diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-07-13 20:15:04 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-08-02 14:44:45 +0300 |
commit | 7323f5c20efb59424d853c822e7a26d1aa3e84aa (patch) | |
tree | 7084b291c0e0b080d331d31f397fa5cbe3f7c129 /src/saml2/server.py | |
parent | d5e4e1b386306fb1e4118ae7bdf52a459328a18f (diff) | |
download | pysaml2-7323f5c20efb59424d853c822e7a26d1aa3e84aa.tar.gz |
Always generate a random IV for AES operations
Quoting @obi1kenobi:
> Initialization vector reuse like this is a security concern, since it leaks
> information about the encrypted data to attackers, regardless of the
> encryption mode used.
> Instead of relying on a fixed, randomly-generated IV, it would be better to
> randomly-generate a new IV for every encryption operation.
Breaks AESCipher ECB support
Reported as CVE-2017-1000246
Fixes #417
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'src/saml2/server.py')
-rw-r--r-- | src/saml2/server.py | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/src/saml2/server.py b/src/saml2/server.py index 0e7e0403..0a2943f2 100644 --- a/src/saml2/server.py +++ b/src/saml2/server.py @@ -83,12 +83,9 @@ class Server(Entity): self.init_config(stype) self.cache = cache self.ticket = {} - # self.session_db = self.choose_session_storage() - # Needed for self.symkey = symkey self.seed = rndstr() - self.iv = os.urandom(16) self.lock = threading.Lock() def getvalid_certificate_str(self): |