Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-rsa for openSUSE:Factory
checked in at 2021-03-05 13:43:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-rsa (Old)
and /work/SRC/openSUSE:Factory/.python-rsa.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-rsa"
Fri Mar 5 13:43:08 2021 rev:21 rq:876092 version:4.7.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-rsa/python-rsa.changes 2021-02-01
13:28:38.574144104 +0100
+++ /work/SRC/openSUSE:Factory/.python-rsa.new.2378/python-rsa.changes
2021-03-05 13:43:09.123506335 +0100
@@ -1,0 +2,7 @@
+Tue Mar 2 00:30:30 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 4.7.2:
+ * Fix picking/unpickling issue introduced in 4.7
+ * Fix threading issue introduced in 4.7
+
+-------------------------------------------------------------------
Old:
----
rsa-4.7.tar.gz
New:
----
rsa-4.7.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-rsa.spec ++++++
--- /var/tmp/diff_new_pack.gn8g1g/_old 2021-03-05 13:43:10.371507470 +0100
+++ /var/tmp/diff_new_pack.gn8g1g/_new 2021-03-05 13:43:10.375507473 +0100
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: python-rsa
-Version: 4.7
+Version: 4.7.2
Release: 0
Summary: Pure-Python RSA Implementation
License: Apache-2.0
++++++ rsa-4.7.tar.gz -> rsa-4.7.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/PKG-INFO new/rsa-4.7.2/PKG-INFO
--- old/rsa-4.7/PKG-INFO 2021-01-10 11:44:44.184212700 +0100
+++ new/rsa-4.7.2/PKG-INFO 2021-02-24 11:54:39.757972000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: rsa
-Version: 4.7
+Version: 4.7.2
Summary: Pure-Python RSA implementation
Home-page: https://stuvel.eu/rsa
Author: Sybren A. Stuvel
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/fileexample.py new/rsa-4.7.2/fileexample.py
--- old/rsa-4.7/fileexample.py 1970-01-01 01:00:00.000000000 +0100
+++ new/rsa-4.7.2/fileexample.py 2021-01-10 12:08:39.000000000 +0100
@@ -0,0 +1,7 @@
+import rsa
+
+pubkey, privkey = rsa.newkeys(512)
+
+with open('bothkeys.pem', 'wb') as pemfile:
+ pemfile.write(pubkey.save_pkcs1())
+ pemfile.write(privkey.save_pkcs1())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/rsa/__init__.py new/rsa-4.7.2/rsa/__init__.py
--- old/rsa-4.7/rsa/__init__.py 2021-01-10 11:34:53.000000000 +0100
+++ new/rsa-4.7.2/rsa/__init__.py 2021-02-24 11:43:02.000000000 +0100
@@ -26,8 +26,8 @@
VerificationError, find_signature_hash, sign_hash, compute_hash
__author__ = "Sybren Stuvel, Barry Mead and Yesudeep Mangalapilly"
-__date__ = '2021-01-10'
-__version__ = '4.7'
+__date__ = '2021-02-24'
+__version__ = '4.7.2'
# Do doctest if we're run directly
if __name__ == "__main__":
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/rsa/key.py new/rsa-4.7.2/rsa/key.py
--- old/rsa-4.7/rsa/key.py 2021-01-10 11:09:07.000000000 +0100
+++ new/rsa-4.7.2/rsa/key.py 2021-02-24 11:40:11.000000000 +0100
@@ -32,6 +32,7 @@
"""
import logging
+import threading
import typing
import warnings
@@ -49,7 +50,7 @@
class AbstractKey:
"""Abstract superclass for private and public keys."""
- __slots__ = ('n', 'e', 'blindfac', 'blindfac_inverse')
+ __slots__ = ('n', 'e', 'blindfac', 'blindfac_inverse', 'mutex')
def __init__(self, n: int, e: int) -> None:
self.n = n
@@ -58,6 +59,10 @@
# These will be computed properly on the first call to blind().
self.blindfac = self.blindfac_inverse = -1
+ # Used to protect updates to the blinding factor in multi-threaded
+ # environments.
+ self.mutex = threading.Lock()
+
@classmethod
def _load_pkcs1_pem(cls, keyfile: bytes) -> 'AbstractKey':
"""Loads a key in PKCS#1 PEM format, implement in a subclass.
@@ -148,36 +153,33 @@
method = self._assert_format_exists(format, methods)
return method()
- def blind(self, message: int) -> int:
- """Performs blinding on the message using random number 'r'.
+ def blind(self, message: int) -> typing.Tuple[int, int]:
+ """Performs blinding on the message.
:param message: the message, as integer, to blind.
- :type message: int
:param r: the random number to blind with.
- :type r: int
- :return: the blinded message.
- :rtype: int
+ :return: tuple (the blinded message, the inverse of the used blinding
factor)
The blinding is such that message =
unblind(decrypt(blind(encrypt(message))).
See https://en.wikipedia.org/wiki/Blinding_%28cryptography%29
"""
- self._update_blinding_factor()
- return (message * pow(self.blindfac, self.e, self.n)) % self.n
+ blindfac, blindfac_inverse = self._update_blinding_factor()
+ blinded = (message * pow(blindfac, self.e, self.n)) % self.n
+ return blinded, blindfac_inverse
- def unblind(self, blinded: int) -> int:
- """Performs blinding on the message using random number 'r'.
+ def unblind(self, blinded: int, blindfac_inverse: int) -> int:
+ """Performs blinding on the message using random number
'blindfac_inverse'.
:param blinded: the blinded message, as integer, to unblind.
- :param r: the random number to unblind with.
+ :param blindfac: the factor to unblind with.
:return: the original message.
The blinding is such that message =
unblind(decrypt(blind(encrypt(message))).
See https://en.wikipedia.org/wiki/Blinding_%28cryptography%29
"""
-
- return (self.blindfac_inverse * blinded) % self.n
+ return (blindfac_inverse * blinded) % self.n
def _initial_blinding_factor(self) -> int:
for _ in range(1000):
@@ -186,18 +188,29 @@
return blind_r
raise RuntimeError('unable to find blinding factor')
- def _update_blinding_factor(self):
- if self.blindfac < 0:
- # Compute initial blinding factor, which is rather slow to do.
- self.blindfac = self._initial_blinding_factor()
- self.blindfac_inverse = rsa.common.inverse(self.blindfac, self.n)
- else:
- # Reuse previous blinding factor as per section 9 of 'A Timing
- # Attack against RSA with the Chinese Remainder Theorem' by Werner
- # Schindler.
- # See https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf
- self.blindfac = pow(self.blindfac, 2, self.n)
- self.blindfac_inverse = pow(self.blindfac_inverse, 2, self.n)
+ def _update_blinding_factor(self) -> typing.Tuple[int, int]:
+ """Update blinding factors.
+
+ Computing a blinding factor is expensive, so instead this function
+ does this once, then updates the blinding factor as per section 9
+ of 'A Timing Attack against RSA with the Chinese Remainder Theorem'
+ by Werner Schindler.
+ See https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf
+
+ :return: the new blinding factor and its inverse.
+ """
+
+ with self.mutex:
+ if self.blindfac < 0:
+ # Compute initial blinding factor, which is rather slow to do.
+ self.blindfac = self._initial_blinding_factor()
+ self.blindfac_inverse = rsa.common.inverse(self.blindfac,
self.n)
+ else:
+ # Reuse previous blinding factor.
+ self.blindfac = pow(self.blindfac, 2, self.n)
+ self.blindfac_inverse = pow(self.blindfac_inverse, 2, self.n)
+
+ return self.blindfac, self.blindfac_inverse
class PublicKey(AbstractKey):
"""Represents a public RSA key.
@@ -238,6 +251,7 @@
def __setstate__(self, state: typing.Tuple[int, int]) -> None:
"""Sets the key from tuple."""
self.n, self.e = state
+ AbstractKey.__init__(self, self.n, self.e)
def __eq__(self, other: typing.Any) -> bool:
if other is None:
@@ -413,6 +427,7 @@
def __setstate__(self, state: typing.Tuple[int, int, int, int, int, int,
int, int]) -> None:
"""Sets the key from tuple."""
self.n, self.e, self.d, self.p, self.q, self.exp1, self.exp2,
self.coef = state
+ AbstractKey.__init__(self, self.n, self.e)
def __eq__(self, other: typing.Any) -> bool:
if other is None:
@@ -446,9 +461,10 @@
:rtype: int
"""
- blinded = self.blind(encrypted) # blind before decrypting
+ # Blinding and un-blinding should be using the same factor
+ blinded, blindfac_inverse = self.blind(encrypted)
decrypted = rsa.core.decrypt_int(blinded, self.d, self.n)
- return self.unblind(decrypted)
+ return self.unblind(decrypted, blindfac_inverse)
def blinded_encrypt(self, message: int) -> int:
"""Encrypts the message using blinding to prevent side-channel attacks.
