#6278 Use OAEP padding with custodia (to avoid CVE-2016-6298)
Closed: Fixed None Opened 2 years ago by mbasti.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1371901

Description of problem:

A security in python-jwcrypto was found. The jwcrypto implementation of the
RSA1_5 algorithm is vulnerable to the Million Message Attack described in RFC
3128. RSA with PKCS1v1.5 is used by Custodia and ipapython.secrets

Version-Release number of selected component (if applicable):
<= 0.3

Additional info:
Upstream bug report: https://github.com/latchset/jwcrypto/pull/66
Upstream fix: https://github.com/latchset/jwcrypto/pull/66

PR https://github.com/tiran/freeipa/tree/issue6278_rsa_oaep changes FreeIPA's Custodia KEM client to use RSA-OAEP rather than PKCS1v15 padding. The patch should be applied to 4.3, 4.4 and master.


  • 4ae4d0d Use RSA-OAEP instead of RSA PKCS#1 v1.5


  • 71e7cb1 Use RSA-OAEP instead of RSA PKCS#1 v1.5


  • 2e27b70 Use RSA-OAEP instead of RSA PKCS#1 v1.5

Changing ticket summary to match what was really fixed

Metadata Update from @mbasti:
- Issue assigned to cheimes
- Issue set to the milestone: FreeIPA 4.3.3

2 years ago

Login to comment on this ticket.