rpms
/
python-crypto
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 2.6

Browse Source 
- New upstream release 2.6:
  - Fix insecure ElGamal key generation (launchpad bug #985164, CVE-2012-2417)
  - Huge documentation cleanup
  - Added more tests, including test vectors from NIST 800-38A
  - Remove broken MODE_PGP, which never actually worked properly
  - A new mode, MODE_OPENPGP, has been added for people wishing to write
    OpenPGP implementations (see also launchpad bug #996814)
  - Fix: getPrime with invalid input causes Python to abort with fatal error
    (launchpad bug #988431)
  - Fix: Segfaults within error-handling paths (launchpad bug #934294)
  - Fix: Block ciphers allow empty string as IV (launchpad bug #997464)
  - Fix DevURandomRNG to work with Python3's new I/O stack
  - Remove automagic dependencies on libgmp and libmpir; let the caller
    disable them using args
  - Many other minor bug fixes and improvements
- Drop upstream patches
f38
Paul Howarth 13 years ago
parent bda7f75437
commit f5cf3b44bf
5 changed files with 21 additions and 272 deletions
Show Stats Download Patch File Download Diff File

202
0001-Fix-segfaults-reference-leaks-in-error-handling.patch
Unescape View File

@ -1,202 +0,0 @@
From 34d79c1c99b0baf3357507245e0f0419297ea4e2 Mon Sep 17 00:00:00 2001
From: "Dwayne C. Litzenberger" <dlitz@dlitz.net>
Date: Sat, 18 Feb 2012 12:35:23 -0500
Subject: [PATCH 1/3] Fix segfaults & reference leaks in error-handling
These bugs are likely only triggered during out-of-memory conditions. The bug
report is at:
https://bugs.launchpad.net/pycrypto/+bug/934294
These were found by Dave Malcolm's experimental static analysis tool:
http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-02-14/python-crypto-2.5-1.fc17/
See also:
https://fedorahosted.org/gcc-python-plugin/
http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html
---
src/_fastmath.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 58 insertions(+), 10 deletions(-)
diff --git a/src/_fastmath.c b/src/_fastmath.c
index 6af1f05..c0f8c4e 100644
--- a/src/_fastmath.c
+++ b/src/_fastmath.c
@@ -466,6 +466,8 @@ dsaKey_new (PyObject * self, PyObject * args)
return NULL;
key = PyObject_New (dsaKey, &dsaKeyType);
+ if (key == NULL)
+ return NULL;
mpz_init (key->y);
mpz_init (key->g);
mpz_init (key->p);
@@ -552,7 +554,7 @@ dsaKey_getattr (dsaKey * key, char *attr)
static PyObject *
dsaKey__sign (dsaKey * key, PyObject * args)
{
- PyObject *lm, *lk, *lr, *ls;
+ PyObject *lm, *lk, *lr, *ls, *retval;
mpz_t m, k, r, s;
int result;
if (!PyArg_ParseTuple (args, "O!O!", &PyLong_Type, &lm,
@@ -574,11 +576,19 @@ dsaKey__sign (dsaKey * key, PyObject * args)
}
lr = mpzToLongObj (r);
ls = mpzToLongObj (s);
+ if (lr == NULL || ls == NULL) goto errout;
mpz_clear (m);
mpz_clear (k);
mpz_clear (r);
mpz_clear (s);
- return Py_BuildValue ("(NN)", lr, ls);
+ retval = Py_BuildValue ("(NN)", lr, ls);
+ if (retval == NULL) goto errout;
+ return retval;
+
+errout:
+ Py_XDECREF(lr);
+ Py_XDECREF(ls);
+ return NULL;
}
static PyObject *
@@ -703,6 +713,8 @@ rsaKey_new (PyObject * self, PyObject * args)
return NULL;
key = PyObject_New (rsaKey, &rsaKeyType);
