openGauss-third_party/dependency/cryptography/CVE-2023-50782.patch-代码预览-openGauss-third_party:基于开源生态的数据库依赖编译项目 - AtomGit

Miyanocve-2023-50782 repair
From e61e2f4964d13e38954fc626b5bf727eccbdd10b Mon Sep 17 00:00:00 2001
From: shixuantong <shixuantong1@huawei.com>
Date: Wed, 2 Jul 2025 10:52:10 +0800
Subject: [PATCH] disable RSA PKCS#1v1.5 padding

---
 src/cryptography/hazmat/backends/openssl/rsa.py | 2 ++
 tests/hazmat/primitives/test_rsa.py             | 8 +++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 82cd49c..798bb54 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -104,6 +104,8 @@ def _enc_dec_rsa_pkey_ctx(
     init: typing.Callable[[typing.Any], int]
     crypt: typing.Callable[[typing.Any, typing.Any, int, bytes, int], int]
+    if isinstance(padding, PKCS1v15):
+        raise ValueError("RSA PKCS#1v1.5 has security problems and it has been banned.")
     if isinstance(key, _RSAPublicKey):
         init = backend._lib.EVP_PKEY_encrypt_init
         crypt = backend._lib.EVP_PKEY_encrypt

diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 61c4815..03852b0 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -1769,8 +1769,9 @@ class TestRSADecryption(object):
                 ).private_key(backend, unsafe_skip_rsa_key_validation=True)
                 ciphertext = binascii.unhexlify(example["encryption"])
                 assert len(ciphertext) == (skey.key_size + 7) // 8
-                message = skey.decrypt(ciphertext, padding.PKCS1v15())
-                assert message == binascii.unhexlify(example["message"])
+                with pytest.raises(ValueError, match="RSA PKCS#1v1.5 has security problems and it has been banned."):
+                    message = skey.decrypt(ciphertext, padding.PKCS1v15())
+                    assert message == binascii.unhexlify(example["message"])

     def test_unsupported_padding(
         self, rsa_key_2048: rsa.RSAPrivateKey, backend
@@ -2107,11 +2108,12 @@ def test_rsa_encrypt_pkcs1v15(self, key_data, pad, backend):
         _check_fips_key_length(backend, private_key)
         pt = b"encrypt me!"
         public_key = private_key.public_key()
-        ct = public_key.encrypt(pt, pad)
-        assert ct != pt
-        assert len(ct) == (public_key.key_size + 7) // 8
-        recovered_pt = private_key.decrypt(ct, pad)
-        assert recovered_pt == pt
+        with pytest.raises(ValueError, match="RSA PKCS#1v1.5 has security problems and it has been banned."):
+            ct = public_key.encrypt(pt, pad)
+            assert ct != pt
+            assert len(ct) == (public_key.key_size + 7) // 8
+            recovered_pt = private_key.decrypt(ct, pad)
+            assert recovered_pt == pt

     @pytest.mark.parametrize(
         ("key_data", "pad"),
-- 
2.27.0