Ubuntu
python-scrypt package

[MIR] python-scrypt, python-bcrypt

Bug #1695899 reported by James Page
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-bcrypt (Ubuntu)
Fix Released
High
Unassigned
python-scrypt (Ubuntu)
Fix Released
Critical
Chris MacNaughton

Bug Description

>python-scrypt<
[Availability]
In universe

[Rationale]
keystone: Support new hashing algorithms for securely storing password hashes

[Security]

[Quality assurance]
Package has not been well maintained in Debian; Python 3 support and new upstream release + misc package polish applied in Ubuntu.

Package runs test suite for all python versions as part of build.

[Dependencies]
In main.

[Standards compliance]
OK

[Maintenance]
ubuntu-openstack

>python-bcrypt<
[Availability]
In universe

[Rationale]
keystone: Support new hashing algorithms for securely storing password hashes

[Security]

[Quality assurance]
Package well maintained in Debian; Minor point release in Ubuntu over Debian unstable.

Package runs test suite for all python versions as part of build.

[Dependencies]
In main.

[Standards compliance]
OK

[Maintenance]
ubuntu-openstack

See original description

Related branches

~chris.macnaughton/ubuntu/+source/python-scrypt:bug/1695899
Corey Bryant: Needs Fixing
Diff: 59 lines (+24/-1)
4 files modified
debian/changelog (+7/-1)
debian/patches/add-missing-rfc-test-vector.patch (+14/-0)
debian/patches/series (+1/-0)
debian/rules (+2/-0)
James Page (james-page)
description: updated
Changed in bcrypt (Ubuntu):
importance: Undecided → High
Changed in scrypt (Ubuntu):
importance: Undecided → High
James Page (james-page)
summary: - [MIR] scrypt, bcrypt
+ [MIR] python-scrypt, python-bcrypt
affects: bcrypt (Ubuntu) → python-bcrypt (Ubuntu)
affects: scrypt (Ubuntu) → python-scrypt (Ubuntu)
description: updated
Ryan Beisner (1chb1n)
tags: added: openstack-mir
Revision history for this message
James Page (james-page) wrote :

python-bcrypt has main history under MIR bug 1427861

Revision history for this message
Tyler Hicks (tyhicks) wrote :

I was hoping that I could quickly ack, from a security review standpoint, python-bcrypt since I already acked it in bug 1427861. However, the project has significantly changed since that review. The bcrypt backend has changed from Openwall's implementation to OpenBSD's implementation. Test vectors have also changed. I don't think this package will require a really close look but it is going to require a closer look than what I had anticipated.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Since Tyler mentioned it requires a review anyway, assigning to the Security Team.

python-bcrypt has lintian warnings on the binary package:
W: python3-bcrypt: python-module-in-wrong-location usr/lib/python3.6/dist-packages/bcrypt/ usr/lib/python3/dist-packages/bcrypt/
W: python3-bcrypt: python-module-in-wrong-location usr/lib/python3.6/dist-packages/bcrypt/_bcrypt.abi3.so usr/lib/python3/dist-packages/bcrypt/_bcrypt.abi3.so
(These should be fixed)

There are also some warnings about missing bindnow for python-scrypt and python3-scrypt; they might benefit being fixed, the Security Team can further comment on that.

Changed in python-scrypt (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Changed in python-bcrypt (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hello! This is a very accelerated security review of python-scrypt. I
didn't look at the scrypt implementation itself but did have a quick
look at a few important areas of the project.

1) crypto_entropy_read() eventually calls entropy_read() which directly
   reads from /dev/urandom. New code that needs to fetch random data
   should be using the getrandom(2) syscall available in 3.17 and newer
   kernels. The main downside of entropy_read()'s implementation is that
   it can't detect if the urandom pool has not yet been initialized. It
   would be nice if the function were converted to use getrandom(2) when
   it is available.

