diff options
| author | Matěj Cepl <mcepl@cepl.eu> | 2022-07-12 22:54:28 +0200 |
|---|---|---|
| committer | Matěj Cepl <mcepl@cepl.eu> | 2022-07-12 23:12:19 +0200 |
| commit | b0607106a0b9d19ee97565eb333d9e50fca6defd (patch) | |
| tree | 3e44ba1f19465aaaf497bcf5f028be43082332b9 | |
| parent | 84c53958def0f510e92119fca14d74f94215827a (diff) | |
| download | m2crypto-b0607106a0b9d19ee97565eb333d9e50fca6defd.tar.gz | |
Fix according to the code review.
| -rw-r--r-- | src/SWIG/_m2crypto_wrap.c | 10 | ||||
| -rw-r--r-- | src/SWIG/_rsa.i | 10 | ||||
| -rw-r--r-- | tests/test_rsa.py | 13 |
3 files changed, 14 insertions, 19 deletions
diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c index a9f30da..60f5331 100644 --- a/src/SWIG/_m2crypto_wrap.c +++ b/src/SWIG/_m2crypto_wrap.c @@ -7040,10 +7040,9 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, (unsigned char *)tbuf, rsa, padding); if (tlen == -1) { - ERR_clear_error(); - PyErr_Clear(); + m2_PyErr_Msg(_rsa_err); PyMem_Free(tbuf); - Py_RETURN_NONE; + return NULL; } ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); @@ -7099,10 +7098,9 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, (unsigned char *)tbuf, rsa, padding); if (tlen == -1) { - ERR_clear_error(); - PyErr_Clear(); + m2_PyErr_Msg(_rsa_err); PyMem_Free(tbuf); - Py_RETURN_NONE; + return NULL; } ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i index 1377b8b..0f0bc78 100644 --- a/src/SWIG/_rsa.i +++ b/src/SWIG/_rsa.i @@ -239,10 +239,9 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, (unsigned char *)tbuf, rsa, padding); if (tlen == -1) { - ERR_clear_error(); - PyErr_Clear(); + m2_PyErr_Msg(_rsa_err); PyMem_Free(tbuf); - Py_RETURN_NONE; + return NULL; } ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); @@ -298,10 +297,9 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, (unsigned char *)tbuf, rsa, padding); if (tlen == -1) { - ERR_clear_error(); - PyErr_Clear(); + m2_PyErr_Msg(_rsa_err); PyMem_Free(tbuf); - Py_RETURN_NONE; + return NULL; } ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); diff --git a/tests/test_rsa.py b/tests/test_rsa.py index 5e75d68..6842a1c 100644 --- a/tests/test_rsa.py +++ b/tests/test_rsa.py @@ -109,9 +109,8 @@ class RSATestCase(unittest.TestCase): # The other paddings. for padding in self.s_padding_nok: p = getattr(RSA, padding) - # Exception disabled as a part of mitigation against CVE-2020-25657 - # with self.assertRaises(RSA.RSAError): - priv.private_encrypt(self.data, p) + with self.assertRaises(RSA.RSAError): + priv.private_encrypt(self.data, p) # Type-check the data to be encrypted. with self.assertRaises(TypeError): priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) @@ -128,12 +127,10 @@ class RSATestCase(unittest.TestCase): self.assertEqual(ptxt, self.data) # no_padding - # Exception disabled as a part of mitigation against CVE-2020-25657 - # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): - priv.public_encrypt(self.data, RSA.no_padding) + with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): + priv.public_encrypt(self.data, RSA.no_padding) # Type-check the data to be encrypted. - # Exception disabled as a part of mitigation against CVE-2020-25657 with self.assertRaises(TypeError): priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) @@ -149,6 +146,8 @@ class RSATestCase(unittest.TestCase): b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4 with self.assertRaises(RSA.RSAError): setattr(rsa, 'e', '\000\000\000\003\001\000\001') + with self.assertRaises(RSA.RSAError): + rsa.private_decrypt(1) assert rsa.check_key() def test_loadpub_bad(self): |