1602752 – Possible tag truncation security bug in AEAD API

Bug 1602752 - Possible tag truncation security bug in AEAD API

Summary: Possible tag truncation security bug in AEAD API

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	python-cryptography
Sub Component:
Version:	28
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Jeremy Cline
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1602755
TreeView+	depends on / blocked

Reported:	2018-07-18 12:24 UTC by Christian Heimes
Modified:	2018-07-31 17:10 UTC (History)
CC List:	7 users (show)
Fixed In Version:	python-cryptography-2.3-1.fc28 python-cryptography-2.3-1.fc27
Clone Of:
Clones:	1602755 (view as bug list)
Environment:
Last Closed:	2018-07-22 03:03:54 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	/pyca cryptography pull 4342	0	None	None	None	2018-07-18 12:24:57 UTC

Description Christian Heimes 2018-07-18 12:24:57 UTC

Description of problem:
The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Version-Release number of selected component (if applicable):
All versions between >=1.9.0 and <2.3
* python-cryptography-2.0.2-4.fc27
* python-cryptography-2.2.1-1.fc28
* python-cryptography-2.2.1-3.fc29

EL7 only contains python-cryptography-1.7.2-1.el7_4.1, so it's not affected.

How reproducible:
always

Additional info:
The issue was fixed by PR https://github.com/pyca/cryptography/pull/4342 and in upstream release 2.3 (released today). The security issue is already public knowledge.

Comment 1 Fedora Update System 2018-07-18 14:15:58 UTC

python-cryptography-2.3-1.fc28 python-cryptography-vectors-2.3-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9fe5e183e

Comment 2 Fedora Update System 2018-07-18 14:16:07 UTC

python-cryptography-2.3-1.fc27 python-cryptography-vectors-2.3-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-06c24068c6

Comment 3 Fedora Update System 2018-07-19 17:29:25 UTC

python-cryptography-2.3-1.fc27, python-cryptography-vectors-2.3-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-06c24068c6

Comment 4 Fedora Update System 2018-07-19 20:20:40 UTC

python-cryptography-2.3-1.fc28, python-cryptography-vectors-2.3-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9fe5e183e

Comment 5 Fedora Update System 2018-07-22 03:03:54 UTC

python-cryptography-2.3-1.fc28, python-cryptography-vectors-2.3-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2018-07-31 17:10:38 UTC

python-cryptography-2.3-1.fc27, python-cryptography-vectors-2.3-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.