Bug#930221: unblock: m2crypto/ 0.31.0-3.1

To: Daniel Stender <debian@danielstender.com>, 930221@bugs.debian.org, Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, m2crypto@packages.debian.org
Subject: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
From: Paul Gevers <elbrus@debian.org>
Date: Sun, 9 Jun 2019 20:45:02 +0200
Message-id: <[🔎] bd8071aa-55f1-77fc-a058-0c058b4d1d18@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 930221@bugs.debian.org
In-reply-to: <[🔎] 596a76d8-39e8-fbc1-a66d-336c6086fe54@danielstender.com>
References: <[🔎] 20190608154525.7ckpoqwgsfnz6ju3@flow> <[🔎] ea2e3f66-d6f7-5446-dfaa-382fcc6ff09f@debian.org> <[🔎] 20190608154525.7ckpoqwgsfnz6ju3@flow> <[🔎] 596a76d8-39e8-fbc1-a66d-336c6086fe54@danielstender.com> <[🔎] 20190608154525.7ckpoqwgsfnz6ju3@flow>

Control: tags -1 confirmed

Hi Daniel,

On 09-06-2019 10:05, Daniel Stender wrote:
> On 6/8/19 9:20 PM, Paul Gevers wrote
>> If this version gets uploaded, be it by the maintainers of m2crpyto or
>> by Sebastian, it will be acceptable from the Release Team point of view.
>  
> I've uploaded the package including these patches.

Thanks a lot.

In my opinion, no need to re-upload, but the check for the OpenSSL
version seems to be failing (see below). That test should have been skipped.

I'll trigger a test with openssl 1.1.1c to verify, but the test passed
in unstable already. If that passes, I'll unblock this.

Paul

In testing (with openssl/1.1.1b-2):
=================================== FAILURES
===================================
_______________________ RSATestCase.test_public_encrypt
________________________

self = <tests.test_rsa.RSATestCase testMethod=test_public_encrypt>

    @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f,
                     'Relies on fix which happened only in OpenSSL 1.1.1c')
    def test_public_encrypt(self):
        priv = RSA.load_key(self.privkey)
        # pkcs1_padding, pkcs1_oaep_padding
        for padding in self.e_padding_ok:
            p = getattr(RSA, padding)
            ctxt = priv.public_encrypt(self.data, p)
            ptxt = priv.private_decrypt(ctxt, p)
            self.assertEqual(ptxt, self.data)

        # sslv23_padding
        ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
>       res = priv.private_decrypt(ctxt, RSA.sslv23_padding)

tests/test_rsa.py:129:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _

self = <M2Crypto.RSA.RSA object at 0x7ffae6e26d50>
data =
'\x1c\x1a\xa2o>\xb7e\x0e\xeaX\x86\x0c\xda\x80y%t,\xccyN\xde\xed;P\xf8\xddL\x9de\x8e\x9b\\\xbbV\x16\x02\xb7\x11\x95\x02...xbb\\\xbe\x0b\x8b\xdb~\xb3HS\xdfIH\x7f\xec5L\xd1-FN\x882-I\xe3\x95\x11\xe0\xdeZ\xd8\xd2M\\\xc3\x93\xf2\xea\xa3\xcc\xa0'
padding = 2

    def private_decrypt(self, data, padding):
        # type: (bytes, int) -> bytes
        assert self.check_key(), 'key is not initialised'
>       return m2.rsa_private_decrypt(self.rsa, data, padding)
E       RSAError: sslv3 rollback attack

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#930221: unblock: m2crypto/ 0.31.0-3.1
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Bug#930221: unblock: m2crypto/ 0.31.0-3.1
  - From: Paul Gevers <elbrus@debian.org>
- Bug#930221: unblock: m2crypto/ 0.31.0-3.1
  - From: Daniel Stender <debian@danielstender.com>

Prev by Date: Bug#930234: marked as done (unblock: unattended-upgrades/1.11.2)
Next by Date: Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Previous by thread: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Next by thread: Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Index(es):
- Date
- Thread