34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
$OpenBSD: patch-beaker_crypto_pycrypto_py,v 1.1 2012/08/20 14:38:10 jasper Exp $
|
|
|
|
Security fix for CVE-2012-3458, py-beaker weak use of crypto can
|
|
leak information to remote attackers.
|
|
|
|
Patch from: https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
|
|
|
|
--- beaker/crypto/pycrypto.py.orig Mon Aug 20 16:30:05 2012
|
|
+++ beaker/crypto/pycrypto.py Mon Aug 20 16:31:37 2012
|
|
@@ -15,17 +15,19 @@ try:
|
|
|
|
except ImportError:
|
|
from Crypto.Cipher import AES
|
|
+ from Crypto.Util import Counter
|
|
|
|
def aesEncrypt(data, key):
|
|
- cipher = AES.new(key)
|
|
+ cipher = AES.new(key, AES.MODE_CTR,
|
|
+ counter=Counter.new(128, initial_value=0))
|
|
|
|
- data = data + (" " * (16 - (len(data) % 16)))
|
|
return cipher.encrypt(data)
|
|
|
|
def aesDecrypt(data, key):
|
|
- cipher = AES.new(key)
|
|
+ cipher = AES.new(key, AES.MODE_CTR,
|
|
+ counter=Counter.new(128, initial_value=0))
|
|
|
|
- return cipher.decrypt(data).rstrip()
|
|
+ return cipher.decrypt(data)
|
|
|
|
def getKeyLength():
|
|
return 32
|