mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-01 18:42:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

dev-python/rsa: delete unnecessary package

Browse Source
This commit is contained in:
Dongsu Park 2021-09-02 17:33:50 +02:00
parent 6f44bbc88a
commit 7e019a57c3
5 changed files with 0 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/portage-stable/dev-python/rsa/Manifest vendored
View File

@ -1,2 +0,0 @@
DIST rsa-3.2.3.tar.gz 35628 SHA256 14db288cc40d6339dedf60d7a47053ab004b4a8976a5c59402a211d8fc5bf21f SHA512 52b33e0278e6e1fed64b1cdebed29f7caa31fae733c2d5875e6cba5a045aaa829616799d8de84fdb63c546780dbdafcabf1f85f25930b8e663861151479ef7e2 WHIRLPOOL 5814f912849bed4f98f8bef20dcf2fb9b28af70b970f324cadab90f0c67ff42c32792f7a6306edf1884d4cf6fe35d27f47c833358c2d03c582faba60fba1490d
DIST rsa-3.4.2.tar.gz 40956 SHA256 25df4e10c263fb88b5ace923dd84bf9aa7f5019687b5e55382ffcdb8bede9db5 SHA512 62b0ff31fb3b9c18ae65bd102329e69726b853560576b1b66b9b89b26d3ff79154239af7e7a581b6a27c7017cc013f738762cd9662777ef594cc11c5b1f8e267 WHIRLPOOL d8d51f7ffc47af5fbc48199860171c38fe6f08b5a510bfed20513c22df8a614565703c9d89939ff1092a7c6392fbdef8bacf41cc839a9943b120b1fa4cf8d496

104
sdk_container/src/third_party/portage-stable/dev-python/rsa/files/rsa-3.2.3-CVE-2016-1494.patch vendored
View File

@ -1,104 +0,0 @@
# HG changeset patch
# User Filippo Valsorda <hi@filippo.io>
# Date 1450226563 0
# Node ID 0cbcc529926afd61c6df4f50cfc29971beafd2c2
# Parent 2baab06c8b867b01ec82b02118d4872a931a0437
Fix BB'06 attack in verify() by switching from parsing to comparison
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
--- a/rsa/pkcs1.py
+++ b/rsa/pkcs1.py
@@ -22,10 +22,10 @@
At least 8 bytes of random padding is used when encrypting a message. This makes
these methods much more secure than the ones in the ``rsa`` module.
-WARNING: this module leaks information when decryption or verification fails.
-The exceptions that are raised contain the Python traceback information, which
-can be used to deduce where in the process the failure occurred. DO NOT PASS
-SUCH INFORMATION to your users.
+WARNING: this module leaks information when decryption fails. The exceptions
+that are raised contain the Python traceback information, which can be used to
+deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION
+to your users.
'''
import hashlib
@@ -288,37 +288,23 @@
:param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message.
:raise VerificationError: when the signature doesn't match the message.
- .. warning::
-
- Never display the stack trace of a
- :py:class:`rsa.pkcs1.VerificationError` exception. It shows where in
- the code the exception occurred, and thus leaks information about the
- key. It's only a tiny bit of information, but every bit makes cracking
- the keys easier.
-
'''
- blocksize = common.byte_size(pub_key.n)
+ keylength = common.byte_size(pub_key.n)
encrypted = transform.bytes2int(signature)
decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n)
- clearsig = transform.int2bytes(decrypted, blocksize)
-
- # If we can't find the signature marker, verification failed.
- if clearsig[0:2] != b('\x00\x01'):
- raise VerificationError('Verification failed')
+ clearsig = transform.int2bytes(decrypted, keylength)
- # Find the 00 separator between the padding and the payload
- try:
- sep_idx = clearsig.index(b('\x00'), 2)
- except ValueError:
- raise VerificationError('Verification failed')
-
- # Get the hash and the hash method
- (method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:])
+ # Get the hash method
+ method_name = _find_method_hash(clearsig)
message_hash = _hash(message, method_name)
- # Compare the real hash to the hash in the signature
- if message_hash != signature_hash:
+ # Reconstruct the expected padded hash
+ cleartext = HASH_ASN1[method_name] + message_hash
+ expected = _pad_for_signing(cleartext, keylength)
+
+ # Compare with the signed one
+ if expected != clearsig:
raise VerificationError('Verification failed')
return True
@@ -351,24 +337,20 @@
return hasher.digest()
-def _find_method_hash(method_hash):
- '''Finds the hash method and the hash itself.
+def _find_method_hash(clearsig):
+ '''Finds the hash method.
- :param method_hash: ASN1 code for the hash method concatenated with the
- hash itself.
+ :param clearsig: full padded ASN1 and hash.
- :return: tuple (method, hash) where ``method`` is the used hash method, and
- ``hash`` is the hash itself.
+ :return: the used hash method.
:raise VerificationFailed: when the hash method cannot be found
'''
for (hashname, asn1code) in HASH_ASN1.items():
- if not method_hash.startswith(asn1code):
- continue
-
- return (hashname, method_hash[len(asn1code):])
+ if asn1code in clearsig:
+ return hashname
raise VerificationError('Verification failed')

11
sdk_container/src/third_party/portage-stable/dev-python/rsa/metadata.xml vendored
View File

@ -1,11 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>python@gentoo.org</email>
<name>Python</name>
</maintainer>
<upstream>
<remote-id type="pypi">rsa</remote-id>
</upstream>
</pkgmetadata>

37
sdk_container/src/third_party/portage-stable/dev-python/rsa/rsa-3.2.3-r1.ebuild vendored
View File

@ -1,37 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=5
PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
inherit distutils-r1
DESCRIPTION="Pure-Python RSA implementation"
HOMEPAGE="http://stuvel.eu/rsa https://pypi.python.org/pypi/rsa"
SRC_URI="mirror://pypi/${P:0:1}/${PN}/${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="amd64 arm x86"
IUSE="test"
RDEPEND="
>=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
dev-python/traceback2[${PYTHON_USEDEP}]
"
DEPEND="${RDEPEND}
>=dev-python/setuptools-0.6.10[${PYTHON_USEDEP}]
test? (
dev-python/nose[${PYTHON_USEDEP}]
dev-python/unittest2[${PYTHON_USEDEP}]
)
"
PATCHES=(
"${FILESDIR}"/${P}-CVE-2016-1494.patch
)
python_test() {
nosetests --verbose || die
}

33
sdk_container/src/third_party/portage-stable/dev-python/rsa/rsa-3.4.2.ebuild vendored
View File

@ -1,33 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=5
PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
inherit distutils-r1
DESCRIPTION="Pure-Python RSA implementation"
HOMEPAGE="http://stuvel.eu/rsa https://pypi.python.org/pypi/rsa"
SRC_URI="mirror://pypi/${P:0:1}/${PN}/${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~x86"
IUSE="test"
RDEPEND="
>=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
dev-python/traceback2[${PYTHON_USEDEP}]
"
DEPEND="${RDEPEND}
>=dev-python/setuptools-0.6.10[${PYTHON_USEDEP}]
test? (
dev-python/nose[${PYTHON_USEDEP}]
dev-python/unittest2[${PYTHON_USEDEP}]
)
"
python_test() {
nosetests --verbose || die
}