summaryrefslogtreecommitdiff
path: root/security/py-crypto
diff options
context:
space:
mode:
Diffstat (limited to 'security/py-crypto')
-rw-r--r--security/py-crypto/Makefile4
-rw-r--r--security/py-crypto/distinfo4
-rw-r--r--security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py49
-rw-r--r--security/py-crypto/patches/patch-src_block_template.c25
4 files changed, 79 insertions, 3 deletions
diff --git a/security/py-crypto/Makefile b/security/py-crypto/Makefile
index 9fe529d6131..1120d67c96f 100644
--- a/security/py-crypto/Makefile
+++ b/security/py-crypto/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.39 2017/01/12 16:36:35 rodent Exp $
+# $NetBSD: Makefile,v 1.40 2017/03/07 23:17:51 sevan Exp $
DISTNAME= pycrypto-2.6.1
PKGNAME= ${DISTNAME:S/^py/${PYPKGPREFIX}-/}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security python
MASTER_SITES= http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/
diff --git a/security/py-crypto/distinfo b/security/py-crypto/distinfo
index 23a8bca0ea7..be7742a424c 100644
--- a/security/py-crypto/distinfo
+++ b/security/py-crypto/distinfo
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 01:18:03 agc Exp $
+$NetBSD: distinfo,v 1.12 2017/03/07 23:17:51 sevan Exp $
SHA1 (pycrypto-2.6.1.tar.gz) = aeda3ed41caf1766409d4efc689b9ca30ad6aeb2
RMD160 (pycrypto-2.6.1.tar.gz) = ac0db079e5e4be9daf739e094c10e96291dbc009
SHA512 (pycrypto-2.6.1.tar.gz) = 20a4aed4dac4e9e61d773ebc1d48ea577e9870c33f396be53d075a9bf8487d93e75e200179882d81e452efd0f6751789bac434f6f431b3e7c1c8ef9dba392847
Size (pycrypto-2.6.1.tar.gz) = 446240 bytes
SHA1 (patch-ab) = 2c72b0e70fdebd2e62aff28284afd919e935de08
+SHA1 (patch-lib_Crypto_SelfTest_Cipher_common.py) = 4e4f3c0a705ceb8fbc922c5d44bd33fce347ac83
+SHA1 (patch-src_block_template.c) = 646bb15e41290922c417a2104e401c82379e97dd
diff --git a/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
new file mode 100644
index 00000000000..7c8b20ddb9a
--- /dev/null
+++ b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
@@ -0,0 +1,49 @@
+$NetBSD: patch-lib_Crypto_SelfTest_Cipher_common.py,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- lib/Crypto/SelfTest/Cipher/common.py.orig 2017-03-07 16:48:08.000000000 +0000
++++ lib/Crypto/SelfTest/Cipher/common.py
+@@ -239,19 +239,33 @@ class RoundtripTest(unittest.TestCase):
+ return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+
+ def runTest(self):
+- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
++ ## ECB mode
++ mode = self.module.MODE_ECB
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ ciphertext = encryption_cipher.encrypt(self.plaintext)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## OPENPGP mode
++ mode = self.module.MODE_OPENPGP
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext)
++ eiv = eiv_ciphertext[:self.module.block_size+2]
++ ciphertext = eiv_ciphertext[self.module.block_size+2:]
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## All other non-AEAD modes (but CTR)
++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
+ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ ciphertext = encryption_cipher.encrypt(self.plaintext)
+-
+- if mode != self.module.MODE_OPENPGP:
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+- else:
+- eiv = ciphertext[:self.module.block_size+2]
+- ciphertext = ciphertext[self.module.block_size+2:]
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+ self.assertEqual(self.plaintext, decrypted_plaintext)
+
++
+ class PGPTest(unittest.TestCase):
+ def __init__(self, module, params):
+ unittest.TestCase.__init__(self)
diff --git a/security/py-crypto/patches/patch-src_block_template.c b/security/py-crypto/patches/patch-src_block_template.c
new file mode 100644
index 00000000000..6ef5ef43234
--- /dev/null
+++ b/security/py-crypto/patches/patch-src_block_template.c
@@ -0,0 +1,25 @@
+$NetBSD: patch-src_block_template.c,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- src/block_template.c.orig 2017-03-07 16:58:09.000000000 +0000
++++ src/block_template.c
+@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P
+ "Key cannot be the null string");
+ return NULL;
+ }
++ if (IVlen != 0 && mode == MODE_ECB)
++ {
++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++ return NULL;
++ }
++ if (IVlen != 0 && mode == MODE_CTR)
++ {
++ PyErr_Format(PyExc_ValueError,
++ "CTR mode needs counter parameter, not IV");
++ return NULL;
++ }
+ if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
+ {
+ PyErr_Format(PyExc_ValueError,