Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
python-rsa
cve_2020-25658.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cve_2020-25658.patch of Package python-rsa
--- rsa/pkcs1.py.orig +++ rsa/pkcs1.py @@ -31,6 +31,8 @@ to your users. import hashlib import os +from hmac import compare_digest + from rsa._compat import b from rsa import common, transform, core, varblock @@ -230,17 +232,20 @@ def decrypt(crypto, priv_key): # Detect leading zeroes in the crypto. These are not reflected in the # encrypted value (as leading zeroes do not influence the value of an # integer). This fixes CVE-2020-13757. - if len(crypto) > blocksize: - raise DecryptionError('Decryption failed') + crypto_len_bad = len(crypto) > blocksize # If we can't find the cleartext marker, decryption failed. - if cleartext[0:2] != b('\x00\x02'): - raise DecryptionError('Decryption failed') - + cleartext_marker_bad = not compare_digest(cleartext[:2], b'\x00\x02') + # Find the 00 separator between the padding and the message try: sep_idx = cleartext.index(b('\x00'), 2) except ValueError: + sep_idx = -1 + sep_idx_bad = sep_idx < 0 + + anything_bad = crypto_len_bad | cleartext_marker_bad | sep_idx_bad + if anything_bad: raise DecryptionError('Decryption failed') return cleartext[sep_idx+1:]
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor