debian/0000775000000000000000000000000013277064164007202 5ustar debian/rules0000775000000000000000000000064012261742366010261 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 SHELL=/bin/bash export PYBUILD_DESTDIR_python2=debian/python-rsa/ export PYBUILD_DESTDIR_python3=debian/python3-rsa/ %: dh $@ --with python2,python3 --buildsystem=pybuild override_dh_install: dh_install for i in $(CURDIR)/debian/python3-rsa/usr/bin/pyrsa-* ; do \ mv $${i} $${i/pyrsa/py3rsa} ;\ done debian/watch0000664000000000000000000000010712261742366010230 0ustar version=3 http://pypi.python.org/packages/source/r/rsa/rsa-(.*).tar.gz debian/docs0000664000000000000000000000001312261742366010046 0ustar README.rst debian/source/0000775000000000000000000000000012261743307010475 5ustar debian/source/options0000664000000000000000000000005212261742366012114 0ustar extend-diff-ignore = "^[^/]*[.]egg-info/" debian/source/format0000664000000000000000000000001412261742366011707 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000000074513277064164011062 0ustar python-rsa (3.1.2-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: BERserk attack vulnerability - debian/patches/CVE-2016-1494.patch: fix in verify() from parsing to comparison in rsa/pkcs1.py. - CVE-2016-1494 -- Leonidas S. Barbosa Wed, 16 May 2018 14:18:55 -0300 python-rsa (3.1.2-1) unstable; urgency=low * Initial release (Closes: #733216) -- TANIGUCHI Takaki Fri, 27 Dec 2013 16:47:49 +0900 debian/control0000664000000000000000000000313013277064202010573 0ustar Source: python-rsa Section: python Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Python Modules Team Uploaders: TANIGUCHI Takaki Build-Depends: debhelper (>= 9) , python-all , python3-all , python-setuptools , python3-setuptools Standards-Version: 3.9.5 Homepage: http://stuvel.eu/rsa X-Python-Versioni: >= 2.7 X-Python3-Versioni: >= 3.2 Vcs-Svn: svn://anonscm.debian.org/python-apps/packages/python-rsa/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/python-apps/packages/python-rsa/trunk/ Package: python-rsa Architecture: all Depends: python, ${python:Depends}, ${misc:Depends} Description: Pure-Python RSA implementation (Python 2) Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the commandline. The code was mostly written by Sybren A. Stüvel. . This package contains the module for Python 2. Package: python3-rsa Architecture: all Depends: python3, ${python:Depends}, ${misc:Depends} Description: Pure-Python RSA implementation (Python 3) Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the commandline. The code was mostly written by Sybren A. Stüvel. . This package contains the module for Python 3. debian/compat0000664000000000000000000000000212261742366010377 0ustar 9 debian/patches/0000775000000000000000000000000013277063767010641 5ustar debian/patches/CVE-2016-1494.patch0000664000000000000000000000740313277063767013270 0ustar # HG changeset patch # User Filippo Valsorda # Date 1450226563 0 # Node ID 0cbcc529926afd61c6df4f50cfc29971beafd2c2 # Parent 2baab06c8b867b01ec82b02118d4872a931a0437 Fix BB'06 attack in verify() by switching from parsing to comparison diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py --- a/rsa/pkcs1.py +++ b/rsa/pkcs1.py @@ -22,10 +22,10 @@ At least 8 bytes of random padding is used when encrypting a message. This makes these methods much more secure than the ones in the ``rsa`` module. -WARNING: this module leaks information when decryption or verification fails. -The exceptions that are raised contain the Python traceback information, which -can be used to deduce where in the process the failure occurred. DO NOT PASS -SUCH INFORMATION to your users. +WARNING: this module leaks information when decryption fails. The exceptions +that are raised contain the Python traceback information, which can be used to +deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION +to your users. ''' import hashlib @@ -288,37 +288,23 @@ :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message. :raise VerificationError: when the signature doesn't match the message. - .. warning:: - - Never display the stack trace of a - :py:class:`rsa.pkcs1.VerificationError` exception. It shows where in - the code the exception occurred, and thus leaks information about the - key. It's only a tiny bit of information, but every bit makes cracking - the keys easier. - ''' - blocksize = common.byte_size(pub_key.n) + keylength = common.byte_size(pub_key.n) encrypted = transform.bytes2int(signature) decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n) - clearsig = transform.int2bytes(decrypted, blocksize) - - # If we can't find the signature marker, verification failed. - if clearsig[0:2] != b('\x00\x01'): - raise VerificationError('Verification failed') + clearsig = transform.int2bytes(decrypted, keylength) - # Find the 00 separator between the padding and the payload - try: - sep_idx = clearsig.index(b('\x00'), 2) - except ValueError: - raise VerificationError('Verification failed') - - # Get the hash and the hash method - (method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:]) + # Get the hash method + method_name = _find_method_hash(clearsig) message_hash = _hash(message, method_name) - # Compare the real hash to the hash in the signature - if message_hash != signature_hash: + # Reconstruct the expected padded hash + cleartext = HASH_ASN1[method_name] + message_hash + expected = _pad_for_signing(cleartext, keylength) + + # Compare with the signed one + if expected != clearsig: raise VerificationError('Verification failed') return True @@ -351,24 +337,20 @@ return hasher.digest() -def _find_method_hash(method_hash): - '''Finds the hash method and the hash itself. +def _find_method_hash(clearsig): + '''Finds the hash method. - :param method_hash: ASN1 code for the hash method concatenated with the - hash itself. + :param clearsig: full padded ASN1 and hash. - :return: tuple (method, hash) where ``method`` is the used hash method, and - ``hash`` is the hash itself. + :return: the used hash method. :raise VerificationFailed: when the hash method cannot be found ''' for (hashname, asn1code) in HASH_ASN1.items(): - if not method_hash.startswith(asn1code): - continue - - return (hashname, method_hash[len(asn1code):]) + if asn1code in clearsig: + return hashname raise VerificationError('Verification failed') debian/patches/series0000664000000000000000000000002413277063767012052 0ustar CVE-2016-1494.patch debian/copyright0000664000000000000000000000175112261742366011140 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: python-rsa Source: https://pypi.python.org/pypi/rsa Files: * Copyright: 2011, Sybren A. Stuvel License: Apache-2.0 Files: debian/* Copyright: 2013 TANIGUCHI Takaki License: Apache-2.0 License: Apache-2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . On Debian systems, the complete text of the Apache version 2.0 license can be found in "/usr/share/common-licenses/Apache-2.0".