Source: m2crypto Version: 0.37.1-1 Severity: serious X-Debbugs-CC: debian...@lists.debian.org, open...@packages.debian.org Tags: sid bullseye User: debian...@lists.debian.org Usertags: needs-update Control: affects -1 src:openssl
Dear maintainer(s),
With a recent upload of openssl the autopkgtest of m2crypto fails in
testing when that autopkgtest is run with the binary packages of openssl
from unstable. It passes when run with only packages from testing. In
tabular form:
pass fail
openssl from testing 1.1.1j-1
m2crypto from testing 0.37.1-1
all others from testing from testing
I copied some of the output at the bottom of this report. I *think*
this may be related to CVE-2020-25657 "bleichenbacher timing attacks in
the RSA decryption API" against m2crypto, hence I file this bug against
m2crypto.
Currently this regression is blocking the migration of openssl to
testing [1]. Of course, openssl shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
openssl was intended and your package needs to update to the new situation.
If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from openssl should really add
a versioned Breaks on the unfixed version of (one of your) package(s).
Note: the Breaks is nice even if the issue is only in the autopkgtest as
it helps the migration software to figure out the right versions to
combine in the tests.
More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
Paul
[1] https://qa.debian.org/excuses.php?package=openssl
https://ci.debian.net/data/autopkgtest/testing/amd64/m/m2crypto/10541025/log.gz
=================================== FAILURES
===================================
_______________________ RSATestCase.test_public_encrypt
________________________
self = <tests.test_rsa.RSATestCase testMethod=test_public_encrypt>
@unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f,
'Relies on fix which happened only in OpenSSL 1.1.1c')
def test_public_encrypt(self):
priv = RSA.load_key(self.privkey)
# pkcs1_padding, pkcs1_oaep_padding
for padding in self.e_padding_ok:
p = getattr(RSA, padding)
ctxt = priv.public_encrypt(self.data, p)
ptxt = priv.private_decrypt(ctxt, p)
self.assertEqual(ptxt, self.data)
# sslv23_padding
ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
> res = priv.private_decrypt(ctxt, RSA.sslv23_padding)
tests/test_rsa.py:129:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
self = <M2Crypto.RSA.RSA object at 0x7f954bddabb0>
data =
b'wf\xdc\xa5\xdf\xca\x95\xc7;\xa4\xdfEWUm/\xa1m\xd8\xa1\x14s&\x1bid\xf4c\\\xbcI\x90[<\x8dE\x89\x1f\xbf\xe9y=\xef\xa9z\...2\xb7\xaaO\x89\x88\xf7P\xee\x9f\xaf\x19B?\x1f\n\xe5\x18Q9\x186\x97gj\x0e)0mg@\xed\xe4~\xf3\xc4\xbe\x1dK#\x9f/\r"N%\x8d'
padding = 2
def private_decrypt(self, data, padding):
# type: (bytes, int) -> bytes
assert self.check_key(), 'key is not initialised'
> return m2.rsa_private_decrypt(self.rsa, data, padding)
E M2Crypto.RSA.RSAError: sslv3 rollback attack
/usr/lib/python3/dist-packages/M2Crypto/RSA.py:82: RSAError
OpenPGP_signature
Description: OpenPGP digital signature