+ if (key == NULL)
+ return NULL;
mpz_init (key->n);
mpz_init (key->e);
mpz_init (key->d);
@@ -838,7 +850,7 @@ rsaKey_getattr (rsaKey * key, char *attr)
static PyObject *
rsaKey__encrypt (rsaKey * key, PyObject * args)
{
- PyObject *l, *r;
+ PyObject *l, *r, *retval;
mpz_t v;
int result;
if (!PyArg_ParseTuple (args, "O!", &PyLong_Type, &l))
@@ -854,14 +866,20 @@ rsaKey__encrypt (rsaKey * key, PyObject * args)
return NULL;
}
r = (PyObject *) mpzToLongObj (v);
+ if (r == NULL) return NULL;
mpz_clear (v);
- return Py_BuildValue ("N", r);
+ retval = Py_BuildValue ("N", r);
+ if (retval == NULL) {
+ Py_DECREF(r);
+ return NULL;
+ }
+ return retval;
}
static PyObject *
rsaKey__decrypt (rsaKey * key, PyObject * args)
{
- PyObject *l, *r;
+ PyObject *l, *r, *retval;
mpz_t v;
int result;
if (!PyArg_ParseTuple (args, "O!", &PyLong_Type, &l))
@@ -884,8 +902,14 @@ rsaKey__decrypt (rsaKey * key, PyObject * args)
return NULL;
}
r = mpzToLongObj (v);
+ if (r == NULL) return NULL;
mpz_clear (v);
- return Py_BuildValue ("N", r);
+ retval = Py_BuildValue ("N", r);
+ if (retval == NULL) {
+ Py_DECREF(r);
+ return NULL;
+ }
+ return retval;
}
static PyObject *
@@ -916,7 +940,7 @@ rsaKey__verify (rsaKey * key, PyObject * args)
static PyObject *
rsaKey__blind (rsaKey * key, PyObject * args)
{
- PyObject *l, *lblind, *r;
+ PyObject *l, *lblind, *r, *retval;
mpz_t v, vblind;
int result;
if (!PyArg_ParseTuple (args, "O!O!", &PyLong_Type, &l,
@@ -940,15 +964,22 @@ rsaKey__blind (rsaKey * key, PyObject * args)
return NULL;
}
r = (PyObject *) mpzToLongObj (v);
+ if (r == NULL)
+ return NULL;
mpz_clear (v);
mpz_clear (vblind);
- return Py_BuildValue ("N", r);
+ retval = Py_BuildValue ("N", r);
+ if (retval == NULL) {
+ Py_DECREF(r);
+ return NULL;
+ }
+ return retval;
}
static PyObject *
rsaKey__unblind (rsaKey * key, PyObject * args)
{
- PyObject *l, *lblind, *r;
+ PyObject *l, *lblind, *r, *retval;
mpz_t v, vblind;
int result;
if (!PyArg_ParseTuple (args, "O!O!", &PyLong_Type, &l,
@@ -977,9 +1008,15 @@ rsaKey__unblind (rsaKey * key, PyObject * args)
return NULL;
}
r = (PyObject *) mpzToLongObj (v);
+ if (r == NULL) return NULL;
mpz_clear (v);
mpz_clear (vblind);
- return Py_BuildValue ("N", r);
+ retval = Py_BuildValue ("N", r);
+ if (retval == NULL) {
+ Py_DECREF(r);
+ return NULL;
+ }
+ return retval;
}
static PyObject *
@@ -1153,7 +1190,15 @@ getRandomInteger (mpz_t n, unsigned long int bits, PyObject *randfunc_)
}
arglist = Py_BuildValue ("(l)", (long int)bytes);
+ if (arglist == NULL) {
+ return_val = 0;
+ goto cleanup;
+ }
rand_bytes = PyObject_CallObject (randfunc, arglist);
+ if (rand_bytes == NULL) {
+ return_val = 0;
+ goto cleanup;
+ }
Py_DECREF (arglist);
if (!PyBytes_Check (rand_bytes))
{
@@ -1650,6 +1695,9 @@ init_fastmath (void)
#endif
_fastmath_dict = PyModule_GetDict (_fastmath_module);
fastmathError = PyErr_NewException ("_fastmath.error", NULL, NULL);
+#ifdef IS_PY3K
+ if (fastmathError == NULL) return NULL;
+#endif
PyDict_SetItemString (_fastmath_dict, "error", fastmathError);
PyModule_AddIntConstant(_fastmath_module, "HAVE_DECL_MPZ_POWM_SEC", HAVE_DECL_MPZ_POWM_SEC);
--
1.7.7.6

