summaryrefslogtreecommitdiff
path: root/dev-python/rsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
committerV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
commit4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
treeba5f07bf3f9d22d82e54a462313f5d244036c768 /dev-python/rsa
reinit the tree, so we can have metadata
Diffstat (limited to 'dev-python/rsa')
-rw-r--r--dev-python/rsa/Manifest8
-rw-r--r--dev-python/rsa/files/rsa-3.2.3-CVE-2016-1494.patch104
-rw-r--r--dev-python/rsa/metadata.xml11
-rw-r--r--dev-python/rsa/rsa-3.2.3-r1.ebuild37
-rw-r--r--dev-python/rsa/rsa-3.4.2.ebuild33
5 files changed, 193 insertions, 0 deletions
diff --git a/dev-python/rsa/Manifest b/dev-python/rsa/Manifest
new file mode 100644
index 000000000000..40c2d0a1e60b
--- /dev/null
+++ b/dev-python/rsa/Manifest
@@ -0,0 +1,8 @@
+AUX rsa-3.2.3-CVE-2016-1494.patch 3843 SHA256 83bf8df7def9e6cea4c85e8f40d5cba66845d52555b0d38d673670910e36f2e6 SHA512 9150b25bc1a9dacc8eee0fb93d46b9d024c868d540097b9166be9a7879fe116d8fd47cacaaf5614b86cd44e7cd10602a0ad290eb2ef116539683101d4057a231 WHIRLPOOL decdf0021c3d01f9269e17afcefa349dde2721fa167f901b0dc5b7fd923dfe20aa0a26d79a43d6906c0877f2a4be80c23a90b656046c9f25c10882c215b672f3
+DIST rsa-3.2.3.tar.gz 35628 SHA256 14db288cc40d6339dedf60d7a47053ab004b4a8976a5c59402a211d8fc5bf21f SHA512 52b33e0278e6e1fed64b1cdebed29f7caa31fae733c2d5875e6cba5a045aaa829616799d8de84fdb63c546780dbdafcabf1f85f25930b8e663861151479ef7e2 WHIRLPOOL 5814f912849bed4f98f8bef20dcf2fb9b28af70b970f324cadab90f0c67ff42c32792f7a6306edf1884d4cf6fe35d27f47c833358c2d03c582faba60fba1490d
+DIST rsa-3.4.2.tar.gz 40956 SHA256 25df4e10c263fb88b5ace923dd84bf9aa7f5019687b5e55382ffcdb8bede9db5 SHA512 62b0ff31fb3b9c18ae65bd102329e69726b853560576b1b66b9b89b26d3ff79154239af7e7a581b6a27c7017cc013f738762cd9662777ef594cc11c5b1f8e267 WHIRLPOOL d8d51f7ffc47af5fbc48199860171c38fe6f08b5a510bfed20513c22df8a614565703c9d89939ff1092a7c6392fbdef8bacf41cc839a9943b120b1fa4cf8d496
+EBUILD rsa-3.2.3-r1.ebuild 779 SHA256 9b4da0643e8efe74b4f8a930e33ed784d0cbfbf84846d3dbb4b9dbf446cf9f59 SHA512 a9d79f2488611d25aea1dc0255c08054328953ca2bd73026c424f81f355450ec21c4e00fa1348ac96a4560f8e1ceca51deb1515b38cf1597575adeb2b2336974 WHIRLPOOL 98779de4f27cd9975f2bf470439fb7c8db370d25a92a0d0476efb293627ebbdf8ea250b4d12b4c3e9b293dfd8f231e2186a9c906e5c14bf7682c149c2d932e5f
+EBUILD rsa-3.4.2.ebuild 736 SHA256 feac335f1b97800f6c6736d6bb8bcd85dded362acbe38bd4af7979346dd7c3fc SHA512 bd828c8b02a32b51f0f0b175bfefbf29d3957117aa449a82c6d1ca3ee085accdbaf8beb5b4599e7f4f8d353cd87081d6e22b8fb965316a4e3d82b08f4a288d0c WHIRLPOOL a0a0daa29f8367b928231648ac7f9548f1ef973b8c9feee6484530abefa32287c9174d10d31ce95a69ca94514bd7f1628da1ec7fc029322ca9d01ab58a1be322
+MISC ChangeLog 4693 SHA256 a44f187d58fa946b560c29b230bb5392cf2eb27df0c2d9628527271142b74e43 SHA512 59fc05b26269b8455a4fdf71f8ad676740e3646bd1a50842ddb57bc966112973270572fc9ecd84f95a6564b4cab3f2ec4b7211010819bf98a54990891842c13b WHIRLPOOL bb6bd453283e71d83a8f1dd277d9907a98760bcf537abb625e0b586d57a789af917b461d33f0e70c9458d806ffccaf1688bcfb10adc68c22638ff5924da2f823
