Bug 1103566 - python-crypto2.6 breaks ansible in epel repository
Summary: python-crypto2.6 breaks ansible in epel repository
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: python-crypto2.6
Version: el6
Hardware: Unspecified
OS: Linux
Target Milestone: ---
Assignee: Fedora Infrastructure SIG
QA Contact: Fedora Extras Quality Assurance
URL: https://github.com/ansible/ansible/is...
Depends On:
TreeView+ depends on / blocked
Reported: 2014-06-02 04:44 UTC by Rob K
Modified: 2015-03-01 21:59 UTC (History)
6 users (show)

Fixed In Version: python-crypto2.6-2.6.1-2.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-03-01 21:59:52 UTC
Type: ---

Attachments (Terms of Use)
Clarify warning message about older version of libgmp (828 bytes, patch)
2014-12-31 02:44 UTC, Toshio Ernie Kuratomi
no flags Details | Diff

Description Rob K 2014-06-02 04:44:04 UTC
User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Build Identifier: 

pycrypto26 package in epel is built against the gmp-devel 4.3.x package provided in base. Unfortunately, this means that ansible in epel will error out thus:

/usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6-linux-x86_64.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

See the included ansible bug report

Reproducible: Always

Steps to Reproduce:

    fresh install of centos 6.5
    rpm -ivh http://url/to/epel-release
    yum -y install ansible --enablerepo='epel*'
    create localhost ssh key and authorized keys
    install goozbach.EPEL galaxy role

    create following playbook:

    - name: master playbook
      hosts: all
      user: root
        - { role: goozbach.EPEL, epel_enabled: 1, epel_testing_enabled: 1 }

    run your ansible playbook

Actual Results:  
[root@vagrant-centos-6_4 ansible]# ansible-playbook site.yml
/usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6-linux-x86_64.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

Expected Results:  
Pycrypto shouldn't show warning message.

This bug is a blocker for using ansible from epel in any way.

Comment 1 Toshio Kuratomi 2014-07-29 18:51:54 UTC
Note -- it's not erroring out, just a warning.

Is there an updated gmp available in RHEL/EPEL to build against?

Comment 2 Bill Nottingham 2014-07-29 19:17:12 UTC
mpz_powm_sec was added in gmp5, so not for RHEL 6 unless it's decided to add it there as an additional ABI.

Comment 3 Toshio Ernie Kuratomi 2014-11-15 15:47:16 UTC
So, infra  sig, you own this package now.  I see several ways to proceed.

* Decide that the version of gmp isn't something we control and therefore close this as CANTFIX.  I've looked at the code and the warning actually means that python-crypto is not going to use gmp because of timing attacks.  It instead falls back on "slowmath" -- implementations of isPrime() and getStrongPrime() in pure python instead of in C.  So python-crypto2.6 is not insecure on RHEL6 - it simply is slower than it is on a distro which has a newer gmp available.  The drawback to doing nothing is that users see the warning about a "vulnerability" and think that their code is insecure because of the old gmp.

* Patch the warning out of the code because of the above analysis.  This package is primarily here for ansible vault in epel6.  The crypto routines are "fast enough" for ansible vault's purposes and most end users aren't going to read the warning and then compile their own gmp and python-crypto2.6.  Therefore, don't scare the users.  The drawback is if someone is evaluating python-crypto2.6 (or ansible-vault in a non-standard workload) and decides that it is too slow, not knowing that it's because of the gmp version on their OS that's causing it.

* Patch the warning to be more clear.  Something like:

    _warn("mpz_powm_sec in libgmp < 5 is vulnerable to timing attacks.  Using non-vulnerable pure-python fallback.  Recompile pycrypto against libgmp >= 5 to use faster routines.",  PowmInsecureWarning)

* Create a gmp forward compat package for EPEL6 and link against this.  It looks like the SONAME of the current Fedora package is different than that of the RHEL6 gmp so that portion is possible.  The package also contains a libgmpxx library which has not changed sonames.  This support library is only needed for building programs which use a C++ compiler to link to gmp.  We could place it in a different directory or omit it.  The header files for gmp are placed directly into /usr/include.  We'd need to place those into a versioned subdirectory and then patch build files to look in that subdirectory for header files.

* Patch the code to use fastmath with or without a warning.  The primary purpose of this forward compat library is to support ansible-vault.  In standard command line usage, the user will have access to any vault files that are present.  Therefore, they can simply copy the files to their own host to attack rather than relying on a timing attack on our systems to give them information about how close their attempted password is to the password used to encrypt the files.  I do not advise this option as we don't know who else might be using python-crypto2.6 on their own home-built applications where a timing attack would be important.

If this was still my package I'd probably patch the warning to be more clear unless someone else decided to build and maintain a forward compat libgmp in EPEL6.

Comment 4 Kevin Fenzi 2014-11-15 16:37:15 UTC
I am completely happy to adjust the warning to be more clear. 

Hopefully also upstream would take a PR to do so in the next release? (It should apply anywhere I would think).

Comment 5 Toshio Ernie Kuratomi 2014-12-31 02:43:48 UTC
Made an upstream Pull Request: https://github.com/dlitz/pycrypto/pull/111

Will attach patch here.

Comment 6 Toshio Ernie Kuratomi 2014-12-31 02:44:28 UTC
Created attachment 974672 [details]
Clarify warning message about older version of libgmp

Comment 7 Fedora Update System 2015-02-13 21:41:54 UTC
python-crypto2.6-2.6.1-2.el6 has been submitted as an update for Fedora EPEL 6.

Comment 8 Toshio Ernie Kuratomi 2015-02-13 21:48:51 UTC
I took another look at this today and found that I was wrong about precisely when the fallback code is invoked.  It looks like the fallback occurs when the C extension is unable to be loaded.  If the C extension is importable the code just will use it even if libgmp does not provide the secure function.

The package I've just pushed removes the _fastmath C extension so that the code will properly fallback on the slower but non-vulnerable python code.  Please test that it works.

Comment 9 Fedora Update System 2015-02-14 02:52:02 UTC
Package python-crypto2.6-2.6.1-2.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing python-crypto2.6-2.6.1-2.el6'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2015-03-01 21:59:52 UTC
python-crypto2.6-2.6.1-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.