@@ -460,9 +476,9 @@
:rtype: int
"""
- blinded = self.blind(message) # blind before encrypting
+ blinded, blindfac_inverse = self.blind(message)
encrypted = rsa.core.encrypt_int(blinded, self.d, self.n)
- return self.unblind(encrypted)
+ return self.unblind(encrypted, blindfac_inverse)
@classmethod
def _load_pkcs1_der(cls, keyfile: bytes) -> 'PrivateKey':
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/rsa.egg-info/PKG-INFO
new/rsa-4.7.2/rsa.egg-info/PKG-INFO
--- old/rsa-4.7/rsa.egg-info/PKG-INFO 2021-01-10 11:44:44.000000000 +0100
+++ new/rsa-4.7.2/rsa.egg-info/PKG-INFO 2021-02-24 11:54:39.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: rsa
-Version: 4.7
+Version: 4.7.2
Summary: Pure-Python RSA implementation
Home-page: https://stuvel.eu/rsa
Author: Sybren A. Stuvel
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/rsa.egg-info/SOURCES.txt
new/rsa-4.7.2/rsa.egg-info/SOURCES.txt
--- old/rsa-4.7/rsa.egg-info/SOURCES.txt 2021-01-10 11:44:44.000000000
+0100
+++ new/rsa-4.7.2/rsa.egg-info/SOURCES.txt 2021-02-24 11:54:39.000000000
+0100
@@ -2,6 +2,7 @@
MANIFEST.in
README.md
create_timing_table.py
+fileexample.py
setup.cfg
setup.py
rsa/__init__.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/setup.py new/rsa-4.7.2/setup.py
--- old/rsa-4.7/setup.py 2021-01-10 11:34:53.000000000 +0100
+++ new/rsa-4.7.2/setup.py 2021-02-24 11:43:02.000000000 +0100
@@ -25,7 +25,7 @@
if __name__ == '__main__':
setup(name='rsa',
- version='4.7',
+ version='4.7.2',
description='Pure-Python RSA implementation',
long_description=long_description,
long_description_content_type='text/markdown',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/tests/test_key.py
new/rsa-4.7.2/tests/test_key.py
--- old/rsa-4.7/tests/test_key.py 2021-01-10 11:09:07.000000000 +0100
+++ new/rsa-4.7.2/tests/test_key.py 2021-02-15 21:41:12.000000000 +0100
@@ -21,19 +21,19 @@
message = 12345
encrypted = rsa.core.encrypt_int(message, pk.e, pk.n)
- blinded_1 = pk.blind(encrypted) # blind before decrypting
+ blinded_1, unblind_1 = pk.blind(encrypted) # blind before decrypting
decrypted = rsa.core.decrypt_int(blinded_1, pk.d, pk.n)
- unblinded_1 = pk.unblind(decrypted)
+ unblinded_1 = pk.unblind(decrypted, unblind_1)
self.assertEqual(unblinded_1, message)
# Re-blinding should use a different blinding factor.
- blinded_2 = pk.blind(encrypted) # blind before decrypting
+ blinded_2, unblind_2 = pk.blind(encrypted) # blind before decrypting
self.assertNotEqual(blinded_1, blinded_2)
# The unblinding should still work, though.
decrypted = rsa.core.decrypt_int(blinded_2, pk.d, pk.n)
- unblinded_2 = pk.unblind(decrypted)
+ unblinded_2 = pk.unblind(decrypted, unblind_2)
self.assertEqual(unblinded_2, message)
@@ -69,10 +69,9 @@
# This exponent will cause two other primes to be generated.
exponent = 136407
- (p, q, e, d) = rsa.key.gen_keys(64,
- accurate=False,
- getprime_func=getprime,
- exponent=exponent)
+ (p, q, e, d) = rsa.key.gen_keys(
+ 64, accurate=False, getprime_func=getprime, exponent=exponent
+ )
self.assertEqual(39317, p)
self.assertEqual(33107, q)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rsa-4.7/tests/test_load_save_keys.py
new/rsa-4.7.2/tests/test_load_save_keys.py
--- old/rsa-4.7/tests/test_load_save_keys.py 2021-01-10 11:09:07.000000000
+0100
+++ new/rsa-4.7.2/tests/test_load_save_keys.py 2021-02-24 11:40:11.000000000
+0100
@@ -203,6 +203,9 @@
unpickled = pickle.loads(pickled)
self.assertEqual(pk, unpickled)
+ for attr in rsa.key.AbstractKey.__slots__:
+ self.assertTrue(hasattr(unpickled, attr))
+
def test_public_key(self):
pk = rsa.key.PublicKey(3727264081, 65537)
@@ -210,3 +213,5 @@
unpickled = pickle.loads(pickled)
self.assertEqual(pk, unpickled)
+ for attr in rsa.key.AbstractKey.__slots__:
+ self.assertTrue(hasattr(unpickled, attr))