+MISC ChangeLog-2015 1753 SHA256 df896f385bd9064fcc4518ef8fad0f1c3a4ae96aafb805528bd24ec7653e5bf1 SHA512 3d60bfff1eac837799c264d426e4b7884a1dc9db5dac58712fc61c5eebb817fd21505b45f378b275a4006eb5fb0f7dfff2325ed248ce2d8811bf3fac08935c6a WHIRLPOOL ddb1660ae98aa5e8f33be46ccf6bc5974468b200621a830c16cf50919f60b5e4d07d4be24b127e2e88c9ac620335834700b03c2b619572cf5bc462ef9e31049c
+MISC metadata.xml 316 SHA256 4a8d0bb11f587256e0847f1a35a74d53644ef183975d47bc22cc815943c81698 SHA512 4d8c48ae8e4360727f5c4b83e426f42a597a175dfa2a965c9f966e5824a83291c78d3e8e636d21b4f28d73f7e912abc7db1b09078baaa0e3a1b25713abd3d0a1 WHIRLPOOL 1d143ea409a28a21debdb7524a0956899513f985a348f5d984461f001d96cf9f8268abae96f3d7938fef2da91984676bd062cfec306ceaf631fdd3c5f0e8c10b
diff --git a/dev-python/rsa/files/rsa-3.2.3-CVE-2016-1494.patch b/dev-python/rsa/files/rsa-3.2.3-CVE-2016-1494.patch
new file mode 100644
index 000000000000..bfcfc33ed01b
--- /dev/null
+++ b/dev-python/rsa/files/rsa-3.2.3-CVE-2016-1494.patch
@@ -0,0 +1,104 @@
+# HG changeset patch
+# User Filippo Valsorda <hi@filippo.io>
+# Date 1450226563 0
+# Node ID 0cbcc529926afd61c6df4f50cfc29971beafd2c2
+# Parent 2baab06c8b867b01ec82b02118d4872a931a0437
+Fix BB'06 attack in verify() by switching from parsing to comparison
+
+diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
+--- a/rsa/pkcs1.py
++++ b/rsa/pkcs1.py
+@@ -22,10 +22,10 @@
+ At least 8 bytes of random padding is used when encrypting a message. This makes
+ these methods much more secure than the ones in the ``rsa`` module.
+
+-WARNING: this module leaks information when decryption or verification fails.
+-The exceptions that are raised contain the Python traceback information, which
+-can be used to deduce where in the process the failure occurred. DO NOT PASS
+-SUCH INFORMATION to your users.
++WARNING: this module leaks information when decryption fails. The exceptions
++that are raised contain the Python traceback information, which can be used to
++deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION
++to your users.
+ '''
+
+ import hashlib
+@@ -288,37 +288,23 @@
+ :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message.
+ :raise VerificationError: when the signature doesn't match the message.
+
+- .. warning::
+-
+- Never display the stack trace of a
+- :py:class:`rsa.pkcs1.VerificationError` exception. It shows where in
+- the code the exception occurred, and thus leaks information about the
+- key. It's only a tiny bit of information, but every bit makes cracking
+- the keys easier.
+-
+ '''
+
+- blocksize = common.byte_size(pub_key.n)
++ keylength = common.byte_size(pub_key.n)
+ encrypted = transform.bytes2int(signature)
+ decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n)
+- clearsig = transform.int2bytes(decrypted, blocksize)
+-
+- # If we can't find the signature marker, verification failed.
