~mcepl/m2crypto#217: 
BIO error after catching RSAError

Migrated from: https://gitlab.com/m2crypto/m2crypto/-/issues/217
Created by: David Davis (@daviddavis)
Created at: 2018-05-24T12:00:05.095Z

This code fails unexpectedly when you reach the last line:

from M2Crypto import RSA, BIO

RSA_PUB = """                                                                                           
-----BEGIN PUBLIC KEY-----                                                                              
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbZu3/ml//XLdb+n8fMklr3Ckp                                        
BYfIqYFGQzcfDyIBGJUrWZRQgwkQn2P9J8QgVyNSrByFN1DbEJvrY9Lo6kzqy8fl                                        
h9Ws1GKMRfqJZk99/Zae/Wbn9dQqa9EYrMZR3pO5UMmpSRFzZNTWEvmP4WAP4fqu                                        
e1VQJiUwXnMkTSO7cQIDAQAB                                                                                
-----END PUBLIC KEY-----                                                                                
"""

OTHER_KEY = """                                                                                         
-----BEGIN RSA PRIVATE KEY-----                                                                         
MIICXQIBAAKBgQDcx31TTh+mcm7v3NtQrkfHL5KgRXv7uDCLI56vULYSp5HtC9F9                                        
Jph2DT8l/XVXj0L5WMPP12VRZkmmgR9LDF5iHXnWE47Dy/6Midz4KIV1Vx7O/LdX                                        
btzq0lYRcaEofZPSfapf7hpNMhl3G5ioUvXp6vbh9EbGLetdXeVeqii53QIDAQAB                                        
AoGBAMiLBJIJIsLEq3SB/01YIacS1XNz6l0KQD4DCv9gpyJmyCy0UYQG7PI+sh/G                                        
DTKN1V49fRBsLYI1Ea2HGG/JOmjhQOxjz/F1jAMbQfeTXhu/JVYlhDgOK3nC+DnF                                        
jmJ2FfqUxr/eE87IzUF5Qm4TVffKwCSaxQ3u3xkbk9+oBkMBAkEA8OVxcTyKmgho                                        
9hk0PHPuFIeWAgKf5015oLUZPPeYYeACiZGUnvP1BdiO9QpZyIPaEiySDb2jv0ZR                                        
kJpHW7qpPQJBAOqfJ3Q+6v/u9pKmjcH8kEtIB8Mtnm5WIs4cLhlChI4xbm1Gawvp                                        
Lly6GSNUvsFVxyaMrqaMQxtKdHg4MtZxHSECQBpVOn1iXNRRrweX4bnqAlCEMcWu                                        
e8RRF8aVhVjAyAuK7TwUieaGTHaDIb1vkDj3ENODw8N0w32ZNjlUZBCG6xECQETP                                        
ms2wKlIXrr+CE69iOJurq4Ml3QJ1Rs32W9rStHfTrZRlA75BjHRrrDW9hBjF5Ju8                                        
xPhZyNC3PIOJz/cuw6ECQQCbfqV4YWiW0j2t/dotJjA0S/QdQYJcUbo/kNUar65v                                        
ZdgAs+Krt4gDkn34BF5009pZf0IBANSPMeqvw4BWr3G4                                                            
-----END RSA PRIVATE KEY-----                                                                           
"""

pub_key = RSA.load_pub_key_bio(BIO.MemoryBuffer(RSA_PUB))
priv_key = RSA.load_key_bio(BIO.MemoryBuffer(OTHER_KEY))
message = 'hello'

try:
    pub_key.verify(message, priv_key.sign("message"))
except RSA.RSAError:
    print("This is expected")

# this fails unexpectedly
bio = BIO.MemoryBuffer("")

I'm on Python 2.7.15 with m2crypto-0.28.2-2.fc27.x86_64:

$ python m2crypto_test.py 
This is expected
Traceback (most recent call last):
  File "m2crypto_test.py", line 40, in <module>
    bio = BIO.MemoryBuffer("")
  File "/usr/lib64/python2.7/site-packages/M2Crypto/BIO.py", line 191, in __init__
    m2.bio_write(self.bio, data)
M2Crypto.BIO.BIOError: padding check failed

Note that if I call BIO.MemoryBuffer("") before the key.verify(), I don't get an error.

Status
REPORTED
Submitter
~mcepl
Assigned to
No-one
Submitted
7 months ago
Updated
7 months ago
Labels
No labels applied.

~mcepl referenced this from #95 7 months ago

~mcepl referenced this from #204 7 months ago

~mcepl 7 months ago

On 2018-05-28T05:13:42.311Z, Matěj Cepl wrote:

I wonder how much this bug is related to this comment and whole issue #204 :

I suspect the m2crypto code in this example does raw (aka textbook) RSA.
We don’t support that at this time as it is extremely insecure.

(Last edited at 2018-05-28T05:13:54.733Z.)

~mcepl 7 months ago

On 2018-06-20T18:36:19.893Z, Daniel Alley wrote:

@mcepl Could you expand on that? I don't see the significance.

Why does verify(message, priv_key.sign("message")) cause side effects which cause MemoryBuffer("") to fail? And if this is something that we should avoid doing, what would you recommend we do instead?

~mcepl 7 months ago

On 2018-06-20T20:29:34.978Z, Matěj Cepl wrote:

Why does verify(message, priv_key.sign("message")) cause side effects which cause MemoryBuffer("") to fail? And if this is something that we should avoid doing, what would you recommend we do instead?

Error handling in OpenSSL is done by setting the number of error (and the error message) to the global variable, which needs to be cleared explicitly. If we have done something wrong in verify, we can leave the goo in those variables, which show up later (for some unrelated error, not all errors set both variables).

Unfortunately, I am fresh in new job and I have hard time to keep up with my new work, so I would a way prefer merge request to me diving into the code again. I am sorry about that.

~mcepl 7 months ago

On 2018-06-25T20:07:56.100Z, Daniel Alley wrote:

My C knowledge is not good, but fwiw I believe this is the same issue and it contains more detail about what is going on / how best to fix it.

https://gitlab.com/m2crypto/m2crypto/issues/95

Register here or Log in to comment, or comment via email.