Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-python/cryptography/files/CVE-2018-10903.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/cryptography/files/CVE-2018-10903.patch')
-rw-r--r--dev-python/cryptography/files/CVE-2018-10903.patch76
1 files changed, 0 insertions, 76 deletions
diff --git a/dev-python/cryptography/files/CVE-2018-10903.patch b/dev-python/cryptography/files/CVE-2018-10903.patch
deleted file mode 100644
index 1133405fb93d..000000000000
--- a/dev-python/cryptography/files/CVE-2018-10903.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 688e0f673bfbf43fa898994326c6877f00ab19ef Mon Sep 17 00:00:00 2001
-From: Paul Kehrer <paul.l.kehrer@gmail.com>
-Date: Tue, 17 Jul 2018 10:47:57 +0800
-Subject: [PATCH] disallow implicit tag truncation with finalize_with_tag
-
----
- docs/hazmat/primitives/symmetric-encryption.rst | 1 +
- src/cryptography/hazmat/backends/openssl/ciphers.py | 5 +++++
- src/cryptography/hazmat/primitives/ciphers/modes.py | 1 +
- tests/hazmat/primitives/test_aes.py | 16 ++++++++++++++++
- 5 files changed, 28 insertions(+)
-
-diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
-index 5ebcca754..5b6000902 100644
---- a/docs/hazmat/primitives/symmetric-encryption.rst
-+++ b/docs/hazmat/primitives/symmetric-encryption.rst
-@@ -670,6 +670,7 @@ Interfaces
- :raises ValueError: This is raised when the data provided isn't
- a multiple of the algorithm's block size, if ``min_tag_length`` is
- less than 4, or if ``len(tag) < min_tag_length``.
-+ ``min_tag_length`` is an argument to the ``GCM`` constructor.
- :raises NotImplementedError: This is raised if the version of the
- OpenSSL backend used is 1.0.1 or earlier.
-
-diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
-index 462ffea25..e0ee06ee2 100644
---- a/src/cryptography/hazmat/backends/openssl/ciphers.py
-+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
-@@ -199,6 +199,11 @@ def finalize_with_tag(self, tag):
- "finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
- "method please update OpenSSL"
- )
-+ if len(tag) < self._mode._min_tag_length:
-+ raise ValueError(
-+ "Authentication tag must be {0} bytes or longer.".format(
-+ self._mode._min_tag_length)
-+ )
- res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
- self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
- len(tag), tag
-diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py
-index 598dfaa4a..543015fef 100644
---- a/src/cryptography/hazmat/primitives/ciphers/modes.py
-+++ b/src/cryptography/hazmat/primitives/ciphers/modes.py
-@@ -220,6 +220,7 @@ def __init__(self, initialization_vector, tag=None, min_tag_length=16):
- min_tag_length)
- )
- self._tag = tag
-+ self._min_tag_length = min_tag_length
-
- tag = utils.read_only_property("_tag")
- initialization_vector = utils.read_only_property("_initialization_vector")
-diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
-index d6f83ebc2..4ceccf155 100644
---- a/tests/hazmat/primitives/test_aes.py
-+++ b/tests/hazmat/primitives/test_aes.py
-@@ -439,3 +439,19 @@ def test_gcm_tag_decrypt_finalize(self, backend):
- decryptor.finalize()
- else:
- decryptor.finalize_with_tag(tag)
-+
-+ @pytest.mark.supported(
-+ only_if=lambda backend: (
-+ not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
-+ backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-+ ),
-+ skip_message="Not supported on OpenSSL 1.0.1",
-+ )
-+ def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
-+ decryptor = base.Cipher(
-+ algorithms.AES(b"0" * 16),
-+ modes.GCM(b"0" * 12),
-+ backend=backend
-+ ).decryptor()
-+ with pytest.raises(ValueError):
-+ decryptor.finalize_with_tag(b"tagtooshort")