+- if clearsig[0:2] != b('\x00\x01'):
+- raise VerificationError('Verification failed')
++ clearsig = transform.int2bytes(decrypted, keylength)
+
+- # Find the 00 separator between the padding and the payload
+- try:
+- sep_idx = clearsig.index(b('\x00'), 2)
+- except ValueError:
+- raise VerificationError('Verification failed')
+-
+- # Get the hash and the hash method
+- (method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:])
++ # Get the hash method
++ method_name = _find_method_hash(clearsig)
+ message_hash = _hash(message, method_name)
+
+- # Compare the real hash to the hash in the signature
+- if message_hash != signature_hash:
++ # Reconstruct the expected padded hash
++ cleartext = HASH_ASN1[method_name] + message_hash
++ expected = _pad_for_signing(cleartext, keylength)
++
++ # Compare with the signed one
++ if expected != clearsig:
+ raise VerificationError('Verification failed')
+
+ return True
+@@ -351,24 +337,20 @@
+ return hasher.digest()
+
+
+-def _find_method_hash(method_hash):
+- '''Finds the hash method and the hash itself.
++def _find_method_hash(clearsig):
++ '''Finds the hash method.
+
+- :param method_hash: ASN1 code for the hash method concatenated with the
+- hash itself.
++ :param clearsig: full padded ASN1 and hash.
+
+- :return: tuple (method, hash) where ``method`` is the used hash method, and
+- ``hash`` is the hash itself.
++ :return: the used hash method.
+
+ :raise VerificationFailed: when the hash method cannot be found
+
+ '''
+
+ for (hashname, asn1code) in HASH_ASN1.items():
+- if not method_hash.startswith(asn1code):
+- continue
+-
+- return (hashname, method_hash[len(asn1code):])
++ if asn1code in clearsig:
++ return hashname
+
+ raise VerificationError('Verification failed')
+
diff --git a/dev-python/rsa/metadata.xml b/dev-python/rsa/metadata.xml
new file mode 100644
index 000000000000..35bbfa239754
--- /dev/null
+++ b/dev-python/rsa/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>python@gentoo.org</email>
+ <name>Python</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="pypi">rsa</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/dev-python/rsa/rsa-3.2.3-r1.ebuild b/dev-python/rsa/rsa-3.2.3-r1.ebuild
new file mode 100644
index 000000000000..132b888c45b1
--- /dev/null
+++ b/dev-python/rsa/rsa-3.2.3-r1.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
+
+inherit distutils-r1
+
+DESCRIPTION="Pure-Python RSA implementation"
+HOMEPAGE="http://stuvel.eu/rsa https://pypi.python.org/pypi/rsa"
+SRC_URI="mirror://pypi/${P:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 arm x86"
+IUSE="test"
+
+RDEPEND="
+ >=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
+ dev-python/traceback2[${PYTHON_USEDEP}]
+ "
+DEPEND="${RDEPEND}
+ >=dev-python/setuptools-0.6.10[${PYTHON_USEDEP}]
+ test? (
+ dev-python/nose[${PYTHON_USEDEP}]
+ dev-python/unittest2[${PYTHON_USEDEP}]
+ )
+ "
+
+PATCHES=(
+ "${FILESDIR}"/${P}-CVE-2016-1494.patch
+)
+
+python_test() {
+ nosetests --verbose || die
+}
diff --git a/dev-python/rsa/rsa-3.4.2.ebuild b/dev-python/rsa/rsa-3.4.2.ebuild
new file mode 100644
index 000000000000..437b656e1002
--- /dev/null
+++ b/dev-python/rsa/rsa-3.4.2.ebuild
@@ -0,0 +1,33 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
+
+inherit distutils-r1
+
+DESCRIPTION="Pure-Python RSA implementation"
+HOMEPAGE="http://stuvel.eu/rsa https://pypi.python.org/pypi/rsa"
+SRC_URI="mirror://pypi/${P:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+IUSE="test"
+
+RDEPEND="
+ >=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
+ dev-python/traceback2[${PYTHON_USEDEP}]
+ "
+DEPEND="${RDEPEND}
+ >=dev-python/setuptools-0.6.10[${PYTHON_USEDEP}]
+ test? (
+ dev-python/nose[${PYTHON_USEDEP}]
+ dev-python/unittest2[${PYTHON_USEDEP}]
+ )
+ "
+
+python_test() {
+ nosetests --verbose || die
+}