises(TypeError):
             priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
 
@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
                          b'\000\000\000\003\001\000\001')  # aka 65537 aka 0xf4
         with self.assertRaises(RSA.RSAError):
             setattr(rsa, 'e', '\000\000\000\003\001\000\001')
-        with self.assertRaises(RSA.RSAError):
-            rsa.private_encrypt(1)
-        with self.assertRaises(RSA.RSAError):
-            rsa.private_decrypt(1)
         assert rsa.check_key()
 
     def test_loadpub_bad(self):
-- 
GitLab