diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-17 21:49:03 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-17 09:49:03 -0400 |
commit | d4378e42937b56f473ddade2667f919ce32208cb (patch) | |
tree | f2374c70935a8b64e3b13d2d89314675d71cdeee /CHANGELOG.rst | |
parent | c574e7554c7aa27c56f6478258a4e18f79457652 (diff) | |
download | cryptography-d4378e42937b56f473ddade2667f919ce32208cb.tar.gz cryptography-d4378e42937b56f473ddade2667f919ce32208cb.tar.bz2 cryptography-d4378e42937b56f473ddade2667f919ce32208cb.zip |
disallow implicit tag truncation with finalize_with_tag (#4342)
Diffstat (limited to 'CHANGELOG.rst')
-rw-r--r-- | CHANGELOG.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c8db7e7d..5ac43d0d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,11 @@ Changelog .. note:: This version is not yet released and is under active development. +* **SECURITY ISSUE:** + :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag` + allowed tag truncation by default which can allow tag forgery in some cases. + The method now enforces the ``min_tag_length`` provided to the + :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor. * Added support for Python 3.7. * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the authenticated timestamp of a :doc:`Fernet </fernet>` token. |