diff -Nru python-cryptography-1.2.3/debian/changelog python-cryptography-1.2.3/debian/changelog --- python-cryptography-1.2.3/debian/changelog 2018-10-18 11:19:53.000000000 +0000 +++ python-cryptography-1.2.3/debian/changelog 2020-10-28 15:54:43.000000000 +0000 @@ -1,3 +1,13 @@ +python-cryptography (1.2.3-1ubuntu0.3) xenial-security; urgency=medium + + * SECURITY UPDATE: Bleichenbacher timing oracle attack + - debian/patches/CVE-2020-25659.patch: Attempt to mitigate + Bleichenbacher attacks on RSA decryption docs/spelling_wordlist.txt, + src/cryptography/hazmat/backends/openssl/rsa.py. + - CVE-2020-25659 + + -- Leonidas S. Barbosa Wed, 28 Oct 2020 11:55:13 -0300 + python-cryptography (1.2.3-1ubuntu0.2) xenial-security; urgency=medium * debian/patches/add_x509_up_ref.patch: add X509_up_ref function for diff -Nru python-cryptography-1.2.3/debian/patches/CVE-2020-25659.patch python-cryptography-1.2.3/debian/patches/CVE-2020-25659.patch --- python-cryptography-1.2.3/debian/patches/CVE-2020-25659.patch 1970-01-01 00:00:00.000000000 +0000 +++ python-cryptography-1.2.3/debian/patches/CVE-2020-25659.patch 2020-10-28 14:55:06.000000000 +0000 @@ -0,0 +1,55 @@ +Backported of: + +From 58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Sun, 25 Oct 2020 21:16:42 -0400 +Subject: [PATCH] Attempt to mitigate Bleichenbacher attacks on RSA decryption + (#5507) + +--- + docs/spelling_wordlist.txt | 1 + + src/cryptography/hazmat/backends/openssl/rsa.py | 14 +++++++++++--- + 2 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt +index 6def795..5afb6c6 100644 +--- a/docs/spelling_wordlist.txt ++++ b/docs/spelling_wordlist.txt +@@ -2,6 +2,7 @@ affine + backend + backends + bcrypt ++Bleichenbacher + Backends + Blowfish + boolean +diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py +index 033cd3b..218a1c8 100644 +--- a/src/cryptography/hazmat/backends/openssl/rsa.py ++++ b/src/cryptography/hazmat/backends/openssl/rsa.py +@@ -100,11 +100,19 @@ def _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum): + backend.openssl_assert(buf_size > 0) + outlen = backend._ffi.new("size_t *", buf_size) + buf = backend._ffi.new("char[]", buf_size) ++ # Everything from this line onwards is written with the goal of being as ++ # constant-time as is practical given the constraints of Python and our ++ # API. See Bleichenbacher's '98 attack on RSA, and its many many variants. ++ # As such, you should not attempt to change this (particularly to "clean it ++ # up") without understanding why it was written this way (see ++ # Chesterton's Fence), and without measuring to verify you have not ++ # introduced observable time differences. + res = crypt(pkey_ctx, buf, outlen, data, len(data)) ++ resbuf = backend._ffi.buffer(buf)[: outlen[0]] ++ backend._lib.ERR_clear_error() + if res <= 0: +- _handle_rsa_enc_dec_error(backend, key) +- +- return backend._ffi.buffer(buf)[:outlen[0]] ++ raise ValueError("Encryption/decryption failed.") ++ return resbuf + + + def _enc_dec_rsa_098(backend, key, data, padding_enum): +-- +2.25.1 + diff -Nru python-cryptography-1.2.3/debian/patches/series python-cryptography-1.2.3/debian/patches/series --- python-cryptography-1.2.3/debian/patches/series 2018-10-18 11:17:38.000000000 +0000 +++ python-cryptography-1.2.3/debian/patches/series 2020-10-28 14:55:06.000000000 +0000 @@ -1,3 +1,4 @@ 0001-Actually-allocate-a-buffer-that-is-the-correct-size.patch CVE-2016-9243.patch add_x509_up_ref.patch +CVE-2020-25659.patch