--- /dev/null
+From 688e0f673bfbf43fa898994326c6877f00ab19ef Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Tue, 17 Jul 2018 10:47:57 +0800
+Subject: [PATCH] disallow implicit tag truncation with finalize_with_tag
+
+Pull request: https://github.com/pyca/cryptography/pull/4342
+
+---
+ docs/hazmat/primitives/symmetric-encryption.rst | 1 +
+ .../hazmat/backends/openssl/ciphers.py | 5 +++++
+ .../hazmat/primitives/ciphers/modes.py | 1 +
+ tests/hazmat/primitives/test_aes.py | 16 ++++++++++++++++
+ 5 files changed, 28 insertions(+)
+
+diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
+index 5ebcca754d..5b60009027 100644
+--- a/docs/hazmat/primitives/symmetric-encryption.rst
++++ b/docs/hazmat/primitives/symmetric-encryption.rst
+@@ -670,6 +670,7 @@ Interfaces
+ :raises ValueError: This is raised when the data provided isn't
+ a multiple of the algorithm's block size, if ``min_tag_length`` is
+ less than 4, or if ``len(tag) < min_tag_length``.
++ ``min_tag_length`` is an argument to the ``GCM`` constructor.
+ :raises NotImplementedError: This is raised if the version of the
+ OpenSSL backend used is 1.0.1 or earlier.
+
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 462ffea251..e0ee06ee26 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -199,6 +199,11 @@ def finalize_with_tag(self, tag):
+ "finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
+ "method please update OpenSSL"
+ )
++ if len(tag) < self._mode._min_tag_length:
++ raise ValueError(
++ "Authentication tag must be {0} bytes or longer.".format(
++ self._mode._min_tag_length)
++ )
+ res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
+ self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
+ len(tag), tag
+diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py
+index 598dfaa4a4..543015fef7 100644
+--- a/src/cryptography/hazmat/primitives/ciphers/modes.py
++++ b/src/cryptography/hazmat/primitives/ciphers/modes.py
+@@ -220,6 +220,7 @@ def __init__(self, initialization_vector, tag=None, min_tag_length=16):
+ min_tag_length)
+ )
+ self._tag = tag
++ self._min_tag_length = min_tag_length
+
+ tag = utils.read_only_property("_tag")
+ initialization_vector = utils.read_only_property("_initialization_vector")
+diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
+index d6f83ebc28..4ceccf1553 100644
+--- a/tests/hazmat/primitives/test_aes.py
++++ b/tests/hazmat/primitives/test_aes.py
+@@ -439,3 +439,19 @@ def test_gcm_tag_decrypt_finalize(self, backend):
+ decryptor.finalize()
+ else:
+ decryptor.finalize_with_tag(tag)
++
++ @pytest.mark.supported(
++ only_if=lambda backend: (
++ not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
++ backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
++ ),
++ skip_message="Not supported on OpenSSL 1.0.1",
++ )
++ def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
++ decryptor = base.Cipher(
++ algorithms.AES(b"0" * 16),
++ modes.GCM(b"0" * 12),
++ backend=backend
++ ).decryptor()
++ with pytest.raises(ValueError):
++ decryptor.finalize_with_tag(b"tagtooshort")
projects / feed / packages.git / commitdiff