25
0002-Fix-typo.patch
Unescape View File

@ -1,25 +0,0 @@
From a6ddd108cf8e70c4037065143f968e994f5ef581 Mon Sep 17 00:00:00 2001
From: "Dwayne C. Litzenberger" <dlitz@dlitz.net>
Date: Sat, 18 Feb 2012 12:42:23 -0500
Subject: [PATCH 2/3] Fix typo
---
src/_fastmath.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/_fastmath.c b/src/_fastmath.c
index c0f8c4e..8c1a517 100644
--- a/src/_fastmath.c
+++ b/src/_fastmath.c
@@ -1139,7 +1139,7 @@ getRNG (void)
if (!PyCallable_Check (new_func))
{
PyErr_SetString (PyExc_RuntimeError,
- "Cryptor.Random.new is not callable.");
+ "Crypto.Random.new is not callable.");
return NULL;
}
rng = PyObject_CallObject (new_func, NULL);
--
1.7.7.6

33
0003-Fix-segfault-if-Crypto.Random.new-is-missing.patch
Unescape View File

@ -1,33 +0,0 @@
From 4b3c25f4b872c288ace179c68cebc46cce5039aa Mon Sep 17 00:00:00 2001
From: "Dwayne C. Litzenberger" <dlitz@dlitz.net>
Date: Sat, 18 Feb 2012 12:51:11 -0500
Subject: [PATCH 3/3] Fix segfault if Crypto.Random.new is missing for some
reason.
This should never happen, but we're already checking that Crypto.Random.new is
callable, so we might as well also check that Crypto.Random.new exists. Also,
fixing this should silence an (arguably false-positive) error emitted by
cpychecker (a static analysis tool used by the Fedora project).
---
src/_fastmath.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/_fastmath.c b/src/_fastmath.c
index 8c1a517..4b5dede 100644
--- a/src/_fastmath.c
+++ b/src/_fastmath.c
@@ -1136,6 +1136,11 @@ getRNG (void)
module_dict = PyModule_GetDict (module);
Py_DECREF (module);
new_func = PyDict_GetItemString (module_dict, "new");
+ if (new_func == NULL) {
+ PyErr_SetString (PyExc_RuntimeError,
+ "Crypto.Random.new is missing.");
+ return NULL;
+ }
if (!PyCallable_Check (new_func))
{
PyErr_SetString (PyExc_RuntimeError,
--
1.7.7.6

31
python-crypto.spec
Unescape View File

@ -6,8 +6,8 @@
Summary: Cryptography library for Python Summary: Cryptography library for Python
Name: python-crypto Name: python-crypto
Version: 2.5 Version: 2.6
Release: 2%{?dist} Release: 1%{?dist}
# Mostly Public Domain apart from parts of HMAC.py and setup.py, which are Python # Mostly Public Domain apart from parts of HMAC.py and setup.py, which are Python
License: Public Domain and Python License: Public Domain and Python
Group: Development/Libraries Group: Development/Libraries
@ -15,9 +15,6 @@ URL: http://www.pycrypto.org/
Source0: http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-%{version}.tar.gz Source0: http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-%{version}.tar.gz
Patch0: python-crypto-2.4-optflags.patch Patch0: python-crypto-2.4-optflags.patch
Patch1: python-crypto-2.4-fix-pubkey-size-divisions.patch Patch1: python-crypto-2.4-fix-pubkey-size-divisions.patch
Patch2: 0001-Fix-segfaults-reference-leaks-in-error-handling.patch
Patch3: 0002-Fix-typo.patch
Patch4: 0003-Fix-segfault-if-Crypto.Random.new-is-missing.patch
Provides: pycrypto = %{version}-%{release} Provides: pycrypto = %{version}-%{release}
BuildRequires: python2-devel >= 2.2, gmp-devel >= 4.1 BuildRequires: python2-devel >= 2.2, gmp-devel >= 4.1
%if %{with_python3} %if %{with_python3}
@ -58,12 +55,6 @@ This is the Python 3 build of the package.
# Fix divisions within benchmarking suite: # Fix divisions within benchmarking suite:
%patch1 -p1 %patch1 -p1
# Upstream fixes for issues found by Dave Malcolm's
# experimental static analysis tool (#790584)
%patch2 -p1
%patch3 -p1
%patch4 -p1
# Prepare python3 build (setup.py doesn't run 2to3 on pct-speedtest.py) # Prepare python3 build (setup.py doesn't run 2to3 on pct-speedtest.py)
%if %{with_python3} %if %{with_python3}
cp -a . %{py3dir} cp -a . %{py3dir}
@ -132,6 +123,24 @@ rm -rf %{buildroot}
%endif %endif
%changelog %changelog
* Thu May 24 2012 Paul Howarth <paul@city-fan.org> - 2.6-1
- Update to 2.6
- Fix insecure ElGamal key generation (launchpad bug #985164, CVE-2012-2417)
- Huge documentation cleanup
- Added more tests, including test vectors from NIST 800-38A
- Remove broken MODE_PGP, which never actually worked properly
- A new mode, MODE_OPENPGP, has been added for people wishing to write
OpenPGP implementations (see also launchpad bug #996814)
- Fix: getPrime with invalid input causes Python to abort with fatal error
(launchpad bug #988431)
- Fix: Segfaults within error-handling paths (launchpad bug #934294)
- Fix: Block ciphers allow empty string as IV (launchpad bug #997464)
- Fix DevURandomRNG to work with Python3's new I/O stack
- Remove automagic dependencies on libgmp and libmpir; let the caller
disable them using args
- Many other minor bug fixes and improvements
- Drop upstream patches
* Sat Feb 18 2012 Paul Howarth <paul@city-fan.org> - 2.5-2 * Sat Feb 18 2012 Paul Howarth <paul@city-fan.org> - 2.5-2
- Add upstream fixes for issues found by Dave Malcolm's experimental static - Add upstream fixes for issues found by Dave Malcolm's experimental static
analysis tool (#790584) analysis tool (#790584)

2
sources
Unescape View File

@ -1 +1 @@
783e45d4a1a309e03ab378b00f97b291 pycrypto-2.5.tar.gz 88dad0a270d1fe83a39e0467a66a22bb pycrypto-2.6.tar.gz

Write Preview
Loading…
Cancel
Save