2) It is great to see that tests/hashvectors.csv is inspired by the test
   vectors found in rfc7914:

    https://tools.ietf.org/html/rfc7914#section-12

   However, it only includes three of the four test vectors. It would be
   nice if hashvectors.csv could be updated to include the
   scrypt(P="pleaseletmein", S="SodiumChloride", N=1048576, r=8, p=1,
          dkLen=64) vector.

3) It is strongly recommended that BINDNOW hardening be enabled at build
   time.

Security team ack for pre-promotion but I'm requesting that you fix #2
and #3 ASAP (before 17.10 is released).

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hello! This is a very accelerated security review of python-bcrypt. I
didn't look at the bcrypt implementation itself but did verify that the
test vectors used have overlap with Openwall's crypt_blowfish test
vectors:

 http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=HEAD

I've also previously reviewed python-bcrypt here:

 https://bugs.launchpad.net/ubuntu/+source/python-bcrypt/+bug/1427861/comments/1

Considering that I've previously reviewed the project, the test vectors
are now more aligned with Openwall's test vectors, and the fact that
this package was not a large maintenance burden while it was previously
in main, Security Team ack for python-bcrypt.

Changed in python-bcrypt (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
Changed in python-scrypt (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
python-bcrypt 3.1.3-0ubuntu1 in artful amd64: universe/python/extra/100% -> main
python-bcrypt 3.1.3-0ubuntu1 in artful arm64: universe/python/extra/100% -> main
python-bcrypt 3.1.3-0ubuntu1 in artful armhf: universe/python/extra/100% -> main
python-bcrypt 3.1.3-0ubuntu1 in artful i386: universe/python/extra/100% -> main
python-bcrypt 3.1.3-0ubuntu1 in artful ppc64el: universe/python/extra/100% -> main
python-bcrypt 3.1.3-0ubuntu1 in artful s390x: universe/python/extra/100% -> main
python-scrypt 0.8.0-0ubuntu1 in artful amd64: universe/python/optional/100% -> main
python-scrypt 0.8.0-0ubuntu1 in artful arm64: universe/python/optional/100% -> main
python-scrypt 0.8.0-0ubuntu1 in artful armhf: universe/python/optional/100% -> main
python-scrypt 0.8.0-0ubuntu1 in artful i386: universe/python/optional/100% -> main
python-scrypt 0.8.0-0ubuntu1 in artful ppc64el: universe/python/optional/100% -> main
python-scrypt 0.8.0-0ubuntu1 in artful s390x: universe/python/optional/100% -> main
12 publications overridden.

Changed in python-bcrypt (Ubuntu):
status: New → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

leaving scrypt task open and assigning to James based on Tyler's feedback

Changed in python-scrypt (Ubuntu):
assignee: nobody → James Page (james-page)
status: New → Triaged
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

James,

This hasn't been addressed yet (fixing BINDNOW and tests as per Tyler's comment in comment #4). Please fix ASAP.

Changed in python-scrypt (Ubuntu):
importance: High → Critical
Chris MacNaughton (chris.macnaughton)
Changed in python-scrypt (Ubuntu):
assignee: James Page (james-page) → Chris MacNaughton (chris.macnaughton)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-scrypt - 0.8.0-0.3ubuntu2

---------------
python-scrypt (0.8.0-0.3ubuntu2) groovy; urgency=medium

  [ Corey Bryant ]
  * d/gbp.conf: Update gbp configuration file.
  * d/control: Update Vcs-* links and maintainers.

  [ Chris MacNaughton ]
  * d/p/add-missing-rfc-test-vector.patch: Apply patch to enable additional
    test vectors from the scrypt RFC (LP: #1695899).
  * d/rules: Enable DEB_BUILD_MAINT_OPTIONS hardening at build time (LP: #1695899).

 -- Chris MacNaughton <email address hidden> Tue, 08 Sep 2020 13:06:52 +0000

Changed in python-scrypt (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.