|
 |
403b09 |
From 88b8163fa5f3b4f01dab588c2b08db9258c55be1 Mon Sep 17 00:00:00 2001
|
|
|
403b09 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
403b09 |
Date: Mon, 5 Sep 2016 15:38:48 +0200
|
|
|
403b09 |
Subject: [PATCH] Use RSA-OAEP instead of RSA PKCS#1 v1.5
|
|
|
403b09 |
|
|
|
403b09 |
jwcrypto's RSA1-5 (PKCS#1 v1.5) is vulnerable to padding oracle
|
|
|
403b09 |
side-channel attacks. OAEP (PKCS#1 v2.0) is a safe, more modern
|
|
|
403b09 |
alternative.
|
|
|
403b09 |
|
|
|
403b09 |
https://fedorahosted.org/freeipa/ticket/6278
|
|
|
403b09 |
|
|
|
403b09 |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
403b09 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
403b09 |
---
|
|
|
403b09 |
ipapython/secrets/client.py | 2 +-
|
|
|
403b09 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
403b09 |
|
|
|
403b09 |
diff --git a/ipapython/secrets/client.py b/ipapython/secrets/client.py
|
|
|
403b09 |
index 56ed6f7944c46393ed225cde1b5e0bb80fe6bef0..d9cc7d0f5b066dfd8efba480feb5f271ed1ebe83 100644
|
|
|
403b09 |
--- a/ipapython/secrets/client.py
|
|
|
403b09 |
+++ b/ipapython/secrets/client.py
|
|
|
403b09 |
@@ -86,7 +86,7 @@ class CustodiaClient(object):
|
|
|
403b09 |
url = 'https://%s/ipa/keys/%s' % (self.server, keyname)
|
|
|
403b09 |
|
|
|
403b09 |
# Prepare signed/encrypted request
|
|
|
403b09 |
- encalg = ('RSA1_5', 'A256CBC-HS512')
|
|
|
403b09 |
+ encalg = ('RSA-OAEP', 'A256CBC-HS512')
|
|
|
403b09 |
request = self.kemcli.make_request(keyname, encalg=encalg)
|
|
|
403b09 |
|
|
|
403b09 |
# Prepare Authentication header
|
|
|
403b09 |
--
|
|
|
403b09 |
2.7.4
|
|
|
403b09 |
|